Bind9安裝設(shè)置指南 ,[編輯]HOWTO Setup BIND9 DNS Server （如何安裝設(shè)置Bind9 DNS服務(wù)器）原文出處：原文作者：授權(quán)許可：??翻譯人

Bind9安裝設(shè)置指南

[編輯]HOWTO Setup BIND9 DNS Server （如何安裝設(shè)置Bind9 DNS服務(wù)器）

原文出處：

原文作者：

授權(quán)許可：

?

?

翻譯人員：FireHare

校正人員：purewind

貢獻(xiàn)人員：

適用版本：

This HOWTO is aimed to at people looking to learn how to configure and maintain a DNS server, such as for a network or to serve DNS zones for a domain name.

本指南是寫給那些想學(xué)習(xí)如何配置和維護(hù)DNS 服務(wù)器的人，例如為某個(gè)網(wǎng)絡(luò)或者DNS zones(DNS域) 提供 Domain Name(域名) 服務(wù)

[編輯]Repositories 軟件庫(kù)

BIND9 is available in the core Ubuntu repository. No additional repository needs to be enabled for BIND9.

BIND9 已經(jīng)包含在 Ubuntu 核心庫(kù)中，BIND9 并不需要啟用其它附加庫(kù)。

Before we begin, you should be familiar with RootSudo.

在我們開始之前，您應(yīng)該熟悉 RootSudo 。

[編輯]Installing The Server 服務(wù)器nnBIND9 （安裝 BIND9） ）nn$ sudo apt-get install bind9nnUseful Tools (For Testing) 有用的工具（測(cè)試用）nn$ sudo apt-get install bind9-host dnsutilsnnDocumentation (Optional) 文檔（可選）nn$ sudo apt-get install bind9-docnn[編輯]BIND9nnScenariosnnThere are many setups BIND9 may be configured. BIND9 可以安裝配置成許多類型。 The most useful setups are: 最常用的配置有：nn[編輯]Caching Server（緩沖服務(wù)器）nnThis can be useful for a broadband connection to a host or small network. By caching DNS queries, you reduce the bandwidth used and (hopefully) reducing your bandwidth used (and hopefully even your broadband bill!). 這對(duì)于寬帶連接的主機(jī)或小網(wǎng)絡(luò)來說是有用的。通過緩沖 DNS 隊(duì)列，您可以減少帶寬的消耗，或者說有 望減少您帶寬的使用（甚至有望減少您寬帶費(fèi)用）。nn[編輯]Master Server（主服務(wù)器）nnBIND9 can be used to serve DNS records (groups of records are referred to as zones) for a registered domain name or an imaginary one (but only if used on a restricted network) BIND9 可以用于為已注冊(cè)或虛擬的（僅用于受限網(wǎng)絡(luò)中）域名提供 DNS 記錄（指向域的記錄組）。nn[編輯]Slave Server（從服務(wù)器）nn

A slave DNS server is used to complement a Master DNS server by serving a copy of the zone(s) configured on the Master server. Slave servers are recommended in larger setups (larger networks or on the internet) if you intend to power a registered domain name, since they ensure that your DNS zone is still available, even if your Master server is not online. 從服務(wù)器用于提供一個(gè)在主服務(wù)器中配置域的完整備份。如果您想要支持一個(gè)注冊(cè)的域名，建議將從服務(wù)器用在較大的機(jī)構(gòu)（較大的網(wǎng)絡(luò)或在因特網(wǎng)上）。因?yàn)檫@樣做可以確保您的 DNS 域甚至在您主服務(wù)器沒有在線的情況下依然可用。

[編輯]Hybrids （混和模式）

You can even configure BIND9 to be a Caching and Master DNS server simultaneously, a Caching and a Slave server or even a Caching, Master and Slave server. All that is required is simply combining the differnet configuration examples from this document.

您甚至可以將 BIND9 同時(shí)配置成一個(gè)緩沖和主服務(wù)器，一個(gè)緩沖服務(wù)器和一個(gè)從服務(wù)器，甚至是一個(gè)緩沖、主、從服務(wù)器。而所有這一切只需將本文檔中不同配置簡(jiǎn)單的合并在一起就可以了。 What's this?

[編輯]Stealth Servers（私密服務(wù)器）

There are also two other common DNS server setups (used when working with zones for registered domain names), Stealth Master and Stealth Slave. These are effectively the same as Master and Slave DNS servers, but with a slight organisational difference.

還有另外兩種常用的 DNS 服務(wù)器的安裝（使用注冊(cè)域名運(yùn)行）：私有主服務(wù)器和私有從服務(wù)器。它們的作用與主、從 DNS 服務(wù)是相同的，但在組織結(jié)構(gòu)上有所不同。

For example, you have 3 DNS servers; A, B and C.

例如，您有3個(gè)DNS 服務(wù)器：A 、B 和 C 。

A is the Master, B and C are slaves.

A 是主服務(wù)器，B 和C 是從服務(wù)器。

If you configure your registered domain to use A and B as your domain's DNS servers, then

C is a Stealth Slave. It's still a slave, but it's not going to be asked about the zone you are serving to the internet from A and B

如果您將 A 和 B 配置成您的域 DNS 服務(wù)器，然后 C 是一個(gè)私密從服務(wù)器。它也是個(gè)從服務(wù)器，但您為互聯(lián)網(wǎng)提供服務(wù)的 A 和 B 不會(huì)去詢問其中的域。

If you configure your registerd domain to use B and C as your domain's DNS servers, then A is a stealth master. Any additional records or edits to the zone are done on A, but computers on the internet will only ever ask B and C about the zone.

如果您將 B 和 C 配置成您的域 DNS 服務(wù)器，然后 A 是一個(gè)私密主服務(wù)器。任何附加的記錄或?qū)^(qū)域的編輯都做在 A 上，但在互聯(lián)網(wǎng)上的計(jì)算機(jī)只會(huì)詢問 B 和 C 中的域。

[編輯]DNS Record Types（DNS 記錄類型）

There are lots of different DNS record types, but for a someone reading this document, you need only deal with these record types DNS 記錄類型是有很多不同的，但對(duì)于閱讀本文檔的人來說，您只需要處理以下這些記錄類型nn[編輯]Address Records（地址記錄）nnThe most commonly used type of record. 最常用的記錄類型nnwwwnnINnnAnn1.2.3.4nn[編輯]Alias Records（別名記錄）nnUsed to create an alias from an existing A record. You cannot create a CNAME record pointing to another CNAME record. 常用于為一個(gè)已有的 A 記錄創(chuàng)建別名。您不能創(chuàng)建一個(gè) CNAME 記錄指向另一個(gè) CNAME 記錄。nnmail wwwnnIN INnnCNAME Annwww 1.2.3.4nn[編輯]Mail Exchange Records（郵件交換記錄）nnUsed to define where email should be sent to. Must point to an A record, not a CNAME. 常用于定義郵件發(fā)往何處。必須指向一個(gè) A 記錄，不能是 CNAME。nnIN [...] mailnnMXnnmail.example.com.nnINnnAnn1.2.3.4nn[編輯]Name Server Records（域名服務(wù)器記錄）nnUsed to define which servers serve copies of this zone. It must point to an A record, not a CNAME. 常用于定義哪個(gè)服務(wù)器提供該區(qū)域的拷貝。它必須指向一個(gè) A 記錄，不能是 CNAME。nn

This is where Master and Slave servers are definied. Stealth servers are intentionally omitted. 這是定義主、從服務(wù)器的地方。私密服務(wù)器被有意省略。nnIN [...] nsnnNSnnns.example.com.nnINnnAnn1.2.3.4nn[編輯]ConfiguringnnBIND9（配置 BIND9） （ ）nnBIND9 Configuration files are stored in BIND9 配置文件被保存在nn/etc/bind/nnThe main configuration is stored in the following files 主配置文件被保存在下列文件中nn/etc/bind/named.conf /etc/bind/named.conf.options /etc/bind/named.conf.localnn[編輯]Caching Server（緩沖服務(wù)器）nnThe default configuration is setup to act as a caching server by default. 缺省狀態(tài)下默認(rèn)是當(dāng)作緩沖服務(wù)器來配置安裝的。 All that is required is simply adding the IP numbers of your ISP's DNS servers. 所有的要求只是簡(jiǎn)單的添加您 ISP 的 DNS 服務(wù)器的 IP 而已。 Simply uncomment and edit the following: 只需反注釋并編輯下列內(nèi)容：nnnamed.conf.options:nn[...]nn

forwarders { 1.2.3.4; 5.6.7.8; }; [...]nn(where 1.2.3.4 and 5.6.7.8 are the IP numbers of your ISP's DNS servers) （其中 1.2.3.4 和 5.6.7.8 是您 ISP 商 DNS 服務(wù)器的 IP。nn[編輯]Master Server（主服務(wù)器）nnTo add a DNS zone to BIND9, turning BIND9 into a Master server, all you simply have to do is: 要添加 DNS 域到 BIND9，讓 BIND9 成為主服務(wù)器，您只需如下所示：nnnamed.conf.local:nn[...] zone "example.com" { type master; file "/etc/bind/db.example.com"; }; [...]nnNow use an existing zone file as a template 現(xiàn)在使用一個(gè)已有域文件作為模板nn$ sudo cp /etc/bind/db.local /etc/bind/db.example.comnnNow, to edit our zone 現(xiàn)在，編輯我們的域nndb.example.com:nn

; ; BIND data file for local loopback interface ; $TTL @ 1 604800 86400 2419200 604800 ) ; @ @ IN IN NS A localhost. 127.0.0.1 604800 IN SOA ; Serial ; Refresh ; Retry ; Expire ; Negative Cache TTL localhost. root.localhost. (nnlocalhost. to the FQDN of your server, with an additional "." at the end. 編輯 localhost. 指向您服務(wù)器的 FQDN，在其后有一個(gè)附加的 "."。nEdit Eg: 例如：nndb.example.com:nn; ; BIND data file for local loopback interface ; $TTL @ 1 604800 86400 2419200 604800 ) ; @ @ IN IN NS A localhost. 127.0.0.1 604800 IN SOA ; Serial ; Refresh ; Retry ; Expire ; Negative Cache TTL box.example.com. root.localhost. (nn

Edit root.localhost to be your email address, but with a "." instead of the "@", and another "." at the end.

編輯 root.localhost 指向你的郵件地址，不過要用 "." 代替 "@"，另一個(gè) "." 放在末尾。 Eg:

例如：

johndoe@exmaple.com should be added as johndoe.example.com.

johndoe@exmaple.com 將使用 johndoe.example.com. 的形式添加。

Increment the Serial number (you must increment the serial number for every time you make any changes to the zone file and reload the zone by restarting BIND9. If you make multiple changes before restarting BIND9, simply increment the serial once.

增加序列號(hào)（您必須在您每次對(duì)域文件做更改并通過重啟 BIND9 重新引導(dǎo)域時(shí)增加您的序列號(hào)。如果您在重啟 BIND9 之前做了多處改變，只需增加一次序列號(hào)即可）。

Tip: Many people like to use the last date edited as the serial of a zone, such

as 2005010100 which is yyyymmddss (where s is serial)

技巧：許多人喜歡使用最新的日期作為域的序列號(hào)，例如以 yyyymmddss 的形式 2005010100 。 Now, you can add DNS records to the bottom of the zone. Do remember to increment the serial as you add entries though.

現(xiàn)在，您可以將 DNS 記錄添加在域的底部。記住在您添加條目之后要增加序列號(hào)。

[編輯]Slave Server（從服務(wù)器） First, on the master server, you have to allow the zone transfer. The sample zone definition in /etc/bind/named.conf.local should like this: 首先，在主服務(wù)器上，您必須允許域可以傳輸。這個(gè)在 /etc/bind/named.conf.local 中域定義的示例如下所示： [...]

zone "example.com" {

type master;

file "/etc/bind/db.example.com";

allow-transfer {

@ip_slave;

};

};

[...]

On the slave, you have to proceed to the same installation that was done on the master. Then edit the /etc/bind/named.conf.localand add the following declaration for the zone:

在從服務(wù)器上，您還必須象主服務(wù)器上一樣做同樣處理。然后編輯 /etc/bind/named.conf.local 并為域添加下列聲明： [...] zone "example.com" { type slave; file "/etc/bind/db.example.com"; masters { @ip_master; }; }; [...]

Restart the server, you should see in /var/log/syslog something like:

重啟服務(wù)器，您將在 /var/log/syslog 類似下面的提示：

syslog.5.gz:May 14 23:33:53 smith named[5064]: zone example.com/IN: transferred serial 2006051401

syslog.5.gz:May 14 23:33:53 smith named[5064]: transfer of 'example.com/IN' from 10.0.0.202#53: end of transfer

[編輯]Chrooting BIND9

Chrooting BIND9 is a recommended setup from a security perspective. In a chroot

enviroment, BIND9 has access to all the files and hardware devices it needs, but is unable to access anything it should not need.

Chrooting BIND9 從安全角度來說是被推薦的安裝。在 chroot 環(huán)境中，BIND9 可以訪問所有它所需的文件和硬件，但不能訪問它所不需要的。

To chroot BIND9, simply create a chroot enviroment for it and add the additional

configuration below

要 chroot BIND9，只需為它創(chuàng)建一個(gè) chroot 環(huán)境并在下面添加額外配置。

[The Chroot Enviroment（Chroot 環(huán)境）

Create the following directory structure

創(chuàng)建下面目錄結(jié)構(gòu)