bind 小测试

[[email?protected] named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator‘s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
 listen-on port 53 { 127.0.0.1; any; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
 allow-query     { localhost;
            any;
             };

    /* 
     - If you are building an AUTHORITATIVE DNS server,do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server,you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address,you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable no;
    dnssec-validation no;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "sgcc.com.cn" IN {
                type master;
                file "sgcc.com.cn.zone"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[[email?protected] named]# 

[[email?protected] named]# cat /var/named/sgcc.com.cn.zone
$TTL 3600
$ORIGIN  sgcc.com.cn.
@    IN     SOA  ns.sgcc.com.cn. admin.sgcc.com.cn (
            20171024
            1H
            5M
            1D
            1D            )
        IN     NS   ns.sgcc.com.cn.
test    IN     A    192.168.100.100
test    IN     A    192.168.100.103  
www2    IN    A    192.168.100.103
ns      IN     A    192.168.100.101

[[email?protected] named]# 

[[email?protected] named]# dig -t A @192.168.100.101 test.sgcc.com.cn

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t A @192.168.100.101 test.sgcc.com.cn
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 62760
;; flags: qr aa rd ra; QUERY: 1,ANSWER: 2,AUTHORITY: 1,ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0,flags:; udp: 4096
;; QUESTION SECTION:
;test.sgcc.com.cn.        IN    A

;; ANSWER SECTION:
test.sgcc.com.cn.    3600    IN    A    192.168.100.100
test.sgcc.com.cn.    3600    IN    A    192.168.100.103

;; AUTHORITY SECTION:
sgcc.com.cn.        3600    IN    NS    ns.sgcc.com.cn.

;; ADDITIONAL SECTION:
ns.sgcc.com.cn.        3600    IN    A    192.168.100.101

;; Query time: 1 msec
;; SERVER: 192.168.100.101#53(192.168.100.101)
;; WHEN: Sun Mar 10 21:19:02 EDT 2019
;; MSG SIZE  rcvd: 110

[[email?protected] named]#