Linux下搭建DNS Server的软件首选Bind,其有不同的版本,Window DNS是从Bind 4.x改进过来的,另外Bind8.x和Bind9.x从安全性及扩充性方面做了很多改进,为了实现对IPv6DNS的支持,采用Bind v9来实现,bind9.x提供IPv6 socket的DNS查询,支持IPv6资源记录?关于Bind9.x的详细特性建议到Bind的Web站点查阅,Bind的最新版本可以到www.isc.org/products/BIND/ 去下载?
#wget http://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
# tar -xzf bind-9.2.1.tar.gz
# cd bind-9.2.1
#./configure -enable-ipv6 -with-openssl
# make && make install |
Bind软件安装后,会产生几个固有文件,分为两类?一类是配置文件在/etc目录下,一类是DNS记录文件在/var/named目录下?加上其他相关文件,共同设置DNS服务器?named.conf为默认的主配置文件(须手动建立),设置一般的named参数,指向该服务器使用的域数据库信息的源,这类源可以是本地磁盘文件或远程服务器?
named .ca :指向根域名服务器
named .1ocal :用于在本地转换回送地址
named .hosts :将主机名映射为IP地址
下面以笔者实验建立的纯IPv6实验网的域名secv6.your.domain为例说明如何配置支持AAAA及A6记录的IPv6 域名服务器。
文件清单1 /etc/named.conf
|
options ...{
directory "/var/named";
// a caching only nameserver config
zone "." IN ...{
type hint;
file "named.ca";
};
// this defines the loopback name lookup
zone "localhost" IN ...{
type master;
file "master/localhost.zone";
allow-update ...{ none; };
};
// this defines the loopback reverse name lookup
zone "0.0.127.in-addr.arpa" IN ...{
type master;
file "master/localhost.rev";
allow-update ...{ none; };
};
// This defines the secv6 domain name lookup
// Secure (signed) zone file is
// secv6.your.domain.signed
// Regular zone file is secv6.your.domain
zone "secv6.your.domain" IN ...{
type master;
file "master/secv6.your.domain.signed";
// file "master/secv6.your.domain";
};
// this defines the secv6 domain reverse
// name lookup (AAAA)
zone "secv6.int" IN ...{
type master;
file "master/secv6.int";
};
// this defines the secv6 domain reverse
// name lookup (A6)
zone "secv6.arpa" IN ...{
type master;
file "master/secv6.rev";
};
// secret key truncated to fit
key "key" ...{
algorithm hmac-md5;
secret "HxbmAnSO0quVxcxBDjmAmjrmhgDUVFcFNcfmHC";
}; |
文件清单2 /var/named/master/secv6.your.domain
$TTL 86400
$ORIGIN secv6.your.domain.
@ IN SOA secv6.your.domain. hostmaster.your.domain. (
2002011442 ; Serial number (yyyymmdd-num)
3H ; Refresh
15M ; Retry
1W ; Expire
1D ) ; Minimum
IN MX 10 noah.your.domain.
IN NS ns.secv6.your.domain.
$ORIGIN secv6.your.domain.
ns 1D IN AAAA fec0::1:250:b7ff:fe14:35d0
1D IN A6 0 fec0::1:250:b7ff:fe14:35d0
secv6.your.domain. 1D IN AAAA fec0::1:250:b7ff:fe14:35d0 1D IN A6 0
fec0::1:250:b7ff:fe14:35d0
pc2 1D IN AAAA fec0::1:250:b7ff:fe14:35d0 1D IN A6 0
fec0::1:250:b7ff:fe14:35d0
pc3 1D IN A6 0 fec0::1:250:b9ff:fe00:131 1D IN AAAA
fec0::1:250:b9ff:fe00:131
pc6 1D IN A6 0 fec0::1:250:b7ff:fe14:3617 1D IN AAAA
fec0::1:250:b7ff:fe14:3617
pc4 1D IN A6 0 fec0::1:250:b7ff:fe14:35c4 1D IN AAAA
fec0::1:250:b7ff:fe14:35c4
pc5 1D IN A6 0 fec0::1:250:b7ff:fe14:361b 1D IN AAAA
fec0::1:250:b7ff:fe14:361b
pc7 1D IN A6 0 fec0::1:250:b7ff:fe14:365a 1D IN AAAA
fec0::1:250:b7ff:fe14:365a
pc1 1D IN A6 0 fec0::1:250:b9ff:fe00:12e 1D IN AAAA
fec0::1:250:b9ff:fe00:12e
pc1 1D IN A6 0 fec0:0:0:1::1 1D IN AAAA fec0:0:0:1::1
$INCLUDE "/var/named/master/Ksecv6.your.domain.+003+27034.key" | |
