Jump to content
新域网络技术论坛

FREEBSD下自行架设DNS服务器记录


Jamers
 Share

Recommended Posts

有的时候我们在企业内部无法使用别名或者虚拟域名访问内部服务器,比如HTTP根据不同的主机头访问不同站点,所以只能够开设一堆的端口,非常不雅观。那我们在内网如何实现这些功能呢?非常简单自行架设一个DNS服务器,网络内部通过路由器将DNS服务器全部指向自行架设的DNS服务器上,然后我们需要维护的域名指向某个IP,就达到我们的目的了,如果将端口映射到外网,也能够提供DNS服务,想想那些恶心的DNS劫持,有了它之后基本都不会遇到(除非你设置的上级DNS服务器还是那些运营商的)。

 

言归正转,我们有FREEBSD,肯定想在它的基础上架设DNS服务器,FREEBSD下有个从20世纪80年代就开始使用的DNS服务器软件,目前已经是互联网上部署最多的DNS服务器了,目前版本为9.11。另外我想实现用数据库保存DNS解析记录,这样可以简单的实现web管理。

#选择相应模块安装bind911
cd /usr/ports/dns/bind911/
make install

#安装数据库
cd /usr/ports/databases/postgresql10-server
make install

创建数据库并设置好相应权限:

ee /var/db/postgres/data96/pg_hba.conf

#添加一行,允许管理员从任何IP用密码登录
host    all             webmaster       0.0.0.0/0               md5

ee /var/db/postgres/data96/postgresql.conf

listen_addresses = '*'

#允许数据库及BIND自动启动
ee /etc/rc.conf
postgresql_enable="YES"
named_enable="YES"

#初始化postgres数据库
/usr/local/etc/rc.d/postgresql initdb

#启动数据库
/usr/local/etc/rc.d/postgresql start

#建立管理员帐号
createuser -P -d -s -U postgres webmaster

这是原始脚本,也可以使用下面导出的SQL文件

 create database dns_dlz;  
create table dns_records(  
    zone character varying(256),  
    host character varying(256) NOT NULL default '@',     
    ttl integer,  
    view character varying(256),  
    type  character varying(256),  
    mx_priority integer,  
    data character varying(256),  
    resp_person character varying(256),  
    serial integer,  
    refresh integer,  
    retry  integer,  
    expire   integer,  
    minimum integer  
);  
  
create INDEX dns_records_host_index on dns_records (host);  
create INDEX dns_records_type_index on dns_records ("type");    
create INDEX dns_records_zone_index on dns_records ("zone");   
# zone sample.com
#soa 记录  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'SOA', NULL, 'sample.com.', 'root.sample.com.', 2011083001, 28800, 14400, 86400, 86400);  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'SOA', NULL, 'sample.com.', 'root.sample.com.', 2011083001, 28800, 14400, 86400, 86400);  
#dns 记录  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'NS', NULL, 'ns1.sample.com.', NULL, 2011083001, 28800, 14400, 86400, 86400);  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'NS', NULL, 'ns1.sample.com.', NULL, 2011083001, 28800, 14400, 86400, 86400);  
#A记录 time.sample.com  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'time', 600, 'LOCAL', 'A', NULL, '10.0.0.8', NULL, 2011083001, 28800, 14400, 86400, 86400);  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'time', 600, 'ANY', 'A', NULL, '222.222.222.8', NULL,  2011083001, 28800, 14400, 86400, 86400);  
#A记录 ns1.sample.com  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'ns1', 600, 'LOCAL', 'A', NULL, '10.0.0.10',  NULL, NULL, NULL, NULL, NULL, NULL);  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'ns1', 600, 'ANY', 'A', NULL, '222.222.222.10', NULL,  NULL, NULL, NULL, NULL, NULL);  
#mx记录   
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'MX', 10, 'mail.sample.com.', NULL, NULL, NULL, NULL, NULL, NULL);  
insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'MX', 10, 'mail.sample.com.', NULL,  NULL, NULL, NULL, NULL, NULL);  
其他域名的添加方式类似,将zone项替换为对于的域名即可
/*
Navicat PGSQL Data Transfer

Source Server         : PostgreSQL86
Source Server Version : 90605
Source Host           : 192.168.1.86:5432
Source Database       : dns_dlz
Source Schema         : public

Target Server Type    : PGSQL
Target Server Version : 90605
File Encoding         : 65001

Date: 2017-09-13 14:47:24
*/


-- ----------------------------
-- Table structure for dns_records
-- ----------------------------
DROP TABLE IF EXISTS "dns_records";
CREATE TABLE "dns_records" (
"zone" varchar(256) COLLATE "default",
"host" varchar(256) COLLATE "default" DEFAULT '@'::character varying NOT NULL,
"ttl" int4,
"view" varchar(256) COLLATE "default",
"type" varchar(256) COLLATE "default",
"mx_priority" int4,
"data" varchar(256) COLLATE "default",
"resp_person" varchar(256) COLLATE "default",
"serial" int4,
"refresh" int4,
"retry" int4,
"expire" int4,
"minimum" int4
)
WITH (OIDS=FALSE)

;

-- ----------------------------
-- Records of dns_records
-- ----------------------------
BEGIN;
INSERT INTO "dns_records" VALUES ('sample.com', '*', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', '*', '600', 'LOCAL', 'A', null, '192.168.1.85', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'MX', '10', 'mail.sample.com.', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'NS', null, 'ns1.sample.com.', null, '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'SOA', null, 'sample.com.', 'root.sample.com.', '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'MX', '10', 'mail.sample.com.', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'NS', null, 'ns1.sample.com.', null, '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'SOA', null, 'sample.com.', 'root.sample.com.', '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', 'mail', '600', 'ANY', 'A', null, '58.210.147.58', null, '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', 'mail', '600', 'LOCAL', 'A', null, '192.168.1.86', null, '2011083001', '28800', '14400', '86400', '86400');
INSERT INTO "dns_records" VALUES ('sample.com', 'ns1', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', 'ns1', '600', 'LOCAL', 'A', null, '192.168.1.86', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', 'www', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null);
INSERT INTO "dns_records" VALUES ('sample.com', 'www', '600', 'LOCAL', 'A', null, '192.168.1.86', null, null, null, null, null, null);
COMMIT;

-- ----------------------------
-- Alter Sequences Owned By 
-- ----------------------------

-- ----------------------------
-- Indexes structure for table dns_records
-- ----------------------------
CREATE INDEX "dns_records_host_index" ON "dns_records" USING btree ("host");
CREATE INDEX "dns_records_type_index" ON "dns_records" USING btree ("type");
CREATE INDEX "dns_records_zone_index" ON "dns_records" USING btree ("zone");

修改几个配置文件:

cd /usr/local/etc/namedb
rndc-confgen >rndc.conf
tail -n6 rndc.conf | head -n5 | sed -e s/#\//g >named.conf
rm -f rndc.conf
rndc-confgen -a -c rndc.key

dnssec-keygen -a hmac-md5 -b 128 -n HOST local
dnssec-keygen -a hmac-md5 -b 128 -n HOST any

以下几个示例配置文件:

named.conf

// $FreeBSD: head/dns/bind911/files/named.conf.in 443607 2017-06-14 22:54:43Z mat $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/local/share/doc/bind for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
	// All file and path names are relative to the chroot directory,
	// if any, and should be fully qualified.
	directory	"/usr/local/etc/namedb/working";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
	#listen-on	{ 127.0.0.1; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//	listen-on-v6	{ ::1; };

// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.

	forwarders {
		223.5.5.5; 223.6.6.6; 8.8.8.8;
	};


// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer.  Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
//	forward only;

// If you wish to have forwarding configured automatically based on
// the entries in /etc/resolv.conf, uncomment the following line and
// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
// named_auto_forward_only (the effect of which is described above).
//	include "/usr/local/etc/namedb/auto_forward.conf";

	/*
	   Modern versions of BIND use a random UDP port for each outgoing
	   query by default in order to dramatically reduce the possibility
	   of cache poisoning.  All users are strongly encouraged to utilize
	   this feature, and to configure their firewalls to accommodate it.

	   AS A LAST RESORT in order to get around a restrictive firewall
	   policy you can try enabling the option below.  Use of this option
	   will significantly reduce your ability to withstand cache poisoning
	   attacks, and should be avoided if at all possible.

	   Replace NNNNN in the example with a number between 49160 and 65530.
	*/
	// query-source address * port NNNNN;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

// The traditional root hints mechanism. Use this, OR the slave zones below.
//zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };

/*	Slaving the following zones from the root name servers has some
	significant advantages:
	1. Faster local resolution for your users
	2. No spurious traffic will be sent from your network to the roots
	3. Greater resilience to any potential root server failure/DDoS

	On the other hand, this method requires more monitoring than the
	hints file to be sure that an unexpected failure mode has not
	incapacitated your server.  Name servers that are serving a lot
	of clients will benefit more from this approach than individual
	hosts.  Use with caution.

	To use this mechanism, uncomment the entries below, and comment
	the hint zone above.

	As documented at http://dns.icann.org/services/axfr/ these zones:
	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
	are available for AXFR from these servers on IPv4 and IPv6:
	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
*/
/*
zone "." {
	type slave;
	file "/usr/local/etc/namedb/slave/root.slave";
	masters {
		192.0.32.132;           // lax.xfr.dns.icann.org
		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
		192.0.47.132;           // iad.xfr.dns.icann.org
		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
	};
	notify no;
};
zone "arpa" {
	type slave;
	file "/usr/local/etc/namedb/slave/arpa.slave";
	masters {
		192.0.32.132;           // lax.xfr.dns.icann.org
		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
		192.0.47.132;           // iad.xfr.dns.icann.org
		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
	};
	notify no;
};
zone "in-addr.arpa" {
	type slave;
	file "/usr/local/etc/namedb/slave/in-addr.arpa.slave";
	masters {
		192.0.32.132;           // lax.xfr.dns.icann.org
		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
		192.0.47.132;           // iad.xfr.dns.icann.org
		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
	};
	notify no;
};
zone "ip6.arpa" {
	type slave;
	file "/usr/local/etc/namedb/slave/ip6.arpa.slave";
	masters {
		192.0.32.132;           // lax.xfr.dns.icann.org
		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
		192.0.47.132;           // iad.xfr.dns.icann.org
		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
	};
	notify no;
};
*/

/*	Serving the following zones locally will prevent any queries
	for these zones leaving your network and going to the root
	name servers.  This has two significant advantages:
	1. Faster local resolution for your users
	2. No spurious traffic will be sent from your network to the roots
*/
/*
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost"	{ type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };

// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa"	   { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"		{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
*/

// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries.  It can be convenient to become
// a slave at least for the zone your own domain is in.  Ask
// your network administrator for the IP address of the responsible
// master name server.
//
// Do not forget to include the reverse lookup zone!
// This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
//
// Before starting to set up a master zone, make sure you fully
// understand how DNS and BIND work.  There are sometimes
// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
//
// NB: Don't blindly enable the examples below. :-)  Use actual names
// and addresses instead.

/* An example dynamic zone
key "exampleorgkey" {
	algorithm hmac-md5;
	secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
	type master;
	allow-update {
		key "exampleorgkey";
	};
	file "/usr/local/etc/namedb/dynamic/example.org";
};
*/

/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
	type slave;
	file "/usr/local/etc/namedb/slave/1.168.192.in-addr.arpa";
	masters {
		192.168.1.1;
	};
};
*/

include "/usr/local/etc/namedb/rndc.key";
controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "rndc-key"; };
};

key "any" {  
        algorithm hmac-md5;  
        secret "09o8VJg1+JLEKTD/QrSc5g==";  
};  
key "local" {  
        algorithm hmac-md5;  
        secret "8tS+9+4siNa0n8oTnuEFsQ==";  
};  
  
acl "dns_ip" {  
        192.168.1.86; #master  
        #10.0.0.9; #slave  
};  
  
  
acl "LOCAL" {  
        192.168.1.0/24;
	192.168.2.0/24;
	192.168.10.0/24;
};
  
include "/usr/local/etc/namedb/local_acl.conf";  
include "/usr/local/etc/namedb/any.conf";  
  
#logging {    
#        category edns-disabled { null; };  
#        channel query_log {    
#                file "/var/named/data/query.log"        versions 3 size 20m;    
#                severity                info;    
#                print-time              yes;    
#                print-category  yes;    
#        };    
#        category queries {    
#                query_log;    
#        };  
#};


local_acl.conf

 #local network view  
view "local" {  
 #match-clients         { key local; LOCAL; }; #使用文件存储zone使用,用于master slave同步  
 match-clients        { LOCAL; };            #使用数据库时的配置,无需同步  
 allow-query-cache     { LOCAL; };  
 #allow-transfer        { key local; };        #使用文件存储zone使用,用于master slave同步  
 #server 10.0.0.9       { keys { local; }; };  #使用文件存储zone使用,用于master slave同步  
  
 #允许内部ip地址递归查询  
 allow-recursion {  
    192.168.1.0/24;  
    127.0.0.1;  
 };  
  
#------使用文件存储zone 配置-----------  
# zone "sample.com" {  
#    type master;               #slave 配置  type slave;  
#    file "/etc/named/sample.com.in.zone"  
#    # masters { 10.0.0.8; };   #slave 配置  
# };  
# zone "1.0.10.in-addr.arpa" {  
#    type master;               #slave 配置  type slave;  
#    file "/etc/named/0.0.10.in-addr.arpa;  
#    # masters { 10.0.0.8; };   #slave 配置  
# };  
#------使用文件存储zone 配置-----------  
  
#---dlz postgresql database configure----  
dlz "postgres zone" {  
   database "postgres 1  
   {host=localhost port=5432 dbname=dns_dlz user=postgres}
   {select zone from dns_records where zone = '$zone$' limit 1}  
   {select ttl, type, mx_priority, case when lower(type)='txt' then '\"' || data || '\"'   
           when lower(type)='soa' then data || ' ' || resp_person || ' ' || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum   
           else data end from dns_records where zone = '$zone$' and lower(view)='local' and host = '$record$'}  
   {}
   {select ttl, type, host, mx_priority, case when lower(type)='txt' then '\"' || data || '\"' else data end,  
     resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$'}";   
};
};

any.conf

view "any" {  

 #match-clients           { key local; ANY; };  #使用文件存储zone使用,用于master slave同步  
 match-clients           { ANY; };             #使用数据库时的配置,无需同步  
 allow-query-cache       { ANY; };  
 #allow-transfer          { key any; };         #使用文件存储zone使用,用于master slave同步  
 #server 10.0.0.9         { keys { any; }; };   #使用文件存储zone使用,用于master slave同步  
 allow-recursion {  
    127.0.0.1;  
    192.168.1.0/24;  
};  
  
#------使用文件存储zone 配置-----------   
#zone "sample.com" {   
#    type master;  
#    file "/etc/named/sample.com.zone";   
#    # masters { 10.0.0.8; };   #slave 配置   
#};   
  
#zone "222.222.222.in-addr.arpa" {  
#    type master;               #slave 配置  type slave;      
#    file "/etc/named/222.222.222.in-addr.arpa";      
#    # masters { 10.0.0.8; };   #slave 配置   
#};  
  
#------使用文件存储zone 配置-----------  
#---dlz postgresql database configure----  
   dlz "postgres zone" {  
   database "postgres 1  
   {host=localhost port=5432 dbname=dns_dlz user=postgres}  
   {select zone from dns_records where zone = '$zone$' limit 1}  
   {select ttl, type, mx_priority, case when lower(type)='txt' then '\"' || data || '\"'   
        when lower(type)='soa' then data || ' ' || resp_person || ' ' || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum   
    else data end from dns_records where zone = '$zone$' and lower(view)='any' and host = '$record$'}";   
 };  
#---dlz postgresql database configure----  
};

因为我使用的是FREEBSD 11.0,不支持TCP_FASTOPEN,所以还得编译内核才能够使用BIND

ee /etc/sysctl.conf
#添加
net.inet.tcp.fastopen.enabled=1
cd /usr/src/sys/i386/conf
mkdir ~/kernels/
cp GENERIC TCPOPEN
mv TCPOPEN ~/kernels/TCPOPEN
ln -s ~/kernels/TCPOPEN
ee TCPOPEN

#最后添加
# TFO TCP Fast Open TCP_FASTOPEN
options         TCP_RFC7413

cd /usr/src
make buildkernel KERNCONF=TCPOPEN

#编译完后安装
make installkernel KERNCONF=TCPOPEN

#然后重启
shutdown -r now

重启后应该就能够正常使用相应服务了。

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...