Jamers Posted September 13, 2017 Report Share Posted September 13, 2017 有的时候我们在企业内部无法使用别名或者虚拟域名访问内部服务器,比如HTTP根据不同的主机头访问不同站点,所以只能够开设一堆的端口,非常不雅观。那我们在内网如何实现这些功能呢?非常简单自行架设一个DNS服务器,网络内部通过路由器将DNS服务器全部指向自行架设的DNS服务器上,然后我们需要维护的域名指向某个IP,就达到我们的目的了,如果将端口映射到外网,也能够提供DNS服务,想想那些恶心的DNS劫持,有了它之后基本都不会遇到(除非你设置的上级DNS服务器还是那些运营商的)。 言归正转,我们有FREEBSD,肯定想在它的基础上架设DNS服务器,FREEBSD下有个从20世纪80年代就开始使用的DNS服务器软件,目前已经是互联网上部署最多的DNS服务器了,目前版本为9.11。另外我想实现用数据库保存DNS解析记录,这样可以简单的实现web管理。 #选择相应模块安装bind911 cd /usr/ports/dns/bind911/ make install #安装数据库 cd /usr/ports/databases/postgresql10-server make install 创建数据库并设置好相应权限: ee /var/db/postgres/data96/pg_hba.conf #添加一行,允许管理员从任何IP用密码登录 host all webmaster 0.0.0.0/0 md5 ee /var/db/postgres/data96/postgresql.conf listen_addresses = '*' #允许数据库及BIND自动启动 ee /etc/rc.conf postgresql_enable="YES" named_enable="YES" #初始化postgres数据库 /usr/local/etc/rc.d/postgresql initdb #启动数据库 /usr/local/etc/rc.d/postgresql start #建立管理员帐号 createuser -P -d -s -U postgres webmaster 这是原始脚本,也可以使用下面导出的SQL文件 create database dns_dlz; create table dns_records( zone character varying(256), host character varying(256) NOT NULL default '@', ttl integer, view character varying(256), type character varying(256), mx_priority integer, data character varying(256), resp_person character varying(256), serial integer, refresh integer, retry integer, expire integer, minimum integer ); create INDEX dns_records_host_index on dns_records (host); create INDEX dns_records_type_index on dns_records ("type"); create INDEX dns_records_zone_index on dns_records ("zone"); # zone sample.com #soa 记录 insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'SOA', NULL, 'sample.com.', 'root.sample.com.', 2011083001, 28800, 14400, 86400, 86400); insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'SOA', NULL, 'sample.com.', 'root.sample.com.', 2011083001, 28800, 14400, 86400, 86400); #dns 记录 insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'NS', NULL, 'ns1.sample.com.', NULL, 2011083001, 28800, 14400, 86400, 86400); insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'NS', NULL, 'ns1.sample.com.', NULL, 2011083001, 28800, 14400, 86400, 86400); #A记录 time.sample.com insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'time', 600, 'LOCAL', 'A', NULL, '10.0.0.8', NULL, 2011083001, 28800, 14400, 86400, 86400); insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'time', 600, 'ANY', 'A', NULL, '222.222.222.8', NULL, 2011083001, 28800, 14400, 86400, 86400); #A记录 ns1.sample.com insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'ns1', 600, 'LOCAL', 'A', NULL, '10.0.0.10', NULL, NULL, NULL, NULL, NULL, NULL); insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', 'ns1', 600, 'ANY', 'A', NULL, '222.222.222.10', NULL, NULL, NULL, NULL, NULL, NULL); #mx记录 insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'LOCAL', 'MX', 10, 'mail.sample.com.', NULL, NULL, NULL, NULL, NULL, NULL); insert into dns_records(zone, host, ttl, view, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum) values ('sample.com', '@', 600, 'ANY', 'MX', 10, 'mail.sample.com.', NULL, NULL, NULL, NULL, NULL, NULL); 其他域名的添加方式类似,将zone项替换为对于的域名即可 /* Navicat PGSQL Data Transfer Source Server : PostgreSQL86 Source Server Version : 90605 Source Host : 192.168.1.86:5432 Source Database : dns_dlz Source Schema : public Target Server Type : PGSQL Target Server Version : 90605 File Encoding : 65001 Date: 2017-09-13 14:47:24 */ -- ---------------------------- -- Table structure for dns_records -- ---------------------------- DROP TABLE IF EXISTS "dns_records"; CREATE TABLE "dns_records" ( "zone" varchar(256) COLLATE "default", "host" varchar(256) COLLATE "default" DEFAULT '@'::character varying NOT NULL, "ttl" int4, "view" varchar(256) COLLATE "default", "type" varchar(256) COLLATE "default", "mx_priority" int4, "data" varchar(256) COLLATE "default", "resp_person" varchar(256) COLLATE "default", "serial" int4, "refresh" int4, "retry" int4, "expire" int4, "minimum" int4 ) WITH (OIDS=FALSE) ; -- ---------------------------- -- Records of dns_records -- ---------------------------- BEGIN; INSERT INTO "dns_records" VALUES ('sample.com', '*', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', '*', '600', 'LOCAL', 'A', null, '192.168.1.85', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'MX', '10', 'mail.sample.com.', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'NS', null, 'ns1.sample.com.', null, '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'ANY', 'SOA', null, 'sample.com.', 'root.sample.com.', '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'MX', '10', 'mail.sample.com.', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'NS', null, 'ns1.sample.com.', null, '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', '@', '600', 'LOCAL', 'SOA', null, 'sample.com.', 'root.sample.com.', '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', 'mail', '600', 'ANY', 'A', null, '58.210.147.58', null, '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', 'mail', '600', 'LOCAL', 'A', null, '192.168.1.86', null, '2011083001', '28800', '14400', '86400', '86400'); INSERT INTO "dns_records" VALUES ('sample.com', 'ns1', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', 'ns1', '600', 'LOCAL', 'A', null, '192.168.1.86', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', 'www', '600', 'ANY', 'A', null, '58.210.147.58', null, null, null, null, null, null); INSERT INTO "dns_records" VALUES ('sample.com', 'www', '600', 'LOCAL', 'A', null, '192.168.1.86', null, null, null, null, null, null); COMMIT; -- ---------------------------- -- Alter Sequences Owned By -- ---------------------------- -- ---------------------------- -- Indexes structure for table dns_records -- ---------------------------- CREATE INDEX "dns_records_host_index" ON "dns_records" USING btree ("host"); CREATE INDEX "dns_records_type_index" ON "dns_records" USING btree ("type"); CREATE INDEX "dns_records_zone_index" ON "dns_records" USING btree ("zone"); 修改几个配置文件: cd /usr/local/etc/namedb rndc-confgen >rndc.conf tail -n6 rndc.conf | head -n5 | sed -e s/#\//g >named.conf rm -f rndc.conf rndc-confgen -a -c rndc.key dnssec-keygen -a hmac-md5 -b 128 -n HOST local dnssec-keygen -a hmac-md5 -b 128 -n HOST any 以下几个示例配置文件: named.conf // $FreeBSD: head/dns/bind911/files/named.conf.in 443607 2017-06-14 22:54:43Z mat $ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/local/share/doc/bind for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. #listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. forwarders { 223.5.5.5; 223.6.6.6; 8.8.8.8; }; // If the 'forwarders' clause is not empty the default is to 'forward first' // which will fall back to sending a query from your local server if the name // servers in 'forwarders' do not have the answer. Alternatively you can // force your name server to never initiate queries of its own by enabling the // following line: // forward only; // If you wish to have forwarding configured automatically based on // the entries in /etc/resolv.conf, uncomment the following line and // set named_auto_forward=yes in /etc/rc.conf. You can also enable // named_auto_forward_only (the effect of which is described above). // include "/usr/local/etc/namedb/auto_forward.conf"; /* Modern versions of BIND use a random UDP port for each outgoing query by default in order to dramatically reduce the possibility of cache poisoning. All users are strongly encouraged to utilize this feature, and to configure their firewalls to accommodate it. AS A LAST RESORT in order to get around a restrictive firewall policy you can try enabling the option below. Use of this option will significantly reduce your ability to withstand cache poisoning attacks, and should be avoided if at all possible. Replace NNNNN in the example with a number between 49160 and 65530. */ // query-source address * port NNNNN; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. // The traditional root hints mechanism. Use this, OR the slave zones below. //zone "." { type hint; file "/usr/local/etc/namedb/named.root"; }; /* Slaving the following zones from the root name servers has some significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS On the other hand, this method requires more monitoring than the hints file to be sure that an unexpected failure mode has not incapacitated your server. Name servers that are serving a lot of clients will benefit more from this approach than individual hosts. Use with caution. To use this mechanism, uncomment the entries below, and comment the hint zone above. As documented at http://dns.icann.org/services/axfr/ these zones: "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others are available for AXFR from these servers on IPv4 and IPv6: xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org */ /* zone "." { type slave; file "/usr/local/etc/namedb/slave/root.slave"; masters { 192.0.32.132; // lax.xfr.dns.icann.org 2620:0:2d0:202::132; // lax.xfr.dns.icann.org 192.0.47.132; // iad.xfr.dns.icann.org 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; zone "arpa" { type slave; file "/usr/local/etc/namedb/slave/arpa.slave"; masters { 192.0.32.132; // lax.xfr.dns.icann.org 2620:0:2d0:202::132; // lax.xfr.dns.icann.org 192.0.47.132; // iad.xfr.dns.icann.org 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; zone "in-addr.arpa" { type slave; file "/usr/local/etc/namedb/slave/in-addr.arpa.slave"; masters { 192.0.32.132; // lax.xfr.dns.icann.org 2620:0:2d0:202::132; // lax.xfr.dns.icann.org 192.0.47.132; // iad.xfr.dns.icann.org 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; zone "ip6.arpa" { type slave; file "/usr/local/etc/namedb/slave/ip6.arpa.slave"; masters { 192.0.32.132; // lax.xfr.dns.icann.org 2620:0:2d0:202::132; // lax.xfr.dns.icann.org 192.0.47.132; // iad.xfr.dns.icann.org 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; */ /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers. This has two significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots */ /* // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; }; zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; }; zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // RFC 1912-style zone for IPv6 localhost address (RFC 6303) zone "0.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; }; // "This" Network (RFCs 1912, 5735 and 6303) zone "0.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // Private Use Networks (RFCs 1918, 5735 and 6303) zone "10.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // Shared Address Space (RFC 6598) zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // Link-local/APIPA (RFCs 3927, 5735 and 6303) zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IETF protocol assignments (RFCs 5735 and 5736) zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IANA Reserved - Old Class E Space (RFC 5735) zone "240.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "241.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "242.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "243.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "244.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "245.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "246.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "247.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "248.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "249.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "250.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "251.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "252.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "253.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "254.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IPv6 Unassigned Addresses (RFC 4291) zone "1.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "3.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "4.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "5.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "6.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "7.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "8.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "9.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "a.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "b.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "c.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "d.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "e.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "0.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "1.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "2.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "3.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "4.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "5.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "6.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "7.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "8.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "9.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "a.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "b.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "0.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "1.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "2.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "3.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "4.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "5.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "6.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "7.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IPv6 ULA (RFCs 4193 and 6303) zone "c.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "d.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IPv6 Link Local (RFCs 4291 and 6303) zone "8.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "9.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "a.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "b.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) zone "c.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "d.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "e.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; zone "f.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; // IP6.INT is Deprecated (RFC 4159) zone "ip6.int" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; */ // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // master name server. // // Do not forget to include the reverse lookup zone! // This is named after the first bytes of the IP address, in reverse // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // // Before starting to set up a master zone, make sure you fully // understand how DNS and BIND work. There are sometimes // non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. /* An example dynamic zone key "exampleorgkey" { algorithm hmac-md5; secret "sf87HJqjkqh8ac87a02lla=="; }; zone "example.org" { type master; allow-update { key "exampleorgkey"; }; file "/usr/local/etc/namedb/dynamic/example.org"; }; */ /* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "/usr/local/etc/namedb/slave/1.168.192.in-addr.arpa"; masters { 192.168.1.1; }; }; */ include "/usr/local/etc/namedb/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; key "any" { algorithm hmac-md5; secret "09o8VJg1+JLEKTD/QrSc5g=="; }; key "local" { algorithm hmac-md5; secret "8tS+9+4siNa0n8oTnuEFsQ=="; }; acl "dns_ip" { 192.168.1.86; #master #10.0.0.9; #slave }; acl "LOCAL" { 192.168.1.0/24; 192.168.2.0/24; 192.168.10.0/24; }; include "/usr/local/etc/namedb/local_acl.conf"; include "/usr/local/etc/namedb/any.conf"; #logging { # category edns-disabled { null; }; # channel query_log { # file "/var/named/data/query.log" versions 3 size 20m; # severity info; # print-time yes; # print-category yes; # }; # category queries { # query_log; # }; #}; local_acl.conf #local network view view "local" { #match-clients { key local; LOCAL; }; #使用文件存储zone使用,用于master slave同步 match-clients { LOCAL; }; #使用数据库时的配置,无需同步 allow-query-cache { LOCAL; }; #allow-transfer { key local; }; #使用文件存储zone使用,用于master slave同步 #server 10.0.0.9 { keys { local; }; }; #使用文件存储zone使用,用于master slave同步 #允许内部ip地址递归查询 allow-recursion { 192.168.1.0/24; 127.0.0.1; }; #------使用文件存储zone 配置----------- # zone "sample.com" { # type master; #slave 配置 type slave; # file "/etc/named/sample.com.in.zone" # # masters { 10.0.0.8; }; #slave 配置 # }; # zone "1.0.10.in-addr.arpa" { # type master; #slave 配置 type slave; # file "/etc/named/0.0.10.in-addr.arpa; # # masters { 10.0.0.8; }; #slave 配置 # }; #------使用文件存储zone 配置----------- #---dlz postgresql database configure---- dlz "postgres zone" { database "postgres 1 {host=localhost port=5432 dbname=dns_dlz user=postgres} {select zone from dns_records where zone = '$zone$' limit 1} {select ttl, type, mx_priority, case when lower(type)='txt' then '\"' || data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' ' || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum else data end from dns_records where zone = '$zone$' and lower(view)='local' and host = '$record$'} {} {select ttl, type, host, mx_priority, case when lower(type)='txt' then '\"' || data || '\"' else data end, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$'}"; }; }; any.conf view "any" { #match-clients { key local; ANY; }; #使用文件存储zone使用,用于master slave同步 match-clients { ANY; }; #使用数据库时的配置,无需同步 allow-query-cache { ANY; }; #allow-transfer { key any; }; #使用文件存储zone使用,用于master slave同步 #server 10.0.0.9 { keys { any; }; }; #使用文件存储zone使用,用于master slave同步 allow-recursion { 127.0.0.1; 192.168.1.0/24; }; #------使用文件存储zone 配置----------- #zone "sample.com" { # type master; # file "/etc/named/sample.com.zone"; # # masters { 10.0.0.8; }; #slave 配置 #}; #zone "222.222.222.in-addr.arpa" { # type master; #slave 配置 type slave; # file "/etc/named/222.222.222.in-addr.arpa"; # # masters { 10.0.0.8; }; #slave 配置 #}; #------使用文件存储zone 配置----------- #---dlz postgresql database configure---- dlz "postgres zone" { database "postgres 1 {host=localhost port=5432 dbname=dns_dlz user=postgres} {select zone from dns_records where zone = '$zone$' limit 1} {select ttl, type, mx_priority, case when lower(type)='txt' then '\"' || data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' ' || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum else data end from dns_records where zone = '$zone$' and lower(view)='any' and host = '$record$'}"; }; #---dlz postgresql database configure---- }; 因为我使用的是FREEBSD 11.0,不支持TCP_FASTOPEN,所以还得编译内核才能够使用BIND ee /etc/sysctl.conf #添加 net.inet.tcp.fastopen.enabled=1 cd /usr/src/sys/i386/conf mkdir ~/kernels/ cp GENERIC TCPOPEN mv TCPOPEN ~/kernels/TCPOPEN ln -s ~/kernels/TCPOPEN ee TCPOPEN #最后添加 # TFO TCP Fast Open TCP_FASTOPEN options TCP_RFC7413 cd /usr/src make buildkernel KERNCONF=TCPOPEN #编译完后安装 make installkernel KERNCONF=TCPOPEN #然后重启 shutdown -r now 重启后应该就能够正常使用相应服务了。 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now