==== 安装 ====
  * yum install bind



----

===== 配置文件 =====
==== vim /etc/named.conf ====

<code>
acl slaves{   # 定义acl规则
        10.0.2.11;
        10.0.2.12;
};
acl clients{  # 定义acl规则
        10.0.2.12/16;
};

options {
        directory "/var/named";  # 工作目录
        statistics-file "/var/named/stats"; #统计文件位置
        allow-recursion {clients;}; # 允许递归查询的客户端。
        #递归查询需要从根域一级一级查的查询（如baidu.com）。
        #非递归查询：在当前的dns中就能直接获得结果的查询（如fang.com）。
        #不在allow-recursion中的主机不能进行递归解析。但允许非递归查询。
        
        listen-on port 53 {127.0.0.1;10.0.2.10;}; #监听哪些网卡，端口
};
zone "." IN {    # 根域，当请求的域名是非本地域时，自动请求跟
        type hint;
        file "named.ca";
};
zone "localhost" IN {  # localhost的解析
        type master;
        file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN { # 127.0.0.* 网段的反解析（要倒着写）
        type master;
        file "named.local";
};

zone "fang.com" IN { # 配置fang.com域名的解析（用于内网）
        type master; # master(主节点域，真正解析的域)
                     # slave(从节点域，同步master的域)
                     # forward(请求转发域)
                     # hint(默认解析域，一般指向根域)
        file "fang.com.zone";
};
zone "0.10.in-addr.arpa" IN {
        type master;
        file "10.0.zone";
};

</code>
==== vim /var/named/fang.com.zone ====

<code>
$TTL 600  
$ORIGIN fang.com.
@       IN      SOA     ns      admin   ( # SOA一定要出现在第一行，但可以在$TTL,$ORIGIN后面
                1000000001   # 文件版本号,每次修改后续手动加1
                1H           # 刷新时间
                10M          # 重试时间按
                1W           # 过期 1周
                1D )         # 让用户缓存一天
                
fang.com.        IN      NS      ns # ns记录后面一定要有A记录
ns      IN      A       10.0.2.1  

mail    IN      A       10.0.2.2   # 应为这个域名是内网域名，所以对应的ip都是内网ip
www     IN      A       10.0.2.3
www     IN      A       10.0.2.4
imap    IN      A       10.0.2.5
</code>
==== vim /var/named/named.ca====
<code>
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2 <<>> +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26229
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 24

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     518400  IN      A       198.41.0.4
b.root-servers.net.     518400  IN      A       192.228.79.201
c.root-servers.net.     518400  IN      A       192.33.4.12
d.root-servers.net.     518400  IN      A       199.7.91.13
e.root-servers.net.     518400  IN      A       192.203.230.10
f.root-servers.net.     518400  IN      A       192.5.5.241
g.root-servers.net.     518400  IN      A       192.112.36.4
h.root-servers.net.     518400  IN      A       128.63.2.53
i.root-servers.net.     518400  IN      A       192.36.148.17
j.root-servers.net.     518400  IN      A       192.58.128.30
k.root-servers.net.     518400  IN      A       193.0.14.129
l.root-servers.net.     518400  IN      A       199.7.83.42
m.root-servers.net.     518400  IN      A       202.12.27.33
a.root-servers.net.     518400  IN      AAAA    2001:503:ba3e::2:30
c.root-servers.net.     518400  IN      AAAA    2001:500:2::c
d.root-servers.net.     518400  IN      AAAA    2001:500:2d::d
f.root-servers.net.     518400  IN      AAAA    2001:500:2f::f
h.root-servers.net.     518400  IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     518400  IN      AAAA    2001:7fe::53
j.root-servers.net.     518400  IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     518400  IN      AAAA    2001:7fd::1
l.root-servers.net.     518400  IN      AAAA    2001:500:3::42
m.root-servers.net.     518400  IN      AAAA    2001:dc3::35

;; Query time: 58 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Wed Apr 23 14:52:37 CEST 2014
;; MSG SIZE  rcvd: 727
</code>
====vim /var/named/localhost.zone ====
<code>
$TTL 600
@       IN      SOA     localhost.      admin.localhost.(
                1231231231
                1H
                10M
                1W
                1D )
                IN      NS      localhost.
localhost.      IN      A       127.0.0.1
</code>
==== vim /var/named/named.local====
<code>
$TTL 600
@       IN      SOA     localhost.      admin.localhost.(
                1231231231
                1H
                10M
                1W
                1D )
        IN      NS      localhost.
1       IN      PTR     localhost.
</code>
==== vim /var/named/10.0.zone ====

<code>
$TTL 600
@       IN      SOA     dns.fang.com.   admin.fang.com.(
                1000000001
                1H
                10M
                1W
                1D )
                IN      NS      dns.fang.com.
                IN      NS      dns2.fang.com.
10.2            IN      PTR     dns.fang.com.  # 反解析，对应ip 10.0.2.10
11.2            IN      PTR     dns2.fang.com.
12.2            IN      PTR     www.fang.com.
13.2            IN      PTR     www.fang.com.
</code>
==== 配置管理客户端rndc ====
  * 执行命令rndc-confgen，该命令会打印出若干行字符串。字符串分2部分。分别讲这两部分写入/etc/rndc.conf 和 /etc/named.conf 

  * rndc:
    * stop 停止dns服务
    * status
    * reload   重新载入配置文件
    * reload zone 重新载入某区域文件
    * reconfig  重新载入主配置文件和更新过的文件