Environment

Operating system: Ubuntu Version: 14.04 Update on 2 years ago
named.conf.default-zones Raw Download
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "bj" {
	type master;
	file "/etc/bind/db.bj";
};

zone "demo.test.com" {
	type master;
	file "/etc/bind/db.demo.test.com";
};

zone "10.in-addr.arpa" {
	type master;
	file "/etc/bind/db.10";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};


db.demo.test.com(单个域名配置) Raw Download
;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	demo.test.com. root.demo.test.com. (
			      3		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	demo.test.com.
@	IN	A   10.163.15.171	
db.bj(内网域名解析) Raw Download
;
; BIND data file for local loopback interface
;
$TTL	604800
@	IN	SOA	bj. root.bj. (
			     23		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@       	    IN	    NS  	ns1.bj.
@	            IN  	NS	    ns2.bj.
@	            IN	    A	    127.0.0.1
@	            IN  	AAAA	::1
ns1             IN      A       10.251.213.214
ns2             IN      A       10.251.212.131 

rediscluster01	IN  	A	    10.251.213.214	
namenode1       IN      A       10.172.2.99
namenode2       IN      A       10.171.39.30
datanode1       IN      A       10.172.198.175
datanode2       IN      A       10.171.16.72
datanode3       IN      A       10.172.175.138
datanode4       IN      A       10.173.21.78
api-web02       IN      A       10.171.128.15
api-web03       IN      A       10.173.31.172
api-web04       IN      A       10.171.45.140
api-web05       IN      A       10.171.41.125
api-web06       IN      A       10.163.12.16
api-web07       IN      A       10.171.18.83
api-web08       IN      A       10.163.14.131
api-web09       IN      A       10.163.0.45
api-web10       IN      A       10.162.207.120
api-web11       IN      A       10.162.196.50
api-web12       IN      A       10.170.180.235
api-web13       IN      A       10.163.12.4
api-web14       IN      A       10.171.90.235
api-web15       IN      A       10.162.202.171
api-web16       IN      A       10.171.18.76
api-web17       IN      A       10.170.241.82
api-web25       IN      A       10.170.219.184
api-web01       IN      A       10.165.112.185
all-web27       IN      A       10.171.102.59
all-web26       IN      A       10.171.44.79
all-web29       IN      A       10.251.6.172
all-web23       IN      A       10.165.68.18
all-web22       IN      A       10.162.197.221
all-web21       IN      A       10.171.47.49
all-web25       IN      A       10.171.40.157
all-web24       IN      A       10.170.253.45
logstash01      IN      A       10.172.186.140
qa01            IN      A       10.173.48.64
queue03         IN      A       10.172.3.61
logstash02      IN      A       10.162.205.11
cron01          IN      A       10.170.194.196
vpn01           IN      A       10.252.36.239
db.10(内网IP反向解析) Raw Download
;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			     18		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@           	IN	    NS  	ns1.bj.
@           	IN	    NS  	ns2.bj.
214.213.251	    IN	    PTR 	rediscluster01.bj.	
131.212.251	    IN	    PTR 	rediscluster02.bj.	
73.199.162      IN      PTR     redis01.bj.
209.219.162     IN      PTR     mongo01.bj.
44.16.171	    IN  	PTR 	static-web01.bj.	
171.92.132      IN      PTR     backup01.bj.
99.2.172        IN      PTR     namenode1.bj.
30.39.171       IN      PTR     namenode2.bj.
175.198.172     IN      PTR     datanode1.bj.
72.16.171       IN      PTR     datanode2.bj.
138.175.172     IN      PTR     datanode3.bj.
78.21.173       IN      PTR     datanode4.bj.
15.128.171      IN      PTR     api-web02.bj.
172.31.173      IN      PTR     api-web03.bj.
140.45.171      IN      PTR     api-web04.bj.
125.41.171      IN      PTR     api-web05.bj.
16.12.163       IN      PTR     api-web06.bj.
83.18.171       IN      PTR     api-web07.bj.
131.14.163      IN      PTR     api-web08.bj.
45.0.163        IN      PTR     api-web09.bj.
120.207.162     IN      PTR     api-web10.bj.
50.196.162      IN      PTR     api-web11.bj.
235.180.170     IN      PTR     api-web12.bj.
4.12.163        IN      PTR     api-web13.bj.
235.90.171      IN      PTR     api-web14.bj.
171.202.162     IN      PTR     api-web15.bj.
76.18.171       IN      PTR     api-web16.bj.
82.241.170      IN      PTR     api-web17.bj.
184.219.170     IN      PTR     api-web25.bj.
185.112.165     IN      PTR     api-web01.bj.
59.102.171      IN      PTR     all-web27.bj.
79.44.171       IN      PTR     all-web26.bj.
172.6.251       IN      PTR     all-web29.bj.
18.68.165       IN      PTR     all-web23.bj.
221.197.162     IN      PTR     all-web22.bj.
49.47.171       IN      PTR     all-web21.bj.
157.40.171      IN      PTR     all-web25.bj.
45.253.170      IN      PTR     all-web24.bj.
140.186.172     IN      PTR     logstash01.bj.
51.233.172      IN      PTR     queue01.bj.
7.132.171       IN      PTR     queue02.bj.
64.48.173       IN      PTR     qa01.bj.
61.3.172        IN      PTR     queue03.bj.
45.181.170      IN      PTR     zabbix-server.bj.
11.205.162      IN      PTR     logstash02.
196.194.170     IN      PTR     cron01.bj.
50.183.170      IN      PTR     op-console.bj.
239.36.252      IN      PTR     vpn01.bj.
named.conf.options.j2(bind选项配置-ansible模板) Raw Download
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
    listen-on { 127.0.0.1; {{ ansible_eth0.ipv4.address }}; };
	allow-recursion { 10.0.0.1/8; };
	//listen-on-v6 { any; };
};