


1. 安装BIND9


sudo apt-get update
sudo apt-get install bind9

2. 配置BIND9


sudo nano /etc/bind/named.conf


zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";


$TTL    86400
@       IN      SOA     ns1.example.com. root.example.com. (
                              1         ; Serial
                         604800        ; Refresh
                          86400         ; Retry
                        2419200        ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      ns1.example.com.
ns1     IN      A
www     IN      A

3. 重启BIND9服务


sudo systemctl restart bind9

4. 设置防火墙规则



sudo ufw allow from any to any port 53 protocol tcp # Allow incoming traffic for BIND9 service, e.g., for resolving domain names over DNS protocol on port 53. This is necessary if you are behind a NAT or firewall that does not allow outgoing traffic on the default port of your network connection (usually port 53). The ‘protocol tcp’ part of the command specifies that we want to allow only TCP traffic on the specified port number (in this case, port number 53). If you want to allow both incoming and outgoing traffic on this port, replace ‘any’ with an IP address range that matches your server’s public IP address(es). For example: ‘allow from to any port 53 protocol tcp’ would allow all clients within the range of IP addresses starting with ‘192’ followed by two sets of digits separated by a slash (e.g., ‘192.168.1’) up to a maximum of three sets of digits (e.g., ‘192.168.10’) to access port number 53 using TCP protocol over the Internet connection through your server’s public IP address(es). If you do not know your server’s public IP address(es), use a service like WhatIsMyIPAddress? or similar tool available online that can provide you with your server’s public IP address(es). Note that some firewalls may require additional configuration steps before allowing incoming connections on specific port numbers, such as configuring source address verification (SAV) rules for outgoing connections over VPN connections or other types of secure connections where it is important to verify the identity of the client connecting to your server over the network connection before allowing them access to specific services running on your server, such as web servers or database servers that store sensitive information about users or clients who visit those sites or use those services over the internet connection through their browsers or applications installed on their devices connected directly to the same local network segment as your server’s public IP address(es).




声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 成都快上网