当前位置: 主页 > Linux >

Linux CentOS DNS速配

时间:2012-02-04 11:34来源:ITminer.net 作者:eason 点击:

环境inux CentOS 5.5

 

DNS  Server: 10.5.9.52  ns.itminer.net

Test Client: 10.5.9.50  client.itminer.net

 

一.检查DNS Server所需安装包(如果没有安装,rpm安装即可)

 

[root@master ~]# rpm -qa |grep bind

bind-libs-9.3.6-4.P1.el5_4.2     --------DNS功能必备的库文件

bind-chroot-9.3.6-4.P1.el5_4.2   --------DNS的chroot模式 提高bind的安全

bind-9.3.6-4.P1.el5_4.2                 --------DNS服务器主程序

bind-utils-9.3.6-4.P1.el5_4.2    --------DNS测试工具程序

bind-devel-9.3.6-4.P1.el5_4.2

bind-libbind-devel-9.3.6-4.P1.el5_4.2

 

二.确认启用chroot环境(安全性需求)

[root@master ~]# cat /etc/sysconfig/named

 

ROOTDIR=/var/named/chroot (确认有此语句,并且不是被注释掉的)

 

三.配置bind的主配置文件/etc/named.conf (注意:/var/named/chroot)

[root@master etc]# pwd

/var/named/chroot/etc

[root@master etc]# cp named.rfc1912.zones named.conf

[root@master etc]# cat named.conf

options {

        directory "/var/named";          ##定义区文件目录

        forwarders { 10.5.9.51;};         ##允许转发

        allow-query {any;};                 ##允许任何主机查询

        allow-transfer { 10.5.9.51;};         ##允许转发的制定ip

 

        };

 

##设置根区域 注意类型是hint

 

zone "." IN {

        type hint;

        file "named.ca";

};

 

##

 

zone "localdomain" IN {

        type master;

        file "localdomain.zone";

        allow-update { none; };

};

 

zone "localhost" IN {

        type master;

        file "localhost.zone";

        allow-update { none; };

};

 

zone "0.0.127.in-addr.arpa" IN {

        type master;

        file "named.local";

        allow-update { none; };

};

 

##设置主区域

 

zone "itminer.net" IN {

        type master;

        file "itminer.net.zone";

        allow-update { none; };

};

 

zone "9.5.10.in-addr.arpa" IN {

        type master;

        file "9.5.10.zone";

        allow-update { none; };

};

 

四.配置正向区域文件(以itminer.net.zone做示例)

 

[root@master named]# pwd

/var/named/chroot/var/named

[root@master named]# cat itminer.net.zone

$TTL 86400

@ IN SOA itminer.net. root.itminer.net. (

                20110717;serial

                3H      ;refresh

                15M     ;retry

                1W      ;expiry

                0       ;minimum

                                      )

 

@       IN      NS      NS.itminer.net.

ns      IN      A       10.5.9.52

www     IN      A       10.5.9.8

 

 

五.配置反向区域文件(以9.5.10.zone为例)

[root@master named]# cat 9.5.10.zone

$TTL 86400

@ IN SOA itminer.net. root.itminer.net. (

 

                20110717

                3H

                15M

                1W

                0

                                      )

 

@       IN      NS      ns.itminer.net.

51      IN      PTR     slave.itminer.net.

50      IN      PTR     client.itminer.net.

 

 

六.重启named服务 测试

1.注意要将named.conf文件和区域文件文件改成named用户及组 否则启动不了named服务

[root@master named]# pwd

/var/named/chroot/var/named

[root@master named]# chown named:named itminer.net.zone

[root@master named]# chown named:named 9.5.10.zone

[root@master named]# chown named:named ../../etc/named.conf

 

2.使用named-checkzone(检查区域文件)和named-checkconf(检查主配置文件) 检查配置的正确性

[root@master etc]# pwd

/var/named/chroot/etc

[root@master etc]# named-checkconf named.conf

 

[root@master named]# pwd

/var/named/chroot/var/named

[root@master named]# named-checkzone itminer.net itminer.net.zone

zone itminer.net/IN: loaded serial 20110717

OK

[root@master named]# named-checkzone  10.5.9 9.5.10.zone

zone 10.5.9/IN: loaded serial 20110717

OK

 

3.重启named服务

[root@master named]# service  named restart

Stopping named:                                            [  OK  ]

Starting named:                                            [  OK  ]

 

4.切换客户端测试(client.itminer.net即10.5.9.50这个机器)

 

[root@clien ~]# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1  localhost.localdomain localhost

10.5.9.52  ns.itminer.net

::1        localhost6.localdomain6 localhost6

 

[root@clien ~]# cat /etc/resolv.conf

nameserver ns.itminer.net

 

 

[root@clien ~]# nslookup

> 10.5.9.50

Server:         10.5.9.52

Address:        10.5.9.52#53

 

50.9.5.10.in-addr.arpa  name = client.itminer.net.

> 10.5.9.51

Server:         10.5.9.52

Address:        10.5.9.52#53

 

51.9.5.10.in-addr.arpa  name = slave.itminer.net.

> www.itminer.net

Server:         10.5.9.52

Address:        10.5.9.52#53

 

Name:   www.itminer.net

Address: 10.5.9.8

> ns.itminer.net

Server:         10.5.9.52

Address:        10.5.9.52#53

 

Name:   ns.itminer.net

Address: 10.5.9.52

>

 

测试ok

 

七.

最后注意:修改完named.conf或者区域数据文件后 是需要重启named服务才生效

如果不重启named服务器的话 用下面2个指令更新也可以

rndc reload     ---区域文件更新

rndc reconfig   ---named.config更新

 

(责任编辑:eason@IT民工 )

顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------

发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名:密码: 验证码:点击我更换图片
加入我们
推荐内容
赞助商
赞助商