Chinaunix
标题:
DNS 架设过程
[打印本页]
作者:
yoomck
时间:
2008-06-07 00:28
标题:
DNS 架设过程
平台 :redhat EL 5
第一步: 软件下载:bind 9.4.2 地址
http://www.isc.org/index.pl
第二步: 安装
# tar zxvf bind-9.4.2.tar.gz
# cd bind-9.4.2
# ./configure --prefix=/usr/local/bind --sysconfdir=/etc
# make
# make install
第三步:配置
生成/etc/rndc.conf
#/usr/local/bind/sbin/rndc-confgen > /etc/rndc.conf
# tail -10 /etc/rndc.conf|head -9|sed s/#\//g >>/etc/named.conf
A)cache-only dns server 配置
# vi /etc/named.conf
//this setting is only for forwarding dns server
options {
forward only;
forwarders {
211.94.69.34;
211.94.65.97;
};
pid-file "/usr/local/bind/var/run/named.pid";
};
key "rndc-key" {
algorithm hmac-md5;
secret "N2uQAFWNwrMIVKMapOFq0Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
B)完整 DNS SERVER 配置
需要配置的文档大概如下几个:
1./etc/named.conf
2./etc/named/named.root
3./etc/named/named.localhost
4./etc/named/named.127.0.0
5./etc/named/named.正解档案
6./etc/named/named.反解档案
hostname 与 ip地址规划
www.mysite.com
------> 192.168.0.105
mail.mysite.com ------> 192.168.0.105
ftp.mysite.com ------> 192.168.0.106
编辑/etc/named.conf
# vi /etc/named.conf
// dns server
options {
directory "/etc/named";
forwarders {
211.94.69.34;
211.94.65.97;
};
pid-file "/usr/local/bind/var/run/named.pid";
allow-query { any; };
allow-transfer { none; };
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.127.0.0";
};
zone "mysite.com" {
type master;
file "named.mysite.com";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "named.192.168.0";
};
key "rndc-key" {
algorithm hmac-md5;
secret "N2uQAFWNwrMIVKMapOFq0Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
建立目录/etc/named/ #mkdir /etc/named
先让自己的DNS服务器指向上游ISP提供的DNS服务器地址
#echo "nameserver 211.94.69.34"> /etc/resolv.conf
获得 named.root 文档
方法一、
#ftp rs.internic.net
username anonymous
password:回车
ftp> cd domain
ftp> get named.root
ftp>bye
#cp named.root /etc/named
方法二、
#/usr/local/bind/bin/dig -t NS . >/etc/named/named.root
编辑 /etc/named/named.localhost 文档
# vi /etc/named/named.localhost
TTL 600
@ IN SOA localhost. root.localhost. (
20080228 ;serial
28800 ;refresh
14400 ;retry
720000 ;expire
86400 ;minimum
)
@ IN NS localhost.
localhost. IN A 127.0.0.1
编辑/etc/named/named.127.0.0 文档
# vi /etc/named/named.127.0.0
$TTL 600
@ IN SOA localhost. root.localhost. (
20080228 ;serial
28800 ;refresh
14400 ;retry
720000 ;expire
86400 ;minium
)
@ IN NS localhost.
1 IN PTR localhost.
编辑/etc/named/named.mysite.com正解文档
# vi /etc/named/named.mysite.com
$TTL 600
@ IN SOA mysite.com. root.mysite.com. (
20080228 ;serial
28800 ;refresh
14400 ;retry
720000 ;expire
86400 ;mininum
)
@ IN NS mysite.com.
@ IN MX 10 mail.mysite.com.
mysite.com. IN A 192.168.0.105
www IN A 192.168.0.105
mail IN CNAME www
ftp IN A 192.168.0.106
编辑/etc/named/named.192.168.0反解文档
# vi /etc/named/named.192.168.0
$TTL 600
@ IN SOA mysite.com. root.mysite.com. (
20080228
28800
14400
720000
86400
)
@ IN NS mysite.com.
105 IN PTR mysite.com.
105 IN PTR www.mysite.com.
106 IN PTR
ftp.mysite.com
.
第四步:启动测试
让自己的DNS服务器指向自己
#echo "nameserver 127.0.0.1"> /etc/resolv.conf
启动bind
#/usr/local/bind/sbin/named
[root@localhost ~]# nslookup
> mysite.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mysite.com
Address: 192.168.0.105
> ftp.mysite.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ftp.mysite.com
Address: 192.168.0.106
> mail.mysite.com
Server: 127.0.0.1
Address: 127.0.0.1#53
mail.mysite.com canonical name =
www.mysite.com.
Name:
www.mysite.com
Address: 192.168.0.105
> set type=mx
> mysite.com
Server: 127.0.0.1
Address: 127.0.0.1#53
mysite.com mail exchanger = 10 mail.mysite.com.
> set type=a
>
www.mysite.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name:
www.mysite.com
Address: 192.168.0.105
> 192.168.0.105
Server: 127.0.0.1
Address: 127.0.0.1#53
105.0.168.192.in-addr.arpa name =
www.mysite.com.
105.0.168.192.in-addr.arpa name = mysite.com.
> 192.168.0.106
Server: 127.0.0.1
Address: 127.0.0.1#53
106.0.168.192.in-addr.arpa name = ftp.mysite.com.
>
如果想加入独立日志功能安如下操作
#mkdir /var/log/named
编辑/etc/named.conf
添加:
[Copy to clipboard]
[ - ]
CODE:
logging {
channel dns_errors
{ file "/var/log/named/err_logs" versions 3 size 10m;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
channel dns_queries
{ file "/var/log/named/query_logs" versions 3 size 10m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { dns_errors; };
category queries { dns_queries; };
};
重新启动bind
本文来自ChinaUnix博客,如果查看原文请点:
http://blog.chinaunix.net/u2/70208/showart_728793.html
欢迎光临 Chinaunix (http://bbs.chinaunix.net/)
Powered by Discuz! X3.2