Redhat enterprise 5下 linux配置DNS 之二

sjhf

               
                linux下DNS配置详解之（二）  实验环境 VMware 6.5.2 + RedHat enterprise 5   实验目的 从安全的角度配置dns （增加chroot rpm包）以及用同一个ip解析两个不同的域名  

  首先禁掉防火墙，  

  

  配 ip  

  [root@localhost ~]# vi /etc/resolv.conf  ; generated by /sbin/dhclient-script  search router  nameserver 192.168.0.5  修改一下DNS  下一步： 安装所需的DNS 软件包今天我们装个稍微复杂点的  [root@localhost ~]# cd /mnt  [root@localhost mnt]# ls  cdrom hgfs  [root@localhost mnt]# cd  [root@localhost ~]# mount /dev/cdrom /mnt/cdrom  mount: block device /dev/cdrom is write-protected, mounting read-only  [root@localhost ~]# cd /mnt/cdrom  [root@localhost cdrom]# ls  Cluster README-te.html RELEASE-NOTES-U1-en  ClusterStorage README-zh_CN.html RELEASE-NOTES-U1-en.html  EULA README-zh_TW.html RELEASE-NOTES-U1-es.html  eula.en_US RELEASE-NOTES-as.html RELEASE-NOTES-U1-fr.html  GPL RELEASE-NOTES-bn.html RELEASE-NOTES-U1-gu.html  images RELEASE-NOTES-de.html RELEASE-NOTES-U1-hi.html  isolinux RELEASE-NOTES-en RELEASE-NOTES-U1-it.html  README-as.html RELEASE-NOTES-en.html RELEASE-NOTES-U1-ja.html  README-bn.html RELEASE-NOTES-es.html RELEASE-NOTES-U1-kn.html  README-de.html RELEASE-NOTES-fr.html RELEASE-NOTES-U1-ko.html  README-en RELEASE-NOTES-gu.html RELEASE-NOTES-U1-ml.html  README-en.html RELEASE-NOTES-hi.html RELEASE-NOTES-U1-mr.html  README-es.html RELEASE-NOTES-it.html RELEASE-NOTES-U1-or.html  README-fr.html RELEASE-NOTES-ja.html RELEASE-NOTES-U1-pa.html  README-gu.html RELEASE-NOTES-kn.html RELEASE-NOTES-U1-pt_BR.html  README-hi.html RELEASE-NOTES-ko.html RELEASE-NOTES-U1-ru.html  README-it.html RELEASE-NOTES-ml.html RELEASE-NOTES-U1-si.html  README-ja.html RELEASE-NOTES-mr.html RELEASE-NOTES-U1-ta.html  README-kn.html RELEASE-NOTES-or.html RELEASE-NOTES-U1-te.html  README-ko.html RELEASE-NOTES-pa.html RELEASE-NOTES-U1-zh_CN.html  README-ml.html RELEASE-NOTES-pt_BR.html RELEASE-NOTES-U1-zh_TW.html  README-mr.html RELEASE-NOTES-ru.html RELEASE-NOTES-zh_CN.html  README-or.html RELEASE-NOTES-si.html RELEASE-NOTES-zh_TW.html  README-pa.html RELEASE-NOTES-ta.html RPM-GPG-KEY-redhat-beta  README-pt_BR.html RELEASE-NOTES-te.html RPM-GPG-KEY-redhat-release  README-ru.html RELEASE-NOTES-U1-as.html Server  README-si.html RELEASE-NOTES-U1-bn.html TRANS.TBL  README-ta.html RELEASE-NOTES-U1-de.html VT  [root@localhost cdrom]# cd Server  [root@localhost Server]# rpm -ivh bind-  bind-9.3.3-10.el5.i386.rpm  bind-chroot-9.3.3-10.el5.i386.rpm  bind-devel-9.3.3-10.el5.i386.rpm  bind-libbind-devel-9.3.3-10.el5.i386.rpm  bind-libs-9.3.3-10.el5.i386.rpm  bind-sdb-9.3.3-10.el5.i386.rpm  bind-utils-9.3.3-10.el5.i386.rpm  [root@localhost Server]# rpm -ivh bind-9.3.3-10.el5.i386.rpm   warning: bind-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186  Preparing... ########################################### [100%]  1:bind ########################################### [100%]  [root@localhost Server]# rpm -ivh util-linux-2.13-0.45.el5.i386.rpm   warning: util-linux-2.13-0.45.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186  Preparing... ########################################### [100%]  package util-linux-2.13-0.45.el5 is already installed  [root@localhost Server]# rpm -ivh cach  cachefilesd-0.8-2.el5.i386.rpm  caching-nameserver-9.3.3-10.el5.i386.rpm  [root@localhost Server]# rpm -ivh cach  cachefilesd-0.8-2.el5.i386.rpm  caching-nameserver-9.3.3-10.el5.i386.rpm  [root@localhost Server]# rpm -ivh caching-nameserver-9.3.3-10.el5.i386.rpm   warning: caching-nameserver-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186  Preparing... ########################################### [100%]  1:caching-nameserver ########################################### [100%]  [root@localhost Server]# rpm -ivh bind-chroot-9.3.3-10.el5.i386.rpm   warning: bind-chroot-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186  Preparing... ########################################### [100%]  1:bind-chroot ########################################### [100%]  [root@localhost Server]#  解释一下，，这里 装了四个包，而上次只装了三个包，这个bing-chroot-9.3.3-10.el5.i386.rpm  这个包的作用就是增加了他的安全性，这也是2.6内核的新功能，当然你说不装他可不可以，当然可以，装完以后有什么区别呢  以前我们的配置文件的保存位置是下面的几个地方  /etc/named.conf  /var/named/named.ca 这是根域文件  /var/named/localhost.zone 正向区域文件  /var/named/named.local 反向区域文件  而装完这个包之后，我们的配置文件的存放位置发生了变化  变成更深一级的目录  如/var/named/chroot/etc/named.conf  依次类推其他文件的存放位置  ~  [root@localhost Server]# cd /var/named/chroot/etc  [root@localhost etc]# ls  localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key  [root@localhost etc]# vi named.conf  修改如下  // generated by named-bootconf.pl  options {  directory "/var/named";  /*  * If there is a firewall between you and nameservers you want  * to talk to, you might need to uncomment the query-source  * directive below. Previous versions of BIND always asked  * questions using port 53, but BIND 8.1 uses an unprivileged  * port by default.  */  // query-source address * port 53;  };  //  // a caching only nameserver config  //  controls {  inet 127.0.0.1 allow { localhost; } keys { rndckey; };  };  zone "." IN {  type hint;  file "named.ca";  };  zone "sina.com" IN {  type master;  file "sina.zone";  allow-update { none; };  };  zone "0.168.192.in-addr.arpa" IN {  type master;  file "sina.local";  allow-update { none; };  };  include "/etc/rndc.key";  保存退出  修改正向区域文件  [root@localhost etc]# cd /var/named/chroot/var/named  [root@localhost named]# ls  data localhost.zone named.ca named.local slaves  localdomain.zone named.broadcast named.ip6.local named.zero  [root@localhost named]# cp named.local sina.local  [root@localhost named]# cp named.local sina.zone  [root@localhost named]# vi sina.zone  修改后如下  $TTL 86400  @ IN SOA sina.com. root.sina.com. (  1997022700 ; Serial  28800 ; Refresh  14400 ; Retry  3600000 ; Expire  86400 ) ; Minimum  IN NS sina.com.  www IN A 192.168.0.5  ~  保存退出 修改反向区域文件  [root@localhost named]# vi sina.local  修改如下  $TTL 86400  @ IN SOA sina.com. root.sina.com. (  1997022700 ; Serial  28800 ; Refresh  14400 ; Retry  3600000 ; Expire  86400 ) ; Minimum  IN NS sina.com.  5 IN PTR
www.sina.com.
  保存退出  修改属组  [root@localhost named]# ll  总计 88  drwxrwx--- 2 named named 4096 2004-08-25 data  -rw-r----- 1 root named 198 2007-07-19 localdomain.zone  -rw-r----- 1 root named 195 2007-07-19 localhost.zone  -rw-r----- 1 root named 427 2007-07-19 named.broadcast  -rw-r----- 1 root named 2518 2007-07-19 named.ca  -rw-r----- 1 root named 424 2007-07-19 named.ip6.local  -rw-r----- 1 root named 426 2007-07-19 named.local  -rw-r----- 1 root named 427 2007-07-19 named.zero  -rw-r----- 1 root root 415 04-25 19:48 sina.local  -rw-r----- 1 root root 413 04-25 19:43 sina.zone  drwxrwx--- 2 named named 4096 2004-07-27 slaves  [root@localhost named]# chgrp named sina.local  [root@localhost named]# chgrp named sina.zone  [root@localhost named]#  重启服务  [root@localhost named]# service network restart  Shutting down interface eth0: [ OK ]  Shutting down loopback interface: [ OK ]  Bringing up loopback interface: [ OK ]  Bringing up interface eth0: [ OK ]  [root@localhost named]# service named restart  Stopping named: [FAILED]  Starting named: [ OK ]  [root@localhost named]#  测试网络  [root@localhost named]# nslookup
www.sina.com
  Server: 127.0.0.1  Address: 127.0.0.1#53  Name:
www.sina.com
  Address: 192.168.0.5  正向成功  [root@localhost named]# nslookup 192.168.0.5  Server: 127.0.0.1  Address: 127.0.0.1#53  5.0.168.192.in-addr.arpa name =
www.sina.com.
  [root@localhost named]#  反向成功ok  设想一下，怎么样用同一个ip解析sina 和sohu呢 （千万别把windows中的别名CNAME 记录用到这里）  [root@localhost named]# vi /var/named/chroot/etc/named.conf  修改此文件，关键部分显示结果如下  zone "sina.com" IN {  type master;  file "sina.zone";  allow-update { none; };  };  zone "0.168.192.in-addr.arpa" IN {  type master;  file "sina.local";  allow-update { none; };  };  zone "sohu.com" IN {  type master;  file "sohu.zone";  allow-update { none; };  };  include "/etc/rndc.key";  保存退出  [root@localhost named]# cd /var/named/chroot/var/named  [root@localhost named]# ls  data named.broadcast named.local sina.zone  localdomain.zone named.ca named.zero slaves  localhost.zone named.ip6.local sina.local  [root@localhost named]# cp sina.zone sohu.zone  [root@localhost named]# vi sohu.zone  修改sohu的正向区域文件如下  $TTL 86400  @ IN SOA sohu.com. root.sohu.com. (  1997022700 ; Serial  28800 ; Refresh  14400 ; Retry  3600000 ; Expire  86400 ) ; Minimum  IN NS sohu.com.  www IN A 192.168.0.5  保存退出  [root@localhost named]# vi sina.local  修改sina的反响区域文件  ~ $TTL 86400  @ IN SOA sina.com. root.sina.com. (  1997022700 ; Serial  28800 ; Refresh  14400 ; Retry  3600000 ; Expire  86400 ) ; Minimum  IN NS sina.com.  5 IN PTR
www.sina.com.
  5 IN PTR
www.sohu.com.
  ~  保存退出  [root@localhost named]# ll  总计 96  drwxrwx--- 2 named named 4096 2004-08-25 data  -rw-r----- 1 root named 198 2007-07-19 localdomain.zone  -rw-r----- 1 root named 195 2007-07-19 localhost.zone  -rw-r----- 1 root named 427 2007-07-19 named.broadcast  -rw-r----- 1 root named 2518 2007-07-19 named.ca  -rw-r----- 1 root named 424 2007-07-19 named.ip6.local  -rw-r----- 1 root named 426 2007-07-19 named.local  -rw-r----- 1 root named 427 2007-07-19 named.zero  -rw-r----- 1 root named 438 04-25 20:22 sina.local  -rw-r----- 1 root named 413 04-25 19:43 sina.zone  drwxrwx--- 2 named named 4096 2004-07-27 slaves  -rw-r----- 1 root root 413 04-25 20:20 sohu.zone  [root@localhost named]# chgrp named sohu.zone  [root@localhost named]#   修改sohu的属组  重启服务  [root@localhost named]# service named restart  Stopping named: [ OK ]  Starting named: [ OK ]  [root@localhost named]# nslookup
www.sohu.com
  Server: 127.0.0.1  Address: 127.0.0.1#53  Name:
www.sohu.com
  Address: 192.168.0.5  [root@localhost named]# nslookup 192.168.0.5  Server: 127.0.0.1  Address: 127.0.0.1#53  5.0.168.192.in-addr.arpa name =
www.sina.com.
  5.0.168.192.in-addr.arpa name =
www.sohu.com.
  [root@localhost named]#  ok 看来实验很成功  由于之前的一片我觉得讲的比较细致了，所以这一片就是泛泛的过了一遍，增加了点难度
http://yuzeying.blog.51cto.com/644976/153342
[/url]
               

本文来自ChinaUnix博客，如果查看原文请点：[url]http://blog.chinaunix.net/u3/93926/showart_1964124.html

lstars0507

这片文章，哎……………………