- 论坛徽章:
- 7
|
一:软件包
bind-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
caching-nameserver
二:实现过程
1:复制配置文件
[root@www /]#/var/named/chroot/etc
-rw-r--r-- 1 root root 405 06-03 00:00 localtime
-rw-r----- 1 root named 1195 01-06 21:11 named.caching-nameserver.conf
-rw-r----- 1 root named 955 01-06 21:11 named.rfc1912.zones.bak
-rw-r----- 1 root named 113 06-03 20:48 rndc.key
[root@www /]#cp -p named.caching-nameserver.conf named.conf
[root@www /]#cp -p named.rfc1912.zones named.rfc1912.zones.bak
[root@www /]#/var/named/chroot/etc
-rw-r--r-- 1 root root 405 06-03 00:00 localtime
-rw-r----- 1 root named 1195 01-06 21:11 named.caching-nameserver.conf
-rw-r----- 1 root named 955 01-06 21:11 named.rfc1912.zones.bak
-rw-r----- 1 root named 113 06-03 20:48 rndc.key
-rw-r----- 1 root named 1171 06-15 17:42 named.conf ####cp的配置文件
-rw-r----- 1 root named 965 06-15 17:52 named.rfc1912.zones.bak ###同上
2:编辑配置文件
[root@www etc]# vim named.conf
内容如下:
//
options {
listen-on port 53 { any; }; ###修改成any
listen-on-v6 port 53 { ::1; };
directory "/var/named"; ###dns根目录(实际是/var/named/chroot/var/named)
dump-file "/var/named/data/cache_dump.db"; ###缓存文件路径
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; ###修改成any (允许任何客户端迭代查询) ####也可以限制客户端查询,比如:修改成none,拒绝任何客户端查询。
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; ###修改成any
match-destinations { any; }; ###修改成any
recursion yes; ####允许递归查询
include "/etc/named.rfc1912.zones";
};
3:建立DNS服务器所解析的域名文件
[root@www etc]# vim named.rfc1912.zones
//
zone "." IN {
type hint;
file "named.ca";
};
zone "apple.com" IN { ####DNS服务器所要解析的域名
type master;
file "apple.com.zone"; ####apple.com区域文件
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr.local";
allow-update { none; };
};
4:重启named服务
Service named restart
5: 设置客户pc机器的主机名以及域名、并指向DNS服务器地址
修改: /etc/hosts
127.0.0.1
www.apple.com
修改:/etc/sysconfig/network
HOSTNAME=www.apple.com
修改:/etc/resolv.conf
nameserver 192.168.1.112 ####DNS服务器地址
6:测试
测试命令:nslookup , host , dig .
1.1 nslookup
[root@www etc]# nslookup
> www.apple.com
Server: 192.168.1.112
Address: 192.168.1.112#53
Name: www.apple.com
Address: 192.168.1.112
> 192.168.1.112
Server: 192.168.1.112
Address: 192.168.1.112#53
112.1.168.192.in-addr.arpa name = www.apple.com.
>
************************测试成功***********************
1.2 host
[root@www etc]# host www.apple.com
www.apple.com has address 192.168.1.112
[root@www etc]# host 192.168.1.112
112.1.168.192.in-addr.arpa domain name pointer
www.apple.com
.
************************测试成功***********************
1.3 dig
[root@www etc]# dig www.apple.com
; > DiG 9.3.4-P1 > www.apple.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 86400 IN A 192.168.1.112
;; AUTHORITY SECTION:
apple.com. 86400 IN NS apple.com.
;; Query time: 9 msec
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Tue Jun 16 10:00:40 2009
;; MSG SIZE rcvd: 61
[root@www etc]# dig @192.168.1.112 www.apple.com
; > DiG 9.3.4-P1 > @192.168.1.112 www.apple.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 86400 IN A 192.168.1.112
;; AUTHORITY SECTION:
apple.com. 86400 IN NS apple.com.
;; Query time: 8 msec
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Tue Jun 16 10:01:45 2009
;; MSG SIZE rcvd: 61
************************测试成功***********************
后记:
有关DNS的概念性的术语,如:A记录,SOA记录,NS记录等,以及DNS的原理,较高级的DNS相关的技术,如:allow-query (迭代查询)、allow-recursion (递归查询)、allow-transfer (区域传输) ,主从DNS服务器,rndc远程加密管理DNS服务器等,下次介绍。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/94782/showart_1965657.html |
|
免费注册
发表于 2009-06-16 10:53