- 论坛徽章:
- 0
|
DNS架设
安装BIND
**********************************
一、下载BIND http://www.isc.org
bind-9.2.3.tar
二、卸载默认安装
rpm -e caching-nameserver
rpm -e redhat-config-bind
rpm -e bind
rpm -e bind-utils
三、编译安装
#cd /usr/local/src
#tar xzvf bind-9.2.3.tar.gz
#cd bind-9.2.3
#./configure --prefix=/usr/local/bind
(--sysconfdir=/etc )
#make
#make install
四、安装完后执行文件ln -s /usr/local/bind/sbin/rndc /usr/sbin/rndc
ln -s /usr/local/bind/sbin/named /usr/sbin/named
/usr/local/bind/bin目录下有调试工具:
dig host nslookup
/usr/local/bind/sbin目录下有服务器程式(包括DNS管理工具):
ssec-keygen dnssec-signkey lwresd named-checkconf rndc
dnssec-makekeyset dnssec-signzone named named-checkzone rndc-confgen
手动创建文件/usr/local/bind/etc/rndc.conf
**************************************
mkdir /usr/local/bind/etc
/usr/local/bind/sbin/rndc-confgen >/usr/local/bind/etc/rndc.conf
手动创建文件/usr/local/bind/etc/rndc.key
**************************************
tail +13 /usr/local/bind/etc/rndc.conf >/usr/local/bind/etc/rndc.key #去掉相应的注示符
:.,$-1s/^#\ //
手动生成根服务器文件named.ca
**********************************************************************
mkdir /var/named
/usr/local/bind/bin/dig @a.root-servers.net . NS > /var/named/named.ca
**************************************
手动创建主配置文件/etc/named.conf
手动创建主配置文件/etc/named.local
手动创建相应的zone文件
/var/named/named.mihost.kmip.net
/var/named/named.1.168.192
mkdir -p /usr/local/bind/var/run #一定要创建否则named进程是启动不了
named -c /etc/named.conf
ps -aux |grep named
tail /var/log/messages
vi /etc/resolv.conf
nameserver 127.0.0.1
***********************
rndc reload
rndc status
killall -9 named
***********************
用RNDC控制服务器
************************************************************************************
1、产生rndc控制文件
#/usr/local/bind/sbin/rndc-confgen >/etc/rndc.conf
#tail +13 /etc/rndc.conf >> /etc/named.conf 手动生成rndc.key或者追加到named.conf也行。"/usr/local/bind/etc/rndc.key";
2、启动named服务器,监视/var/log/messages
# /usr/local/bind/sbin/named -c /etc/named.conf /修改后要重启
# tail /var/log/messages
3、测试rndc和解析的效果
#killall -9 named
# /usr/local/bind/sbin/named -c /etc/named.conf /修改后要重启
# /usr/local/bind/sbin/rndc reload /参数修改后重新加载
#rndc status
4、用host、nslookup、dig测试一下是否可解析
[root@nameserver named]# cat /etc/resolv.conf
nameserver 127.0.0.1
#nameserver 202.96.134.133
search mihost.kmip.net
#nameserver 61.235.70.98
[root@nameserver named]# host mail.mihost.kmip.net
mail.mihost.kmip.net address 192.168.1.242
[root@nameserver named]# host yahoo.com.cn
yahoo.com.cn has address 202.165.102.205
[root@nameserver named]#
以下是配置文件:
/usr/local/bind/etc/rndc.conf
***********************************
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "c7eOsUqVxemCTuHXPK5JqQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "c7eOsUqVxemCTuHXPK5JqQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
/usr/local/bind/etc/rndc.key
***************************************
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "c7eOsUqVxemCTuHXPK5JqQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
/var/named/named.ca 查询网络得到。
*************************
; <<>> DiG 9.2.8 <<>> -t NS .
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49871
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 260188 IN NS G.ROOT-SERVERS.NET.
. 260188 IN NS H.ROOT-SERVERS.NET.
. 260188 IN NS I.ROOT-SERVERS.NET.
. 260188 IN NS J.ROOT-SERVERS.NET.
. 260188 IN NS K.ROOT-SERVERS.NET.
. 260188 IN NS L.ROOT-SERVERS.NET.
. 260188 IN NS M.ROOT-SERVERS.NET.
. 260188 IN NS A.ROOT-SERVERS.NET.
. 260188 IN NS B.ROOT-SERVERS.NET.
. 260188 IN NS C.ROOT-SERVERS.NET.
. 260188 IN NS D.ROOT-SERVERS.NET.
. 260188 IN NS E.ROOT-SERVERS.NET.
. 260188 IN NS F.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 550572 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 550915 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 550916 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 550917 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 550918 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 550919 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 550908 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 550909 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 550910 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 550919 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 550911 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 550912 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 550913 IN A 202.12.27.33
;; Query time: 17 msec
;; SERVER: 202.96.134.133#53(202.96.134.133)
;; WHEN: Sun Mar 11 16:49:42 2007
;; MSG SIZE rcvd: 436
/var/named/named.local
****************************
$TTL 86400
@ IN SOA localhost. root.localhost. (
20070314;
28800;
14400;
3600000;
86400);
IN NS localhost.
1 IN PTR localhost.
/etc/named.conf
*******************************************
options{
directory "/var/named";
};
include "/usr/local/bind/etc/rndc.key";
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "mihost.kmip.net" IN {
type master;
file "named.mihost.kmip.net";
allow-update {none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "named.1.168.192";
allow-update {none; };
};
/var/named/named.mihost.kmip.net
*****************************************************
$TTL 86400
$ORIGIN mihost.kmip.net.
@ IN SOA RHL9.mihost.kmip.net. root.mail.mihost.kmip.net. (
2007031401;
28800;
14400;
3600000;
86400);
IN NS RHL9.mihost.kmip.net.
IN MX 0 mail.mihost.kmip.net.
RHL9 IN A 192.168.1.242
WebServer IN A 192.168.1.242
www IN CNAME WebServer
MailServer IN A 192.168.1.242
mail IN CNAME MailServer
slave IN A 192.168.1.242
/var/named/named.1.168.192
***********************************************
$TTL 86400
@ IN SOA RHL9.mihost.kmip.net. root.mail.test.com. (
2007031401
28800
14400
3600000
86400 )
IN NS RHL9.mihost.kmip.net.
242 IN PTR RHL9.mihost.kmip.net.
242 IN PTR WebServer.mihost.kmip.net.
242 IN PTR MailServer.mihost.kmip.net.
242 IN PTR slave.mihost.kmip.net.
如果发现错请查看日子信息:vat /var/log/messages
创建 缓存域名服务器
/etc/named.conf
***************************
options{
directory "/var/named";
forwarders { 202.96.134.133; };
};
include "/usr/local/bind/etc/rndc.key";
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
创建辅助域名服务器:
/etc/named.conf
*************************************
options{
directory "/var/named";
};
include "/usr/local/bind/etc/rndc.key";
zone "." IN {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "mihost.kmip.net" IN {
type slave;#辅助域名。。
file "named.mihost.kmip.net";
masters { 192.168.1.242; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "named.1.168.192";
masters {192.168.1.242; };
}; |
|
免费注册
发表于 2007-03-24 10:11
