分类: LINUX
2008-09-04 13:54:08
软件:
bind-9.3.4-10.el5
bind-libbind-devel-9.3.4-10.el5
bind-sdb-9.3.4-10.el5
bind-devel-9.3.4-10.el5
caching-nameserver
安装bind
yum -y install bind*
yum -y install caching-nameserver
修改/var/named/chroot/etc/named.conf文件
文件太长放到了网站空间
建立日志文件与解析文件/any cnc telecom目录与cnc.def any.def telecom.def 以及IP表文件
cd /var/log
touch dns_warnings.log
touch dns_security.log
touch dns_query.log
cd /var/named/chroot/var/named
touch cnc_acl.conf
touch telecom_acl.conf
mkdir master
mkdir master/any
mkdir master/cnc
mkdir master/telecom
touch master/any.def
touch master/cnc.def
touch master/telecom.def
增加域名
vi /var/named/chroot/var/named/master/any.def
zone "oixv.cn"{
type master;
file "master/any/oixv.cn.zone";
};
vi /var/named/chroot/var/named/master/cnc.def
zone "oixv.cn"{
type master;
file "master/cnc/oixv.cn.zone";
};
vi /var/named/chroot/var/named/master/telecom.def
zone "oixv.cn"{
type master;
file "master/telecom/oixv.cn.zone";
};
vi /var/named/chroot/var/named/master/any/oixv.cn.zone
$TTL 86400
@ IN SOA ns1.oixv.cn. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
www IN A 60.111.111.111
cs IN A 60.111.111.111
www2 IN A 60.111.111.111
www3 IN A 60.111.111.111
www4 IN A 60.111.111.111
www5 IN A 60.111.111.111
www6 IN A 60.111.111.111
vi /var/named/chroot/var/named/master/cnc/oixv.cn.zone
$TTL 86400
@ IN SOA ns1.oixv.cn. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
www IN A 2.2.2.2
cs IN A 2.2.2.2
www2 IN A 2.2.2.2
www3 IN A 2.2.2.2
www4 IN A 2.2.2.2
www5 IN A 2.2.2.2
www6 IN A 2.2.2.2
vi /var/named/chroot/var/named/master/telecom/oixv.cn.zone
$TTL 86400
@ IN SOA ns1.oixv.cn. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
www IN A 60.111.111.111
cs IN A 60.111.111.111
www2 IN A 60.111.111.111
www3 IN A 60.111.111.111
www4 IN A 60.111.111.111
www5 IN A 60.111.111.111
www6 IN A 60.111.111.111
安装whois搞到IP段
tar xzvf ripe-dbase-client-v3.tar.gz
cd whois-3.1
./configure
make
make install
网通
/whois3 -h whois.apnic.net -l -i mb MAINT-CNCGROUP | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"CNC\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/cnc_acl.conf
电信
/whois3 -h whois.apnic.net -l -i mb MAINT-CHINANET | grep "descr" | grep "Reverse" | awk -F "for" '{if ($2!="") print $2}'| sort -n | awk 'BEGIN{print "acl \"TELECOM\" '{'"}{print $1";"}END{print "'}';"}' > /var/named/telecom_acl.conf
把IP文件cp到/var/named/chroot/var/named下
给相应权限。建立的文件给
chown root:named .......权限
建立的文件夹给
chown named:named .........权限
service named restart
iptables开53端口(tcp udp)
setup
定制
53:tcp 53:udp
实现电信用户访问。自动解析到电信IP。网通用户访问自动解析到网通IP
学习误区:一直解析无法生效。以为是读不了cnc_acl.conf tomecom_acl.conf这两个文件。
经过向蚊子兄请教。问题解决。
cnc_acl.conf tomecom_acl.conf这两个文件里没有客户端的IP段。因为先查找这两个IP表文件,如果这两文件的IP段里没有客户端的IP。就无法正常解析。。。
