IT老人
分类: LINUX
2010-08-27 17:57:11
目的:
企业内部建立域名服务器,使用自定义的域名访问内部服务,同时该域名服务器也能解析互联域名,使用时可以将此作为主DNS使用。实现内部网络和外部网络用域名访问。无需再记录数字的IP地址。该域名服务只在企业内网有效,内部域名无需注册申请, 如果内部域名互联网域名相同,地址取内部定义的地址。
一.安装以下软件包
下载软件包rpm 或使用yum
l bind
l ypbind
l bind-devel
l bind-utils
l caching-nameserver
二.配置
1. 检查 /etc/sysconfig/named
ROOTDIR 参数是否打开 如果被注释 是以 /作为文件系统的根(以下以被注释为例)
2.生成跟DNS地址文件
/var/named/chroot/var/named
#dig @a.root-servers.net >named.ca
#cat named.ca
内容为
localtime named.conf rndc.conf rndc.key
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @a.root-servers.net
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51069
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS k.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
2. 配置rndc
/var/named/chroot/etc
# rndc-confgen >rndc.conf
# cat -n rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "5u26ZVAi6EfjGyMCv9IHrg==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "5u26ZVAi6EfjGyMCv9IHrg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
3. 配置named服务文件
cd /etc
vi named.conf
####################################
options{
directory "/var/named/chroot/var/named";
dump-file "/var/named/chroot/var/named/data/cache_dump.db";
statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
};
(复制rndc.conf的1,13行在这里,或用下面语句
include “rndc.key” ;注意路径
)
zone "."{
type hint;
file "named.ca" ;(以directory 参数为根)
};
zone "cde.abc" IN{
type master;
file "master/cde.abc";(以directory 参数为根)
allow-update {none;};
};
################################
4. 配置域内的主机文件
cd /var/named/chroot/var/named/master/
vi cde.abc
;###############################
$TTL 3600 ;
@ IN SOA ns1.cde.abc. admin.cde.(
1 ;Serial
28800 ;Refresh
14400 ;Retry
3600000 ;Expire
86400) ;Minimum
IN NS ns1.cde.abc.
;#IN MX5 mail.cde.abc.
ns1 IN A 192.168.52.5
ns2 IN A 192.168.52.5
@ IN A 192.168.52.5
* IN A 192.168.52.5
www IN A 192.168.52.5
vmmanager IN A 192.168.52.5
nfs IN A 192.168.52.5
fdone1 IN A 192.168.52.150
mail IN CNAME fdone1.cde.abc
;#############################
5. 复制rndc.conf
根据named.conf 设置
l 将rndc.conf 带#的部分复制到named.conf。
l 或者 将那部分建立/var/named/chroot/var/named/rndc.key中。
6. 启动
#service named start
如果有错误,看/var/log/message错误提示
7.检查
#nslookup
>server 127.0.0.1(输入)
> (输入)
192.168.0.5(输出)