想在linux 下实现dns动态解释
照着网上设置
在service named restart 出现问题如下:


[root@localhost etc]# service named restart
停止 named：
启动 named：/etc/named.conf:39: unknown option '　algorithm'
/etc/named.conf:41: unknown option '　secret'

Jun 25 09:04:13.810 starting BIND 9.2.4 -g
Jun 25 09:04:13.812 using 1 CPU
Jun 25 09:04:13.835 loading configuration from '/etc/named.conf'
Jun 25 09:04:13.835 none:0: open: /etc/named.conf: permission denied
Jun 25 09:04:13.836 loading configuration: permission denied
Jun 25 09:04:13.836 exiting (due to fatal error)
Error in configuration file /etc/named.conf : [失败]
[root@localhost etc]#


配置/etc/named.conf 如下:
[root@localhost etc]# vi named.conf

//
// named.conf for Red Hat caching-nameserver
//
options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
"named.conf" 75L, 1562C                                                  1,1          顶端
//
// named.conf for Red Hat caching-nameserver
//
options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

/* 算法函数*/
key myddns {
/* 指明生成密钥的算法 */
　algorithm HMAC-MD5.SIG-ALG.REG.INT;
/* 指明密钥*/
　secret VbJf6KC3Q4eU2KeFGopFhQ==;};

[root@localhost etc]# cat named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

/* 算法函数*/
key myddns {
/* 指明生成密钥的算法 */
　algorithm HMAC-MD5.SIG-ALG.REG.INT;
/* 指明密钥*/
　secret VbJf6KC3Q4eU2KeFGopFhQ==;};

# 正向解释IP->DNS
zone "trytest.com" IN {
        type master;
        file "trytest.com";
        allow-update { Kroot.+157+14564.key; };
};

# 反向解释DNS->IP
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "trytest.ddns.ip";
        allow-update { Kroot.+157+14564.key; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

include "/etc/rndc.key";


请问怎么将算法可以使用?
还有后面报权限的问题又是什么原因?
请高手指教!!感激不尽!!　　　　　　
--------------------next---------------------
我用的是虚拟机 虚拟机是自动获取IP的172.21.1.96

service named restart 运行后没有错了,但还是不能解析,因为dhcp还有报错
日志如下:
Jun 25 19:35:49 localhost named[17400]: shutting down: flushing changes
Jun 25 19:35:49 localhost named[17400]: stopping command channel on 127.0.0.1#953
Jun 25 19:35:49 localhost named[17400]: no longer listening on 127.0.0.1#53
Jun 25 19:35:49 localhost named[17400]: no longer listening on 172.21.1.96#53
Jun 25 19:35:49 localhost named[17400]: exiting
Jun 25 19:35:49 localhost named:  succeeded
Jun 25 19:35:51 localhost named[17581]: starting BIND 9.2.4 -u named -t /var/named/chroot
Jun 25 19:35:51 localhost named[17581]: using 1 CPU
Jun 25 19:35:51 localhost named: named 启动 succeeded
Jun 25 19:35:51 localhost named[17581]: loading configuration from '/etc/named.conf'
Jun 25 19:35:51 localhost named[17581]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 25 19:35:51 localhost named[17581]: listening on IPv4 interface eth0, 172.21.1.96#53
Jun 25 19:35:51 localhost named[17581]: command channel listening on 127.0.0.1#953
Jun 25 19:35:51 localhost named[17581]: zone 0.in-addr.arpa/IN: loaded serial 42
Jun 25 19:35:51 localhost named[17581]: zone 0.0.127.in-addr.arpa/IN: loading master file trytest.ddns.ip: file not found
Jun 25 19:35:51 localhost named[17581]: zone 255.in-addr.arpa/IN: loaded serial 42
Jun 25 19:35:51 localhost named[17581]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
Jun 25 19:35:51 localhost named[17581]: zone trytest.com/IN: loading master file trytest.com: file not found
Jun 25 19:35:51 localhost named[17581]: zone localdomain/IN: loaded serial 42
Jun 25 19:35:51 localhost named[17581]: running

servcie dhpcd restart 出现错误如下:
[root@localhost etc]# service dhcpd restart
关闭 dhcpd：[失败]
启动 dhcpd：Internet Systems Consortium DHCP Server V3.0.1
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.

No subnet declaration for eth0 (172.21.1.96).
** Ignoring requests on eth0.  If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface eth0 is attached. **


Not configured to listen on any interfaces!


我的dhcpd.conf 如下
[root@localhost etc]# cat dhcpd.conf
#       指时实现动态DNS的方法
        ddns-update-style interim;
        ignore client-updates;

        subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.10 192.168.1.254;
        option broadcast-address 192.168.1.255;
}
# ---   Option para
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;
        option nis-domain               "domain.org";
        option domain-name              "trytest.com";
        option domain-name-servers      127.0.0.1;
        default-lease-time              600;
        max-lease-time                  800;

#       option time-offset              -18000; # Eastern Standard Time
#       option ntp-servers              127.0.0.1;
#       option netbios-name-servers     127.0.0.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#       option netbios-node-type 2;

#       range dynamic-bootp 192.168.1.128 192.168.1.254(orange);

#       we want the nameserver to appear at a fixed address
        host ns {
                next-server marvin.redhat.com;
                hardware ethernet 12:34:56:78:AB:CD;
                fixed-address 207.175.42.254;
}
# 算法函数
        key myddns {
# 指明生成密钥的算法
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
# 指明密钥
        secret VbJf6KC3Q4eU2KeFGopFhQ==;
}

zone trytest.com.{
primary 127.0.0.1;
key myddns;
}

zone 1.168.192.in-addr.arpa.{
primary 127.0.0.1;
key myddns;
}

还有resolv.conf 配置如下
[root@localhost etc]# cat resolv.conf
; generated by /sbin/dhclient-script
nameserve 127.0.0.1
domain trytest.com
search trytest.com　　　　　　
--------------------next---------------------
[root@localhost named]# pwd
/var/named
[root@localhost named]# ll
总用量 84
drwxrwx---  5 named named 4096  5月 10 22:35 chroot
drwxrwx---  2 named named 4096 2004-10-19  data
-rw-------  1 root  root    46  6月 25 05:14 Kroot.+157+14564.key
-rw-------  1 root  root    81  6月 25 05:14 Kroot.+157+14564.private
lrwxrwxrwx  1 root  root    44  5月 10 22:39 localdomain.zone -> /var/named/chroot/var/named/localdomain.zone
lrwxrwxrwx  1 root  root    42  5月 10 22:39 localhost.zone -> /var/named/chroot/var/named/localhost.zone
lrwxrwxrwx  1 root  root    43  5月 10 22:39 named.broadcast -> /var/named/chroot/var/named/named.broadcast
lrwxrwxrwx  1 root  root    36  5月 10 22:39 named.ca -> /var/named/chroot/var/named/named.ca
lrwxrwxrwx  1 root  root    43  5月 10 22:39 named.ip6.local -> /var/named/chroot/var/named/named.ip6.local
lrwxrwxrwx  1 root  root    39  5月 10 22:39 named.local -> /var/named/chroot/var/named/named.local
lrwxrwxrwx  1 root  root    38  5月 10 22:39 named.zero -> /var/named/chroot/var/named/named.zero
drwxrwx---  2 named named 4096 2004-10-19  slaves
-rwxrwxrwx  1 named named  368  6月 25 04:50 trytest.com
-rwxrwxrwx  1 named named  564  6月 25 07:22 trytest.ip.ddns


trytest.com 文件内容是
$TTL    86400
@               IN SOA  dns.duchenyi.com root.mail.duchenyi.com (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

@               IN NS           dns.duchenyi.com.
                IN MX 5         dns.duchenyi.com.
dns             IN A            172.21.1.96
mail            IN A            172.21.1.96
www             IN A            172.21.1.96　　　　　　
--------------------next---------------------