基于centos6.3 minimal版本
安装bind:
yum install bind*
修改named.conf文件
配置dns转发
vi /etc/named.conf
加入
forward;
forwarders {
8.8.8.8;
202.96.128.68;
};
修改监听地址为本机ip地址:
listen-on port 53 { 192.168.100.11; };
修改响应客户端ip地址
allow-query { any; };
配置区域文件
vi /etc/named.conf
加入
zone "test.com" IN {
type slave;
file "slaves/test.com.zone";#slave服务器建议将文件放在slaves目录内
masters {192.168.100.2;};
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.100.zone";
masters {192.168.100.2;};
};
这里配置是slave,所有不要手工建立解析区域文件,只要执行以下命令:
chown named:named /var/named
重启named服务后会自动在/var/named下建立区域文件
重启named服务
service named restart
我的named.conf文件内容
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.100.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
forward;
forwarders {
8.8.8.8;
202.96.128.68;
};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "test.com" IN {
type slave;
file "slaves/test.com.zone";
masters {192.168.100.2;};
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.100.zone";
masters {192.168.100.2;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
同步后的查看解析区域文件/var/named/test.com.zone和/var/named/192.168.100.zone
test.com.zone文件内容:
$ORIGIN .
$TTL 3600 ; 1 hour
test.com IN SOA dns-wins. hostmaster. (
135 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS nms.test.com.
NS testdns.test.com.
NS dns-wins.test.com.
$ORIGIN gzluogang.edu.cn.
* A 192.168.100.18
127 A 192.168.100.31
2xia A 192.168.100.55
aedd A 192.168.100.56
dns-wins A 192.168.100.11
eaa A 192.168.100.54
fendd A 192.168.100.31
yontu CNAME lgjk.com
192.168.100.zone文件内容:
$ORIGIN .
$TTL 3600 ; 1 hour
100.168.192.in-addr.arpa IN SOA dns-wins. hostmaster. (
132 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS na.test.com.
NS dns-wins.test.com.
NS testdns.test.com.
$ORIGIN 100.168.192.in-addr.arpa.
11 PTR dns-wins.test.com.
123 PTR naou.test.com.
15 PTR db.test.com.
18 PTR yunzunx.test.com.
PTR jybb.test.com.
PTR www1.test.com.
19 PTR kse.test.com.
31 PTR xkw.test.com.
$ORIGIN test.com.
dns-wins A 192.168.100.11
na A 192.168.100.123
testdns A 192.168.100.69
修改防火墙
添加
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
我的/etc/sysconfig/iptables文件:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
若是配置的master,需手工建立正向解析区域文件和反向解析区域文件
cd /var/named
touch test.com.zone
touch 192.168.100.zone
查看同步日志:
more /var/log/messages
more /var/named/data/name.run
阅读(7935) | 评论(0) | 转发(0) |