Chinaunix首页 | 论坛 | 博客
  • 博客访问: 435689
  • 博文数量: 56
  • 博客积分: 842
  • 博客等级: 准尉
  • 技术积分: 761
  • 用 户 组: 普通用户
  • 注册时间: 2009-04-22 21:20
文章分类

全部博文(56)

文章存档

2018年(2)

2017年(3)

2016年(8)

2015年(1)

2014年(8)

2013年(7)

2012年(9)

2011年(5)

2010年(2)

2009年(11)

我的朋友

分类: LINUX

2012-10-23 12:33:29

基于centos6.3 minimal版本

安装bind:
yum install bind*

修改named.conf文件

配置dns转发
vi /etc/named.conf
 加入
  forward;
  forwarders {
          8.8.8.8;
          202.96.128.68;
   };

修改监听地址为本机ip地址:
listen-on port 53 { 192.168.100.11; };

修改响应客户端ip地址
allow-query     { any; };

配置区域文件
vi /etc/named.conf
  加入
   zone "test.com" IN {
        type slave;
        file "slaves/test.com.zone";#slave服务器建议将文件放在slaves目录内
        masters {192.168.100.2;};
};

zone "100.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.100.zone";
        masters {192.168.100.2;};
};





这里配置是slave,所有不要手工建立解析区域文件,只要执行以下命令:
chown named:named /var/named
重启named服务后会自动在/var/named下建立区域文件
重启named服务
service named restart



我的named.conf文件内容
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 192.168.100.11; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        forward;
        forwarders {
          8.8.8.8;
          202.96.128.68;
        };

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};


zone "test.com" IN {
        type slave;
        file "slaves/test.com.zone";
        masters {192.168.100.2;};
};

zone "100.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.100.zone";
        masters {192.168.100.2;};
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";




同步后的查看解析区域文件/var/named/test.com.zone和/var/named/192.168.100.zone

test.com.zone文件内容:
$ORIGIN .
$TTL 3600       ; 1 hour
test.com                IN SOA  dns-wins. hostmaster. (
                                135        ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                3600       ; minimum (1 hour)
                                )
                        NS      nms.test.com.
                        NS      testdns.test.com.
                        NS      dns-wins.test.com.
$ORIGIN gzluogang.edu.cn.
*                     A       192.168.100.18
127                   A       192.168.100.31
2xia                  A       192.168.100.55
aedd                  A       192.168.100.56
dns-wins              A       192.168.100.11
eaa                   A       192.168.100.54
fendd                 A       192.168.100.31
yontu                 CNAME   lgjk.com



192.168.100.zone文件内容:
$ORIGIN .
$TTL 3600       ; 1 hour
100.168.192.in-addr.arpa IN SOA  dns-wins. hostmaster. (
                                132        ; serial
                                900        ; refresh (15 minutes)
                                600        ; retry (10 minutes)
                                86400      ; expire (1 day)
                                3600       ; minimum (1 hour)
                                )
                        NS      na.test.com.
                        NS      dns-wins.test.com.
                        NS      testdns.test.com.
$ORIGIN 100.168.192.in-addr.arpa.
11                      PTR     dns-wins.test.com.
123                     PTR     naou.test.com.
15                      PTR     db.test.com.
18                      PTR     yunzunx.test.com.
                        PTR     jybb.test.com.
                        PTR     www1.test.com.
19                      PTR     kse.test.com.
31                      PTR     xkw.test.com.
$ORIGIN test.com.
dns-wins                A       192.168.100.11
na                      A       192.168.100.123
testdns                 A       192.168.100.69



修改防火墙
添加
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

我的/etc/sysconfig/iptables文件:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT





若是配置的master,需手工建立正向解析区域文件和反向解析区域文件
cd /var/named
touch test.com.zone
touch 192.168.100.zone


查看同步日志:
more /var/log/messages
more /var/named/data/name.run





阅读(7037) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~