分类: LINUX
2008-04-25 09:38:55
|
四.实现DNS功能
修改 /etc/hosts
 xxpost.com为域名,还有一个xxpost.com域名是一个申请好的国际域名,此处没有写出来。
guangdian.xxpost.com和wangtong.xxpost.com为连接外网的两个ISP提供商的地址。
注意:域名解析的顺序由/etc/host.conf 指定,先从hosts解析, 再从bind解析。
Multi on为多IP域名设置。
修改 /etc/resolv.conf
nameserver xxpost.com
nameserver guangdian.xxpost.com
nameserver wangtong.xxpost.com
先由本机域名服务器xxpost.com搜索,再从其他域名服务器搜索。
修改 /etc/named.conf
这是一个链接文件,原文件位于 /var/named/chroot/etc/)
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query { any;};
recursion no;
forwarders {202.102.224.68;};
forward only;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
acl "cncip"{//创建访问列表。
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.28.0.0/15;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.21.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.56.0.0/14;
218.60.0.0/15;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;};
view "CNC" { //利用BIND9的特殊功能VIEW(视图),该功能能够对不同的访问对象返回不同的IP。
match-clients {"cncip";125.42.176.199;};
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "xxpost.com" IN {//添加正向解析域
type master;
file "xxpost.com.cnc.hosts";
# allow-transfer {125.42.176.199;};
forwarders{ };
};
zone "176.42.125.in-addr.arpa" IN {//添加反向解析域。
type master;
file "xxpost.com.cnc.local";
};
include "/etc/rndc.key";
};
view "OTHERS" {//创建访问列表。
match-clients { any; };
recursion no;
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "xxpost.com" IN {//添加正向解析域
type master;
file "xxpost.com.hosts";
# allow-transfer {219.150.222.36;};
};
zone "222.150.219.in-addr.arpa" IN {//添加反向解析域。
type master;
file "xxpost.com.local";
};
include "/etc/rndc.key";
};
创建网通正反向解析域文件
xxpost.com.cnc.hosts为网通线路域名正向解析域文件
[root@xxpost named]# vi xxpost.com.cnc.hosts
$TTL 86400
@ IN SOA xxpost.com. admin.xxpost.com.(
2007062012
3H
15M
1W
1D)
@ IN NS dns1.xxpost.com.
IN A 125.42.176.199
dns1 IN A 125.42.176.199
www IN CNAME dns1.xxpost.com.
mail IN CNAME dns1.xxpost.com.
ftp IN CNAME dns1.xxpost.com.
dns IN CNAME dns1.xxpost.com.
xxpost.com.cnc.local为网通线路域名反向解析域文件
[root@xxpost named]# vi xxpost.com.cnc.local
$TTL 86400
@ IN SOA xxpost.com. admin.xxpost.com.(
20070622;
28800;
14400;
3600000;
86400);
IN NS dns1.xxpost.com.
10 IN PTR dns1.xxpost.com.
10 IN PTR
10 IN PTR mail.xxpost.com.
10 IN PTR ftp.xxpost.com.
100 IN PTR dns.xxpost.com.
创建电信正反向解析域文件
xxpost.com.hosts为电信线路域名正向解析域文件
[root@xxpost named]# vi xxpost.com.hosts
$TTL 86400
@ IN SOA xxpost.com. admin.xxpost.com.(
2007062013
3H
15M
1W
1D)
@ IN NS dns2.xxpost.com.
IN A 219.150.222.36
dns2 IN A 219.150.222.36
www IN CNAME dns2.xxpost.com.
mail IN CNAME dns2.xxpost.com.
ftp IN CNAME dns2.xxpost.com.
dns IN CNAME dns2.xxpost.com.
xxpost.com.local为电信线路域名反向解析域文件
[root@xxpost named]# vi xxpost.com.local
$TTL 86400
@ IN SOA xxpost.com. admin.xxpost.com.(
20070621;
28800;
14400;
3600000;
86400);
IN NS dns2.xxpost.com.
10 IN PTR dns2.xxpost.com.
10 IN PTR
10 IN PTR mail.xxpost.com.
10 IN PTR ftp.xxpost.com.
100 IN PTR dns.xxpost.com.
重新启动DNS服务,或重新加载域名解析规则
# /etc/init.d/named stop
# /etc/init.d/named start
或
# /etc/init.d/named restart
或
# /etc/init.d/named reload
查询域名测试
[root@xxpost named]# nslookup
> server
Default server: xxpost.com
Address: 125.42.176.199#53
Default server: guangdian.xxpost.com
Address: 219.150.222.33#53
Default server: wangtong.xxpost.com
Address: 125.42.176.193#53
>
Server: xxpost.com
Address: 125.42.176.199#53
canonical name = dns1.xxpost.com.
Name: dns1.xxpost.com
Address: 125.42.176.199
> 125.42.176.199
Server: xxpost.com
Address: 125.42.176.199#53
** server can't find 199.176.42.125.in-addr.arpa: NXDOMAIN
测试不是很成功,而且要想让其他地方的网通线路快速登陆网站的话,需要把DNS改成本服务器的地址。 本文出自 51CTO.COM技术博客 |
