[root@station195 ~]# vim /etc/resolv.conf
search zzu.com
nameserver 192.168.0.195
[root@station195 ~]#vim /etc/named.conf
options {
directory "/var/named";
listen-on port 53 { 127.0.0.1;192.168.0.195; };
};
logging {
channel "query" {
file "/var/log/bind9/query.log" versions 10 size 1M;
severity dynamic;
print-severity yes;
print-category yes;
print-time yes;
};
channel "error" {
file "/var/log/bind9/error.log" versions 10 size 1M; #做日志记录的,bind9目录本身不存在需自己创建,属主和属组都为named.意思是使用file来记录日志,滚动数目为10,每个最大为1M.级别为dynamic.
severity error;
print-severity yes;
print-category yes;
print-time yes;
};
category queries { query; };
category default { error; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "zzu.com" IN {
type master;
file "zzu.com.zone";
allow-transfer { 192.168.0.196; };
};
zone "bj.zzu.com" IN {
type master;
file "bj.zzu.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
编辑完后修改named.conf文件所属组
[root@station195 ~]# chown :named /etc/named.conf
这儿的语法要求很严谨,不能出一点错误.
[root@station195 ~]# cd /var/named,进入/var/named目录中,执行下面命令.
[root@station195 ~]# cp -p localhost.zone zzu.com.zone(注意这个/var/named目录里面文件所属组都为named,切忌这一点,所以我们拷贝时使用-p
参数,将其所属主和属主权拷贝过来)先说正向区域
[root@station195 ~]# vim /var/named/zzu.com.zone (这里我们假设有mail服务器和web服务器)
$TTL 86400
$ORIGIN zzu.com.
@ 86400 IN SOA ns.zzu.com. root.zzu.com. (
2010022801 ;serial 序列号
1H ;refresh 刷新时间
1M ;retry 重新连接间隔
1W ;expiry 过期时间
1D ) ;minimum否定记录上传时间
@ IN NS ns.zzu.com.
ns IN A 192.168.0.195
www IN A 1.1.1.1
mail IN A 2.2.2.2
pop3 IN CNAME mail
smtp IN CNAME mail
@ IN MX 10 mail
如果做反向DNS区域
[root@station195 ~]# cp -p /var/named/named.local /var/named/192.168.0.zone
[root@station195 ~]# vim 192.168.0.zone
$TTL 86400
@ 86400 IN SOA ns.zzu.com. root.ns.zzu.com. (
2010022801 ;serial 序列号
1H ;refresh 刷新时间
1M ;retry 重新连接时间
1W ;expiry 过期时间
1D ) ;minimum否定记录
@ IN NS ns.zzu.com.
195 IN PTR ns.zzu.com.
200 IN PTR tec.zzu.com.
201 IN PTR mkt.zzu.com.
然后修改/etc/resolv.conf,修改DNS指向..
[root@station195 ~]# vim /etc/resolv.conf (写入下面两行...)
serarch zzu.com
nameserver 192.168.0.195
DNS服务器基本上配置完成..重启服务后.下面我们进行测试的工作...解析有三个命令可以用,分别是host dig nslookup 根据情况自己选择一个进行
测试工作...
测试结果全部成功...
方案二..下面我们来配置辅助DNS服务器
辅助DNS配置和主DNS前几个步骤一样,这儿不在演示了...直接编辑/etc/named.conf,我们辅助DNS的IP:192.168.0.196
#vim /etc/resolv.conf
slave-nameserver 192.168.0.196
#vim /etc/named.conf
options {
directory "/var/named";
listen-on port 53 { 127.0.0.1;192.168.0.196; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "zzu.com" IN {
type slave;
masters { 192.168.0.195; }
file "slaves/zzu.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.0.195; } #这儿地址第一个字节和最后一个字节与花括号之间至少一个空格,最后不能掉了分号,语法相当严谨...
file "slaves/192.168.0.zone";
};
该权限不能忘了...
[root@station195 ~]# chown :named /etc/named.conf
[root@station195 ~]# service named restart
[root@station195 ~]# cd /var/named;ls -l slaves/
-rw-r--r-- 1 named named 525 Mar 2 16:47 zzu.com.zone
拷贝过来了...我们可以查看此文件...显示的结果和主DNS一样....还有大家需要注意的是serierial值会自动加1。
sh-dns-server:
[root@station197 ~]# vim /etc/named.conf
options {
directory "/var/named";
listen-on port 53 { 127.0.0.1;192.168.0.197; };
forwarders { 192.168.0.195; };#因为是子域所以我们要做转发..
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "sh.zzu.com" IN {
type master;
file "sh.zzu.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
[root@station197 ~]# vim /var/named/sh.zzu.com.zone
$TTL 86400
$ORIGIN sh.zzu.com.
@ 86400 IN SOA ns.sh.zzu.com. root.sh.zzu.com. ( #记住这儿完整域名后面得有个点.
2010022801
1H
1M
1W
1D)
@ IN NS ns.sh.zzu.com.
ns IN A 192.168.0.197
www IN A 5.5.5.5
tec IN A 6.6.6.6
如果做反向的就拷贝named.local文件..
[root@station197 named]# cp -p named.local 192.168.0.zone
然后编辑这个文件即可.这儿主要针对正向来做...
强调一点的是各个服务器的DNS都指向自己.每次修改过配置文件后都要重启动服务..
#service named restart 或 #rndc reload (使用此命令,必须你的DNS服务处于开启状态..)
下面我们来进行解析测试工作....
[root@station195 bind9]# nslookup (解析自己OK)
Server: 192.168.0.195
Address: 192.168.0.195#53
Name:
Address: 1.1.1.1
[root@station195 bind9]# nslookup mail.zzu.com
Server: 192.168.0.195
Address: 192.168.0.195#53
Name: mail.zzu.com
Address: 2.2.2.2
[root@station195 bind9]# nslookup (解析子域OK)
Server: 192.168.0.195
Address: 192.168.0.195#53
Non-authoritative answer:
Name:
Address: 5.5.5.5
[root@station195 bind9]# nslookup (解析子域OK)
Server: 192.168.0.195
Address: 192.168.0.195#53
Name:
Address: 3.3.3.3
去辅助DNS解析...
[root@station196 ~]# nslookup (解析父域OK)
Server: 192.168.0.196
Address: 192.168.0.196#53
Name:
Address: 1.1.1.1
[root@station197 ~]# nslookup (解析自己没问题)
Server: 192.168.0.197
Address: 192.168.0.197#53
Name:
Address: 5.5.5.5
[root@station197 ~]# nslookup (解析父域OK)
Server: 192.168.0.197
Address: 192.168.0.197#53
Non-authoritative answer:
Name:
Address: 1.1.1.1
我们可以看见,解析结果全部成功了,仅仅做个DNS是非常简单的,但是要想把它管理号也是很不容易的,比方说我们想让不同的机器解析的地址不一样,还
的使用view来声明.这儿不再演示了,如果不了解的朋友可以给我留言.我会给你详细的解释..
