LDAP是轻量,
英文全称是Lightweight Directory Access
Protocol,一般都简称为LDAP。它是基于X.500标准的,但是简单多了并且可以根据需要定制。与X.500不同,LDAP支持TCP/IP,
这对访问Internet是必须的。LDAP的核心规范在RFC中都有定义,所有与LDAP相关的RFC都可以在LDAPman RFC网页中找到。
2.#jwhois cisco.com //查看域名信息
[root@acer ~]# jwhois xiyou.net.cn //胡乱找一个 大多 都付费被隐藏了
[Querying whois.cnnic.cn]
[whois.cnnic.cn]
Domain Name: xiyou.net.cn
ROID: 20110325s10021s73316528-cn
Domain Status: serverHold
Registrant Organization: 合肥国安旅行社有限公司
Registrant Name: 花海朝
Administrative Email: 154593071@qq.com
Sponsoring Registrar: 北京新网数码信息技术有限公司
Name Server:ns11.big
Name Server:ns12.big
Registration Date: 2011-03-25 14:22
Expiration Date: 2012-03-25 14:22
3. 主配置文件 /etc/named.conf
区域数据库: 每一个主机与ip对应表 详细信息
/var/named/chroot/var/named/
#vim /etc/named.conf//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; }; //把127.0.0.0 改成 any listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };//把localhost改成any 相当注释
// allow-transfer {192.168.0.29;}; //备份DNS主机 recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com." IN { //正解 type master ;
file "example.com.db";
};zone "0.168.192.in-addr.arpa." IN { 反解 对应网络位
.in-addr.arpa.表示逆向反写 与arpache无关
type master ; file "0.168.192.db";};#include "/etc/named.rfc1912.zones";
注释的原因:里面包含比named.ca更多的文件启动时要加载运行
4
. [root@acer ~]# cd /var/named
[root@acer named]# lltotal 32
drwxr-x---. 6 root named 4096 Jun 7 11:03 chroot
drwxrwx---. 2 named named 4096 May 26 2010 data
drwxrwx---. 2 named named 4096 May 26 2010 dynamic
-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 May 26 2010 slaves
# cp named.* /var/named/chroot/var/named -p
# chmod 640 named.ca //改变文件权限
# chown .named named.ca //改变文件所属组//named.ca 用来实现递归查找则必须存在 其它项可去掉
5.
[root@acer named]# pwd
/var/named/chroot/var/named
[root@acer named]# vim example.com.db //对应于正解 .zone
都可以 可以随便淡出与习惯
$TTL 86400
@ IN SOA @ root.example.com. (
20110608 ;Serial: 仅作为序列号而已
1D ; Refresh Slave:服务器的更新时间
1D ; Retry :当Slave主机失败时多久更新
1D ; Expire :重复retry多久后宣告失败,不再更新
10200 ; Mininum :可视为TTL尤其没设置$TTL时
)
IN NS example.com.
@ IN A 192.168.1.103 //DNS 主机的ip
desktop1 IN A 192.168.1.109
desktop2 IN A 192.168.1.133
6. vim 1.168.192.zone //反解区域数据库 初次出错的地方103
$TTL 86400
@ IN SOA @ root.example.com. (
20110608
1D
1D
1D
10200
)
@ IN NS example.com.
109 IN PTR desktop1.xiaoli.com.
133 IN PTR desktop2.xiaoli.com.
7.上述文件权限和用户组必须改变 否则服务启动不起来 named.ca 改后权限和所属组:
-rw-r-----. 1 root named 1892 Jun 8 21:41 named.ca
8.
#service named start //重启服务
#vim /etc/resolv.conf
..........
nameserver=192.168.1.103
9.测试 : # ping desktop1
或者 # nslookup
> 192.168.1.133
#dig 192.168.1.133
#host 192.168.1.133 //DNS的查询工具:host nslookup dig
出错的地方:
vim 103.1.168.192.zone [root@acer named]# service named start
Starting named:
Error in named configuration:
zone xiaoli.com/IN: loaded serial 20110608
zone 1.168.192.in-addr.arpa/IN: loading from master file 1.168.192.zone failed: file not found
zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
_default/1.168.192.in-addr.arpa./IN: file not found
[FAILED]
最后要更改 /etc/resolv.conf
add nameserver (your host ip)
