Chinaunix首页 | 论坛 | 博客
  • 博客访问: 259708
  • 博文数量: 48
  • 博客积分: 930
  • 博客等级: 准尉
  • 技术积分: 654
  • 用 户 组: 普通用户
  • 注册时间: 2011-09-28 12:31
文章分类

全部博文(48)

文章存档

2013年(10)

2012年(20)

2011年(18)

我的朋友

分类: LINUX

2011-12-21 19:15:35

我的系统环境:centos

 

主:

我采用的是yum安装

[root@linux src]#yum -y install bind*

 

生成rndc控制命令的key文件

[root@linux usr]# sbin/rndc-confgen > /etc/rndc.conf 

rndc.conf文件中提取named.conf用的key 

[root@linux usr]# cd /etc

[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >

 

/var/named/chroot/etc/named.conf 

自动在/var/named/chroot/etc下生成named.conf文件

 

进入/var/named/chroot/etc

[root@linux etc]# cd /var/named/chroot/etc

现在named.conf文件中有了rndc-key区段

[root@linux etc]# more named.conf

key "rndc-key" {

 

           algorithm hmac-md5;

 

           secret "Nd0nLoL8t4Mv0iSpqP1noA==";

 

};

 

 

controls {

 

           inet 127.0.0.1 port 953

 

                   allow { 127.0.0.1; } keys { "rndc-key"; };

 

};

然后我们来完善它:

[root@linux etc]#vi named.conf

options { 

directory "/var/named"; 

 

}; 

 

zone "." IN { 

type hint; 

file "named.ca"; 

}; 

 

zone "localhost" IN { 

type master; 

file "localhost.zone"; 

}; 

 

zone "0.0.127.in-addr.arpa" IN { 

type master; 

file "named.local"; 

}; 

 

zone "learningsky.org" IN { 

type master; 

file "learningsky.zone"; 

allow-transfer { 192.168.1.32 ; };

notify yes;

also-notify { 192.168.1.32; };   //使用notify指令会自动通知所有这个域的所有在ns记录上的机器,also-notify指令可以用来通知所有不在ns记录上的dns服务器.

}; 

 

zone "1.168.192.in-addr.arpa" IN { 

type master; 

file "22.168.192"; 

allow-transfer { 192.168.1.32 ; };

notify yes;

also-notify { 192.168.1.32 ; };

};

 

key "rndc-key" {

 

           algorithm hmac-md5;

 

           secret "Nd0nLoL8t4Mv0iSpqP1noA==";

 

};

 

 

controls {

 

           inet 127.0.0.1 port 953

 

                   allow { 127.0.0.1; } keys { "rndc-key"; };

 

};

 

进入/var/named/chroot/var/named

[root@linux etc]# cd /var/named/chroot/var/named

 

建立localhost.zone文件

[root@linux named]#vi localhost.zone

$TTL       86400

$ORIGIN localhost.

@                          1D IN SOA          @ root (

                                           42                 ; serial (d. adams)

                                           3H                 ; refresh

                                           15M                ; retry

                                           1W                 ; expiry

                                           1D )               ; minimum

 

                           1D IN NS           @

                           1D IN A            127.0.0.1

 

建立named.local文件

[root@linux named]#vi named.local

$TTL       86400

@          IN         SOA        localhost. root.localhost.  (

                                         1997022700 ; Serial

                                         28800         ; Refresh

                                         14400         ; Retry

                                         3600000       ; Expire

                                         86400 )       ; Minimum

                 IN         NS         localhost.

 

1          IN         PTR        localhost.

 

 

dig命令直接生成named.ca文件

[root@linux named]#dig > named.ca

建立learningsky.org域名正向解析文件

[root@linux named]#vi learningsky.zone

$TTL       86400

$ORIGIN learningsky.org.

@               1D      IN SOA  dns.learningsky.org.  root.mail.learningsky.org. (

 

                                          1053891162

                                           3H

                                           15M

                                           1W

                                           1D )

 

                      1D  IN NS             dns.learningsky.org.

                      1D  IN MX       5        mail.learningsky.com.

dns                   IN A             192.168.1.8

mail                  IN A             192.168.1.8

www                   IN A             192.168.1.8

 

建立learningsky.org域名反向解析文件

[root@linux named]#vi 1.168.192

$TTL 86400

@ IN SOA dns.learningsky.org. root.mail.learningsky.org.(

                                          20031001;

                                          7200;

                                          3600;

                                          43200;

                                          86400);

@                     IN NS dns.learningsky.org.

8                   IN PTR dns.learningsky.org.

8                   IN PTR mail.learningsky.org.

8                   IN PTR                                   

 

 

                           

修改reslov.conf

[root@linux named]#vi /etc/reslov.conf

nameserver 192.168.1.8

search learningsky.org

 

 

[root@linux named]#netstat -an |grep :53

tcp           0         0 192.168.1.8:53              0.0.0.0:*                      LISTEN     

 

     

tcp           0         0 127.0.0.1:53                   0.0.0.0:*                      LISTEN     

 

     

udp           0         0 192.168.1.8:53              0.0.0.0:*                              

 

     

udp           0         0 127.0.0.1:53                   0.0.0.0:*  

 

[root@linux etc]# ps -aux|grep named

Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ

named       13310  0.0  0.5  38160  2900 ?           Ssl  14:53      0:00 /usr/sbin/named -u

 

named -t /var/named/chroot

root        13375  0.0  0.1      5212      688 pts/1       R       16:08      0:00 grep named

 

[root@linux etc]#more nsswitch.conf

# To use db, put the "db" in front of "files" for entries you want to be

# looked up first in the databases

#

# Example:

#passwd:       db files nisplus nis

#shadow:       db files nisplus nis

#group:        db files nisplus nis

 

passwd:        files

shadow:        files

group:         files

 

#hosts:        db files nisplus nis dns

hosts:         files dns

 

# Example - obey only what nisplus tells us...

#services:      nisplus [NOTFOUND=return] files

#networks:      nisplus [NOTFOUND=return] files

#protocols:  nisplus [NOTFOUND=return] files

#rpc:           nisplus [NOTFOUND=return] files

#ethers:        nisplus [NOTFOUND=return] files

#netmasks:      nisplus [NOTFOUND=return] files       

 

bootparams: nisplus [NOTFOUND=return] files

 

ethers:        files

netmasks:      files

networks:      files

 

[root@linux etc]# more host.conf

order hosts,bind

 

启动named

/[root@linux etc]# usr/local/sbin/named

 

测试DNS

[root@linux etc]# nslookup

>

Server:            192.168.1.8

Address:           192.168.1.8#53

 

Name:     

Address: 192.168.0.244

 

>192.168.22.250

Server:            192.168.22.250

Address:           192.168.22.250#53

 

150.22.168.192.in-addr.arpa        name = dns.learningsky.org.

150.22.168.192.in-addr.arpa        name =

150.22.168.192.in-addr.arpa        name = mail.learningsky.org.

 

>set type=MX

>learningsky.org

Server:            192.168.1.8

Address:           192.168.1.8#53

 

learningsky.org mail exchanger = 5 mail.learningsky.com.

>exit

 

DNS配置完成。

 

从:

安装跟主的一样,不同的就是named.conf

named.conf内容:

options {

directory "/var/named";

 

}; 

 

zone "." IN {

type hint;

file "named.ca";

}; 

 

zone "localhost" IN {

type master;

file "localhost.zone";

}; 

 

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

}; 

 

zone "learningsky.org" IN {

type slave;

file "learningsky.zone";

masters { 192.168.1.8; };

}; 

 

zone "1.168.192.in-addr.arpa" IN {

type slave;

file "1.168.192";

masters { 192.168.1.8; };

};

 

key "rndc-key" {

          algorithm hmac-md5;

          secret "80hKqo5bkGMAqHqeAlaLCA==";

};

 

controls {

          inet 127.0.0.1 port 953

                  allow { 127.0.0.1; } keys { "rndc-key"; };

};

 

注:

1 注:暂存的内容只能恢复到当前文章的编辑器中,如需恢复到其他文章中,请编辑该文章并从暂存箱中恢复;或者直接复制以上内容,手工恢复到相关文章。

阅读(1882) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~