注 :此次操作是参考那一篇 HOWTO 的,但因为原来的 HOWTO
中在后面的 /chroot 目录权限设置方面个人觉得有错,所以就没有
按照 HOWTO 中的做。
一、准备工作
1、rndc stop
2、vi /etc/passwd :修改 named 的 home 目录为 /chroot/named
3、vi /etc/group :保证有一个 named 存在
4、检查修改 :
[root@dns.bob.com =>/]#finger named
Login: named Name: Named
Directory: /chroot/named Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
[root@dns.bob.com =>/]#id named
uid=25(named) gid=25(named) groups=25(named)
5、确定目录
原则 :最大程度的保证新的 named.conf 不需要太多的修改
a)include "/etc/rndc.key"; ==〉/chroot/named/etc 目录
b)include "log/log_def"; ==〉/chroot/named/log 目录
c)include "local/zone.def"; ==〉/chroot/named/local 目录
d)file "bob.com.zone"; ==〉/chroot/named/master 目录
file "db.192.253.254"; ==〉 /chroot/named/master 目录
e)pid-file "/var/run/named/named.pid"; ==〉/chroot/named/var/run 目录
f)/dev/random、/dev/null ;==> /chroot/named/dev 目录
二、主要步骤
6、创建目录
[root@dns.bob.com =>/]#mkdir -p /chroot/named
[root@dns.bob.com =>/]#mkdir -p /chroot/named/var
[root@dns.bob.com =>/]#mkdir -p /chroot/named/var/run
[root@dns.bob.com =>/]#mkdir -p /chroot/named/etc
[root@dns.bob.com =>/]#mkdir -p /chroot/named/log
[root@dns.bob.com =>/]#mkdir -p /chroot/named/local
[root@dns.bob.com =>/]#mkdir -p /chroot/named/{master,slave,stub}
[root@dns.bob.com =>/]#mkdir -p /chroot/named/dev
或者用 :
[root@dns.bob.com =>/]#mkdir -p /chroot/named/{var/run,etc,log,local,master,dev,slave,stub}
[root@dns.bob.com =>/]#ll -d /chroot
drwxr-xr-x 3 root root 4096 12月 11 20:13 /chroot
[root@dns.bob.com =>/]#ll -d /chroot/named
drwxr-xr-x 9 root root 4096 12月 11 20:14 /chroot/named
[root@dns.bob.com =>named]#ll
总用量 44
drwxr-xr-x 2 root root 4096 12月 11 20:37 dev
drwxr-xr-x 2 root root 4096 12月 13 09:32 etc
drwxr-xr-x 2 root root 4096 12月 11 21:38 local
drwxr-xr-x 17 named named 4096 12月 11 21:30 log
drwxr-xr-x 2 root root 4096 12月 13 09:29 master
-rw-r--r-- 1 named named 2499 2003-01-25 named.ca
-rw-r--r-- 1 named named 57 12月 11 21:34 named_dump.db
-rw-r--r-- 1 named named 138 12月 11 21:33 named.stats
drwxr-xr-x 2 named named 4096 12月 11 20:27 slave
drwxr-xr-x 2 named named 4096 12月 11 20:27 stub
drwxr-xr-x 4 root root 4096 12月 11 20:34 var
[root@dns.bob.com =>named]#
[root@dns.bob.com =>named]#ll var
总用量 8
drwxr-xr-x 2 root root 4096 12月 11 20:34 run
[root@dns.bob.com =>named]#
7、复制文件
a)下面是原来的 /var/named 目录下的内容 :
[root@dns.bob.com =>named]#cd /var/named
[root@dns.bob.com =>named]#ll
总用量 28
-rw-r--r-- 1 named named 360 12月 8 16:24 bob.com.zone
-rw-r--r-- 1 named named 328 12月 8 16:14 db.192.253.254
drwxr-xr-x 3 root root 4096 12月 7 11:05 key
drwxr-xr-x 2 named named 4096 12月 1 10:01 local
drwxr-xr-x 16 named named 4096 12月 1 15:53 log
-rw-r--r-- 1 named named 2499 2003-01-25 named.ca
-rw-r--r-- 1 named named 57 12月 4 10:16 named_dump.db
[root@dns.bob.com =>named]#
b)首先复制 zone data file
[root@dns.bob.com =>named]#cp -av bob.com.zone db.192.253.254 ~named/master/
‘bob.com.zone’ -> ‘/chroot/named/master/bob.com.zone’
‘db.192.253.254’ -> ‘/chroot/named/master/db.192.253.254’
[root@dns.bob.com =>named]#
c)再复制 /var/named/loca 目录下的内容 :
[root@dns.bob.com =>named]#cp -av local/* ~named/local/
‘local/localhost.zone’ -> ‘/chroot/named/local/localhost.zone’
‘local/named.local’ -> ‘/chroot/named/local/named.local’
‘local/zone.def’ -> ‘/chroot/named/local/zone.def’
[root@dns.bob.com =>named]#
d)再复制 /var/named/log 目录下的内容 :
[root@dns.bob.com =>named]#cp -av log/* ~named/log/
‘log/client’ -> ‘/chroot/named/log/client’
‘log/client/client_log’ -> ‘/chroot/named/log/client/client_log’
‘log/config’ -> ‘/chroot/named/log/config’
‘log/config/config_log’ -> ‘/chroot/named/log/config/config_log’
‘log/database’ -> ‘/chroot/named/log/database’
(中间省略)
‘log/xfer-out’ -> ‘/chroot/named/log/xfer-out’
‘log/xfer-out/xfer-out_log’ -> ‘/chroot/named/log/xfer-out/xfer-out_log’
[root@dns.bob.com =>named]#
e)再复制 hints 文件
[root@dns.bob.com =>named]#cp -av named.ca ~named/
‘named.ca’ -> ‘/chroot/named/named.ca’
f)再复制 /etc/named.conf 文件
[root@dns.bob.com =>named]#cp -av /etc/named.conf ~named/etc/
‘/etc/named.conf’ -> ‘/chroot/named/etc/named.conf’
[root@dns.bob.com =>named]#
[root@dns.bob.com =>named]#
8、修改目录的属主 (stub、log、slave、var/run)
[root@dns.bob.com =>named]#mkdir stub slave
[root@dns.bob.com =>named]#chown -c named:named log stub slave
‘log’ 的所有者已更改为 named:named
‘stub’ 的所有者已更改为 named:named
‘slave’ 的所有者已更改为 named:named
[root@dns.bob.com =>named]#
[root@dns.bob.com =>named]#cd var
[root@dns.bob.com =>var]#ll
总用量 8
drwxr-xr-x 2 root root 4096 12月 11 20:13 named
drwxr-xr-x 2 root root 4096 12月 11 20:34 run
[root@dns.bob.com =>var]#chown -c named:named run
‘run’ 的所有者已更改为 named:named
[root@dns.bob.com =>var]#
9、复制 /dev/null 和 /dev/random 文件到 /chroot/named/dev 目录下,并修改这两个设备文件的权限
[root@dns.bob.com =>dev]#cp -a /dev/null /dev/random .
[root@dns.bob.com =>dev]#ll
总用量 0
crw-rw-rw- 1 root root 1, 3 2003-01-30 null
crw-r--r-- 1 root root 1, 8 2003-01-30 random
[root@dns.bob.com =>dev]#
[root@dns.bob.com =>dev]#chmod -c 666 *
‘random’ 的权限模式已更改为 0666 (rw-rw-rw-)
[root@dns.bob.com =>dev]#
10、复制 /etc/localtime 文件到 /chroot/named/etc 目录下
[root@dns.bob.com =>etc]#cp -av /etc/localtime .
‘/etc/localtime’ -> ‘./localtime’
[root@dns.bob.com =>etc]#ll
总用量 8
-rw-r--r-- 1 root root 165 7月 13 00:40 localtime
-rw-r--r-- 1 root root 1091 12月 8 16:13 named.conf
[root@dns.bob.com =>etc]#
11、修改日志定义文件 log_def ,因为只有 default 类会用到 syslog ,所以把 default 类的日志写入文件 :
channel ch_default {
file "log/default/default_log" version 2 size 10k;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { ch_default; };
12、安全设置
a)修改 /chroot 目录的权限为 (rwx--x--x),除了 root 用户拥有全部权限外,其他用户只能具有进入目录的权限
[root@dns.bob.com =>/]#chmod -c go-r /chroot
‘/chroot’ 的权限模式已更改为 0711 (rwx--x--x)
[root@dns.bob.com =>/]#
b)修改 /chroot/named 目录的权限和属主
[root@dns.bob.com =>chroot]#chown named:named named/
[root@dns.bob.com =>chroot]#chmod -c 700 named
‘named’ 的权限模式已更改为 0700 (rwx------)
[root@dns.bob.com =>chroot]#
13、后续工作
a)修改 /chroot/named/etc/named.conf 中的
directory "/var/named"
为 :
directory "/"
b)增加 pid-file "var/run/named.pid";
c)复制 rndc.key 文件到 /chroot/named/etc/ 目录下
[root@dns.bob.com =>named]#cp -av /etc/rndc.key etc/
‘/etc/rndc.key’ -> ‘etc/rndc.key’
[root@dns.bob.com =>named]#ll etc
总用量 12
-rw-r--r-- 1 root root 165 7月 13 00:40 localtime
-rw-r--r-- 1 root root 1114 12月 11 21:14 named.conf
-rw-r----- 1 root named 132 7月 12 23:53 rndc.key
d)修改 zone data file 存放的位置。 :
zone "bob.com" IN {
type master;
file "master/bob.com.zone";
};
zone "254.253.192.in-addr.arpa" IN {
type master;
file "master/db.192.253.254";
};
14、启动 named
[root@dns.bob.com =>etc]#named -u named -t /chroot/named -c /etc/named.conf -d 10
[root@dns.bob.com =>etc]#
15、启动错误
[root@dns.bob.com =>etc]#pidof named
[root@dns.bob.com =>etc]#
16、检查日志
[root@dns.bob.com =>etc]#tail -f /var/log/messages
Dec 11 20:00:53 dns sshd(pam_unix)[20503]: session closed for user root
Dec 11 20:01:45 dns sshd(pam_unix)[20641]: session opened for user root by (uid=0)
Dec 11 20:54:58 dns vsftpd: warning: can't get client address: Bad file descriptor
Dec 11 21:00:02 dns syslogd 1.4.1: restart.
Dec 11 13:20:29 dns named[22007]: starting BIND 9.2.1 -u named -t /chroot/named -c /etc/named.conf -d 10
Dec 11 13:20:29 dns named[22007]: using 1 CPU
Dec 11 13:20:29 dns named[22007]: loading configuration from '/etc/named.conf'
Dec 11 13:20:29 dns named[22007]: none:0: open: /etc/named.conf: permission denied
Dec 11 13:20:29 dns named[22007]: loading configuration: permission denied
Dec 11 13:20:29 dns named[22007]: exiting (due to fatal error)
检查发现 /chroot/named 的属主为 root ,权限为 700 ,所以导致 named 用户无法进入读取配置文件
所以失败原因是忘记修改 /chroot/named 目录的属主
重新设置 /chroot/named 目录的属主为 named 用户
17、再次启动
[root@dns.bob.com =>named]#named -u named -t /chroot/named -c /etc/named.conf
[root@dns.bob.com =>named]#pidof named
18、仍然失败
[root@dns.bob.com =>named]#tail -f /var/log/messages
Dec 11 13:20:29 dns named[22007]: none:0: open: /etc/named.conf: permission denied
Dec 11 13:20:29 dns named[22007]: loading configuration: permission denied
Dec 11 13:20:29 dns named[22007]: exiting (due to fatal error)
Dec 11 21:25:13 dns named[22089]: starting BIND 9.2.1 -u named -t /chroot/named -c /etc/named.conf
Dec 11 21:25:13 dns named[22089]: using 1 CPU
Dec 11 21:25:13 dns named[22089]: loading configuration from '/etc/named.conf'
Dec 11 21:25:13 dns named[22089]: log/log_def:146: missing ';' before '2'
Dec 11 21:25:13 dns named[22089]: log/log_def:146: unknown option '2'
Dec 11 21:25:13 dns named[22089]: loading configuration: failure
Dec 11 21:25:13 dns named[22089]: exiting (due to fatal error)
可以看到配置文件已经读取,但在读取log定义文件 log_def 时,发生错误,位置是第 146 行,在 2 之前少了一个 ';'
经检查发现是下面的语句错误了
channel ch_default {
file "log/default/default_log" version 2 size 10k; // 应该是 versions 而不是 version
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
修改完毕
19、第三次启动
[root@dns.bob.com =>named]#named -u named -t /chroot/named -c /etc/named.conf
[root@dns.bob.com =>named]#pidof named
20、仍然失败
[root@dns.bob.com =>named]#tail -f /var/log/messages
Dec 11 21:28:41 dns named[22099]: using 1 CPU
Dec 11 21:28:41 dns named[22099]: loading configuration from '/etc/named.conf'
Dec 11 21:28:41 dns named[22099]: no IPv6 interfaces found
Dec 11 21:28:41 dns named[22099]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 11 21:28:41 dns named[22099]: listening on IPv4 interface eth0, 192.253.254.2#53
Dec 11 21:28:41 dns named[22099]: command channel listening on 127.0.0.1#953
Dec 11 21:28:41 dns named[22099]: logging channel 'ch_lame': not found
Dec 11 21:28:41 dns named[22099]: configuring logging: not found
Dec 11 21:28:41 dns named[22099]: loading configuration: not found
Dec 11 21:28:41 dns named[22099]: exiting (due to fatal error)
提示在 log_def 中出现了 ch_lame ,未定义的 channel。
经检查是在定义 channel lame 时错误应该是 channel ch_lame 。
修改完毕
21、第四次启动
[root@dns.bob.com =>named]#named -u named -t /chroot/named -c /etc/named.conf
[root@dns.bob.com =>named]#pidof named
22173
[root@dns.bob.com =>named]#
可以看到 named 已经启动。但仍然需要检查是否正常
22、测试 rndc 能否正常执行
[root@dns.bob.com =>general]#rm -f * // 首先删除 /chroot/named/log/general/ 目录下的所有旧的日志文件
[root@dns.bob.com =>general]#rndc reload // 执行 rndc reload
[root@dns.bob.com =>general]#ll
总用量 4
-rw-r--r-- 1 named named 1485 12月 11 21:32 general_log // 已经生成新的 log 文件,所以 rndc reload 可以正常运行
[root@dns.bob.com =>general]#
[root@dns.bob.com =>general]#rndc stats
-rw-r--r-- 1 named named 138 12月 11 21:33 named.stats // 已经生成 named.stats 文件
[root@dns.bob.com =>chroot]#rndc dumpdb
-rw-r--r-- 1 named named 57 12月 11 21:34 named_dump.db
[root@dns.bob.com =>named]#cat named.stats
+++ Statistics Dump +++ (1134308000)
success 0
referral 0
nxrrset 0
nxdomain 0
recursion 0
failure 0
--- Statistics Dump --- (1134308000)
[root@dns.bob.com =>named]#cat named_dump.db
;
; Cache dump of view '_default'
;
$DATE 20051211133417
[root@dns.bob.com =>named]#
23、检查日志
[root@dns.bob.com =>log]#cd general/
[root@dns.bob.com =>general]#cat general_log
Dec 11 21:32:05.174 general: debug 1: now using logging configuration from config file
Dec 11 21:32:05.175 general: debug 1: load_configuration: success
Dec 11 21:32:05.175 general: debug 1: zone 0.0.127.in-addr.arpa/IN: starting load
Dec
11 21:32:05.175 general: error: zone 0.0.127.in-addr.arpa/IN: loading
master file /var/named/local/named.local: file not found
Dec 11 21:32:05.175 general: debug 1: zone 254.253.192.in-addr.arpa/IN: skipping load: master file older than last load
Dec 11 21:32:05.175 general: debug 1: zone bob.com/IN: skipping load: master file older than last load
Dec 11 21:32:05.175 general: debug 1: zone localhost/IN: starting load
Dec 11 21:32:05.175 general: error: zone localhost/IN: loading master file /var/named/local/localhost.zone: file not found
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone localhost/IN: enter
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone 0.0.127.in-addr.arpa/IN: enter
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone bob.com/IN: enter
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone 254.253.192.in-addr.arpa/IN: enter
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone version.bind/CH: enter
Dec 11 21:32:05.175 general: debug 1: dns_zone_maintenance: zone version.bind/CH: enter
Dec 11 21:32:05.176 general: debug 1: zone_timer: zone version.bind/CH: enter
Dec 11 21:32:05.176 general: debug 1: zone_maintenance: zone version.bind/CH: enter
Dec 11 21:33:20.712 general: debug 1: received control channel command 'stats'
Dec 11 21:34:17.282 general: debug 1: received control channel command 'dumpdb'
[root@dns.bob.com =>general]#
发现出现 "file not found" 的情况 ,分别是 :
/var/named/local/named.local
/var/named/local/localhost.zone
经检查发现 /chroot/named/local/zone.def 文件使用了绝对路径
file "/var/named/local/localhost.zone";
file "/var/named/local/named.local";
导致加载出错
修改为 :
file "local/localhost.zone";
file "local/named.local";
24、重新 reload
[root@dns.bob.com =>local]#rndc reload
25、再次检查日志
Dec 11 21:38:04.274 general: debug 1: received control channel command 'reload'
Dec 11 21:38:04.275 general: info: loading configuration from '/etc/named.conf'
Dec 11 21:38:04.278 general: debug 1: now using logging configuration from config file
Dec 11 21:38:04.280 general: debug 1: load_configuration: success
Dec 11 21:38:04.280 general: debug 1: zone 0.0.127.in-addr.arpa/IN: starting load
Dec 11 21:38:04.280 general: debug 1: zone 0.0.127.in-addr.arpa/IN: loaded
Dec 11 21:38:04.280 general: debug 1: zone 0.0.127.in-addr.arpa/IN: journal rollforward completed successfully: no journal
Dec 11 21:38:04.280 general: info: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Dec 11 21:38:04.281 general: debug 1: zone 254.253.192.in-addr.arpa/IN: skipping load: master file older than last load
Dec 11 21:38:04.281 general: debug 1: zone bob.com/IN: skipping load: master file older than last load
Dec 11 21:38:04.281 general: debug 1: zone localhost/IN: starting load
Dec 11 21:38:04.281 general: debug 1: zone localhost/IN: loaded
Dec 11 21:38:04.281 general: debug 1: zone localhost/IN: journal rollforward completed successfully: no journal
Dec 11 21:38:04.281 general: info: zone localhost/IN: loaded serial 42
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone localhost/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone 0.0.127.in-addr.arpa/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone bob.com/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone 254.253.192.in-addr.arpa/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone version.bind/CH: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone localhost/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone 0.0.127.in-addr.arpa/IN: enter
Dec 11 21:38:04.281 general: debug 1: dns_zone_maintenance: zone version.bind/CH: enter
Dec 11 21:38:04.282 general: debug 1: zone_timer: zone localhost/IN: enter
Dec 11 21:38:04.282 general: debug 1: zone_maintenance: zone localhost/IN: enter
Dec 11 21:38:04.282 general: debug 1: zone_timer: zone 0.0.127.in-addr.arpa/IN: enter
Dec 11 21:38:04.282 general: debug 1: zone_maintenance: zone 0.0.127.in-addr.arpa/IN: enter
Dec 11 21:38:04.282 general: debug 1: zone_timer: zone version.bind/CH: enter
Dec 11 21:38:04.282 general: debug 1: zone_maintenance: zone version.bind/CH: enter
[root@dns.bob.com =>general]#
这次没有出现错误了
26、检查 config、default、lame、network、notify、security、xfer-out 类的日志
-rw-r--r-- 1 named named 0 12月 7 15:05 config_log
-rw-r--r-- 1 named named 0 12月 11 21:28 default_log
-rw-r--r-- 1 named named 0 12月 7 15:25 lame_log
[root@dns.bob.com =>network]#netstat -an |grep -w 53
tcp 0 0 192.253.254.2:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
udp 0 0 192.253.254.2:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
[root@dns.bob.com =>network]#
-rw-r--r-- 1 named named 0 12月 7 15:32 notify_log
-rw-r--r-- 1 named named 0 12月 11 21:43 security_log
-rw-r--r-- 1 named named 0 12月 11 21:43 xfer-out_log
27、检查正向域名的解释情况
[root@dns.bob.com =>xfer-out]#rndc flush
[root@dns.bob.com =>xfer-out]#
[root@dns.bob.com =>xfer-out]#nslookup dns
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: dns.bob.com
Address: 192.253.254.2
[root@dns.bob.com =>xfer-out]#nslookup gateway1
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: gateway1.bob.com
Address: 192.253.254.1
[root@dns.bob.com =>xfer-out]#nslookup gateway2
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: gateway2.movie.bob.com
Address: 192.253.254.65
[root@dns.bob.com =>xfer-out]#nslookup dns.movie.bob.com.
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: dns.movie.bob.com
Address: 192.253.254.66
[root@dns.bob.com =>master]#nslookup ssh
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ssh.bob.com
Address: 192.253.254.2
[root@dns.bob.com =>master]#nslookup ailms
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
ailms.bob.com canonical name = dns.bob.com.
Name: dns.bob.com
Address: 192.253.254.2
[root@dns.bob.com =>master]#
接下来是反向区的解释
[root@dns.bob.com =>master]#nslookup 192.253.254.1
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
1.254.253.192.in-addr.arpa name = gateway1.bob.com.
[root@dns.bob.com =>master]#nslookup 192.253.254.2
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
2.254.253.192.in-addr.arpa name = ssh.bob.com.
2.254.253.192.in-addr.arpa name = dns.bob.com.
[root@dns.bob.com =>master]#nslookup 192.253.254.65
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
65.254.253.192.in-addr.arpa name = gateway2.movie.bob.com.
[root@dns.bob.com =>master]#nslookup 192.253.254.66
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
66.254.253.192.in-addr.arpa name = dns.movie.bob.com.
[root@dns.bob.com =>master]#
一切正常。
28、named 进程的检查
[root@dns.bob.com =>xfer-out]#ps l -C named
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
1 25 22173 1 23 0 29748 2792 rt_sig S ? 0:00 named -u named -t /chroot/named -c /etc/named.conf
[root@dns.bob.com =>xfer-out]#ps e -C named
PID TTY STAT TIME COMMAND
22173
? S 0:00 named -u named -t /chroot/named -c /etc/named.conf
HOSTNAME=dns.bob.com PVM_RSH=/usr/bin/rsh TERM=linux S
29、修改启动脚本
在 /etc/sysconfig 目录下有一个 named 文件,可以在该文件中添加参数
[root@dns.bob.com =>root]#cat /etc/sysconfig/named
# Currently, you can use the following options:
# ROOTDIR="/some/where" -- will run named in a chroot environment.
# you must set up the chroot environment before
# doing this.
ROOTDIR="/chroot/named" // 修改 ROOTDIR
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, use ROOTDIR instead.
OPTIONS=" -c /etc/named.conf -d 10" // 修改 OPTIONS
[root@dns.bob.com =>root]#
30、重新启动 named
[root@dns.bob.com =>root]#service named start
[root@dns.bob.com =>root]# [ 确定 ]
[root@dns.bob.com =>root]#
[root@dns.bob.com =>root]#pidof named
14262
[root@dns.bob.com =>root]#tail -f /var/log/messages
Dec 13 09:00:01 dns syslogd 1.4.1: restart.
Dec 13 09:13:20 dns sshd(pam_unix)[14137]: session opened for user root by (uid=0)
Dec 13 09:17:28 dns 12月 13 09:17:28 named: named 启动 succeeded
Dec 13 09:17:28 dns named[14262]: starting BIND 9.2.1 -u named -c /etc/named.conf -d 10 -t /chroot/named // 可以看到已经生效了
Dec 13 09:17:28 dns named[14262]: using 1 CPU
Dec 13 09:17:28 dns named[14262]: loading configuration from '/etc/named.conf'
Dec 13 09:17:28 dns named[14262]: no IPv6 interfaces found
Dec 13 09:17:28 dns named[14262]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 13 09:17:28 dns named[14262]: listening on IPv4 interface eth0, 192.253.254.2#53
Dec 13 09:17:28 dns named[14262]: command channel listening on 127.0.0.1#953
31、继续测试
[root@dns.bob.com =>log]#rndc flush
[root@dns.bob.com =>log]#nslookup dns
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: dns.bob.com
Address: 192.253.254.2
[root@dns.bob.com =>log]#nslookup dns.movie.bob.com.
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: dns.movie.bob.com
Address: 192.253.254.66
[root@dns.bob.com =>log]#nslookup gateway2.movie.bob.com.
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: gateway2.movie.bob.com
Address: 192.253.254.65
[root@dns.bob.com =>log]#nslookup gateway1.bob.com.
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: gateway1.bob.com
Address: 192.253.254.1
[root@dns.bob.com =>log]#nslookup ssh.bob.com.
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ssh.bob.com
Address: 192.253.254.2
[root@dns.bob.com =>log]#nslookup 192.253.254.1
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
1.254.253.192.in-addr.arpa name = gateway1.bob.com.
[root@dns.bob.com =>log]#nslookup 192.253.254.2
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
2.254.253.192.in-addr.arpa name = dns.bob.com.
2.254.253.192.in-addr.arpa name = ssh.bob.com.
[root@dns.bob.com =>log]#nslookup 192.253.254.65
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
65.254.253.192.in-addr.arpa name = gateway2.movie.bob.com.
[root@dns.bob.com =>log]#nslookup 192.253.254.66
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 127.0.0.1
Address: 127.0.0.1#53
66.254.253.192.in-addr.arpa name = dns.movie.bob.com.
[root@dns.bob.com =>log]#
一切正常
