CenTOS 5下面用自带的RPM包安装基于Bind的域名解析系统
Author:汪洋
Nickname:ruochen / ruochen0926
Date:20070927
Version:1.0
Contact: E-Mail:yang_wang(at)sae (dot) com (dot) hk QQ:967409
Blog:http://ruochen.cublog.cn/
Note:如果在安装或者使用过程中有疑问,请到我的blog跟帖,我会尽快回复
目录:
目标:配置一个基本的DNS域名解析系统
1)安装需要的软件包
2)配置 /etc/named.conf
3)配置 /etc/named.rfc1912.zones
4)配置 /var/named/named.test.hk
5)配置 /var/named/named.10.10.119
6)配置 /etc/resolv.conf
7)配置 /etc/rndc.conf & /etc/rndc.key
8)测试 DNS
9)其他
1)安装需要的软件包
bind-utils-9.3.3-7.el5
bind-9.3.3-7.el5
bind-libs-9.3.3-7.el5
caching-nameserver-9.3.3-7.el5 (第一次没有安装这个包,导致默认的配置文件没有)
ypbind-1.19-7.el5
bind-chroot-9.3.3-7.el5
后面的两个软件包根据自己需要安装
note:
用rpm包来安装或者用yum来安装
推荐使用yum安装,自动解决软件包之间依赖关系
2)配置 /etc/named.conf
默认是没有/etc/named.conf这个配置文件的,我们根据/etc/named.caching-nameserver.conf来复制修改得到
[root@mail ~]# cp /etc/named.caching-nameserver.conf /etc/named.conf
[root@mail ~]# vi /etc/named.conf
// options {
// directory "/var/named";
// dump-file "/var/named/data/cache_dump.db";
// statistics-file "/var/named/data/named_stats.txt";
// };
options {
listen-on port 53 { 10.10.119.200; };
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
# query-source-v6 port 53;
# pid-file "/var/run/named/named.pid";
# allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
key "rndckey" {
algorithm hmac-md5;
secret "vt/j+jC7MxIoB+9emnuKqw==";
};
controls {
inet 10.10.119.200 port 953
allow { any; } keys { "rndckey"; };
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
3)配置 /etc/named.rfc1912.zones
[root@mail ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "test.hk" IN {
type master;
file "named.test.hk";
};
zone "119.10.10.in-addr.arpa" IN {
type master;
file "named.10.10.119";
allow-update { none; };
};
4)配置 /var/named/named.test.hk
[root@mail ~]# vi /var/named/named.test.hk
$TTL 86400
@ IN SOA test.hk. ruochen.mail.test.hk (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS .
IN NS mail.test.hk.
IN MX 5 mail.test.hk.
localhost. IN A 127.0.0.1
www IN A 10.10.119.200
mail IN A 10.10.119.200
mail.test.hk IN CNAME test.hk
5)配置 /var/named/named.10.10.119
[root@mail ~]# vi /var/named/named.10.10.119
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS localhost.
localhost. IN PTR localhost.
200 IN PTR .
200 IN PTR mail.test.hk.
[root@mail ~]# more /etc/rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "vt/j+jC7MxIoB+9emnuKqw==";
};
options {
default-key "rndckey";
default-server 10.10.119.200;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "vt/j+jC7MxIoB+9emnuKqw==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
[root@mail ~]# more /etc/rndc.key
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "vt/j+jC7MxIoB+9emnuKqw==";
};
options {
default-key "rndckey";
default-server 10.10.119.200;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "vt/j+jC7MxIoB+9emnuKqw==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
[root@mail ~]# rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
[root@mail ~]# more /etc/resolv.conf
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
#nameserver 127.0.0.1
nameserver 10.10.119.200
8)测试 DNS
[root@mail ~]# ping
PING (10.10.119.200) 56(84) bytes of data.
64 bytes from mail (10.10.119.200): icmp_seq=1 ttl=64 time=0.303 ms
64 bytes from mail (10.10.119.200): icmp_seq=2 ttl=64 time=0.291 ms
64 bytes from mail (10.10.119.200): icmp_seq=3 ttl=64 time=0.039 ms
64 bytes from mail (10.10.119.200): icmp_seq=4 ttl=64 time=0.038 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.038/0.167/0.303/0.130 ms
[root@mail ~]# ping mail.test.hk
PING mail (10.10.119.200) 56(84) bytes of data.
64 bytes from mail (10.10.119.200): icmp_seq=1 ttl=64 time=0.622 ms
64 bytes from mail (10.10.119.200): icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from mail (10.10.119.200): icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from mail (10.10.119.200): icmp_seq=4 ttl=64 time=0.040 ms
--- mail ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.040/0.189/0.622/0.250 ms
[root@mail ~]# nslookup 10.10.119.200
Server: 10.10.119.200
Address: 10.10.119.200#53
200.119.10.10.in-addr.arpa name = mail.test.hk.
200.119.10.10.in-addr.arpa name = .
