相关说明:本地dns服务器在局域网内,采用nat到公网的ip
1)本机相关信息
[root@mail ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:E6:41:07:D4
inet addr:10.1.1.4 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:e6ff:fe41:7d4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6185623 errors:0 dropped:0 overruns:0 frame:0
TX packets:23907 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:400139428 (381.6 MiB) TX bytes:8893291 (8.4 MiB)
Interrupt:177
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:941 errors:0 dropped:0 overruns:0 frame:0
TX packets:941 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:114250 (111.5 KiB) TX bytes:114250 (111.5 KiB)
[root@mail ~]# hostname
mail.lfm-agile.com.hk
2)/etc/named.conf的相关配置
[root@mail ~]# cat /etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
# listen-on port 53 { 10.1.1.4; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# query-source port 53;
# query-source-v6 port 53;
# allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
key "rndckey" {
algorithm hmac-md5;
secret "vTWAQHQjInG9d+M6yk4/dA==";
};
controls {
inet 10.1.1.4 port 953
allow { any; } keys { "rndckey"; };
};
acl trusted {
localnets;
};
view "internal"{
# match-clients {10.1.1.0/24;};
match-clients {trusted;};
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
include "/etc/named.rfc1912.zones";
zone "lfm-agile.com.hk" in {
type master;
file "named.lfm-agile.internal";
allow-update { none; };
forwarders {};
notify no;
};
zone "1.1.10.in-addr.arpa" in {
type master;
file "named.1.1.10.internal";
allow-update { none; };
forwarders {};
notify no;
};
};
view "external"{
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
allow-query { any; };
zone "lfm-agile.com.hk" in {
type master;
file "named.lfm-agile.external";
allow-update { none; };
notify yes;
# notify-source ;
# also-notify { ; ; ; };
forwarders {};
};
};
[root@mail ~]# cat /var/named/named.lfm-agile.internal
$TTL 86400
@ IN SOA ns2.lfm-agile.com.hk. postmaster.lfm-agile.com.hk. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns2.lfm-agile.com.hk.
@ IN MX 10 mail.lfm-agile.com.hk.
@ IN A 10.1.1.4
mail IN A 10.1.1.4
admin IN A 10.1.1.4
ns2 IN CNAME mail.lfm-agile.com.hk.
[root@mail ~]# cat /var/named/named.lfm-agile.external
$TTL 86400
@ IN SOA ns2.lfm-agile.com.hk. postmaster.lfm-agile.com.hk. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns2.lfm-agile.com.hk.
@ IN MX 10 mail.lfm-agile.com.hk.
@ IN A 152.104.182.114
mail IN A 152.104.182.114
ns2 IN CNAME mail.lfm-agile.com.hk.
[root@mail ~]# cat /var/named/named.1.1.10.internal
$TTL 86400
@ IN SOA ns2.lfm-agile.com.hk. postmaster.lfm-agile.com.hk (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns2.lfm-agile.com.hk.
4 IN PTR mail.lfm-agile.com.hk.
4 IN PTR ns2.lfm-agile.com.hk.
3)rndc的相关配置
[root@mail ~]# cat /etc/rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "vTWAQHQjInG9d+M6yk4/dA==";
};
options {
default-key "rndckey";
default-server 10.1.1.4;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "vTWAQHQjInG9d+M6yk4/dA==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
[root@mail ~]# cat /etc/rndc.key
key "rndckey" {
algorithm hmac-md5;
secret "vTWAQHQjInG9d+M6yk4/dA==";
};
阅读(2487) | 评论(0) | 转发(0) |
