第一步: 安装所需的DNS 软件包今天我们装个稍微复杂点的
bind-chroot-9.3.6-4.Pl.e15这个包的作用就是增加了他的安全性,这也是2.6内核的新功能,
以前我们的配置文件的保存位置是下面的几个地方
/etc/named.conf
/var/named/named.ca 这是根域文件
/var/named/localhost.zone 正向区域文件
/var/named/named.local 反向区域文件
而装完这个包之后,我们的配置文件的存放位置发生了变化
变成更深一级的目录
如/var/named/chroot/etc/named.conf
依次类推其他文件的存放位置
~
[root@localhost Server]# cd /var/named/chroot/etc
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones
bind-chroot-9.3.6-4.Pl.e15这个包的作用就是增加了他的安全性,这也是2.6内核的新功能,
以前我们的配置文件的保存位置是下面的几个地方
/etc/named.conf
/var/named/named.ca 这是根域文件
/var/named/localhost.zone 正向区域文件
/var/named/named.local 反向区域文件
而装完这个包之后,我们的配置文件的存放位置发生了变化
变成更深一级的目录
如/var/named/chroot/etc/named.conf
依次类推其他文件的存放位置
~
[root@localhost Server]# cd /var/named/chroot/etc
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones
rndc.key
[root@localhost etc]# vi named.conf
修改如下
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 192.168.1.2 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "hehe.com" IN {
type master;
file "hehe.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hehe.local";
allow-update { none; };
};
include "/etc/rndc.key";
保存退出
修改正向区域文件
[root@localhost etc]# cd /var/named/chroot/var/named
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# cp named.local hehe.local
[root@localhost named]# cp named.local hehe.zone
[root@localhost named]# vi hehe.zone
修改后如下
$TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
www IN A 192.168.1.2
保存退出 修改反向区域文件
[root@localhost named]# vi hehe.local
修改如下
$TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
2 IN PTR .
保存退出
[root@localhost named]# chgrp named hehe.local
[root@localhost named]# chgrp named hehe.zone
[root@localhost ~]# vi /etc/resolv.conf
nameserver 192.168.1.2
重启服务
[root@localhost named]# service network restart
[root@localhost etc]# vi named.conf
修改如下
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 192.168.1.2 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "hehe.com" IN {
type master;
file "hehe.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hehe.local";
allow-update { none; };
};
include "/etc/rndc.key";
保存退出
修改正向区域文件
[root@localhost etc]# cd /var/named/chroot/var/named
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# cp named.local hehe.local
[root@localhost named]# cp named.local hehe.zone
[root@localhost named]# vi hehe.zone
修改后如下
$TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
www IN A 192.168.1.2
保存退出 修改反向区域文件
[root@localhost named]# vi hehe.local
修改如下
$TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
2 IN PTR .
保存退出
[root@localhost named]# chgrp named hehe.local
[root@localhost named]# chgrp named hehe.zone
[root@localhost ~]# vi /etc/resolv.conf
nameserver 192.168.1.2
重启服务
[root@localhost named]# service network restart
测试网络
[root@localhost named]# nslookup
Server: 192.168.1.2
Address: 192.168.1.2#53
Name:
Address: 192.168.1.2
正向成功
[root@localhost named]# nslookup 192.168.1.2
Server: 192.168.1.2
Address: 192.168.1.2#53
2.1.168.192.in-addr.arpa name = .
[root@localhost named]#
反向成功ok
用同一个ip解析hehe 和haha
[root@localhost named]# vi /var/named/chroot/etc/named.conf
修改此文件,关键部分显示结果如下
zone "hehe.com" IN {
type master;
file "hehe.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hehe.local";
allow-update { none; };
};
zone "haha.com" IN {
type master;
file "haha.zone";
allow-update { none; };
};
include "/etc/rndc.key";
保存退出
[root@localhost named]# cd /var/named/chroot/var/named
[root@localhost named]# cp hehe.zone haha.zone
[root@localhost named]# vi haha.zone
修改haha的正向区域文件如下
$TTL 86400
@ IN SOA haha.com. root.haha.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS haha.com.
www IN A 192.168.1.2
保存退出
[root@localhost named]# vi hehe.local
修改hehe的反向区域文件
~ $TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
2 IN PTR .
2 IN PTR
~
保存退出
[root@localhost named]# chgrp named haha.zone
[root@localhost named]#
修改haha的属组
[root@localhost named]# service named restart
[root@localhost named]# nslookup
Server: 192.168.1.2
Address: 192.168.1.2#53
Name:
Address: 192.168.1.2
[root@localhost named]# nslookup 192.168.0.5
Server: 192.168.1.2
Address: 192.168.1.2#53
5.0.168.192.in-addr.arpa name = .
5.0.168.192.in-addr.arpa name =
[root@localhost named]# nslookup
Server: 192.168.1.2
Address: 192.168.1.2#53
Name:
Address: 192.168.1.2
正向成功
[root@localhost named]# nslookup 192.168.1.2
Server: 192.168.1.2
Address: 192.168.1.2#53
2.1.168.192.in-addr.arpa name = .
[root@localhost named]#
反向成功ok
用同一个ip解析hehe 和haha
[root@localhost named]# vi /var/named/chroot/etc/named.conf
修改此文件,关键部分显示结果如下
zone "hehe.com" IN {
type master;
file "hehe.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "hehe.local";
allow-update { none; };
};
zone "haha.com" IN {
type master;
file "haha.zone";
allow-update { none; };
};
include "/etc/rndc.key";
保存退出
[root@localhost named]# cd /var/named/chroot/var/named
[root@localhost named]# cp hehe.zone haha.zone
[root@localhost named]# vi haha.zone
修改haha的正向区域文件如下
$TTL 86400
@ IN SOA haha.com. root.haha.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS haha.com.
www IN A 192.168.1.2
保存退出
[root@localhost named]# vi hehe.local
修改hehe的反向区域文件
~ $TTL 86400
@ IN SOA hehe.com. root.hehe.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS hehe.com.
2 IN PTR .
2 IN PTR
~
保存退出
[root@localhost named]# chgrp named haha.zone
[root@localhost named]#
修改haha的属组
[root@localhost named]# service named restart
[root@localhost named]# nslookup
Server: 192.168.1.2
Address: 192.168.1.2#53
Name:
Address: 192.168.1.2
[root@localhost named]# nslookup 192.168.0.5
Server: 192.168.1.2
Address: 192.168.1.2#53
5.0.168.192.in-addr.arpa name = .
5.0.168.192.in-addr.arpa name =