DNS服务器部署文档(for linux平台)
一.配置yum,以便安装软件包
yum全局文件编辑目录: /etc/yum.repos.d/rhel-source.repo
[root@wanghong ~]# vim //etc/yum.repos.d/rhel-source.repo
#[rhel-source]
#name=Red Hat Enterprise Linux $releasever - $basearch - Source
#baseurl= ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
一.配置yum,以便安装软件包
yum全局文件编辑目录: /etc/yum.repos.d/rhel-source.repo
[root@wanghong ~]# vim //etc/yum.repos.d/rhel-source.repo
#[rhel-source]
#name=Red Hat Enterprise Linux $releasever - $basearch - Source
#baseurl= ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#[rhel-source-beta]
#name=Red Hat Enterprise Linux $releasever Beta - $basearch - Source
#baseurl= ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[wanghong]
Name=123
Baseurl=file:///mnt/Server
enable=1
gpgcheck=0
备注: #是注释作用,在此对文件没用任何影响,可以去掉
二.安装DNS服务软件包
1.DNS服务软件包名如下:
bind-9.3.3-7.el5.i386.rpm
bind-chroot-9.3.3-7.el5.i386.rpm
[root@wanghong~]#mount /dev/cdrom /mnt
[root@wanghong~]#yum install bind bind-chroot
执行此过程,就可以正常的安装DNS服务包软件,或者用以下命令也可以正常安装DNS服务包软件
[root@wanghong~]#mount /dev/cdrom /mnt
[root@wanghong~]#rpm -ivh bind-9.3.3-7.el5.i386.rpm --force
[root@wanghong~]#rpm -ivh bind-chroot-9.3.3-7.el5.i386.rpm --force
--foce 代表强制安装
2.编辑主配置文件
主配置文件目录: /etc/named.conf
#name=Red Hat Enterprise Linux $releasever Beta - $basearch - Source
#baseurl= ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[wanghong]
Name=123
Baseurl=file:///mnt/Server
enable=1
gpgcheck=0
备注: #是注释作用,在此对文件没用任何影响,可以去掉
二.安装DNS服务软件包
1.DNS服务软件包名如下:
bind-9.3.3-7.el5.i386.rpm
bind-chroot-9.3.3-7.el5.i386.rpm
[root@wanghong~]#mount /dev/cdrom /mnt
[root@wanghong~]#yum install bind bind-chroot
执行此过程,就可以正常的安装DNS服务包软件,或者用以下命令也可以正常安装DNS服务包软件
[root@wanghong~]#mount /dev/cdrom /mnt
[root@wanghong~]#rpm -ivh bind-9.3.3-7.el5.i386.rpm --force
[root@wanghong~]#rpm -ivh bind-chroot-9.3.3-7.el5.i386.rpm --force
--foce 代表强制安装
2.编辑主配置文件
主配置文件目录: /etc/named.conf
[root@wanghong ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; }; 注释: 监听端口的DNS客户端主机
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; 注释: 允许查询DNS的客户端主机
recursion yes; 注释: 是否允许客户端进行递归查询
listen-on port 53 { any; }; 注释: 监听端口的DNS客户端主机
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; 注释: 允许查询DNS的客户端主机
recursion yes; 注释: 是否允许客户端进行递归查询
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
按住ESC键,打入符号( :wq ) 保存配置文件信息
3. 编辑named.rfc1912.zones配置文件
[root@wanghong ~]# vim /etc/named.rfc1912.zones
zone "openlab.com" IN {
type master;
file "test.com.zone";
};
按住ESC键,打入符号( :wq ) 保存配置文件信息
3. 编辑named.rfc1912.zones配置文件
[root@wanghong ~]# vim /etc/named.rfc1912.zones
zone "openlab.com" IN {
type master;
file "test.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.zone";
};
备注:红色区域为追加部份
4.创建两个文件配置文件
[root@wanghong ~]# cp -a /var/named/named.empty /var/named/test.com.zone
[root@wanghong ~]# cp -a /var/named/named.empty /var/named/2.168.192.zone
5.编辑配置文件test.com.zone
[root@wanghong ~]# vim /named/test.com.zone
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS www.test.com.
IN MX 5 mail.test.com.
www IN A 192.168.2.1
mail IN A 192.168.2.2
ftp IN A 192.168.2.3
* IN A 192.168.2.4
备注:红色和蓝色区域为追加和更改区域
6.编辑配置文件2.168.192.zone
[root@wanghong ~]# vim /named/2.168.192.zone
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS www.openlab.com.
1 IN PTR www.openlab.com.
2 IN PTR mail.openlab.com.
3 IN PTR ftp.openlab.com.
备注:红色和蓝色区域为追加和更改区域
7.闭防火墙或清空防火墙
[root@wanghong ~]# service iptables stop
[root@wanghong ~]# chkconfig iptables off
或者执行清空防火墙命令
[root@wanghong ~]# iptables -F
[root@wanghong ~]# service iptables save
8.开始named服务
[root@wanghong ~]# service named start
[root@wanghong ~]# chkconfig named on
9.测试DNS服务是否成功
找一客户端主机,把DNS配成DNS服务器IP地址: 192.168.2.* ,这里*为1(192.168.2.1)
执行nslookup命令,看是否能解板mail.tets.com / www.test.com / ftp.tet.com
/ ***.test.com
type master;
file "2.168.192.zone";
};
备注:红色区域为追加部份
4.创建两个文件配置文件
[root@wanghong ~]# cp -a /var/named/named.empty /var/named/test.com.zone
[root@wanghong ~]# cp -a /var/named/named.empty /var/named/2.168.192.zone
5.编辑配置文件test.com.zone
[root@wanghong ~]# vim /named/test.com.zone
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS www.test.com.
IN MX 5 mail.test.com.
www IN A 192.168.2.1
mail IN A 192.168.2.2
ftp IN A 192.168.2.3
* IN A 192.168.2.4
备注:红色和蓝色区域为追加和更改区域
6.编辑配置文件2.168.192.zone
[root@wanghong ~]# vim /named/2.168.192.zone
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS www.openlab.com.
1 IN PTR www.openlab.com.
2 IN PTR mail.openlab.com.
3 IN PTR ftp.openlab.com.
备注:红色和蓝色区域为追加和更改区域
7.闭防火墙或清空防火墙
[root@wanghong ~]# service iptables stop
[root@wanghong ~]# chkconfig iptables off
或者执行清空防火墙命令
[root@wanghong ~]# iptables -F
[root@wanghong ~]# service iptables save
8.开始named服务
[root@wanghong ~]# service named start
[root@wanghong ~]# chkconfig named on
9.测试DNS服务是否成功
找一客户端主机,把DNS配成DNS服务器IP地址: 192.168.2.* ,这里*为1(192.168.2.1)
执行nslookup命令,看是否能解板mail.tets.com / www.test.com / ftp.tet.com
/ ***.test.com