RedHat_(centos5.5)DNS详细配置说明
@主DNS服务器配置
一、前期准备工作
centos 5.5 能上网
二、加载数据包
yum -y install caching-nameserver* bind-chroot*
因此加载了数据包会有以下这些目录
chroot localdomain.zone named.broadcast named.ip6.local named.zero
data localhost.zone named.ca named.local slaves
三、进行主文件配置
1、cd /var/named/chroot/etc
cp -p named.caching-nameserver.conf named.conf
要加-p 因为在复制的时候可以拥有所有权限
2、修改named.conf文件,内容如下。
options {
listen-on port 53 { any; }; #指定BIND侦听的本机IP地址53端口收到的DNS查询请求
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; #接收任何客户端的DNS查询请求
allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; #指定当前view处理源和目标任意的查询请求
match-destinations { any; }; #指定当前view处理源和目标任意的查询请求
recursion yes;
include "/etc/named.zones"; #这一处要跟后面的named.zones的文件相对应
};
这里只是讲述基本功能的实现,没有考虑安全性的问题,从安全角度来说在指 定 IP地址集合时最好还是明确指定IP地址或网段,而不要使用“any".
3、cp -p named.rfc1912.zones named.zones
修改named.zones文档的相应需求,在该文档的最后添加如下修改过的相应需求
zone "example123.com" IN {
type master;
file "example123.com.zero";
allow-transfer { 192.10.10.55; }; #转发到辅助服务器去
allow-update { none; };
}; #正向解析区域
zone "100.168.192.in-addr.arpa" IN {
type master;
file "100.168.192.local";
allow-transfer { 192.10.10.55; }; #转发到辅助服务器去
allow-update { none; };
}; #反向解析区域
4、对正向区域的配置如下
cd /var/named/chroot/var/named
进行这样的复制与配置
cp -p named.zero example123.com.zero
cp -p named.local 100.168.192.local
修改正向文件的需求example123.com.zero文件,内容如下。
$TTL 86400
@ IN SOA dns.example123.com. root.example123.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.example123.com.
IN MX 10 mail.example123.com.
mail IN A 192.168.100.127
dns IN A 192.168.100.127
www IN CNAME web.example123.com.
web.example123.com. IN A 192.168.100.127
修改反向文件的需求100.168.192.local文件,内容如下。
$TTL 86400
@ IN SOA dns.example123.com. root.example123.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.example123.com.
127 IN PTR mail.example123.com.
127 IN PTR web.example123.com.
经过以上的这些配置,正向区域和反向区域已经配置好了,但是还需要做一些工作
四、修改一些配置
vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 example123.com localhost
::1 localhost6.localdomain6 localhost6
192.168.100.127 mail.example123.com
127.0.0.1 www.example123.com
192.168.100.127 www.example123.com
五、修改/etc/resolv.conf
vi /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.100.127
#nameserver 202.96.134.133
六、一个完整的DNS服务器就成功构建起来了
启动:service named restart
七、测试结果如下
正向测试
C:\Documents and Settings\Administrator>nslookup www.example123.com
Server: web.example123.com
Address: 192.168.100.127
Name: web.example123.com
Address: 192.168.100.127
Aliases: www.example123.com
反向测试
C:\Documents and Settings\Administrator>nslookup 192.168.100.127
Server: mail.example123.com
Address: 192.168.100.127
Name: web.example123.com
Address: 192.168.100.127
@辅助服务器配置
@辅助服务器的工作,主要是分担主服务器的解析工作,详细信息请看下面配置。
一、安装数据包和主服务器的一样,其实配置什么信息都差不多
二、加载数据包
yum -y install caching-nameserver* bind-chroot*
因此加载了数据包会有以下这些目录
chroot localdomain.zone named.broadcast named.ip6.local named.zero
data localhost.zone named.ca named.local slaves
三、进行主文件配置
1、cd /var/named/chroot/etc
cp -p named.caching-nameserver.conf named.conf
要加-p 因为在复制的时候可以拥有所有权限
2、修改named.conf文件,内容如下。(这个文档中的那句转发命令是在主服务器配置的)
options {
listen-on port 53 { any; }; #指定BIND侦听的本机IP地址53端口收到的DNS查询请求
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-transfer { 192.168.100.147; }; #转发指定到要做辅助DNS的服务器上面去
allow-query { any; }; #接收任何客户端的DNS查询请求
allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; #指定当前view处理源和目标任意的查询请求
match-destinations { any; }; #指定当前view处理源和目标任意的查询请求
recursion yes;
include "/etc/named.zones"; #这一处要跟后面的named.zones的文件相对应
};
这里只是讲述基本功能的实现,没有考虑安全性的问题,从安全角度来说在指 定 IP地址集合时最好还是明确指定IP地址或网段,而不要使用“any".
3、cp -p named.rfc1912.zones named.zones
修改named.zones文档的相应需求,在该文档的最后添加如下修改过的相应需求
zone "example123.com" IN {
type slave;
masters { 192.168.100.127; };
file "slaves/example123.com.zero";
};
#正向解析区域
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.127; };
file "slaves/100.168.192.local";
};
#反向解析区域
4、对正向区域的配置如下
cd /var/named/chroot/var/named
进行这样的复制与配置
cp -p named.zero example123.com.zero
cp -p named.local 100.168.192.local
修改正向文件的需求example123.com.zero文件,内容如下。
$TTL 86400
@ IN SOA dns.example123.com. root.example123.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.example123.com.
IN MX 10 mail.example123.com.
mail IN A 192.168.100.147
dns IN A 192.168.100.147
www IN CNAME web.example123.com.
web.example123.com. IN A 192.168.100.147
修改反向文件的需求100.168.192.local文件,内容如下。
$TTL 86400
@ IN SOA dns.example123.com. root.example123.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.example123.com.
147 IN PTR mail.example123.com.
147 IN PTR web.example123.com.
经过以上的这些配置,正向区域和反向区域已经配置好了,但是还需要做一些工作
四、修改一些配置
vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.10.10.127 ns1.example123.com
192.10.10.147 ns2.example123.com
五、修改/etc/resolv.conf
vi /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.100.147
nameserver 192.168.100.127
2、vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=ns2.example.com #设置主机名
GATEWAY=192.168.100.254
六、一个完整的DNS服务器就成功构建起来了
启动:service named restart
七、测试结果如下
正向测试
C:\Documents and Settings\Administrator>nslookup www.example123.com
Server: web.example123.com
Address: 192.168.100.147
Name: web.example123.com
Address: 192.168.100.147
Aliases: www.example123.com
反向测试
C:\Documents and Settings\Administrator>nslookup 192.168.100.127
Server: mail.example123.com
Address: 192.168.100.147
Name: web.example123.com
Address: 192.168.100.147
本文出自 “起点安全” 博客,谢绝转载!