智能DNS安装配置过程全纪录

作者:曲宝全
1 / 18
测试环境:CentOS 5.3x86_64 操作系统
bind-9.3.2.tar.gz
DNS 服务器IP:192.168.168.3
模拟网通IP: 192.168.168.4
模拟电信IP:192.168.10.99
1. 安装bind
[root@dns local]# cd /srv/
[root@dns srv]# tar zvxf bind-9.3.2.tar.gz
[root@dns srv]# cd bind-9.3.2
[root@dns bind-9.3.2]# ./configure --prefix=/usr/local/named --disable-ipv6
--enable-threads
[root@dns bind-9.3.2]# make
[root@dns bind-9.3.2]# make install
2. 设置环境变量
[root@dns etc]# vi /etc/profile(添加如下两行到文件末尾)
PATH=$PATH:/usr/local/named/bin:/usr/local/named/sbin
[root@dns etc]#export PATH
3. 创建bind 运行所需的用户和组
[root@dns bind-9.3.2]# groupadd bind
[root@dns bind-9.3.2]# useradd -g bind -d /usr/local/named -s /sbin/nologin
bind
4. 创建所需目录并且赋予权限
作者:曲宝全
2 / 18
[root@dns bind-9.3.2]# cd /usr/local/named/
[root@dns named]# mkdir etc
[root@dns named]# chmod -R 700 etc
[root@dns named]# chown -R bind:bind etc/
5. 进入etc 目录创建域配置目录和ip 列表目录,区域文件目

[root@dns named]# cd etc
[root@slave etc]# mkdir �Cp domain/ip_list/ domain/dianxin domain/
wangtong/ domain/any
6. 分别编辑各个配置文件
(1) 编辑日志文件
[root@dns etc]# vi log1.conf(内容如下)
logging {
channel "dnslog" {
file "/var/log/dnslog" versions 10 size 20M ;
//指定日志文件的位置
severity info; //发送比 info 及其更高优先级的信

print-time yes; //在消息中添加时间前缀
print-category yes; //在消息中添加消息类别名
前缀
};
category "queries" {"dnslog";}; //把查询日志写入
作者:曲宝全
3 / 18
上面定义的日志文件中
category "client" {"dnslog";}; //把处理客户端请求
写入到上面定义的日志文件中
category "resolver" {"dnslog";}; //把名字解析,包括
对来自解析器的递归查询信息。写入到上面定义的日志文件中
category "security" {"dnslog";}; //把批准/非批准的请
求写入到到上面定义的日志文件中
category "update" {"dnslog";}; //把更新日志写入
到上面定义的日志文件中
};
(2) 生成rndc.conf
[root@dns etc]# ../sbin/rndc-confgen > rndc.conf
( 3 ) 从rndc.conf 文件中提取named.conf 用的key
[root@dns etc]# tail -10 rndc.conf | head -9 | sed s/#\ //g >
named.conf
( 4 ) 编辑主配置文件named.conf
[root@dns etc]# vi named.conf(内容如下)
options {
directory "/usr/local/named/etc/"; //配置文件的目录
statistics-file "named_stats.txt"; //此文件是统计文件,即记录dns
作者:曲宝全
4 / 18
响应的次数和命中的次数
pid-file "/var/run/named/named.pid"; //pid 文件目录
allow-query { any; }; //任何人都可以查询本DNS
recursion yes; //可以执行递归查询
};
key "rndc-key" {
algorithm hmac-md5;
secret "ijHO3bC50ZtRlGSx8Ustug==";
}; //上一步自动生成的
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
}; //上一步自动生成的
############# log configure ###################
include "log1.conf"; //此处是指定日志配置文件的位置,上面已经定义
############### ip acl list ####################
include "ip_list/ip_wangtong"; //此处是指定ip 列表的文件位置,网通的ip 列

include "ip_list/ip_dianxin"; //此处是指定ip 列表的文件位置,电信的ip 列

作者:曲宝全
5 / 18
############### view ####################
####dian xin####
view "ip_list/ip_dianxin" { //此处指匹配电信的ip 列表
match-clients { dianxin; }; //此处指匹配电信的ip 列表ACL 的名称,ip 列表
里有指定
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
}; //以上是定义跟区域和本地区域
include "domain/dianxin.def"; //此处指定域名配置文件的位置
作者:曲宝全
6 / 18
};
######wang tong ########
view "ip_list/ip_wangtong" {
match-clients { wangtong; };
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
作者:曲宝全
7 / 18
include "domain/wangtong.def";
};
#####any ##########
view "any" {
match-clients { any; };
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
作者:曲宝全
8 / 18
include "domain/any.def";
};
(5) 生成named.root 文件
[root@dns etc]# ../bin/dig > named.root
(6) 分别编辑本地区域文件
[root@dns etc]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
建立named.local 文件
[[root@dns etc]#vi named.local
作者:曲宝全
9 / 18
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
(7) 创建统计文件并且赋权
[root@dns etc]# touch named_stats.txt
[root@dns etc]# chmod 666 named_stats.txt
(8) 创建日志文件并且赋权
[root@dns etc]# touch /var/log/dnslog
[root@dns etc]# chown -R bind:bind /var/log/dnslog
(9) 编辑IP 列表
[root@dns etc]# cd ip_list/
[root@dns ip_list]# vi ip_dianxin(内容如下,此处只是测试用,
实际的ip 列表见附件)
acl "dianxin" { //此处acl 名称要和配置文件指定的一致
192.168.10.0/24; //匹配的ip 段
作者:曲宝全
10 / 18
};
[root@dns ip_list]# vi ip_wangtong
acl "wangtong" {
192.168.168.0/24;
};
(10)编辑域配置文件
[root@dns ip_list]# cd ../domain/
[root@dns domain]# vi dianxin.def(文件名要和主配置文件指定
的一致,)
zone "qubaoquan.com" IN {
type master;
file "domain/dianxin/qubaoquan.com.zone"; //此处指定区域文件
的位置
allow-transfer { none; };
};
zone "quxinrao.com" IN {
type master;
file "domain/dianxin/quxinrao.com.zone";
allow-transfer {none;};
};
[root@dns domain]# vi wangtong.def(为了测试内容和电信的一
作者:曲宝全
11 / 18
样)
zone "qubaoquan.com" IN {
type master;
file "domain/dianxin/qubaoquan.com.zone"; //此处指定区域文件
的位置
allow-transfer { none; };
};
zone "quxinrao.com" IN {
type master;
file "domain/dianxin/quxinrao.com.zone";
allow-transfer {none;};
};
[root@dns domain]# vi any.def(为了测试内容和电信的一样)
zone "qubaoquan.com" IN {
type master;
file "domain/any/qubaoquan.com.zone"; //此处指定区域文件的
位置
allow-transfer { none; };
};
zone "quxinrao.com" IN {
作者:曲宝全
12 / 18
type master;
file "domain/any/quxinrao.com.zone";
allow-transfer {none;};
};
(11)编辑区域文件
[root@dns domain]# cd dianxin
[root@dns dianxin]# vi qubaoquan.com.zone(内容如下)
$TTL 3600
@ IN SOA dns.qian-gao.com. admin.qubaoquan.com. (
2008022103 ; Serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.qubaoquan.com.
@ IN MX 10 mail.qubaoquan.com.
ns1 IN A 192.168.168.3
www IN A 192.168.168.3
mail IN A 192.168.168.3
[root@dns dianxin]# vi quxinrao.com.zone
$TTL 3600
作者:曲宝全
13 / 18
@ IN SOA dns.qian-gao.com. admin.quxinrao.com. (
2008022103 ; Serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.quxinrao.com.
@ IN MX 10 mail.quxinrao.com.
ns1 IN A 192.168.168.4
www IN A 192.168.168.4
mail IN A 192.168.168.4
[root@dns dianxin]# cd ../wangtong(注意了此处和电信的
唯一区别就是解析的ip 不同)
$TTL 3600
@ IN SOA dns.qian-gao.com. admin.qubaoquan.com. (
2008022103 ; Serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.qubaoquan.com.
@ IN MX 10 mail.qubaoquan.com.
作者:曲宝全
14 / 18
ns1 IN A 192.168.168.8
www IN A 192.168.168.8
mail IN A 192.168.168.8
[root@dns wangtong]# vi quxinrao.com.zone
$TTL 3600
@ IN SOA dns.qian-gao.com. admin.quxinrao.com. (
2008022103 ; Serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.quxinrao.com.
@ IN MX 10 mail.quxinrao.com.
ns1 IN A 192.168.168.7
www IN A 192.168.168.7
mail IN A 192.168.168.7
[root@dns dianxin]# cd ../any(注意了此处和电信网通的唯
一区别就是解析的ip 不同)
$TTL 3600
@ IN SOA dns.qian-gao.com. admin.qubaoquan.com. (
2008022103 ; Serial
3H ; refresh
作者:曲宝全
15 / 18
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.qubaoquan.com.
@ IN MX 10 mail.qubaoquan.com.
ns1 IN A 192.168.168.10
www IN A 192.168.168.10
mail IN A 192.168.168.10
[root@dns wangtong]# vi quxinrao.com.zone
$TTL 3600
@ IN SOA dns.qian-gao.com. admin.quxinrao.com. (
2008022103 ; Serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.quxinrao.com.
@ IN MX 10 mail.quxinrao.com.
ns1 IN A 192.168.168.9
www IN A 192.168.168.9
mail IN A 192.168.168.9
作者:曲宝全
16 / 18
(12)创建pid 文件目录并且赋权
[root@dns etc]# mkdir -p /var/run/named/
[root@dns etc]# chown -R /var/run/named/
(13)创建启动脚本
[root@dns etc]# vi /etc/init.d/named(内容如下)
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf &&
作者:曲宝全
17 / 18
echo "begin start the bind server............... "&& echo "BIND9 server started
complte!"
fi
;;
stop)
kill -9 `cat /var/run/named/named.pid` && echo "begine stop the bind
server ..............." && echo 'BIND9 server stopped.'
;;
restart)
echo .......
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
*)
echo "$0 start | stop | restart"
;;
esac
(14)注册为系统服务并且设为开机启动,别且启动
[root@dns etc]# vi /etc/init.d/named
[root@dns etc]# chmod +x /etc/init.d/named
作者:曲宝全
18 / 18
[root@dns etc]# chkconfig --add named
[root@dns etc]# chkconfig --levels 2345 named on
[root@dns etc]# service named start
(15)测试部分:分别找三个网段的机器测试, 192.168.10.0/24 和
192.168.168.0/24 与其他网段, ping www.qubaoquan.com 和
www.quxinrao.com,三个网段ping 的结果是不一样的

你可能感兴趣的:(职场,dns,休闲,智能,纪录)