Centos6.2 DNS和DNS缓存的安装配置及测试

 Centos6.2 DNS和DNS缓存的安装配置及测试  

Centos6.2安装的要点和注意的细节。

      说明：这里和centos5.7没什么不一样，主要是yum -y install bind*后，找不到以前的生成文件路径

       第一步、安装BIND包，如下所示：

            #yum -y install bind*

             [root@localhost ~]# rpm -qa|grep bind
            samba-winbind-clients-3.5.10-116.el6_2.i686
            samba-winbind-krb5-locator-3.5.10-116.el6_2.i686
            bind-9.7.3-8.P3.el6_2.2.i686
            bind-sdb-9.7.3-8.P3.el6_2.2.i686
            samba-winbind-devel-3.5.10-116.el6_2.i686
            samba-winbind-3.5.10-116.el6_2.i686
            bind-libs-9.7.3-8.P3.el6_2.2.i686
             bind-devel-9.7.3-8.P3.el6_2.2.i686
             bind-dyndb-ldap-0.2.0-7.el6_2.1.i686
             rpcbind-0.2.0-8.el6.i686
             ypbind-1.20.4-29.el6.i686
              bind-chroot-9.7.3-8.P3.el6_2.2.i686
              bind-utils-9.7.3-8.P3.el6_2.2.i686
              [root@localhost ~]#

       第二步、修改named.conf文件

            #cd /etc

            #vi named.conf

            options {
        listen-on port 53 { any; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };

};

zone "." IN {
        type hint;
        file "named.ca";            /*这里注意一下，在service named start时会提示找不到这个文件的问题
};

include "/etc/named.rfc1912.zones";

      第三步、修改named.rfc1912.zones

      #cd /etc

     #vi named.rfc1912.zones

     zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

/*这里把下面这段注释掉

//zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
//      type master;
//      file "named.loopback";
//      allow-update { none; };
//};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

/*这里的域名huangjun.com改成你自己的域名

zone " huangjun .com" IN {
        type master;
        file " huangjun .com.zone";
        allow-update { none; };
};

/*这里的IP段41.168.192.in-addr.arpa改你本地网的段，比如你的是0.168.192.in-addr.arpa  就这样

zone "6.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.6.rev";
        allow-update { none; };
};

       第四步，在/usr/share/doc/bind-9.7.3/sample/var/named  里面拷贝几个关键文件到/var/named/chroot/var/named

       如果不拷贝named.empty  named.loopback  named.ca  named.localhost 这些文件，那么在你service named start时系统就会报错，提示系统找不到这些文件

       #cd /usr/share/doc/bind-9.7.3/sample/var/named 

      #ls

   data                 my.internal.zone.db  named.empty      named.loopback
my.external.zone.db  named.ca             named.localhost  slaves

      #cp -p  named.empty  /var/named/chroot/var/named

     #cp -p named.loopback   /var/named/chroot/var/named

     #cp -p named.ca  /var/named/chroot/var/named

     #cp -p  named.localhost  /var/named/chroot/var/named

    第五步，创建正解和反析文件

    #cd /var/named/chroot/var/named

   /*这里为正解，在添加的时候注意“.”点，不要掉了，否则就会出错，另外命名是根据named.rfc1912.zones里面来的，不能随便命名，会出错的，mail的话直接在里面加，比如把@            IN NS      dns.ldap.example.com.  改成@            IN NS      mail.ldap.example.com. 再换行加一条mail         IN A       192.168.6.6

 

   #vi   ldap.example.com.zone

$TTL    86400
@           IN SOA   dns. huangjun .com. root. huangjun .com.(
                       42       ;serial(d.adams)
                       3H       ;refresh
                       15M      ;retry
                       1W       ;expiry
                       1D)      ;minimum
@            IN NS      dns. huangjun .com.
dns          IN A       192.168.6.6
www          IN A       192.168.6.6

/*这里为反析，在添加的时候注意“.”点，不要掉了，否则就会出错，另外命名是根据named.rfc1912.zones里面来的，不能随便命名，会出错的，mail的话直接在里面加，比如把@     IN      NS       dns. huangjun .com.
  改成@     IN      NS       mail. huangjun .com. ，6.6.168.192.in-addr.arpa.    IN  PTR   dns.huangjun .com.
换成6.6.168.192.in-addr.arpa.    IN  PTR   mail. huangjun .com.
再换行加一条103  IN   PTR  mail. huangjun .com.

   #vi 192.168.6.rev

  $TTL    86400
@     IN    SOA     dns. huangjun .com.    root. huangjun .com.(
                     1997022700    ;Serial
                     28800         ;Refresh
                     14400         ;Retry
                     3600000       ;Expire
                     86400 )        ;Minimum
@     IN      NS       dns. huangjun .com.
6.6.168.192.in-addr.arpa.    IN  PTR   dns. huangjun .com.
6  IN   PTR   huangjun .com.

     #pwd

    /var/named/chroot/var/named

     #ls -l

   -rw-r--r-- 1 root named  444 2012-05-24 23:10 192.168.6.rev
-rw-r--r-- 1 root named  415 2012-05-24 22:46  huangjun .com.zone
-rw-r--r-- 1 root root  1892 2012-01-10 17:06 named.ca
-rw-r--r-- 1 root root   152 2012-01-10 17:06 named.empty
-rw-r--r-- 1 root named    0 2012-05-23 22:15 named.local
-rw-r--r-- 1 root root   152 2012-01-10 17:06 named.localhost
-rw-r----- 1 root named  168 2009-12-15 20:27 named.loopback
  

    查看这些文件的权限后，再把防火墙关闭

   #service iptables stop

  第六步，测试正解和反析是否可用

  [root@localhost named]# named-checkzone tech.org   huangjun .com.zone
zone tech.org/IN: loaded serial 42
OK
[root@localhost named]# named-checkzone 192.168.6.rev /var/named/chroot/var/nam
ed/192.168.6.rev 
/var/named/chroot/var/named/192.168.6.rev:9: ignoring out-of-zone data (6.6.168.192.in-addr.arpa)
zone 192.168.6.rev/IN: loaded serial 1997022700
OK

没问题后，启动named服务   

#service named restart