linux 下仅缓存DNS的搭建

1.安装包

 

yum install bind* -y
yum install bind-chroot -y
[root@localhost ~]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Generating /etc/rndc.key:^C
[root@localhost ~]#
[root@localhost ~]# rndc-confgen -r /dev/urandom -a  运行这命令导入rndc key
wrote key file "/etc/rndc.key"
[root@localhost ~]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost example.com.zone  一定是小写p
[root@localhost named]# vim example.com.zone
$TTL 1D
@   IN SOA  @ cc.163.com. (       这里最后一个点不能少
                    0   ; serial              这些
                    1D  ; refresh             东西
                    1H  ; retry               不
                    1W  ; expire              要
                    3H ) ; minimum            动
    NS  @
    A   192.168.122.22  自己的IP
www     A       1.1.1.1
aa      A       2.2.2.2
*       A       2.2.250.250
bbs    CNAME    www     这是别名，www.example.com和bbs.example.com的IP一样
[root@localhost named]# vim /var/named/chroot/etc/named.conf
options {
    listen-on port 53 { 192.168.122.22; }; 改成自己的IP
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };  改为any
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
        forwarders { 192.168.122.1; };  如果本DNS解析不里，先不去13台跟DNS找，而是先去192.168.122.1这个DNS上找
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
zone "example.com"IN{         这三行是加的，在include "/etc/named.rfc1912.zones";上面添加的，不要多空格
   type master;
   file "example.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@localhost named]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@localhost named]# cat /etc/resolv.conf  改DNS
# Generated by NetworkManager
nameserver 192.168.122.22

[root@localhost named]# dig aa.example.com   验证，注意防火墙，selinux

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> aa.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;aa.example.com.            IN  A

;; ANSWER SECTION:
aa.example.com.     86400   IN  A   2.2.2.2

;; AUTHORITY SECTION:
example.com.        86400   IN  NS  example.com.

;; ADDITIONAL SECTION:
example.com.        86400   IN  A   192.168.122.22

;; Query time: 1 msec
;; SERVER: 192.168.122.22#53(192.168.122.22)
;; WHEN: Sat Mar 16 21:37:25 2013
;; MSG SIZE  rcvd: 78

主从DNS，

在主DNS中

[root@vm1 named]# vim /var/named/chroot/etc/named.conf
options {

#   listen-on port 53 { 192.168.122.11; }; 将这行用#注释掉
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost ; localnets; };  改为这个
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
        forwarders { 192.168.122.1; };
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
zone "example.com"IN {
   type master;
   file "example.com.zone";
   allow-transfer { 192.168.122.22; }; 从DNS的IP
   also-notify { 192.168.122.22;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

 

[root@vm1 named]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

从DNS配置，安装包后，

[root@localhost slaves]# cat  /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
#   listen-on port 53 { 127.0.0.1; };注释掉
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost;localnets; }; 改成这个
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "example.com"IN {     这几行加在最后面
     type slave;
     masters  { 192.168.122.11 ;};主DNS的IP
     file "slaves/example.com.zone"; 生成文件保存位置
};