1.服务器版本
# uname �Crmos
Linux 2.6.18-308.el5 x86_64 GNU/Linux
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.8(Tikanga)
2.安装DNS服务
yum install -y bind bind-chrootcaching-nameserver
3.启动服务,设置为开机启动
# service named start &&chkconfig named on
#netstat -tlunp |grep -w 53#默认启动服务监听本地回环地址
tcp00 127.0.0.1:530.0.0.0:*LISTEN3315/named
udp00 127.0.0.1:530.0.0.0:*3315/named
4.修改配置文件
DNS为了系统安全,使用了chroot环境,将named进程死死锁在了chroot环境了,这样就是为了保证万一服务被入侵,也只能在chroot环境中破坏,而不会影响整个系统的安全。
# pwd
/var/named/chroot/etc
程序安装完成后启动服务默认使用的配置文件是named.caching-nameserver.conf,拷贝这个配置文件为named.conf,重启服务,当程序检测到named.conf配置文件时,就不会再去读取named.caching-nameserver.conf文件的配置了。
# cp named.caching-nameserver.confnamed.conf �Cp //注意权限,否则服务启动不了
修改named.conf配置文件如下:
options {
listen-on port 53 { any; };//named服务监听的地址,默认监听回环,any监听所有
listen-on-v6 port 53 { ::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-sourceport 53;
// query-source-v6 port 53;
allow-query{ any; };//允许查询的地址,默认为localhost,any允许所有查询
allow-query-cache { any; };//允许查询缓存的地址,默认为localhost,any允许所有查询
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients{ any; };//修改默认视图匹配地址,any允许所有
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
5.重启named服务,并查看服务器监听地址
# service named restart &&netstat �Ctlunp |grep �Cw 53
tcp00 192.168.8.201:530.0.0.0:*LISTEN4945/named
tcp00 127.0.0.1:530.0.0.0:*LISTEN4945/named
udp00 192.168.8.201:530.0.0.0:*4945/named
udp00 127.0.0.1:530.0.0.0:*4945/named
6.定义/添加查询域
#vim named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "example.com" IN {//添加正向查询区域
type master;
file "example.com.zone";//区域数据库文件名字
allow-update { none; };
};
zone "8.168.192.in-addr.arpa" IN{//添加反向查询区域
type master;
file "8.168.192.zone";//区域数据库文件名字
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
7.定义/添加区域数据库文件
# cd /var/named/chroot/var/named/
# cp -p /var/named/localdomain.zoneexample.com.zone//添加的数据库文件要注意权限,否则服务启动不了
# cp -p /var/named/localhost.zone8.168.192.zone
#vim example.com.zone
$TTL86400
@IN SOAns1.example.com. //权威DNS名称root.ns1.example.com.//管理员邮箱地址(
2013112601; serial (d.adams) //数据库序列号,主辅同步时会用到
3H; refresh //更新频率
15M; retry//更新失败后多久尝试再次更新
1W; expiry//尝试多久后不再尝试
1D); minimum
IN NSns1.example.com.
ns1IN A192.168.8.201
wwwIN A192.168.8.210
mailIN A192.168.8.211
#vim 8.168.192.zone
$TTL86400
@IN SOAns1.example.com.root.ns1.example.com. (
2013112601; serial(d. adams)
3H; refresh
15M; retry
1W; expiry
1D); minimum
IN NSns1.example.com.
ns1.example.com.IN A192.168.8.201
201IN PTRns1.example.com.
210IN PTRwww.example.com.
211IN PTRmail.example.com.
8.重启named服务,测试DNS解析
# service named restart
# nslookup
>www.example.com
Server:192.168.8.201
Address:192.168.8.201#53
Name:www.example.com
Address:192.168.8.210
>mail.example.com
Server:192.168.8.201
Address:192.168.8.201#53
Name:mail.example.com
Address:192.168.8.211
>192.168.8.201
Server:192.168.8.201
Address:192.168.8.201#53
201.8.168.192.in-addr.arpaname = ns1.example.com.