DNS服务器搭建


1.服务器版本

# uname �Crmos

Linux 2.6.18-308.el5 x86_64 GNU/Linux

# cat /etc/redhat-release

Red Hat Enterprise Linux Server release 5.8(Tikanga)


2.安装DNS服务

yum install -y bind bind-chrootcaching-nameserver


3.启动服务,设置为开机启动

# service named start &&chkconfig named on

#netstat -tlunp |grep -w 53#默认启动服务监听本地回环地址

tcp00 127.0.0.1:530.0.0.0:*LISTEN3315/named

udp00 127.0.0.1:530.0.0.0:*3315/named


4.修改配置文件

DNS为了系统安全,使用了chroot环境,将named进程死死锁在了chroot环境了,这样就是为了保证万一服务被入侵,也只能在chroot环境中破坏,而不会影响整个系统的安全。

# pwd

/var/named/chroot/etc

程序安装完成后启动服务默认使用的配置文件是named.caching-nameserver.conf,拷贝这个配置文件为named.conf,重启服务,当程序检测到named.conf配置文件时,就不会再去读取named.caching-nameserver.conf文件的配置了。

# cp named.caching-nameserver.confnamed.conf �Cp //注意权限,否则服务启动不了

修改named.conf配置文件如下:

options {

listen-on port 53 { any; };//named服务监听的地址,默认监听回环,any监听所有

listen-on-v6 port 53 { ::1; };

directory"/var/named";

dump-file"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";


// Those options should be used carefully because they disable port

// randomization

// query-sourceport 53;

// query-source-v6 port 53;


allow-query{ any; };//允许查询的地址,默认为localhostany允许所有查询

allow-query-cache { any; };//允许查询缓存的地址,默认为localhostany允许所有查询

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

view localhost_resolver {

match-clients{ any; };//修改默认视图匹配地址,any允许所有

match-destinations { any; };

recursion yes;

include "/etc/named.rfc1912.zones";

};


5.重启named服务,并查看服务器监听地址

# service named restart &&netstat �Ctlunp |grep �Cw 53

tcp00 192.168.8.201:530.0.0.0:*LISTEN4945/named

tcp00 127.0.0.1:530.0.0.0:*LISTEN4945/named

udp00 192.168.8.201:530.0.0.0:*4945/named

udp00 127.0.0.1:530.0.0.0:*4945/named


6.定义/添加查询域

#vim named.rfc1912.zones

zone "." IN {

type hint;

file "named.ca";

};


zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};


zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};


zone "example.com" IN {//添加正向查询区域

type master;

file "example.com.zone";//区域数据库文件名字

allow-update { none; };

};


zone "8.168.192.in-addr.arpa" IN{//添加反向查询区域

type master;

file "8.168.192.zone";//区域数据库文件名字

allow-update { none; };

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};


zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

type master;

file "named.ip6.local";

allow-update { none; };

};


zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};


zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

7.定义/添加区域数据库文件

# cd /var/named/chroot/var/named/

# cp -p /var/named/localdomain.zoneexample.com.zone//添加的数据库文件要注意权限,否则服务启动不了

# cp -p /var/named/localhost.zone8.168.192.zone

#vim example.com.zone

$TTL86400

@IN SOAns1.example.com. //权威DNS名称root.ns1.example.com.//管理员邮箱地址(

2013112601; serial (d.adams) //数据库序列号,主辅同步时会用到

3H; refresh //更新频率

15M; retry//更新失败后多久尝试再次更新

1W; expiry//尝试多久后不再尝试

1D); minimum

IN NSns1.example.com.

ns1IN A192.168.8.201

wwwIN A192.168.8.210

mailIN A192.168.8.211

#vim 8.168.192.zone

$TTL86400

@IN SOAns1.example.com.root.ns1.example.com. (

2013112601; serial(d. adams)

3H; refresh

15M; retry

1W; expiry

1D); minimum


IN NSns1.example.com.

ns1.example.com.IN A192.168.8.201

201IN PTRns1.example.com.

210IN PTRwww.example.com.

211IN PTRmail.example.com.

8.重启named服务,测试DNS解析

# service named restart

# nslookup

>www.example.com

Server:192.168.8.201

Address:192.168.8.201#53


Name:www.example.com

Address:192.168.8.210

>mail.example.com

Server:192.168.8.201

Address:192.168.8.201#53


Name:mail.example.com

Address:192.168.8.211

>192.168.8.201

Server:192.168.8.201

Address:192.168.8.201#53


201.8.168.192.in-addr.arpaname = ns1.example.com.


你可能感兴趣的:(redhat,nameserver,红帽,DNS搭建)