Centos5 DNS 安装配置
1 .Centos5环境下相关BIND包
[root@localhost ~]# rpm -qa |grep bind
bind-9.3.4-10.P1.el5 \ DNS服务器的主程序
ypbind-1.19-11.el5
bind-libs-9.3.4-10.P1.el5 \ 域名解析功能必备的库文件
bind-utils-9.3.4-10.P1.el5 \ DNS服务器的测试工具程序
bind-chroot-9.3.4-10.P1.el5 \ chroot的模式,提高BIND的安全
bind-9.3.4-10.P1.el5 \ DNS服务器的主程序
ypbind-1.19-11.el5
bind-libs-9.3.4-10.P1.el5 \ 域名解析功能必备的库文件
bind-utils-9.3.4-10.P1.el5 \ DNS服务器的测试工具程序
bind-chroot-9.3.4-10.P1.el5 \ chroot的模式,提高BIND的安全
caching-nameserver-9.3.4-10.P1.el5 \BIND初始化文件
2 相关注意
因为现在版本都使用chroot技术,所以BIND的配置文件named.conf还有区域文件都在/var/named/chroot/目录下,如:配置文件named.conf在/var/named/chroot/etc/下,而区域配置文件在/var/named/chroot/var/named/下,另外其文件属性需要修改为root.named,否则会造成DNS解析错误,修改命令为 chown root.named 文件名。
3 BIND的安装
这里使用rpm包进行安装,安装包在系统DVD光盘中能找到:
[root@localhost cdrom]# ls /mnt/cdrom/CentOS/bind*
[root@localhost cdrom]# ls /mnt/cdrom/CentOS/cach*
[root@localhost cdrom]# rpm -ivh 相关包
rpm包安装完成后,首先来建立named.conf文件和相关区域文件,进入/var/named/chroot/etc下,建立主配置文件:
[root@localhost etc]# ls
localtim med.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# cp named.rfc1912.zones named.conf
localtim med.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# cp named.rfc1912.zones named.conf
然后进入到/var/named/chroot/var/named/下建立区域文件(假设建立一个test.com的域):
[root@localhost named]# ls
localdomain.zone named.127.0.0 named.ca named.local named.root slaves
data localhost.zone named.broadcast named.ip6.local named.localhost named.zero
localdomain.zone named.127.0.0 named.ca named.local named.root slaves
data localhost.zone named.broadcast named.ip6.local named.localhost named.zero
[root@localhost named]# cp localhost.zone test.com \正向解析区域文件
[root@localhost named]# cp named.local 0.168.192.zone \反向解析区域文件
[root@localhost named]# cp named.local 0.168.192.zone \反向解析区域文件
4 BIND的配置
首先修改/etc/resolv.conf把机器DNS指向自己:
[root@localhost named]# vi /etc/resolv.conf
nameserver 192.168.0.8
search localdomain
search localdomain
配置named.conf:
[root@localhost etc]# more named.conf
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
type master;
file "named.zero";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.zone";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "test.com";
allow-update { none; };
};
type master;
file "0.168.192.zone";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "test.com";
allow-update { none; };
};
配置正向区域文件test.com:
[root@localhost named]# more test.com
$TTL 86400
@ IN SOA ns.test.com. root.test.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
$TTL 86400
@ IN SOA ns.test.com. root.test.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.test.com.
IN A 192.168.0.8
IN A 192.168.0.8
ns IN A 192.168.0.8
www IN A 192.168.0.8
配置反向区域文件0.168.192.zone:
[root@localhost named]# more .0.168.192.zone
$TTL 86400
0.168.192.in-addr.arpa. IN SOA ns.test.com. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns.test.com.
8 IN PTR ns.test.com.
$TTL 86400
0.168.192.in-addr.arpa. IN SOA ns.test.com. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS ns.test.com.
8 IN PTR ns.test.com.
5 测试
启动named服务进程
[root@localhost named]# service named start
[root@localhost named]# host 192.168.0.8
8.0.168.192.in-addr.arpa domain name pointer ns.test.com.
[root@localhost named]# host
www.test.com has address 192.168.0.8
www.test.com has address 192.168.0.8
[root@localhost named]# nslookup
> www.test.com
Server: 192.168.0.8
> www.test.com
Server: 192.168.0.8
Address: 192.168.0.8#53
Name: www.test.com
Address: 192.168.0.8
>
Address: 192.168.0.8
>
6 故障排查
修改完named.conf 或区域数据文件后,一般需要重新启动named服务生效
[root@localhost named]# service named restart
如果不重启named服务的话,那么:
修改了区文件用 rndc reload 区名 更新。
修改了named.conf用 rndc reconfig 更新。
修改了区文件用 rndc reload 区名 更新。
修改了named.conf用 rndc reconfig 更新。
在配置完以后可以通过以下命令对配置文件进行检查
root@localhost named]# named-checkconf 主配置文件
root@localhost named]# named-checkzone 区域文件
root@localhost named]# named-checkzone 区域文件
BIND的日志文件中的记录
[root@localhost named]# tail /var/log/message/named*