服务器之04DNS

配置BIND9.8.2(chroot)一般公司内部

---------------------------

yum -y install bind bind-libs bind-chroot bind-utils

cat /etc/sysconfig/named 看支不支持 ROOTDIR=/var/named/chroot

1------------------------------

备份 cp /etc/named.conf /etc/named.conf.bak20150725

配置主配置文件vim /etc/named.conf

定义访问监听端口 从DNS的IP  注意//注释掉的是主DNS的配置

-------------------------------

options {

listen-on port 53 { any; };

allow-query     { any; };

recursion yes;

//allow-recursion {192.168.1.0/24；};只给这个网段的用户递归

//allow-transfer { 192.168.1.201; };指定允许接受区域传送请求的主机(从)

下面不变

2-------------------------------

先备份 cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak20150725

编辑载入文件 vim /etc/named.rfc1912.zones  

定义根、本地、正反向区域  注意//注释掉的是主DNS的配置

--------------------------------

先删掉其他内容然后粘贴一下内容并且删减内容

zone "test.com" IN {

type master;

file "test.com.zone";

allow-update { none; };

//notify yes; 允许通知给从服务器

//also-notify { 192.168.1.201;}; 主更新时通知给从201

//allow-transfer { 192.168.1.201; }; 允许201从可以同步zone文件

};

zone "1.168.192.in-addr.arpa" IN{

type master;

file "1.168.192.zone";

allow-update{ none; };

//notify yes;

//also-notify { 192.168.1.201;};

//allow-transfer { 192.168.1.201; };

};

3------------------------------

新建正解区域数据文件并编辑检测 

vim /var/named/test.com.zone

-------------------------------

$TTL 86400

@ IN SOA dns1.test.com. admin.test.com. (

2501

28800

14400

360000

86400 )

@ IN NS dns1.test.com.

//@ IN NS dns2.test.com. 指定从也是DNS服务器

dns1 IN A 192.168.1.202

//dns2 IN A 192.168.1.201  指定从的A记录

@ IN MX mail.test.com.

mail IN A 192.168.1.202

www IN A 192.168.1.202

检测区域文件语法:

named-checkzone test.com /var/named/test.com.zone

4------------------------------

新建反解区域数据文件并编辑检测

vim /var/named/1.168.192.zone

-------------------------------

$TTL 86400

@ IN SOA dns1.test.com. admin.test.com. (

2501

28800

14400

360000

86400 )

@ IN NS dns1.test.com.

//@ IN NS dns2.test.com.

202 IN PTR dns1.test.com.

//201 IN PTR dns2.test.com.

202 IN PTR www.test.com.

检测区域文件语法:

named-checkzone 1.168.192.in-addr.arpa /var/named/1.168.192.zone

5------------------------------

/etc/init.d/named restart 启动named

6------------------------------

ifconfig eth0 查网络

7------------------------------

nslookup  测试 (测试前应该定义自己的DNS指向)

vim /etc/resolv.conf  改成自己的DNS服务器的IP才可以本地解析

nslookup

>dns1.test.com

8------------------------------

dig dns1.test.com 测试

9------------------------------

从DNS服务器 只建立主配置文件即可

 vim /etc/named.conf 

options {

listen-on port 53 { any; };

directory       "/var/named";

dump-file       "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

allow-recursion {192.168.1.0/24；}; //只给这个网段的用户递归

dnssec-enable yes;

dnssec-validation yes;

  dnssec-lookaside auto;

        /* Path to ISC DLV key */

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

        type hint;

        file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

9.1-------------------------------

编辑从DNS主配置文件的载入文件 vim /etc/named.rfc1912.zones 

zone "test.com" IN { 

type slave; 

file "/slaves/test.com。zone"; #放置于slaves解决写权限问题

masters { 192.168.1.202 };

allow-update { none; };

};

zone "1.168.192.in-addr.arpa" IN{

type slave;

file "/slaves/1.168.192.in-addr.arpa.zone"; 

masters { 192.168.1.202 };

allow-update{none;};

};

9.2--------------------------------

由于chroot 作用也应该把权限改成named组可写 那么同步文件时才可以写

chmod 770 -R /var/named/chroot

10------------------------------

启动slave的bind服务

/etc/init.d/named start

11------------------------------

查看master端的日志

kail -20 /var/log/messages

12------------------------------

主从把本机的dns解析指向我们刚建立的

vim /etc/resolv.conf 

nameserver 192.168.1.202

nameserver 192.168.1.201