|
安装BIND
|
[root@linux ~]# yum -y install bind ← 安装bind
Gathering header information file(s) from server(s)
Server: CentOS Core 2 - i386 - Base
Server: CentOS Core 2 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: bind 9.2.3-13.i386]
Downloading Packages
Getting bind-9.2.3-13.i386.rpm
bind-9.2.3-13.i386.rpm 100% |=========================| 1.9 MB 00:02
Running test transaction:
Test transaction complete, Success!
bind 100 % done 1/1
Installed: bind 9.2.3-13.i386
Transaction(s) Complete
[root@linux ~]# yum -y install caching-nameserver ← 安装caching-nameserver
Gathering header information file(s) from server(s)
Server: CentOS Core 2 - i386 - Base
Server: CentOS Core 2 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: caching-nameserver 7.2-12.noarch]
Downloading Packages
Getting caching-nameserver-7.2-12.noarch.rpm
caching-nameserver-7.2-12 100% |=========================| 8.0 kB 00:00
Running test transaction:
Test transaction complete, Success!
caching-nameserver 100 % done 1/1
Installed: caching-nameserver 7.2-12.noarch
Transaction(s) Complete
[root@linux ~]# yum -y install bind-chroot ← 安装bind-chroot
Gathering header information file(s) from server(s)
Server: CentOS Core 2 - i386 - Base
Server: CentOS Core 2 - i386 - Released Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[install: bind-chroot 9.2.3-13.i386]
Downloading Packages
Getting bind-chroot-9.2.3-13.i386.rpm
bind-chroot-9.2.3-13.i386 100% |=========================| 22 kB 00:00
Running test transaction:
Test transaction complete, Success!
bind-chroot 100 % done 1/1
Installed: bind-chroot 9.2.3-13.i386
Transaction(s) Complete
|
|
|
|
设定BIND
|
[root@linux ~]# vi /var/named/chroot/etc/named.conf ← 编辑bind设定文件
//
// named.conf for Red Hat caching-nameserver
//
//追加
// 定义内网
acl localnet{
192.168.1.0/24; ← 指定IP ※请根据自己的情况和要求填写
127.0.0.1;
};
//追加完了
options {
directory "/var/named";
version "unknown"; ← 不表示bind的版本信息
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
//追加
allow-query{ localnet; }; ← 仅向内部开放DNS(外部开放另外设置)
allow-recursion{ localnet; }; ← ””” 缓冲
allow-transfer{ localnet; }; ← ””” ZONE
forwarders{
192.168.1.1; ← 指定路由器的IP(如果通过路由器)
XXX.XXX.XXX.XXX; ← ISP提供的DNS IP (如果是PPPoE直接连接猫)
XXX.XXX.XXX.XXX; ← ISP提供的DNS IP (如果是PPPoE直接连接猫)
};
//追加完了
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
//追加
logging {
category lame-servers { null; };
↑ /var/log/messages里不记录「lame server resolving …」错误信息
};
// 面向内网
view "lan" {
match-clients {
localnet;
};
//追加完了
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/rndc.key";
//追加
// aoiday.com 正向索引信息
zone "aoiday.com" IN {
type master;
file "aoiday.com.db.lan";
allow-update { none; };
};
};
// 面向外部
view "wan" {
match-clients {
any;
};
// aoiday.com 正向索引信息
zone "aoiday.com" IN {
type master;
file "aoiday.com.db";
allow-query { any; }; ← 允许外部访问DNS主机
};
};
//追加完了
|
|
|
|
面向内网aoiday.com正向索引数据库
|
[root@linux ~]# vi /var/named/chroot/var/named/aoiday.com.db.lan
↑ 面向内网aoiday.com的正向索引数据库
$TTL 86400
@ IN SOA aoiday.com. root.aoiday.com.(
2006071201 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS aoiday.com.
IN MX 10 aoiday.com.
@ IN A 192.168.1.1 ← A 设定(aoiday.com用)
www IN A 192.168.1.1 ← A 设定(www.aoiday.com用)
ftp IN A 192.168.1.1 ← A 设定(ftp.aoiday.com用)
mail IN A 192.168.1.1 ← A 设定(mail.aoiday.com用)
|
|
|
|
面向外部aoiday.com正向索引数据库
|
[root@linux ~]# vi /var/named/chroot/var/named/aoiday.com.db
↑ 面向外部aoiday.com的正向索引数据库
$TTL 86400
@ IN SOA ns1.aoiday.com. root.aoiday.com.(
2006071201 ; Serial
7200 ; Refresh
7200 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.aoiday.com.
IN MX 10 aoiday.com.
@ IN A XXX.XXX.XXX.XXX ← A 设定(aoiday.com用)
www IN A XXX.XXX.XXX.XXX ← A 设定(www.aoiday.com用)
ftp IN A XXX.XXX.XXX.XXX ← A 设定(ftp.aoiday.com用)
mail IN A XXX.XXX.XXX.XXX ← A 设定(mail.aoiday.com用)
aoiday.com. IN TXT "v=spf1 a mx ~all"
|
|
|
|
更新named.ca
|
[root@linux ~]# dig @a.root-servers.net . ns > /var/named/chroot/var/named/named.ca
↑ 更新named.ca
※全世界顶级DNS主机只有13个
|
|
|
|
自动更新
|
[root@linux ~]# vi /etc/cron.monthly/named.root_update ← 编辑
#!/bin/sh
new=`mktemp`
errors=`mktemp`
dig @a.root-servers.net . ns > $new 2> $errors
if [ $? -eq 0 ]; then
sort_new=`mktemp`
sort_old=`mktemp`
diff_out=`mktemp`
sort $new > $sort_new
sort /var/named/chroot/var/named/named.ca > $sort_old
diff --ignore-matching-lines=^; $sort_new $sort_old > $diff_out
if [ $? -ne 0 ]; then
(
echo '-------------------- old named.root --------------------'
cat /var/named/chroot/var/named/named.ca
echo
echo '-------------------- new named.root --------------------'
cat $new
echo '---------------------- difference ----------------------'
cat $diff_out
) | mail -s 'named.root updated' root
cp -f $new /var/named/chroot/var/named/named.ca
chown named. /var/named/chroot/var/named/named.ca
chmod 644 /var/named/chroot/var/named/named.ca
/etc/rc.d/init.d/named restart > /dev/null
fi
rm -f $sort_new $sort_old $diff_out
else
cat $errors | mail -s 'named.root update check error' root
fi
rm -f $new $errors
[root@linux ~]# chmod 700 /etc/cron.monthly/named.root_update ← 权限变更
|
|
|
|
启动
|
[root@linux ~]# /etc/rc.d/init.d/named start ← 启动BIND
named startting: [ OK ]
[root@linux ~]# chkconfig named on ← 开启自动启动BIND
[root@linux ~]# chkconfig --list named ← 确认
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on
※注意开放53端口
|
|
|
