centos-dns配置文档.doc

第一步，定义acl文件实际情况下可以下载一个ripe工具，去下载不同IDC的IP段wget /apnic/dbase/tools/ripe-dbase-client-v3.tar.gztar xvf ripe-dbase-client-v3.tar.gz -C /usr/src/cd /usr/src/whois-3.1/./configure ;make ;make installwhois3 -h -l -i mb MAINT-CHINANET /var/named/chroot/var/named/chinanetwhois3 -h -l -i mb MAINT-CNCGROUP /var/named/chroot/var/named/cncgroup下下来的文件，要经过 grep awk sed的处理得到IP或者IP段这个在实验环境下实现不了手动编写不同的ACL文件vim /var/named/chroot/var/named/dianxinacl dianxin 5;9;192.168.1/24; -也可以写IP段;vim /var/named/chroot/var/named/wangtongacl wangtong 6;6;172.16.1/24;第二步:定义DNS的主配置文件vim /var/named/chroot/etc/named.confoptions directory /var/named;include dianxin;include wangtong;view dianxin match-clients dianxin; zone IN type master; file data/.zone; ;view wangtong match-clients wangtong; zone IN type master; file data/.zone; ;view others match-clients any; zone IN type master; file data/.zone; ;第三步：编写定义的三个zone文件vim /var/named/chroot/var/named/data/.zone$TTL 86400 IN SOA . . ( 2010070401 360 480 720 86400 ) IN NS .dns IN A 92 -DNS服务器的地址 www IN A 0 -假设的电信机房的服务器IP为0 vim /var/named/chroot/var/named/data/.zone$TTL 86400 IN SOA . . ( 2010070401 360 480 720 86400 ) IN NS .dns IN A 92www IN A 1 -网通机房的服务器IP为1vim /var/named/chroot/var/named/data/.zone $TTL 86400 IN SOA . . ( 2010070401 360 480 720 86400 ) IN NS .dns IN A 92www IN A 2 -其它的访问2这台服务器第四步，最好修改一下属主，确保服务运行OKchown d /var/named/chroot/var/named/data/* chown d /var/named/chroot/etc/*第五步，启动服务/etc/init.d/named restart第六步：测试在客户端修改/etc/resolv.conf 把DNS的指向改为指向92这台DNS服务器使用nslookup 去验证会发现5和9的客户端返回的的IP为06和6的客户端返回的的IP为1其它IP的客户端返回的的IP为2- yum install caching-nameserver -y -bind软件的一个配置模版ls /var/named/chroot/etc/localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key named.caching-nameserver.conf + named.rfc1912.zones =named.conf如果这三个文件同时存在，刚优先读取named.conf可以查看配置样本在/usr/share/doc/bind-9.3.6/sample/ 下vim /var/named/chroot/etc/named.caching-nameserver.conf -此文件控制的参数更多options listen-on port 53 any; ; -修改为any，监听所有 listen-on-v6 port 53 :1; ; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; / Those options should be used carefully because they disable port / randomization / query-source port 53; / query-source-v6 port 53; allow-query any; ; -改为any，允许所有人查询 allow-query-cache localhost; ;logging channel default_debug file data/named.run; severity dynamic; ;view localhost_resolver -这个文件做出来后，本地不能解析，需要把这一段给注释掉才可以 match-clients localhost; ; match-destinations localhost; ; recursion yes; include /etc/named.rfc1912.zones;include dianxin;include wangtong;view dianxin match-clients dianxin; zone IN type master; file data/.zone; ;view wangtong match-clients wangtong; zone IN type master; file data/.zone; ;view others match-clients any; zone IN type master; file data/.zone; ;后面的步骤也是一样在这个配置文件里写，也一样能实现上面view功能1.有CentOS系统服务器一台，DNS master server 532.客户机安装Windows xp操作系统3.Server可与互联网通信，网关是CentOS iptables，目录说明：/var/named/chroot/etc /存放named.conf/var/named/chroot/var/named /存放.zone和arpa/var/log/messages /查看配置过程中的错误首先，应该检查自己是否已经安装了bind#rpm -ivh |grep bind#rpm -ivh |grep caching-nameserver使用了chroot后，虚拟根目录为 /var/named/chroot,则named.conf实际位置为/var/named/chroot/etc/,工作目录为/var/named/chroot/var/named/，停用chroot可以在/etc/sysconfig/named中将ROOTDIR这一行注释掉配置过程：第一步：安装DNS服务包rootnet#mount /dev/cdrom /mntrootnet#cd /mnt/CentOS /这是DVD的文件夹，以上的包都在这里找第二步：建立主配置文件，并修改相关选项；rootnet #cd /var/named/chroot/etc注意：安装caching-nameserver-9.3.3-7.el5.i386.rpm之后会自动生成一个named.caching-nameserver.conf这个文件，首先我们把它改个名字，改成named.conf，并备份一下rootnet etc#cp -p named.caching-nameserver.conf named.caching-nameserver.conf.backrootnet etc#cp -p named.caching-nameserver.conf named.conf /先用这个来编辑rootnet etc#vi named.conf options listen-on port 53 any; ; /侦听接口； listen-on-v6 port 53 :1; ; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; query-source port 53; query-source-v6 port 53; allow-query any; ; /允许查询哪些主机查询； allow-forward list1; /允许list1中的DNS server复制本机的记录文件 forwarders ; ; 2; ; /添加DNS转发器地址，可以添加多台，如果DNS服务器不在局域网内，就不需要的地址，该地址用于提供内部服务;logging channel default_debug file data/named.run; severity dynamic; ;view localhost_resolver match-clients any; ; /匹配任何主机 match-destinations any; ; recursion yes; include /etc/named.rfc1912.zones; /调用区域文件, 可以起个短名;实际上有很多一般是用不到的啦，这样就可以当然最好不要像我这样把ipv6的字段删掉 第三步：rootnet#vim /var/named/chroot/etc/named.rfc1912.zones在文件末尾添加以下内容，并保存退出;zone IN type master; file gps.zone; /Linux给出的范例就是.zone;zone 1.1.10.IN type master; file ; /Linux给出的范例就是.zone; 第四步：建立对应的区域文件；rootnet#cd /var/named/chroot/var/namedrootnet named#vim gps.zone /建立正向解析区域文件；$TTL 86400. IN SOA . root . （ /注意域名后面有. 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS . IN MX 10 .ns IN A 53www IN A 53 roothuyb named# Vim /建立反向解析区域文件；$TTL 86400 IN SOA . . （ /同样注意后面有. 1997022700;Serial 28800 ;Refresh 14400 ;Retry 3600000 ;Expire 86400) ;Minimum IN NS .153 IN PTR . /注意这里的153是的IP地址第五步：把zone配置文件的owner改了，这个文件要是权限过高，那slave就没法去访问和复制rootnet named#chown named:named gps.zonerootnet named# /这一步也很关键呢，注意喔 第六步:检查语法rootnet named#named-checkconf -t /var/named/chroot