-----陈功磊 2009-6-9
说明:系统使用镜像:Redhat.Enterprise.Linux.AS.V5.3-i386-dvd.iso
防火墙配置:
[root@ dns01 var]# setup
弹出一个对话框。我们要进行的是防火墙配置,步骤如下:
选择“Firewall Configuration”---按 “Tab”键切换到“Run Tool”—回车—“Security Level”选项要在“Enabled”前面按一下“Tab”键---“SelLinux”选项要选“Disabled”—按一下“Tab”键---选中“Customize”---弹出新对话框---在“Other Port”栏目里输入“53:tcp 53:udp”—“OK”—返回上一个对话框—“OK”—对话框自动关闭。配置完成。
clip_image002
clip_image004
1.实验环境:
[root@dns01 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 dns01 benet.com localhost # 主机名 域名 主机别名
::1 localhost6.localdomain6 localhost6
[root@dns01 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=dns01
GATEWAY=192.168.7.1
[root@dns01 ~]#
[root@dns01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.7.255
HWADDR=00:0C:29:4A:45:6B
IPADDR=192.168.7.8 # dns服务器(本机)的ip
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.0
NETWORK=192.168.7.0
ONBOOT=yes
[root@dns01 ~]#
[root@dns01 ~]# cat /etc/resolv.conf
nameserver 192.168.7.8 # dns服务器ip为本机ip
[root@dns01 ~]#
2.安装软件包
主要检查以下六个包是否有安装:
bind-9.3.4-6.P1.el5.i386.rpm
bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm
bind-sdb-9.3.4-6.P1.el5.i386.rpm
bind-devel-9.3.4-6.P1.el5.i386.rpm
caching-nameserver-9.3.4-6.P1.el5.i386.rpm
bind-chroot-9.3.4-6.P1.el5.i386.rpm # 注意:bind-chroot软件包最好最后一个安装,否则可能报错哈
安装方式
[root@nis01 Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm
warning: bind-9.3.4-10.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind ########################################### [100%]
[root@nis01 Server]#
[root@dns01 ~]# rpm -qa | grep bind # 安装后的查询情况
bind-utils-9.3.4-10.P1.el5
bind-libbind-devel-9.3.4-10.P1.el5
bind-libs-9.3.4-10.P1.el5
bind-9.3.4-10.P1.el5
bind-sdb-9.3.4-10.P1.el5
bind-devel-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
ypbind-1.19-11.el5
[root@dns01 ~]#
3.修改配置文件
首先要进入目录,由于安装了chroot包(主要功能就不多介绍),所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。命令如下:
[root@dns01 ~]# cd /var/named/chroot/etc/
[root@dns01 etc]# cp -p named.caching-nameserver.conf named.conf # -p要用哦
root@dns01 etc]# vi named.conf # 配置主配置文件,部分注释已经去除
options {
listen-on port 53 { any; }; # 修改的地方
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; # 修改的地方
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; # 修改的地方
match-destinations { any; }; # 修改的地方
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@dns01 etc]# vi named.rfc1912.zones # 添加区域
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
}; # 以上为默认配置
zone "benet.com" IN { # 添加的正向解析区
type master;
file "benet.com.zone";
allow-update {none;};
};
zone "7.168.192.in-addr.arpa" IN { # 添加的方向解析区
type master;
file "7.168.192.rev";
allow-update {none;};
};
[root@nis01 etc]# named-checkconf named.conf # 检查配置文件
[root@nis01 etc]# named-checkconf named.rfc1912.zones # 检查配置文件
[root@nis01 etc]# # 没有任何提示才是正确的配置
4.配置正、反解文件
[root@dns01 etc]# cd /var/named/chroot/var/named/
[root@dns01 named]# cp -p localdomain.zone benet.com.zone # -p要加哦
[root@dns01 named]# cp -p named.local 7.168.192.rev # -p要加哦
[root@dns01 named]# vi benet.com.zone # 编辑正向文件
$TTL 86400
@ IN SOA dns01.benet.com. root.benet.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns01.benet.com. # dns服务器
dns01 IN A 192.168.7.8
apache IN A 192.168.7.2
www IN CNAME apache
~
"benet.com.zone" 13L, 271C
[root@dns01 named]# vi 7.168.192.rev # 配置反向文件
$TTL 86400
@ IN SOA dns01.benet.com. root.benet.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS dns01.benet.com. # dns服务器
2 IN PTR apache.benet.com.
8 IN PTR dns01.benet.com.
~
"7.168.192.rev" 12L, 475C
5.收尾工作
[root@dns01 named]# cat /etc/resolv.conf # 确保dns解析的ip为本机dns服务器ip
nameserver 192.168.7.8
[root@dns01 named]#
[root@dns01 named]# named-checkconf /var/named/chroot/etc/named.conf # 检查配置文件
[root@dns01 named]#
[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/benet.com.zone # 检查正向配置
zone benet.com/IN: loaded serial 42
OK
[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/7.168.192.rev # 检查方向配置
zone benet.com/IN: loaded serial 1997022700
OK
[root@dns01 named]# chmod 644 /var/named/chroot/etc/named.conf # 设置权限
[root@dns01 named]# chmod 644 /var/named/chroot/var/named/benet.com.zone # 设置权限
[root@dns01 named]# chmod 644 /var/named/chroot/var/named/7.168.192.rev # 设置权限
[root@killgoogle ~]# /etc/rc.d/init.d/named restart # 重启服务
[root@dns01 named]# service named restart # 另一种重启服务方式
Stopping named: [ OK ]
Starting named: [ OK ]
[root@dns01 named]#
[root@dns01 named]# tail -f /var/log/messages # 如果启动失败,可以使用命令查看原因
[root@nis01 named]# chkconfig --level 35 named on # 设置随机启动named服务
[root@nis01 named]# chkconfig --list named
named 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@nis01 named]#
6.测试
[root@dns01 ~]# dig -t soa benet.com
; <&lt;>&gt; DiG 9.3.4-P1 <&lt;>&gt; -t soa benet.com
;; global options: printcmd
;; Got answer:
;; -&gt;&gt;HEADER<&lt;- opcode: QUERY, status: NOERROR, id: 50784
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;benet.com. IN SOA
;; ANSWER SECTION:
benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400
;; AUTHORITY SECTION:
benet.com. 86400 IN NS dns01.benet.com.
;; ADDITIONAL SECTION:
dns01.benet.com. 86400 IN A 192.168.7.8
;; Query time: 63 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:21:43 2009
;; MSG SIZE rcvd: 104
[root@dns01 ~]#
[root@dns01 ~]# dig -t mx benet.com
; &lt;&lt;>&gt; DiG 9.3.4-P1 <&lt;>&gt; -t mx benet.com
;; global options: printcmd
;; Got answer:
;; -&gt;&gt;HEADER<&lt;- opcode: QUERY, status: NOERROR, id: 21559
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;benet.com. IN MX
;; AUTHORITY SECTION:
benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400
;; Query time: 6 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:22:16 2009
;; MSG SIZE rcvd: 74
[root@dns01 ~]#
[root@dns01 ~]# dig www.benet.com
; &lt;&lt;>&gt; DiG 9.3.4-P1 <&lt;>&gt; www.benet.com
;; global options: printcmd
;; Got answer:
;; -&gt;&gt;HEADER<&lt;- opcode: QUERY, status: NOERROR, id: 2727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.benet.com. IN A
;; ANSWER SECTION:
www.benet.com. 86400 IN CNAME apache.benet.com.
apache.benet.com. 86400 IN A 192.168.7.2
;; AUTHORITY SECTION:
benet.com. 86400 IN NS dns01.benet.com.
;; ADDITIONAL SECTION:
dns01.benet.com. 86400 IN A 192.168.7.8
;; Query time: 3 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:22:51 2009
;; MSG SIZE rcvd: 104
[root@dns01 ~]#
root@dns01 ~]# dig -x 192.168.7.8 # 方向解析
; &lt;&lt;>&gt; DiG 9.3.4-P1 <&lt;>&gt; -x 192.168.7.8
;; global options: printcmd
;; Got answer:
;; -&gt;&gt;HEADER<&lt;- opcode: QUERY, status: NOERROR, id: 15896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;8.7.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
8.7.168.192.in-addr.arpa. 86400 IN PTR dns01.benet.com.
;; AUTHORITY SECTION:
7.168.192.in-addr.arpa. 86400 IN NS dins01.benet.com.
;; Query time: 3 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:23:46 2009
;; MSG SIZE rcvd: 92
[root@dns01 ~]#
[root@dns01 ~]# nslookup # nslookup 检查
> www.benet.com # 正向解析
Server: 192.168.7.8
Address: 192.168.7.8#53
www.benet.com canonical name = apache.benet.com.
Name: apache.benet.com
Address: 192.168.7.2
&gt; 192.168.7.8 # 反向解析
Server: 192.168.7.8
Address: 192.168.7.8#53
8.7.168.192.in-addr.arpa name = dns01.benet.com.
&gt;
完成基本DNS服务器配置
本文出自 “Gonglei Chen” 博客,转载请与作者联系!