接上篇:DNS-实验3_委派子域和转发
- yum remove bin-libs bind-utils –y #先删除原来的
- yum install bind97 bind97-libs bind97-utils –y #安装所需软件包
- vim /etc/named.conf
- acl "innernet" { //定义访问控制列表,此功能很强大
- 127/8;
- 172.16/16;
- };
- options {
- directory "/var/named";
- version "You guess..."; //隐藏版本号
- };
- view "intranet" {
- match-clients { innernet; }; //当访问的来源属于访问控制列表,在进入以下查询
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost" IN {
- type master;
- file "mos.localhost.zone";
- };
- zone "0.0.127.in-addr.arpa" IN {
- type master;
- file "127.0.0.zone";
- };
- zone "mos.com" IN {
- type master;
- file "mos.com.intranet";
- };
- };
- view "internet" {
- match-clients { any; }; //当访问IP来自任意地址,则进入查询
- zone "mos.com" IN {
- type master;
- file "mos.com.internet";
- };
- };
- # /var/named/mos.localhost.zone和/var/named/127.0.0.zone以及/var/named/172.16.zone这三个文件,保留原来的即可
- vim /var/named/mos.com.intranet
- $TTL 86400
- $ORIGIN mos.com.
- @ IN SOA ns.mos.com. root.mos.com. (
- 23 ; serial
- 1H ; refresh
- 5M ; retry
- 7D ; expire
- 1D ) ; minimum
- IN NS ns
- IN NS ns2
- IN MX 10 mail
- ns IN A 172.16.35.1
- ns2 IN A 172.16.35.2
- ns3 IN A 172.16.35.1
- mail IN A 172.16.35.1
- www IN A 172.16.35.2
- ftp IN CNAME ns
- vim /var/named/mos.com.internet
- $TTL 86400
- $ORIGIN mos.com.
- @ IN SOA ns.mos.com. root.mos.com. (
- 23 ; serial
- 1H ; refresh
- 5M ; retry
- 7D ; expire
- 1D ) ; minimum
- IN NS ns
- IN NS ns2
- IN MX 10 mail
- ns IN A 192.168.0.160
- ns2 IN A 192.168.0.33
- mail IN A 192.168.0.105
- www IN A 192.168.0.160
- ldap IN A 192.168.0.1
- nmap IN A 192.168.0.105
保存退出,重启服务器OK。
六、 日志功能的实现:
- vim /etc/named.conf
- //在options下增加如下段落
- logging { //日志关键字
- channel query_log { //配置日志保存通道
- file "/var/log/bind.queries.log" versions 10 size 10M; //十个,每个10M大,超过删除
- severity dynamic; //动态记录日志
- print-category yes; //记录日志类别
- print-severity yes; //记录消息级别
- print-time yes; //既然日志时间
- };
- category queries { query_log; }; //上面通道配置的,使其生效
- };
- touch /var/log/bind.queries.log
- chown named.named /var/log/bind.queries.log
- chown 640 /var/log/bind.queries.log
一般情况下,named没有对/var/log的写权限,所有,需要手动创建,否则会报错..