在192.168.1.101上配置test.com.域和1.168.192反向域,以及授权192.168.1.103为ops.test.com.子域的DNS服务器
一、安装bind9:
yum install -y bind
二、修改主配置文件并启动named服务:
cp /etc/named.conf{,.back} //先做备份
vim /etc/named.conf
chkconfig --level 35 named on //设置开机启动
service named start
验证:
ip route del default //删除默认网关,使192.168.1.101自己不能上外网
dig -t A www.taobao.com@192.168.1.101
//验证是否会将请求转发给192.168.1.104
三、配置test.com.域:
cp /etc/named.rfc1912.zones{,.back} //先备份
vim /etc/named.rfc1912.zones //添加正向域
vim /var/named/test.com.zone
chown :named /var/named/test.com.zone
chmod 640 /var/named/test.com.zone //修改资源库权限
rndc reload //重载配置文件
验证:
在192.168.1.0/24主机上操作
dig -t A www.test.com @192.168.1.101
dig -t MX test.com @192.168.1.101
dig -t A ftp.test.com @192.168.1.101
在非192.168.1.0/24主机上操作
dig -t A www.test.com @192.168.1.101
dig -t A www.baidu.com @192.168.1.101
四、配置1.168.192反向域:
cp /etc/named.rfc1912.zones{,.back} //备份一下
vim /etc/named.rfc1912.zones
vim /var/named/192.168.1.zone
chown :named /var/named/192.168.1.zone
chmod 640 /var/named/192.168.1.zone //修改文件权限
rndc reload
验证:
dig -x 192.168.1.202@192.168.1.101 //任意主机上执行
附:
/etc/named.conf
// //named.conf // //Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // serveras a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/for example named configuration files. // acl myNet{ 192.168.1.0/24; }; acltestSlave { 192.168.1.102; }; options { listen-on port 53 { 192.168.1.101;127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-recursion { myNet; }; dnssec-enable no; dnssec-validation no; forward first; forwarders { 192.168.1.104; }; /* Path to ISC DLV key */ // bindkeys-file"/etc/named.iscdlv.key"; // managed-keys-directory"/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone"." IN { type hint; file "named.ca"; }; include"/etc/named.rfc1912.zones"; include"/etc/named.root.key";
/etc/named.rfc1912.zones
// named.rfc1912.zones: // // Provided by Red Hat caching-nameserverpackage // // ISC BIND named zone configuration forzones recommended by // RFC 1912 section 4.1 : localhost TLDsand address zones // andhttp://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ forexample named configuration files. // zone "localhost.localdomain" IN{ typemaster; file"named.localhost"; allow-update{ none; }; }; zone "localhost" IN { typemaster; file"named.localhost"; allow-update{ none; }; }; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { typemaster; file"named.loopback"; allow-update{ none; }; }; zone "1.0.0.127.in-addr.arpa"IN { typemaster; file"named.loopback"; allow-update{ none; }; }; zone "0.in-addr.arpa" IN { typemaster; file"named.empty"; allow-update{ none; }; }; zone "test.com" IN { typemaster; file"test.com.zone"; allow-update{ none; }; allow-transfer{ testSlave; }; }; zone "1.168.192.in-addr.arpa"IN { typemaster; file"192.168.1.zone"; allow-update{ none; }; allow-transfer{ testSlave; }; };
/var/named/test.com.zone
$TTL 86400 $ORIGIN test.com. @ IN SOA test.com. admin ( 2016122002 1H 5M 7D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx ns1 IN A 192.168.1.101 ns2 IN A 192.168.1.102 mx IN A 192.168.1.111 www IN A 192.168.1.202 ftp IN CNAME www ops IN NS ns1.ops ns1.ops IN A 192.168.1.103 pop IN A 192.168.1.11
/var/named/192.168.1.zone
$TTL 86400 $ORIGIN 1.168.192.in-addr.arpa. @ IN SOA test.com.admin.test.com. ( 2016122002 1H 5M 7D 1D) IN NS ns1.test.com. IN NS ns2.test.com. 101 IN PTR ns1.test.com. 102 IN PTR ns2.test.com. 111 IN PTR mx.test.com. 202 IN PTR www.test.com. 103 IN PTR ns1.ops.test.com. 11 IN PTR pop.test.com.