rhce7 dns chroot 配置

dns server BIND 安装与配置

配置文件

安装 DNS
yum install bind*

根域配置文件

/=/var/named/chroot/

/etc/named.conf --> /var/named/chroot/etc/name.conf
复制chroot模式根域配置文件
cp -a /etc/named.conf /var/named/chroot/etc/

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 192.168.0.254; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

};

#logging {
#channel default_debug {
#file "data/named.run";
#severity dynamic;
#};
#};

zone "." IN {
    type hint;
    file "named.ca";
};
zone "linuxpx123.com." IN {
    type master;
    file "linuxpx123.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.0.zone";
};

区域配置文件

/var/named --> /var/named/chroot/var/named/
cp -a /var/named/named.ca /var/named/chroot/var/named/
cp -a /var/named/named.localhost /var/named/chroot/var/named/linuxpx123.com.zone

正向解析

$TTL 1D
@    IN SOA     linuxpx123.com.  root.linuxpx123.com. (
                    2015101401    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
    NS    ns.linuxpx123.com.
ns    A    192.168.0.254
www    A    192.168.0.254
www    A    192.168.0.250
ftp    A    192.168.0.254
bbs    A    192.168.0.254
@    IN    MX 10  mail.linuxpx123.com.
mail    A    192.168.0.254
game    CNAME    www.linuxpx123.com.cn.

反向解析

$TTL 1D
@    IN SOA     linuxpx123.com.  root.linuxpx123.com. (
                    2015101401    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
    NS    ns.linuxpx123.com.
254    IN    PTR    ns.linuxpx123.com.
254    IN    PTR    www.linuxpx123.com.
254    IN    PTR    mail.linuxpx123.com.
254    IN    PTR    ftp.linuxpx123.com.
254    IN    PTR    bbs.linuxpx123.com.
@    IN    MX 10  mail.linuxpx123.com.
game    CNAME    www.linuxpx123.com.cn.

开机自启动 bind-chroot 服务

1. [root@centos7 ~]#/usr/libexec/setup-named-chroot.sh /var/named/chroot on

2. [root@centos7 ~]# systemctl stop named

3. [root@centos7 ~]# systemctl disable named

4. [root@centos7 ~]# systemctl start named-chroot

5. [root@centos7 ~]# systemctl enable named-chroot