1.安装包
- yum install bind* -y
- yum install bind-chroot -y
- [root@localhost ~]# /etc/init.d/named restart
- Stopping named: [ OK ]
- Generating /etc/rndc.key:^C
- [root@localhost ~]#
- [root@localhost ~]# rndc-confgen -r /dev/urandom -a 运行这命令导入rndc key
- wrote key file "/etc/rndc.key"
- [root@localhost ~]# /etc/init.d/named restart
- Stopping named: [ OK ]
- Starting named: [ OK ]
- [root@localhost ~]# cd /var/named/
- [root@localhost named]# cp -p named.localhost example.com.zone 一定是小写p
- [root@localhost named]# vim example.com.zone
- $TTL 1D
- @ IN SOA @ cc.163.com. ( 这里最后一个点不能少
- 0 ; serial 这些
- 1D ; refresh 东西
- 1H ; retry 不
- 1W ; expire 要
- 3H ) ; minimum 动
- NS @
- A 192.168.122.22 自己的IP
- www A 1.1.1.1
- aa A 2.2.2.2
- * A 2.2.250.250
- bbs CNAME www 这是别名,www.example.com和bbs.example.com的IP一样
- [root@localhost named]# vim /var/named/chroot/etc/named.conf
- options {
- listen-on port 53 { 192.168.122.22; }; 改成自己的IP
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; }; 改为any
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- forwarders { 192.168.122.1; }; 如果本DNS解析不里,先不去13台跟DNS找,而是先去192.168.122.1这个DNS上找
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "example.com"IN{ 这三行是加的,在include "/etc/named.rfc1912.zones";上面添加的,不要多空格
- type master;
- file "example.com.zone";
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- [root@localhost named]# /etc/init.d/named restart
- Stopping named: [ OK ]
- Starting named: [ OK ]
- [root@localhost named]# cat /etc/resolv.conf 改DNS
- # Generated by NetworkManager
- nameserver 192.168.122.22
- [root@localhost named]# dig aa.example.com 验证,注意防火墙,selinux
- ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> aa.example.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
- ;; QUESTION SECTION:
- ;aa.example.com. IN A
- ;; ANSWER SECTION:
- aa.example.com. 86400 IN A 2.2.2.2
- ;; AUTHORITY SECTION:
- example.com. 86400 IN NS example.com.
- ;; ADDITIONAL SECTION:
- example.com. 86400 IN A 192.168.122.22
- ;; Query time: 1 msec
- ;; SERVER: 192.168.122.22#53(192.168.122.22)
- ;; WHEN: Sat Mar 16 21:37:25 2013
- ;; MSG SIZE rcvd: 78
主从DNS,
在主DNS中
- [root@vm1 named]# vim /var/named/chroot/etc/named.conf
- options {
- # listen-on port 53 { 192.168.122.11; }; 将这行用#注释掉
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { localhost ; localnets; }; 改为这个
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- forwarders { 192.168.122.1; };
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "example.com"IN {
- type master;
- file "example.com.zone";
- allow-transfer { 192.168.122.22; }; 从DNS的IP
- also-notify { 192.168.122.22;};
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- [root@vm1 named]# /etc/init.d/named restart
- Stopping named: [ OK ]
- Starting named: [ OK ]
从DNS配置,安装包后,
- [root@localhost slaves]# cat /etc/named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as a localhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ for example named configuration files.
- //
- options {
- # listen-on port 53 { 127.0.0.1; };注释掉
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { localhost;localnets; }; 改成这个
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- managed-keys-directory "/var/named/dynamic";
- };
- logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- };
- };
- zone "." IN {
- type hint;
- file "named.ca";
- };
- include "/etc/named.rfc1912.zones";
- include "/etc/named.root.key";
- zone "example.com"IN { 这几行加在最后面
- type slave;
- masters { 192.168.122.11 ;};主DNS的IP
- file "slaves/example.com.zone"; 生成文件保存位置
- };