1、安装
# rpm -ivh bind-9*.rpm
# rpm -ivh bind-libs-9*.rpm
# rpm -ivh bind-chroot-9*.rpm
# rpm -ivh bind-utils-9*.rpm
2、从RHEL 5.4开始,采用chroot机制保护DNS数据不被入侵和盗用;其工作目录位于:/var/named/chroot。
3、配置文件:/var/named/chroot/etc
区域文件:/var/named/chroot/var/named
4、编辑/var/named/chroot/etc/named.conf文件
zone "cargoo.com." IN {
type master;
file "cargoo.com.zone";
allow-update { none; };
};
zone "75.168.192.in-addr.arpa." IN {
type master;
file "192.168.75.rev";
allow-update { none; };
};
5、在/var/named/chroot/var/named目录下添加文件:cargoo.com.zone和192.168.75.rev
# cp -a named.zero cargoo.com.zone
# cp -a named.local 192.168.75.rev
6、编辑cargoo.com.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
rac1 IN A 192.168.75.11
rac2 IN A 192.168.75.12
rac1-vip IN A 192.168.75.101
rac2-vup IN A 192.168.75.102
rac1-priv IN A 10.10.10.11
rac2-priv IN A 10.10.10.12
rac-scan In A 192.168.75.16
rac-scan In A 192.168.75.17
rac-scan IN A 192.168.75.18
6、编辑192.168.75.rev
$TTL 86400
@ IN SOA cargoo.com. root.cargoo.com. (
42 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
# IN NS localhost.
#1 IN PTR localhost.
75.168.192.in-addr.arpa. IN NS cargoo.com
11 IN PTR rac1.cargoo.com.
12 IN PTR rac2.cargoo.com.
101 IN PTR rac1-vip.cargoo.com.
102 IN PTR rac2-vip.cargoo.com.
16 IN PTR rac-scan.cargoo.com.
17 IN PTR rac-scan.cargoo.com.
18 IN PTR rac-scan.cargoo.com.
7、/var/named/chroot/etc/named.conf全文
// Red Hat BIND Configuration Tool
//
// Default initial "Caching Only" name server configuration
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost." IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa." IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa." IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "cargoo.com." IN {
type master;
file "cargoo.com.zone";
allow-update { none; };
};
zone "75.168.192.in-addr.arpa." IN {
type master;
file "192.168.75.rev";
allow-update { none; };
};
include "/etc/rndc.key";
# rpm -ivh bind-9*.rpm
# rpm -ivh bind-libs-9*.rpm
# rpm -ivh bind-chroot-9*.rpm
# rpm -ivh bind-utils-9*.rpm
2、从RHEL 5.4开始,采用chroot机制保护DNS数据不被入侵和盗用;其工作目录位于:/var/named/chroot。
3、配置文件:/var/named/chroot/etc
区域文件:/var/named/chroot/var/named
4、编辑/var/named/chroot/etc/named.conf文件
zone "cargoo.com." IN {
type master;
file "cargoo.com.zone";
allow-update { none; };
};
zone "75.168.192.in-addr.arpa." IN {
type master;
file "192.168.75.rev";
allow-update { none; };
};
5、在/var/named/chroot/var/named目录下添加文件:cargoo.com.zone和192.168.75.rev
# cp -a named.zero cargoo.com.zone
# cp -a named.local 192.168.75.rev
6、编辑cargoo.com.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
rac1 IN A 192.168.75.11
rac2 IN A 192.168.75.12
rac1-vip IN A 192.168.75.101
rac2-vup IN A 192.168.75.102
rac1-priv IN A 10.10.10.11
rac2-priv IN A 10.10.10.12
rac-scan In A 192.168.75.16
rac-scan In A 192.168.75.17
rac-scan IN A 192.168.75.18
6、编辑192.168.75.rev
$TTL 86400
@ IN SOA cargoo.com. root.cargoo.com. (
42 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
# IN NS localhost.
#1 IN PTR localhost.
75.168.192.in-addr.arpa. IN NS cargoo.com
11 IN PTR rac1.cargoo.com.
12 IN PTR rac2.cargoo.com.
101 IN PTR rac1-vip.cargoo.com.
102 IN PTR rac2-vip.cargoo.com.
16 IN PTR rac-scan.cargoo.com.
17 IN PTR rac-scan.cargoo.com.
18 IN PTR rac-scan.cargoo.com.
7、/var/named/chroot/etc/named.conf全文
// Red Hat BIND Configuration Tool
//
// Default initial "Caching Only" name server configuration
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost." IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa." IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa." IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "cargoo.com." IN {
type master;
file "cargoo.com.zone";
allow-update { none; };
};
zone "75.168.192.in-addr.arpa." IN {
type master;
file "192.168.75.rev";
allow-update { none; };
};
include "/etc/rndc.key";
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/5359/viewspace-680724/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/5359/viewspace-680724/
1261
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
