公司新购两台Sun ultra 20 工作站和两台DELL server 作为公司对外提供的DNS server, 这是我第一次自己动手安装 solaris 10 x86 系统,并在上面配置DNS server.其实我是一头雾水,好在公司有位强人Davy Shen,他在技术方面建树颇多,玩转DNS自然不在话下,我在他的指导下也装成一台。现把安装流程写下来与大家分享!
zone "16.168.192.in-addr.arpa" IN {
type master;
file "16.168.192.in-addr.arpa.dns";
};
zone "21vianet.biz" IN {
type master;
file "21vianet.biz";
};
zone "35.152.211.in-addr.arpa" IN {
type master;
file "35.152.211.in-addr.arpa.dns";
};
1、在安装solaris 10 时选择DNS,这样就省去专门安装bind 9 。也可以在安装好的系统下查看是否存在以下文件,如果有,表明bind 9 已经安装。
# ls /usr/sbin
named
nsupdate
rndc
dnssec-keygen
nslookup
dig
dnssec-makekeyset
dnssec-signkey
dnssec-signzone
named-checkconf
named-checkzone
rndc-confgen
host
nsupdate
rndc
dnssec-keygen
nslookup
dig
dnssec-makekeyset
dnssec-signkey
dnssec-signzone
named-checkconf
named-checkzone
rndc-confgen
host
2、接下来进行具体设置
一个配置完整的DNS server 包括以下配置文件:
# ls -l /var/named
total 28
-rw-r--r-- 1 root root 200 Aug 3 14:20 16.168.192.in-addr.arpa.dns
-rw-r--r-- 1 root root 265 Aug 3 15:26 21vianet.biz
-rw-r--r-- 1 root root 264 Aug 3 14:20 21vianet.com.cn
-rw-r--r-- 1 root root 199 Aug 3 14:20 35.152.211.in-addr.arpa.dns
drwxr-xr-x 2 root root 512 Aug 3 15:02 data
-rw-r--r-- 1 root root 198 Aug 3 14:20 localdomain.zone
-rw-r--r-- 1 root root 195 Aug 3 14:20 localhost.zone
-rw-r--r-- 1 root root 415 Aug 3 14:20 named.broadcast
-rw-r--r-- 1 root root 2518 Aug 3 14:20 named.ca
-rw-r--r-- 1 root root 432 Aug 3 14:20 named.ip6.local
-rw-r--r-- 1 root root 433 Aug 3 14:20 named.local
-rw-r--r-- 1 root root 416 Aug 3 14:20 named.zero
total 28
-rw-r--r-- 1 root root 200 Aug 3 14:20 16.168.192.in-addr.arpa.dns
-rw-r--r-- 1 root root 265 Aug 3 15:26 21vianet.biz
-rw-r--r-- 1 root root 264 Aug 3 14:20 21vianet.com.cn
-rw-r--r-- 1 root root 199 Aug 3 14:20 35.152.211.in-addr.arpa.dns
drwxr-xr-x 2 root root 512 Aug 3 15:02 data
-rw-r--r-- 1 root root 198 Aug 3 14:20 localdomain.zone
-rw-r--r-- 1 root root 195 Aug 3 14:20 localhost.zone
-rw-r--r-- 1 root root 415 Aug 3 14:20 named.broadcast
-rw-r--r-- 1 root root 2518 Aug 3 14:20 named.ca
-rw-r--r-- 1 root root 432 Aug 3 14:20 named.ip6.local
-rw-r--r-- 1 root root 433 Aug 3 14:20 named.local
-rw-r--r-- 1 root root 416 Aug 3 14:20 named.zero
和/etc 目录下的。
/etc/named.conf
/etc/rndc.conf
以上内容就是构成一个DSN server的全部文件。
3、接下来分析每个文件的内容。
1> named.conf
# less /etc/named.conf
//
// named.conf for Red Hat caching-nameserver
//
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
zone "." IN {
type hint;
file "named.ca";
};
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
type master;
file "named.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
type master;
file "named.zero";
allow-update { none; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "7kI4jWYxAqYfyCyDfJ17hA==";
};
algorithm hmac-md5;
secret "7kI4jWYxAqYfyCyDfJ17hA==";
};
zone "21vianet.com.cn" IN {
type master;
file "21vianet.com.cn";
};
type master;
file "21vianet.com.cn";
};
zone "16.168.192.in-addr.arpa" IN {
type master;
file "16.168.192.in-addr.arpa.dns";
};
zone "21vianet.biz" IN {
type master;
file "21vianet.biz";
};
zone "35.152.211.in-addr.arpa" IN {
type master;
file "35.152.211.in-addr.arpa.dns";
};
2>rndc.conf
# less /etc/rndc.conf
options {
default-server localhost;
default-key "rndc-key";
};
options {
default-server localhost;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc-key";
};
key "rndc-key" {
algorithm hmac-md5;
secret "7kI4jWYxAqYfyCyDfJ17hA==";
};
algorithm hmac-md5;
secret "7kI4jWYxAqYfyCyDfJ17hA==";
};
注:以上这两个文件中的key 部分用以下方法生成,并替换到文件。
# rndc-confgen -a
# less /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "x4w3LrgqIdLCUB0JQ1Xctg==";
};
# less /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "x4w3LrgqIdLCUB0JQ1Xctg==";
};
3> # less 16.168.192.in-addr.arpa.dns
$TTL 1d
@ 1d IN SOA ns.16.168.192.in-addr.arpa. root.16.168.192.in-addr.arpa. (
1
1h
10m
1d
1h )
@ 1d IN NS ns.16.168.192.in-addr.arpa.
59
$TTL 1d
@ 1d IN SOA ns.16.168.192.in-addr.arpa. root.16.168.192.in-addr.arpa. (
1
1h
10m
1d
1h )
@ 1d IN NS ns.16.168.192.in-addr.arpa.
59