以下安装配置是在192.168.100.87服务器上实施的操作记录。
1.从http://www.isc.org/products/BIND/bind9.html下载bind9的源文件。目前版本为9.7.2-p3,源文件为bind-9.7.2-P3.tar.gz。将源文件bind-9.7.2-P3.tar.gz置于/root目录下。(随便放的,与安装配置无关)
2.解压缩源文件bind-9.7.2-P3.tar.gz
# cd /root
# tar -zxvf bind-9.7.2-P3.tar.gz
3.进入安装目录
# cd bind-9.7.2-P3
4.配置、编译、安装
# ./configure --prefix=/usr/local/named --disable-openssl-version-check //安装到/usr/local/named目录下,并且禁止检查openssl版本
# make
# make install
安装完成后,生成的可执行文件位于/usr/local/named/sbin目录下。最重要的可执行文件为named和rndc。
5.创建rndc.conf配置文件。
# cd /usr/local/named/sbin
# rndc-confgen > /usr/local/named/etc/rndc.conf
# cd /usr/local/named/etc
# more /etc/rndc.conf
输出为:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "y9xvvfQjdWv9f/Fo7wquBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "y9xvvfQjdWv9f/Fo7wquBg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
6.创建named.conf配置文件,并将rndc.conf文件中注释部分拷贝添加到named.conf配置文件中。
# vi /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "bX4pVk/C1CO+ROBTEAD84A==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
7.在named.conf文件中加入以下部分
options {
directory "/usr/local/named/var";
pid-file "/usr/local/named/var/run/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
allow-transfer {none;};
// recursion no;
// recursion yes;
// allow-recursion {trusted;};
// allow-query-cache { any; };
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "hebei.com.cn";
allow-update { none; };
};
8.匿名登录到ftp站点,获取/domain目录下的named.root文件和named.ca文件(这两个文件是一样的),将该文件置于/usr/local/named/var目录下。
# cd /usr/local/named/var
9.创建localhost.zone文件(实际没有创建)
# vi /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
10.创建named.local文件
# vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
11.创建hebei.com.cn文件
# vi hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
12.创建反向解析文件(还没做)
13.启动 /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
停止 killall -9 named
14.测试
C:\Documents and Settings\Administrator>nslookup 192.168.100.87
*** Can't find server name for address 192.168.100.87: Query refused
Server: UnKnown
Address: 192.168.100.87
Name:
Address: 123.123.123.123
至此,bind安装配置完成,并测试通过,下面是智能DNS解析配置过程。
1.从http://www.isc.org/products/BIND/bind9.html下载bind9的源文件。目前版本为9.7.2-p3,源文件为bind-9.7.2-P3.tar.gz。将源文件bind-9.7.2-P3.tar.gz置于/root目录下。(随便放的,与安装配置无关)
2.解压缩源文件bind-9.7.2-P3.tar.gz
# cd /root
# tar -zxvf bind-9.7.2-P3.tar.gz
3.进入安装目录
# cd bind-9.7.2-P3
4.配置、编译、安装
# ./configure --prefix=/usr/local/named --disable-openssl-version-check //安装到/usr/local/named目录下,并且禁止检查openssl版本
# make
# make install
安装完成后,生成的可执行文件位于/usr/local/named/sbin目录下。最重要的可执行文件为named和rndc。
5.创建rndc.conf配置文件。
# cd /usr/local/named/sbin
# rndc-confgen > /usr/local/named/etc/rndc.conf
# cd /usr/local/named/etc
# more /etc/rndc.conf
输出为:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "y9xvvfQjdWv9f/Fo7wquBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "y9xvvfQjdWv9f/Fo7wquBg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
6.创建named.conf配置文件,并将rndc.conf文件中注释部分拷贝添加到named.conf配置文件中。
# vi /etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "bX4pVk/C1CO+ROBTEAD84A==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
7.在named.conf文件中加入以下部分
options {
directory "/usr/local/named/var";
pid-file "/usr/local/named/var/run/named.pid";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
allow-transfer {none;};
// recursion no;
// recursion yes;
// allow-recursion {trusted;};
// allow-query-cache { any; };
// query-source address * port 53;
};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "hebei.com.cn";
allow-update { none; };
};
8.匿名登录到ftp站点,获取/domain目录下的named.root文件和named.ca文件(这两个文件是一样的),将该文件置于/usr/local/named/var目录下。
# cd /usr/local/named/var
9.创建localhost.zone文件(实际没有创建)
# vi /var/named/localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
10.创建named.local文件
# vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
11.创建hebei.com.cn文件
# vi hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
12.创建反向解析文件(还没做)
13.启动 /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
停止 killall -9 named
14.测试
C:\Documents and Settings\Administrator>nslookup 192.168.100.87
*** Can't find server name for address 192.168.100.87: Query refused
Server: UnKnown
Address: 192.168.100.87
Name:
Address: 123.123.123.123
至此,bind安装配置完成,并测试通过,下面是智能DNS解析配置过程。
什么是智能域名服务器,有什么用?简单的说,就是域名服务器能够按照请求用户的网络地址范围,做出不同的地址解析。
智能域名服务器在中国的主要作用是解决中国电信和中国网通间存在的问题
-- 当你设置一个服务器在电信的网络上,这个时候网通的用户访问往往很慢,而如果设置在网通则电信访问很慢,要解决这个问题有很多方法,比较容易采用的是:在电信和网通都设置服务器,而后让用户使用不同的域名访问,如电信用户用www.xxx.com,而网通用户用 www2.xxx.com访问,但是这样带来的问题是要用户自己判断,并且还需要输入不同域名导致麻烦。
这个时候自然希望能够让用户输入www.xxx.com的时候,能够由域名服务器自动判断用户的网络情况,而后提供不同的地址解析,即:当网通的用户访问的时候,域名服务器判断(通过访问的域名服务器IP地址范围)到该用户来自网通,则给出设置在网通的机器IP,而如果来自电信则给出电信的。
推而广之,你不仅仅可以作为这个用途,还可以按照网络的情况进行优化,按照不同的IP范围(代表不同的网络区域),将用户带到不同的服务器节点上。
智能DNS策略解析很好的解决了上面所述的问题。DNS策略解析最基本的功能是可以智能的判断访问您网站的用户,然后根据不同的访问者把您的域名分别解析成不同的IP地址。如访问者是网通用户,DNS策略解析服务器会把你的域名对应的网通IP地址解析给这个访问者。如果用户是电信用户,DNS策略解析服务器会把您域名对应的电信IP地址解析给这个访问者。
智能DNS策略解析还可以给你的多个主机实现负载均衡,这时来自各地的访问流量会比较平均的分布到你的每一个主机上。
具体配置如下:以下配置操作在192.168.20.192服务器上实施测试
1、编辑named.conf文件,加入以下内容
# vi /usr/local/named/etc/named.conf
#装载网通地址范围数据
include "acl.conf";
#判断如是网通的地址范围,则会执行此处,调用网通的解析
view "view_cnc" {
match-clients{CNC;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "cnc.hebei.com.cn.txt";
allow-update { none; };
};
};
#如果不是网通的则进行电信的解析
view "view_any" {
match-clients{any;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "tel.hebei.com.cn.txt";
allow-update { none; };
};
};
2、在/usr/local/named/var目录下创建acl.conf文件,存放网通的地址范围数据
# vi /usr/local/named/var
# vi acl.conf
//cnc acl list
acl "CNC" {
192.168.10.194/32;
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
3、创建cnc.hebei.com.cn文件和tel.hebei.com.cn文件,分别存放需要解析的域名信息。
# vi cnc.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
# vi tel.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 23.23.23.23
4、启动/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
5、测试,我的IP是192.168.10.194,不在acl.conf文件中列出的网通地址段里,因此返回地址为tel.hebei.com.cn文件中指定的23.23.23.23。
C:\Documents and Settings\Administrator>nslookup 192.168.20.192
*** Can't find server name for address 192.168.20.192: Query refused
Server: UnKnown
Address: 192.168.20.192
Name:
Address: 23.23.23.23
智能域名服务器在中国的主要作用是解决中国电信和中国网通间存在的问题
-- 当你设置一个服务器在电信的网络上,这个时候网通的用户访问往往很慢,而如果设置在网通则电信访问很慢,要解决这个问题有很多方法,比较容易采用的是:在电信和网通都设置服务器,而后让用户使用不同的域名访问,如电信用户用www.xxx.com,而网通用户用 www2.xxx.com访问,但是这样带来的问题是要用户自己判断,并且还需要输入不同域名导致麻烦。
这个时候自然希望能够让用户输入www.xxx.com的时候,能够由域名服务器自动判断用户的网络情况,而后提供不同的地址解析,即:当网通的用户访问的时候,域名服务器判断(通过访问的域名服务器IP地址范围)到该用户来自网通,则给出设置在网通的机器IP,而如果来自电信则给出电信的。
推而广之,你不仅仅可以作为这个用途,还可以按照网络的情况进行优化,按照不同的IP范围(代表不同的网络区域),将用户带到不同的服务器节点上。
智能DNS策略解析很好的解决了上面所述的问题。DNS策略解析最基本的功能是可以智能的判断访问您网站的用户,然后根据不同的访问者把您的域名分别解析成不同的IP地址。如访问者是网通用户,DNS策略解析服务器会把你的域名对应的网通IP地址解析给这个访问者。如果用户是电信用户,DNS策略解析服务器会把您域名对应的电信IP地址解析给这个访问者。
智能DNS策略解析还可以给你的多个主机实现负载均衡,这时来自各地的访问流量会比较平均的分布到你的每一个主机上。
具体配置如下:以下配置操作在192.168.20.192服务器上实施测试
1、编辑named.conf文件,加入以下内容
# vi /usr/local/named/etc/named.conf
#装载网通地址范围数据
include "acl.conf";
#判断如是网通的地址范围,则会执行此处,调用网通的解析
view "view_cnc" {
match-clients{CNC;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "cnc.hebei.com.cn.txt";
allow-update { none; };
};
};
#如果不是网通的则进行电信的解析
view "view_any" {
match-clients{any;};
zone "." IN {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "hebei.com.cn" IN {
type master;
file "tel.hebei.com.cn.txt";
allow-update { none; };
};
};
2、在/usr/local/named/var目录下创建acl.conf文件,存放网通的地址范围数据
# vi /usr/local/named/var
# vi acl.conf
//cnc acl list
acl "CNC" {
192.168.10.194/32;
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
58.22.0.0/15;
58.240.0.0/15;
58.242.0.0/15;
58.244.0.0/15;
58.246.0.0/15;
58.248.0.0/13;
60.0.0.0/13;
60.8.0.0/15;
60.10.0.0/16;
60.11.0.0/16;
60.12.0.0/16;
60.13.0.0/18;
60.13.128.0/17;
60.14.0.0/15;
60.16.0.0/13;
60.24.0.0/14;
60.30.0.0/16;
60.31.0.0/16;
60.208.0.0/13;
60.216.0.0/15;
60.218.0.0/15;
60.220.0.0/14;
61.48.0.0/13;
61.133.0.0/17;
61.134.96.0/19;
61.134.128.0/17;
61.135.0.0/16;
61.137.128.0/17;
61.138.0.0/17;
61.138.128.0/18;
61.139.128.0/18;
61.148.0.0/15;
61.156.0.0/16;
61.158.0.0/16;
61.159.0.0/18;
61.161.0.0/18;
61.161.128.0/17;
61.162.0.0/16;
61.163.0.0/16;
61.167.0.0/16;
61.168.0.0/16;
61.176.0.0/16;
61.179.0.0/16;
61.180.128.0/17;
61.181.0.0/16;
61.182.0.0/16;
61.189.0.0/17;
125.32.0.0/16;
125.40.0.0/13;
202.96.0.0/18;
202.96.64.0/21;
202.96.72.0/21;
202.97.128.0/18;
202.97.224.0/21;
202.97.240.0/20;
202.98.0.0/21;
202.98.8.0/21;
202.99.64.0/19;
202.99.96.0/21;
202.99.128.0/19;
202.99.160.0/21;
202.99.168.0/21;
202.99.176.0/20;
202.99.208.0/20;
202.99.224.0/21;
202.99.232.0/21;
202.99.240.0/20;
202.102.128.0/21;
202.102.224.0/21;
202.102.232.0/21;
202.106.0.0/16;
202.107.0.0/17;
202.108.0.0/16;
202.110.0.0/17;
202.111.128.0/18;
203.93.8.0/24;
203.93.192.0/18;
210.13.128.0/17;
210.14.160.0/19;
210.14.192.0/19;
210.15.32.0/19;
210.15.96.0/19;
210.15.128.0/18;
210.16.128.0/18;
210.21.0.0/16;
210.51.0.0/16;
210.52.128.0/17;
210.53.0.0/17;
210.53.128.0/17;
210.74.96.0/19;
210.74.128.0/19;
210.82.0.0/15;
211.152.0.0/13;
218.7.0.0/16;
218.8.0.0/14;
218.12.0.0/16;
218.21.128.0/17;
218.24.0.0/14;
218.28.0.0/15;
218.56.0.0/14;
218.60.0.0/15;
218.62.0.0/17;
218.67.128.0/17;
218.68.0.0/15;
218.104.0.0/14;
219.154.0.0/15;
219.156.0.0/15;
219.158.0.0/17;
219.158.128.0/17;
219.159.0.0/18;
220.252.0.0/16;
221.0.0.0/15;
221.2.0.0/16;
221.3.0.0/17;
221.3.128.0/17;
221.4.0.0/16;
221.5.0.0/17;
221.5.128.0/17;
221.6.0.0/16;
221.7.0.0/19;
221.7.32.0/19;
221.7.64.0/19;
221.7.96.0/19;
221.7.128.0/17;
221.8.0.0/15;
221.10.0.0/16;
221.11.0.0/17;
221.11.128.0/18;
221.11.192.0/19;
221.12.0.0/17;
221.12.128.0/18;
221.13.0.0/18;
221.13.64.0/19;
221.13.96.0/19;
221.13.128.0/17;
221.14.0.0/15;
221.192.0.0/15;
221.194.0.0/16;
221.195.0.0/16;
221.196.0.0/15;
221.198.0.0/16;
221.199.0.0/19;
221.199.32.0/20;
221.199.128.0/18;
221.199.192.0/20;
221.200.0.0/14;
221.204.0.0/15;
221.206.0.0/16;
221.207.0.0/18;
221.207.64.0/18;
221.207.128.0/17;
221.208.0.0/14;
221.212.0.0/16;
221.213.0.0/16;
221.216.0.0/13;
222.128.0.0/14;
222.132.0.0/14;
222.136.0.0/13;
222.160.0.0/15;
222.162.0.0/16;
222.163.0.0/19;
222.163.32.0/19;
222.163.64.0/18;
222.163.128.0/17;
219.235.56.194;
};
3、创建cnc.hebei.com.cn文件和tel.hebei.com.cn文件,分别存放需要解析的域名信息。
# vi cnc.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 123.123.123.123
# vi tel.hebei.com.cn
$TTL 86400
@ 900 IN SOA localhost. root. (
2003061800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
www 900 IN A 23.23.23.23
4、启动/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
5、测试,我的IP是192.168.10.194,不在acl.conf文件中列出的网通地址段里,因此返回地址为tel.hebei.com.cn文件中指定的23.23.23.23。
C:\Documents and Settings\Administrator>nslookup 192.168.20.192
*** Can't find server name for address 192.168.20.192: Query refused
Server: UnKnown
Address: 192.168.20.192
Name:
Address: 23.23.23.23
转载于:https://blog.51cto.com/75clouds/842206
511
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
