[root@e4202 var]# cat /proc/version 查看系统版本
Linux version 2.6.9-5.EL ( bhcompile@decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 Wed Jan 5 19:22:18 EST 2005
[root@e4202 var]# lsb_release -a
LSB Version: 1.3
Distributor ID: RedHatEnterpriseAS
Description: Red Hat Enterprise Linux AS release 4 (Nahant)
Release: 4
Codename: Nahant
[root@e4202 var]# rpm -qa |grep bind 需要装的软件包
bind-chroot-9.2.4-2
bind-libs-9.2.4-2
ypbind-1.17.2-3
bind-9.2.4-2
bind-utils-9.2.4-2
本文以Red Hat Enterprise Linux AS v4为平台,
Linux version 2.6.9-5.EL ( bhcompile@decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 Wed Jan 5 19:22:18 EST 2005
[root@e4202 var]# lsb_release -a
LSB Version: 1.3
Distributor ID: RedHatEnterpriseAS
Description: Red Hat Enterprise Linux AS release 4 (Nahant)
Release: 4
Codename: Nahant
[root@e4202 var]# rpm -qa |grep bind 需要装的软件包
bind-chroot-9.2.4-2
bind-libs-9.2.4-2
ypbind-1.17.2-3
bind-9.2.4-2
bind-utils-9.2.4-2
本文以Red Hat Enterprise Linux AS v4为平台,
chroot模式下配置,郁闷很久,原来版本略有不同,配置不一样的.
**************************************************
一 所需配置文件
1. Red Hat Enterprise Linux 光盘(第一、四张)
2. /var/named/chroot/etc/named.conf //DNS主配置文件,无需配置
3. /etc/host.conf //转换程序控制文件,系统自带无需配置
4. /etc/resolv.conf //转换程序配置文件,系统自带需配置
5. /var/named/chroot/var/named/named.ca // 根域名服务器指向文件,无需配置
6. /var/named/chroot/var/named/localhost.zone localhost //正向区文件,默认存在,无需配置
7. /var/named/chroot/var/named/named.local localhost //反向区文件,默认存在,无需配置
8. /var/named/chroot/var/named/feng86.zone //用户配置正向区文件,默认不存在,需自己创建并且配置
9. /var/named/chroot/var/named/0.168.192.zone //用户配置反向区文件,默认不存在,需自己创建并且配置
二 配置过程详解
1. 安装DNS
#rpm –qa |grep bind //查看是否安装bind
#mount /media/cdrom //挂载光盘第四张
#cd /media/cdrom/RedHat/RPMS //进入光盘目录
#rpm –ivh bind-9.2.4-16.EL4.i386.rmp //安装所需的RPM包
#rpm –ivh bind-chroot-9.2.4-16.EL4.i386.rmp //安装所需的RPM包
#rpm –ivh bind-devel-9.2.4-16.EL4.i386.rmp //安装所需的RPM包
#cd;eject //弹出光盘
#mount /media/cdrom //挂载光盘第一张
#cd /media/cdrom/RedHat/RPMS //进入光盘目录
#rpm –ivh caching-nameserver-7.3-3.noarch.rpm //安装所需的RPM包
#cd;eject //弹出光盘
[root@e4202 var]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.2.255
HWADDR=00:0C:29:C3:75:EB
IPADDR=192.168.2.202
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
TYPE=Ethernet
You have mail in /var/spool/mail/root
[root@e4202 var]# cat /etc/resolv.conf
nameserver 192.168.2.202
nameserver 202.96.128.166
nameserver 61.144.56.100
[root@e4202 named]# cat /etc/named.conf DNS主文件配置(注意文件名保持一致)
//
// named.conf for Red Hat caching-nameserver
//
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.2.255
HWADDR=00:0C:29:C3:75:EB
IPADDR=192.168.2.202
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
TYPE=Ethernet
You have mail in /var/spool/mail/root
[root@e4202 var]# cat /etc/resolv.conf
nameserver 192.168.2.202
nameserver 202.96.128.166
nameserver 61.144.56.100
[root@e4202 named]# cat /etc/named.conf DNS主文件配置(注意文件名保持一致)
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
type master;
file "named.local";
allow-update { none; };
};
zone "augurit.cn" IN {
type master;
file "augurit.zone";
allow-update { none; };
};
type master;
file "augurit.zone";
allow-update { none; };
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.zone";
allow-update { none; };
};
type master;
file "2.168.192.zone";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
[root@e4202 named]#
[root@e4202 named]# pwd
/var/named/chroot/var/named DNS配置文件的目录
[root@e4202 named]# ls (cp localhost.zone augurit.zone
cp named.local 2.168.192.zone)复制这两个文件然后配置
2.168.192.zone localdomain.zone named.ca named.zero
augurit.zone localhost.zone named.ip6.local slaves
data named.broadcast named.local
[root@e4202 named]# ll
总用量 88
-rw-r--r-- 1 named named 567 11月 15 05:04 2.168.192.zone 改为named拥有
-rw-r--r-- 1 named named 358 11月 15 04:32 augurit.zone 改为named拥有
drwxrwx--- 2 named named 4096 2004-08-26 data
-rw-r--r-- 1 named named 198 2004-08-26 localdomain.zone
-rw-r--r-- 1 named named 195 2004-08-26 localhost.zone
-rw-r--r-- 1 named named 415 2004-08-26 named.broadcast
-rw-r--r-- 1 named named 2518 2004-08-26 named.ca
-rw-r--r-- 1 named named 432 2004-08-26 named.ip6.local
-rw-r--r-- 1 named named 433 2004-08-26 named.local
-rw-r--r-- 1 named named 416 2004-08-26 named.zero
drwxrwx--- 2 named named 4096 2004-07-27 slaves
[root@e4202 named]# cat 2.168.192.zone
$TTL 86400
@ IN SOA dns.augurit.cn. root.mail.augurit.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.augurit.cn.
[root@e4202 named]#
[root@e4202 named]# pwd
/var/named/chroot/var/named DNS配置文件的目录
[root@e4202 named]# ls (cp localhost.zone augurit.zone
cp named.local 2.168.192.zone)复制这两个文件然后配置
2.168.192.zone localdomain.zone named.ca named.zero
augurit.zone localhost.zone named.ip6.local slaves
data named.broadcast named.local
[root@e4202 named]# ll
总用量 88
-rw-r--r-- 1 named named 567 11月 15 05:04 2.168.192.zone 改为named拥有
-rw-r--r-- 1 named named 358 11月 15 04:32 augurit.zone 改为named拥有
drwxrwx--- 2 named named 4096 2004-08-26 data
-rw-r--r-- 1 named named 198 2004-08-26 localdomain.zone
-rw-r--r-- 1 named named 195 2004-08-26 localhost.zone
-rw-r--r-- 1 named named 415 2004-08-26 named.broadcast
-rw-r--r-- 1 named named 2518 2004-08-26 named.ca
-rw-r--r-- 1 named named 432 2004-08-26 named.ip6.local
-rw-r--r-- 1 named named 433 2004-08-26 named.local
-rw-r--r-- 1 named named 416 2004-08-26 named.zero
drwxrwx--- 2 named named 4096 2004-07-27 slaves
[root@e4202 named]# cat 2.168.192.zone
$TTL 86400
@ IN SOA dns.augurit.cn. root.mail.augurit.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.augurit.cn.
202 IN PTR dns.augurit.cn. (202与IP对应)
202 IN PTR web.augurit.cn.
202 IN PTR ftp.augurit.cn.
100 IN PTR www.augurit.cn.
100 IN PTR mail.augurit.cn.
[root@e4202 named]# cat augurit.zone
$TTL 86400
@ IN SOA dns.augurit.cn. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
202 IN PTR web.augurit.cn.
202 IN PTR ftp.augurit.cn.
100 IN PTR www.augurit.cn.
100 IN PTR mail.augurit.cn.
[root@e4202 named]# cat augurit.zone
$TTL 86400
@ IN SOA dns.augurit.cn. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.augurit.cn.
IN MX 5 mail.augurit.cn.
dns IN A 192.168.2.202
www IN A 192.168.2.100
ftp IN A 192.168.2.202
mail IN A 192.168.2.100
web IN A 192.168.2.202
IN MX 5 mail.augurit.cn.
dns IN A 192.168.2.202
www IN A 192.168.2.100
ftp IN A 192.168.2.202
mail IN A 192.168.2.100
web IN A 192.168.2.202
[root@e4202 named]# named-checkzone augurit.cn augurit.zone 测试配置文件正确性
zone augurit.cn/IN: loaded serial 42
OK
[root@e4202 named]# named-checkzone augurit.cn 2.168.192.zone
zone augurit.cn/IN: loaded serial 1997022700
OK
[root@e4202 named]# chkconfig --list named 查看服务是否开启
named 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭
You have new mail in /var/spool/mail/root
[root@e4202 named]# chkconfig --leve named 35 on
--leve: unknown option
[root@e4202 named]# chkconfig --help
chkconfig 版本 1.3.11.2 - 版权 (C) 1997-2000 Red Hat, Inc.
在 GNU 公共许可的条款下,本软件可以被自由发行。
用法: chkconfig --list [name]
chkconfig --add <name>
chkconfig --del <name>
chkconfig [--level <levels>] <name> <on|off|reset>
chkconfig --add <name>
chkconfig --del <name>
chkconfig [--level <levels>] <name> <on|off|reset>
[root@e4202 named]# chkconfig --level 35 named on 更改服务随系统启动
[root@e4202 named]# service named restart
停止 named: [ 确定 ]
启动 named: [ 确定 ]
[root@e4202 named]# service iptables restart 关闭防火墙内网可访问DNS
应用 iptables 防火墙规则: [ 确定 ]
[root@e4202 named]# service iptables stop
清除防火墙规则: [ 确定 ]
把 chains 设置为 ACCEPT 策略:filter [ 确定 ]
正在卸载 Iiptables 模块: [ 确定 ]
[root@e4202 named]# nslookup augurit.cn
Server: 192.168.2.202
Address: 192.168.2.202#53
[root@e4202 named]# service named restart
停止 named: [ 确定 ]
启动 named: [ 确定 ]
[root@e4202 named]# service iptables restart 关闭防火墙内网可访问DNS
应用 iptables 防火墙规则: [ 确定 ]
[root@e4202 named]# service iptables stop
清除防火墙规则: [ 确定 ]
把 chains 设置为 ACCEPT 策略:filter [ 确定 ]
正在卸载 Iiptables 模块: [ 确定 ]
[root@e4202 named]# nslookup augurit.cn
Server: 192.168.2.202
Address: 192.168.2.202#53
*** Can't find augurit.cn: No answer
[root@e4202 named]# nslookup mail.augurit.cn
Server: 192.168.2.202
Address: 192.168.2.202#53
Server: 192.168.2.202
Address: 192.168.2.202#53
Name: mail.augurit.cn
Address: 192.168.2.100
Address: 192.168.2.100
[root@e4202 named]# nslookup 192.168.2.202
Server: 192.168.2.202
Address: 192.168.2.202#53
Server: 192.168.2.202
Address: 192.168.2.202#53
202.2.168.192.in-addr.arpa name =
ftp.augurit.cn.
202.2.168.192.in-addr.arpa name = web.augurit.cn.
202.2.168.192.in-addr.arpa name = dns.augurit.cn.
202.2.168.192.in-addr.arpa name = web.augurit.cn.
202.2.168.192.in-addr.arpa name = dns.augurit.cn.
转载于:https://blog.51cto.com/xiaoyunet/227521
扫一扫
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
