在CentOS5.2上搭建DNS服务器
在CentOS5.2上搭建DNS服务器
安装环境
操作系统: CentOS release 5.2 (Final)
Kernel: 2.6.18-92.el5
软件列表
bind-9.6.0-P1.tar.gz
openssl-0.9.8k.tar.gz
软件存放位置
/data/software
安装过程
# groupadd -g 710 named
# useradd named -u 710 -g named
# mkdir /var/named
# mkdir /var/log/named
# chown -R named.named /var/named
# chown -R named.named /var/log/named
# cd /data/software/pkg
# tar zxvf ../openssl-0.9.8k.tar.gz
# cd openssl-0.9.8k
# ./config
# make && make install
# cd ..
# tar zxvf ../bind-9.6.0-P1.tar.gz
# cd bind-9.6.0-P1
# ./configure --prefix=/usr/local/named --with-openssl=/usr/local/ssl
# make && make install
# wget --user=ftp --password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/db.root
/usr/local/named/sbin/rndc-confgen -a (生成的rndc.key文件位于/usr/local/named/etc/目录下)
chmod 640 /usr/local/named/etc/rndc.key
创建rndc.conf文件(注意修改secret的值为生成的rndc.key里面的值)
vi /usr/local/named/etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "BU85w6Rh3CvEmpYxARYdUw==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
配置过程
编辑全局控制配置文件
# vi /var/named/named.conf.options;
options {
//监听端口及IP
listen-on port 53 { 192.168.1.11; };
//bind根文件目录
directory "/var/named";
//控制允许请求
allow-query { any; };
//允许转发,填slave服务器IP
allow-transfer { 192.168.1.12; };
// 如果想做DNS Cache服务器可以打开forwarders,并设置为ISP提供的DNS服务器地址
// forwarders {
// 0.0.0.0;
// };
};
编辑bind配置文件(注意修改secret的值为生成的rndc.key里面的值)
# vi /var/named/named.conf
include "/var/named/named.conf.options";
key rndc-key {
algorithm hmac-md5;
secret "BU85w6Rh3CvEmpYxARYdUw==";
};
controls {
inet * port 953 allow { localhost; } keys { rndc-key; };
};
zone "." {
type hint;
file "db.root";
};
zone "test.com" {
type master;
file "test.com.zone";
};
//反解,如果需要的话
zone "1.168.192.in-addr.arpa" {
type master;
file "test.com.rr.zone";
};
//记录日志方便排查问题
logging {
channel debug_log {
file "/var/log/named/named.log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries{
debug_log;
};
category default{
debug_log;
};
category update{
debug_log;
};
};
编辑域名解析zone文件
# vi /var/named/test.com.zone
$TTL 86400
@ IN SOA ns.test.com. kevin.yu.test.com. (
2009050402 ; serial
3600 ; refresh
600 ; retry
604800 ; expire
86400 ; ttl
)
IN NS ns.test.com.
IN NS ns1.test.com.
IN MX 10 mail.test.com.
IN A 192.168.1.10
www IN A 192.168.1.10
mail IN A 192.168.1.8
ns IN A 192.168.1.11
ns1 IN A 192.168.1.12
编辑反向解析文件
# vi /var/named/test.com.rr.zone
$TTL 86400
@ IN SOA ns.test.com. kevin.yu.test.com. (
2009042400 ; serial
10800 ; refresh after 3 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
IN NS ns.test.com.
IN MX 10 mail.test.com.
10 IN PTR www.test.com.
8 IN PTR mail.test.com.
11 IN PTR ns.test.com.
12 IN PTR ns1.test.com.
全部编辑完成以后启动bind
# /usr/local/named/sbin/named -u named -c /var/named/named.conf
配置Slave服务器
编辑全局控制配置文件
# vi /var/named/named.conf.options";
options {
listen-on port 53 { 192.168.1.12; };
directory "/var/named";
allow-query { any; };
};
编辑bind配置文件(注意修改secret的值为生成的rndc.key里面的值)
# vi /var/named/named.conf
include "/var/named/named.conf.options";
key rndc-key {
algorithm hmac-md5;
secret "BU85w6Rh3CvEmpYxARYdUw==";
};
controls {
inet * port 953 allow { localhost; } keys { rndc-key; };
};
zone "." {
type hint;
file "db.root";
};
zone "test.com" {
type slave;
masters {
192.168.1.11;
};
file "test.com.zone";
};
//反解,如果需要的话
zone "1.168.192.in-addr.arpa" {
type slave;
masters {
192.168.1.11;
};
file "test.com.rr.zone";
};
//记录日志方便排查问题
logging {
channel debug_log {
file "/var/log/named/named.log" versions 3 size 20m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries{
debug_log;
};
category default{
debug_log;
};
category update{
debug_log;
};
};
配置完成后启动bind
# /usr/local/named/sbin/named -u named -c /var/named/named.conf
如果配置成功,slave服务器上就会自动同步生成对应的zone文件
目录 返回
首页