1.安裝包
yum install bind* -y
yum install bind-chroot -y
[root@localhost ~]# /etc/init.d/named restart
Stopping named: [ OK ]
Generating /etc/rndc.key:^C
[root@localhost ~]#
[root@localhost ~]# rndc-confgen -r /dev/urandom -a 運作這指令導入rndc key
wrote key file "/etc/rndc.key"
Starting named: [ OK ]
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost example.com.zone 一定是小寫p
[root@localhost named]# vim example.com.zone
$TTL 1D
@ IN SOA @ cc.163.com. ( 這裡最後一個點不能少
0 ; serial 這些
1D ; refresh 東西
1H ; retry 不
1W ; expire 要
3H ) ; minimum 動
NS @
A 192.168.122.22 自己的IP
www A 1.1.1.1
aa A 2.2.2.2
* A 2.2.250.250
bbs CNAME www 這是别名,www.example.com和bbs.example.com的IP一樣
[root@localhost named]# vim /var/named/chroot/etc/named.conf
options {
listen-on port 53 { 192.168.122.22; }; 改成自己的IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; 改為any
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
forwarders { 192.168.122.1; }; 如果本DNS解析不裡,先不去13台跟DNS找,而是先去192.168.122.1這個DNS上找
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
zone "." IN {
type hint;
file "named.ca";
zone "example.com"IN{ 這三行是加的,在include "/etc/named.rfc1912.zones";上面添加的,不要多空格
type master;
file "example.com.zone";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@localhost named]# /etc/init.d/named restart
[root@localhost named]# cat /etc/resolv.conf 改DNS
# Generated by NetworkManager
nameserver 192.168.122.22
[root@localhost named]# dig aa.example.com 驗證,注意防火牆,selinux
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> aa.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;aa.example.com. IN A
;; ANSWER SECTION:
aa.example.com. 86400 IN A 2.2.2.2
;; AUTHORITY SECTION:
example.com. 86400 IN NS example.com.
;; ADDITIONAL SECTION:
example.com. 86400 IN A 192.168.122.22
;; Query time: 1 msec
;; SERVER: 192.168.122.22#53(192.168.122.22)
;; WHEN: Sat Mar 16 21:37:25 2013
;; MSG SIZE rcvd: 78
主從DNS,
在主DNS中
[root@vm1 named]# vim /var/named/chroot/etc/named.conf
# listen-on port 53 { 192.168.122.11; }; 将這行用#注釋掉
allow-query { localhost ; localnets; }; 改為這個
forwarders { 192.168.122.1; };
/* Path to ISC DLV key */
zone "example.com"IN {
allow-transfer { 192.168.122.22; }; 從DNS的IP
also-notify { 192.168.122.22;};
[root@vm1 named]# /etc/init.d/named restart
從DNS配置,安裝包後,
[root@localhost slaves]# cat /etc/named.conf
//
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
# listen-on port 53 { 127.0.0.1; };注釋掉
allow-query { localhost;localnets; }; 改成這個
zone "example.com"IN { 這幾行加在最後面
type slave;
masters { 192.168.122.11 ;};主DNS的IP
file "slaves/example.com.zone"; 生成檔案儲存位置
本文轉自 369藍寶 51CTO部落格,原文連結:http://blog.51cto.com/3739387/1156104,如需轉載請自行聯系原作者