BIND安裝配置(主從) 主: 我採用的是yum安裝 #yum -y install bind* 生成rndc控制命令的key文件 # sbin/rndc-confgen > /etc/rndc.conf 從rndc.conf文件中提取named.conf用的key # cd /etc # tail -10 rndc.conf | head -9 | sed s/#\ //g > /var/named/chroot/etc/named.conf 自動在/var/named/chroot/etc下生成named.conf文件 進入/var/named/chroot/etc # cd /var/named/chroot/etc 現在named.conf文件中有了rndc-key區段 # more named.conf key "rndc-key" { algorithm hmac-md5; secret "Nd0nLoL8t4Mv0iSpqP1noA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; 然後我們來完善它: #vi named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; zone "learningsky.org" IN { type master; file "learningsky.zone"; allow-transfer { 192.168.22.155 ; }; notify yes; also-notify { 192.168.22.155 ; }; //使用notify指令會自動通知所有這個域的所有在ns記錄上的機器,also-notify指令可以用來通知所有不在ns記錄上的dns伺服器. }; zone "22.168.192.in-addr.arpa" IN { type master; file "22.168.192"; allow-transfer { 192.168.22.155 ; }; notify yes; also-notify { 192.168.22.155 ; }; }; key "rndc-key" { algorithm hmac-md5; secret "Nd0nLoL8t4Mv0iSpqP1noA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; 進入/var/named/chroot/var/named # cd /var/named/chroot/var/named 建立localhost.zone文件 #vi localhost.zone $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 建立named.local文件 #vi named.local $TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost. dig命令直接生成named.ca文件 #dig > named.ca 建立learningsky.org域名正向解析文件 #vi learningsky.zone $TTL 86400 $ORIGIN learningsky.org. @ 1D IN SOA dns.learningsky.org. root.mail.learningsky.org. ( 1053891162 3H 15M 1W 1D ) 1D IN NS dns.learningsky.org. 1D IN MX 5 mail.learningsky.com. dns IN A 192.168.22.150 mail IN A 192.168.22.150 www IN A 192.168.22.150 建立learningsky.org域名反向解析文件 #vi 22.168.192 $TTL 86400 @ IN SOA dns.learningsky.org. root.mail.learningsky.org.( 20031001; 7200; 3600; 43200; 86400); @ IN NS dns.learningsky.org. 150 IN PTR dns.learningsky.org. 150 IN PTR mail.learningsky.org. 150 IN PTR www.learningsky.org. #netstat -an |grep :53 tcp 0 0 192.168.22.150:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN udp 0 0 192.168.22.150:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* 修給reslov.conf #vi /etc/reslov.conf nameserver 192.168.22.150 search learningsky.org # ps -aux|grep named Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ named 13310 0.0 0.5 38160 2900 ? Ssl 14:53 0:00 /usr/sbin/named -u named -t /var/named/chroot root 13375 0.0 0.1 5212 688 pts/1 R+ 16:08 0:00 grep named #more nsswitch.conf # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus files #networks: nisplus files #protocols: nisplus files #rpc: nisplus files #ethers: nisplus files #netmasks: nisplus files bootparams: nisplus files ethers: files netmasks: files networks: files # more host.conf order hosts,bind 啟動named /# usr/local/sbin/named 測試DNS # nslookup >www.learningsky.org Server: 192.168.22.150 Address: 192.168.22.150#53 Name: www.learningsky.org Address: 192.168.0.244 >192.168.22.250 Server: 192.168.22.250 Address: 192.168.22.250#53 150.22.168.192.in-addr.arpa name = dns.learningsky.org. 150.22.168.192.in-addr.arpa name = www.learningsky.org. 150.22.168.192.in-addr.arpa name = mail.learningsky.org. >set type=MX >learningsky.org Server: 192.168.22.150 Address: 192.168.22.150#53 learningsky.org mail exchanger = 5 mail.learningsky.com. >exit 主DNS配置完成。 從: 安裝跟主的一樣,不同的就是named.conf named.conf內容: options { directory "/var/named"; }; zone "." IN { type hint; file "named.root"; }; zone "localhost" IN { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; zone "learningsky.org" IN { type slave; file "learningsky.zone"; masters { 192.168.22.150; }; }; zone "22.168.192.in-addr.arpa" IN { type slave; file "22.168.192"; masters { 192.168.22.150; }; }; key "rndc-key" { algorithm hmac-md5; secret "80hKqo5bkGMAqHqeAlaLCA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; 註: 1、主從同步的兩台機器要在同一個時區,時間相差不要太大。 2、主的dns伺服器在修改了正向解析文件跟反向分解析文件時,要修改相應的 serial(通常是加數值,這個值必須主的要大於從的,要不同步不了) 3、/var/named/chroot這個文件的宿主要是named,不是那許可權other也要是7 4、紅色字體一定要注意,同步關鍵……
[火星人
]
BIND安裝配置(主從) 已經有483 次圍觀
本文地址: http://coctec.com/docs/service/show-post-14428.html