假設你的域名是mail.com.cn,你的IP是10.0.0.100。 一、與DNS有關的幾個文件: 1、/etc/hosts # TurboLinux /etc/hosts table # This file contains hostname/IP lookup information. # This file is (usually) queried before DNS or NIS. # Current /etc/hosts generated by turbonetcfg. # Generated on: Mon Jun 24 20:33:31 2002
10.0.0.100 mail.mail.com.cn mail 127.0.0.1 localhost.localdomain localhost
# End of /etc/hosts
2、/etc/host.conf order hosts,bind multi on
3、/etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # See man hosts_access(5) for details. # # The settings in /etc/hosts.allow take precedence over the those in # /etc/hosts.deny. # # Note: The tcp_wrappers (configured by /etc/hosts.allow and /etc/hosts.deny) # only affect services that are called via /usr/sbin/tcpd. Check out # /etc/inetd.conf to find out if a service started by inetd goes through # tcp_wrappers. # Some services are not started via inetd and still use # tcp_wrappers (e.g. sshd, portmap (nfs) -- see below for sample setups). # # Examples of services which usually run as stand alone servers and # don't make use of tcp_wrappers are Apache and Sendmail. # # Note2: Security scanners like nmap(1) will report blocked services as being # open, because an initial connection is always established and only # dropped later, if the connection is not approved by the tcp_wrappers # configuration.
################################################################################ # Local host # Allow all requests from localhost
# Allow telnet logins from sample.foobar.edu # Warning: telnet is inherently insecure as a protocol. All network traffic, # including authentication information (login and password) are transmitted # as clear text. Use secure alternatives (e.g. ssh).
# Allow proftpd (TurboLinux default ftp daemon) logins from sample.foobar.edu # Warning: the authentication information for ftp goes as clear text over # the net. This is especially dangerous if the same login/password combination # can be used for any shell logins (telnet, ssh). Make sure remote ftp users # don't have a shell login.
#in.proftpd: sample.foobar.edu
################################################################################ # Portmap (required for an nfs server)
# Allow connects to portmap from sample.foobar.edu. This is required if you # want to provide nfs services.
#portmap: sample.foobar.edu
################################################################################ # ssh # Allow connets to sshd from sample.foobar.edu.
#sshd: sample.foobar.edu
################################################################################ # Allow all requests from hosts in .foobar.edu with one exception (notice the # leading dot)
#ALL: .foobar.edu EXCEPT terminalserver.foobar.edu sshd : ALL
4、/etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # See man hosts_access(5) for more information.
6、/etc/named.conf // generated by named-bootconf.pl
options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; pid-file "named.pid"; };
// // a caching only nameserver config // zone "." IN {type hint; file "named.ca"; }; zone "mail.com.cn" IN { type master; file "named.mail"; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; zone "0.79.10.in-addr.arpa" IN { notify no; type master; file "named.110"; }; forwarders { 10.79.1.1 };上一級DNS 7、/etc/nsswitch.conf # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # Stop searching if not found so far #
# To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis
passwd: files shadow: files group: files
#hosts: db files nisplus nis dns hosts: files dns
# Example - obey only what nisplus tells us... #services: nisplus files #networks: nisplus files #protocols: nisplus files #rpc: nisplus files #ethers: nisplus files #netmasks: nisplus files
8、/var/named/named.ca (該文件名對應於/etc/named.conf里的文件名) ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC registration services ; under anonymous FTP as ; file /domain/named.root ; on server FTP.RS.INTERNIC.NET ; -OR- under Gopher at RS.INTERNIC.NET ; under menu InterNIC Registration Services (NSI) ; submenu InterNIC Registration Archives ; file named.root ; ; last update: Aug 22, 1997 ; related version of root zone: 1997082200 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10 ; ; housed in LINX, operated by RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ; ; temporarily housed at ISI (IANA) ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 ; ; housed in Japan, operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 ; End of File
9、/var/named/named.110 (該文件名對應於/etc/named.conf里的文件名) $TTL 86400 @ IN SOA @ root.mail.com.cn. (
10、/var/named/named.local (該文件名對應於/etc/named.conf里的文件名) $TTL 86400 @ IN SOA @ root.localhost ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS localhost. ;@ IN A 127.0.0.1 1 IN PTR localhost.
11、/var/named/named.mail (該文件名對應於/etc/named.conf里的文件名) $TTL 86400 @ IN SOA mail.mail.com.cn. root.mail.com.cn. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS mail.mail.com.cn. @ IN NS www.mail.com.cn. @ IN MX 1 mail.mail.com.cn. @ IN MX 2 www.mail.com.cn. localhost IN A 127.0.0.1 mail IN A 10.0.0.100 ;ftp A 10.0.0.100 www IN A 10.0.0.100 @ IN A 10.0.0.100 ; ;www CNAME www.mail.com.cn. ;mail CNAME mail.mail.com.cn. ;ftp CNAME ftp.mail.com.cn. ;dns CNAME dns.mail.com.cn. ; 1 IN PTR localhost.