文本界面下配置LINUX DNS伺服器
假設你的域名是mail.com.cn,你的IP是10.79.0.110。
一、與DNS有關的幾個文件:
1、/etc/hosts
# TurboLinux /etc/hosts table
# This file contains hostname/IP lookup information.
# This file is (usually) queried before DNS or NIS.
# Current /etc/hosts generated by turbonetcfg.
# Generated on: Mon Jun 24 20:33:31 2002
10.79.0.110 mail.mail.com.cn mail
127.0.0.1 localhost.localdomain localhost
# End of /etc/hosts
2、/etc/host.conf
order hosts,bind
multi on
3、/etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# See man hosts_access(5) for details.
#
# The settings in /etc/hosts.allow take precedence over the those in
# /etc/hosts.deny.
#
# Note: The tcp_wrappers (configured by /etc/hosts.allow and /etc/hosts.deny)
# only affect services that are called via /usr/sbin/tcpd. Check out
# /etc/inetd.conf to find out if a service started by inetd goes through
# tcp_wrappers.
# Some services are not started via inetd and still use
# tcp_wrappers (e.g. sshd, portmap (nfs) -- see below for sample setups).
#
# Examples of services which usually run as stand alone servers and
# don't make use of tcp_wrappers are Apache and Sendmail.
#
# Note2: Security scanners like nmap(1) will report blocked services as being
# open, because an initial connection is always established and only
# dropped later, if the connection is not approved by the tcp_wrappers
# configuration.
################################################################################
# Local host
# Allow all requests from localhost
ALL : 127.0.0.1
################################################################################
# Telnet
# Allow telnet logins from sample.foobar.edu
# Warning: telnet is inherently insecure as a protocol. All network traffic,
# including authentication information (login and password) are transmitted
# as clear text. Use secure alternatives (e.g. ssh).
#in.telnetd: sample.foobar.edu # ProFTP (standard TurboLinux ftp server)
# Allow proftpd (TurboLinux default ftp daemon) logins from sample.foobar.edu
# Warning: the authentication information for ftp goes as clear text over
# the net. This is especially dangerous if the same login/password combination
# can be used for any shell logins (telnet, ssh). Make sure remote ftp users
# don't have a shell login.
#in.proftpd: sample.foobar.edu
################################################################################
# Portmap (required for an nfs server)
# Allow connects to portmap from sample.foobar.edu. This is required if you
# want to provide nfs services.
#portmap: sample.foobar.edu
################################################################################
# ssh
# Allow connets to sshd from sample.foobar.edu.
#sshd: sample.foobar.edu
################################################################################
# Allow all requests from hosts in .foobar.edu with one exception (notice the
# leading dot)
#ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
sshd : ALL
4、/etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# See man hosts_access(5) for more information.
#ALL: ALL
5、/etc/named.boot
;
; a caching only nameserver config
;
directory /var/named
cache . named.ca
primary mail.com.cn named.mail
primary 0.0.127.in-addr.arpa named.local
primary 0.79.10.in-addr.arpa named.110
forwarders { 10.79.1.1 };上一級DNS
6、/etc/named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
pid-file "named.pid";
};
//
// a caching only nameserver config
//
zone "." IN {type hint;
file "named.ca";
};
zone "mail.com.cn" IN {
type master;
file "named.mail";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "0.79.10.in-addr.arpa" IN {
notify no;
type master;
file "named.110";
};
forwarders { 10.79.1.1 };上一級DNS
7、/etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus files
#networks: nisplus files
#protocols: nisplus files
#rpc: nisplus files
#ethers: nisplus files
#netmasks: nisplus files
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files
8、/var/named/named.ca (該文件名對應於/etc/named.conf里的文件名)
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC registration services
; under anonymous FTP as
; file /domain/named.root
; on server FTP.RS.INTERNIC.NET
; -OR- under Gopher at RS.INTERNIC.NET
; under menu InterNIC Registration Services (NSI)
; submenu InterNIC Registration Archives
; file named.root
;
; last update: Aug 22, 1997
; related version of root zone: 1997082200
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; temporarily housed at ISI (IANA)
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
9、/var/named/named.110 (該文件名對應於/etc/named.conf里的文件名)
$TTL 86400
@ IN SOA @ root.mail.com.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS mail.mail.com.cn.
110 PTR mail.mail.com.cn.
110 PTR www.mail.com.cn.
10、/var/named/named.local (該文件名對應於/etc/named.conf里的文件名)
$TTL 86400
@ IN SOA @ root.localhost (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS localhost.
;@ IN A 127.0.0.1
1 IN PTR localhost.
11、/var/named/named.mail (該文件名對應於/etc/named.conf里的文件名)
$TTL 86400
@ IN SOA mail.mail.com.cn. root.mail.com.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS mail.mail.com.cn.
@ IN NS www.mail.com.cn.
@ IN MX 1 mail.mail.com.cn.
@ IN MX 2 www.mail.com.cn.
localhost IN A 127.0.0.1
mail IN A 10.79.0.110
;ftp A 10.79.0.110
www IN A 10.79.0.110
@ IN A 10.79.0.110
;
;www CNAME www.mail.com.cn.
;mail CNAME mail.mail.com.cn.
;ftp CNAME ftp.mail.com.cn.
;dns CNAME dns.mail.com.cn.
; 1 IN PTR localhost.
二、DNS的啟動和測試
有三種方式來啟動:
1、/etc/named start
2、/etc/ndc start
3、/usr/sbin/turboservice
測試用nslookup看能否啟動:
# nslookup
Default Server: mail.mail.com.cn
Address: 10.79.0.110
> 10.79.0.110
Server: mail.mail.com.cn
Address: 10.79.0.110
Name: mail.mail. com.cn
Address: 10.79.0.110
> mail.mail.com.cn
Server: mail.mail.com.cn
Address: 10.79.0.110
Name: mail.mail.com.cn
Address: 10.79.0.110
至此,DNS正向和反向解析均已正常,配置成功!
《解決方案》
謝謝。
《解決方案》
8keqi
