搜索

LINUX

linux下智能DNS配置过程

日期:2015/6/28来源: IT猫扑网

  一、DNS服务器安装

  1、 软件列表

  BIND 9.3.2

  ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

  ftp://ftp.isc.org/isc/bind9/9.4.0a6/bind-9.4.0a6.tar.gz

  2、 安装BIND 9

  安装BIND9:

  # tar zxvf bind-9.3.2.tar.gz

  # cd bind-9.3.2

  # ./configure --prefix=/usr/local/named --disable-ipv6

  # make && make install

  建立BIND用户:

  # groupadd bind

  # useradd -g bind -d /usr/local/named -s /sbin/nologin bind

  创建配置文件目录:

  # mkdir –p /usr/local/named/etc

  # chown bind:bind /usr/local/named/etc

  # chmod 700 /usr/local/named/etc

  二、named.conf的配置

  创建主要的配置文件:

  # vi /usr/local/named/etc/named.conf

  ===========================named.conf=======================

  acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

  options {

  directory "/usr/local/named/etc/";

  pid-file "/var/run/named/named.pid";

  version "0.0.0";

  datasize 40M;

  allow-transfer {

  "trust-lan";};

  recursion yes;

  allow-notify {

  "trust-lan";

  };

  allow-recursion {

  "trust-lan";

  };

  auth-nxdomain no;

  forwarders {

  211.162.106.9;

  211.162.106.254;};

  };

#p#副标题#e#

  logging {

  channel warning

  { file "/var/log/named/dns_warnings" versions 3 size 1240k;

  severity warning;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  channel general_dns

  { file "/var/log/named/dns_logs" versions 3 size 1240k;

  severity info;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  category default { warning; };

  category queries { general_dns; };

  };

  zone "." {

  type hint;

  file "named.root";

  };

  acl "CNC" {

  58.16.0.0/16;

  58.17.0.0/17;

  58.17.128.0/17;

  58.18.0.0/16;

  58.19.0.0/16;

  58.20.0.0/16;

  58.21.0.0/16;

  注:这些根据情况输入IP地址段

  };

  view "view_cnc" {

  match-clients { CNC; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/cnc.def";

  };

  view "view_any" {

  match-clients { any; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/telecom.def";

  };

  添加完成后,保存。

  三、更新根区文件:

  # cd /usr/local/named/etc/

  # wget ftp://ftp.internic.org/domain/named.root

  创建PID和日志文件:

  # mkdir /var/run/named/

  # chmod 777 /var/run/named/

  # chown bind:bind /var/run/named/

  # mkdir /var/log/named/

  # touch /var/log/named/dns_warnings

  # touch /var/log/named/dns_logs

  # chown bind:bind /var/log/named/*

  # mkdir master

  # touch master/cnc.def

  # touch master/telecom.def

#p#副标题#e#

  生成rndc-key:

  # cd /usr/local/named/etc/

  # ../sbin/rndc-confgen > rndc.conf

  把rndc.conf中:

  # Use with the following in named.conf, adjusting the allow list as needed:

  后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

  运行测试:

  # /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

  状态检查:

  # /usr/local/named/sbin/rndc status

  四、建立启动脚本:

  # vi /etc/init.d/named

  ============================== named.sh============================

  #!/bin/bash

  #

  # named a network name service.

  #

  #

  # chkconfig: 545 35 75

  # description: a name server

  #

  if [ `id -u` -ne 0 ]

  then

  echo "ERROR:For bind to port 53,must run as root."

  exit 1

  fi

  case "" in

  start)

  if [ -x /usr/local/named/sbin/named ]; then

  /usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

  fi

  ;;

  stop)

  kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

  ;;

  restart)

  echo .

  echo "Restart BIND9 server"

  stop

  sleep 10

  start

  ;;

  *)

  echo " start | stop | restart"

  ;;

  esac

  ===============================named.sh============================

  # chmod 755 /etc/init.d/named

  # chown root:root /etc/init.d/named

  # chkconfig --add named

  # chkconfig named on

  五、添加一个NS

  在域名的管理网站上,设定NS服务器为你安装的DNS

  六、添加一个域名

  # cd /usr/local/named/etc/master

  # mkdir cnc

  # mkdir telecom

  # vi cnc.def

  添加

  zone "724cn.com" {

  type master;

  file "master/cnc/724cn.com";

  };

  # vi telecom.def

  添加

  zone "724cn.com" {

  type master;

  file "master/telecom/724cn.com";

  };

  添加网通的解析,解析到的IP为61.45.55.78

  #vi cnc/724cn.com

  添加

  $TTL 3600

  $origin 724cn.com.

  @ IN SOA ns.724cn.com. root.ns.724cn.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.724cn.com.

  @ IN A 211.162.106.9

  www IN A 211.162.106.9

  ;

  ;end

  添加电信的解析,解析到的IP为210.75.1.178

  #vi telecom/724cn.com

  添加

#p#副标题#e#

  $TTL 3600

  $ORIGIN 724cn.com.

  @ IN SOA ns.724cn.com. root.ns.724cn.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.724cn.com.

  @ IN A 211.162.106.254

  www IN A 211.162.106.254

  ;

  ;end

  #/usr/local/named/sbin/rndc reload

  OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.

  附:获取IP地址范围方法:

  1、 利用shell程序获取IP地址段

  #!/bin/sh

  FILE=/root/study/apnic/ip_apnic

  rm -f $FILE

  wget

相关文章

相关下载

网友评论

我要评论...
    没有更早的评论了
    取消