IT貓撲網(wǎng):您身邊最放心的安全下載站! 最新更新|軟件分類|軟件專題|手機(jī)版|論壇轉(zhuǎn)貼|軟件發(fā)布

您當(dāng)前所在位置: 首頁操作系統(tǒng)LINUX → linux下智能DNS配置過程

linux下智能DNS配置過程

時(shí)間:2015-06-28 00:00:00 來源:IT貓撲網(wǎng) 作者:網(wǎng)管聯(lián)盟 我要評(píng)論(0)

  一、DNS服務(wù)器安裝

  1、 軟件列表

  BIND 9.3.2

  ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

  ftp://ftp.isc.org/isc/bind9/9.4.0a6/bind-9.4.0a6.tar.gz

  2、 安裝BIND 9

  安裝BIND9:

  # tar zxvf bind-9.3.2.tar.gz

  # cd bind-9.3.2

  # ./configure --prefix=/usr/local/named --disable-ipv6

  # make && make install

  建立BIND用戶:

  # groupadd bind

  # useradd -g bind -d /usr/local/named -s /sbin/nologin bind

  創(chuàng)建配置文件目錄:

  # mkdir –p /usr/local/named/etc

  # chown bind:bind /usr/local/named/etc

  # chmod 700 /usr/local/named/etc

  二、named.conf的配置

  創(chuàng)建主要的配置文件:

  # vi /usr/local/named/etc/named.conf

  ===========================named.conf=======================

  acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

  options {

  directory "/usr/local/named/etc/";

  pid-file "/var/run/named/named.pid";

  version "0.0.0";

  datasize 40M;

  allow-transfer {

  "trust-lan";};

  recursion yes;

  allow-notify {

  "trust-lan";

  };

  allow-recursion {

  "trust-lan";

  };

  auth-nxdomain no;

  forwarders {

  211.162.106.9;

  211.162.106.254;};

  };

#p#副標(biāo)題#e#

  logging {

  channel warning

  { file "/var/log/named/dns_warnings" versions 3 size 1240k;

  severity warning;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  channel general_dns

  { file "/var/log/named/dns_logs" versions 3 size 1240k;

  severity info;

  print-category yes;

  print-severity yes;

  print-time yes;

  };

  category default { warning; };

  category queries { general_dns; };

  };

  zone "." {

  type hint;

  file "named.root";

  };

  acl "CNC" {

  58.16.0.0/16;

  58.17.0.0/17;

  58.17.128.0/17;

  58.18.0.0/16;

  58.19.0.0/16;

  58.20.0.0/16;

  58.21.0.0/16;

  注:這些根據(jù)情況輸入IP地址段

  };

  view "view_cnc" {

  match-clients { CNC; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/cnc.def";

  };

  view "view_any" {

  match-clients { any; };

  zone "." {

  type hint;

  file "named.root";

  };

  zone "0.0.127.IN-ADDR.ARPA" {

  type master;

  file "localhost.rev";

  };

  include "master/telecom.def";

  };

  添加完成后,保存。

  三、更新根區(qū)文件:

  # cd /usr/local/named/etc/

  # wget ftp://ftp.internic.org/domain/named.root

  創(chuàng)建PID和日志文件:

  # mkdir /var/run/named/

  # chmod 777 /var/run/named/

  # chown bind:bind /var/run/named/

  # mkdir /var/log/named/

  # touch /var/log/named/dns_warnings

  # touch /var/log/named/dns_logs

  # chown bind:bind /var/log/named/*

  # mkdir master

  # touch master/cnc.def

  # touch master/telecom.def

#p#副標(biāo)題#e#

  生成rndc-key:

  # cd /usr/local/named/etc/

  # ../sbin/rndc-confgen > rndc.conf

  把rndc.conf中:

  # Use with the following in named.conf, adjusting the allow list as needed:

  后面以的部分加到/usr/local/named/etc/named.conf中并去掉注釋

  運(yùn)行測試:

  # /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

  狀態(tài)檢查:

  # /usr/local/named/sbin/rndc status

  四、建立啟動(dòng)腳本:

  # vi /etc/init.d/named

  ============================== named.sh============================

  #!/bin/bash

  #

  # named a network name service.

  #

  #

  # chkconfig: 545 35 75

  # description: a name server

  #

  if [ `id -u` -ne 0 ]

  then

  echo "ERROR:For bind to port 53,must run as root."

  exit 1

  fi

  case "" in

  start)

  if [ -x /usr/local/named/sbin/named ]; then

  /usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

  fi

  ;;

  stop)

  kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

  ;;

  restart)

  echo .

  echo "Restart BIND9 server"

  stop

  sleep 10

  start

  ;;

  *)

  echo " start | stop | restart"

  ;;

  esac

  ===============================named.sh============================

  # chmod 755 /etc/init.d/named

  # chown root:root /etc/init.d/named

  # chkconfig --add named

  # chkconfig named on

  五、添加一個(gè)NS

  在域名的管理網(wǎng)站上,設(shè)定NS服務(wù)器為你安裝的DNS

  六、添加一個(gè)域名

  # cd /usr/local/named/etc/master

  # mkdir cnc

  # mkdir telecom

  # vi cnc.def

  添加

  zone "724cn.com" {

  type master;

  file "master/cnc/724cn.com";

  };

  # vi telecom.def

  添加

  zone "724cn.com" {

  type master;

  file "master/telecom/724cn.com";

  };

  添加網(wǎng)通的解析,解析到的IP為61.45.55.78

  #vi cnc/724cn.com

  添加

  $TTL 3600

  $ORIGIN 724cn.com.

  @ IN SOA ns.724cn.com. root.ns.724cn.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.724cn.com.

  @ IN A 211.162.106.9

  www IN A 211.162.106.9

  ;

  ;end

  添加電信的解析,解析到的IP為210.75.1.178

  #vi telecom/724cn.com

  添加

#p#副標(biāo)題#e#

  $TTL 3600

  $ORIGIN 724cn.com.

  @ IN SOA ns.724cn.com. root.ns.724cn.com.(

  2005121013 ;Serial

  3600 ; Refresh ( seconds )

  900 ; Retry ( seconds )

  68400 ; Expire ( seconds )

  15 );Minimum TTL for Zone ( seconds )

  ;

  @ IN NS ns.724cn.com.

  @ IN A 211.162.106.254

  www IN A 211.162.106.254

  ;

  ;end

  #/usr/local/named/sbin/rndc reload

  OK,到此你的DNS服務(wù)器就算是跑起來了。試一下分別用網(wǎng)通和電信的線路ping一下吧.

  附:獲取IP地址范圍方法:

  1、 利用shell程序獲取IP地址段

  #!/bin/sh

  FILE=/root/study/apnic/ip_apnic

  rm -f $FILE

  wget 關(guān)鍵詞標(biāo)簽:linux,DNS配置

相關(guān)閱讀

文章評(píng)論
發(fā)表評(píng)論

熱門文章 安裝紅帽子RedHat Linux9.0操作系統(tǒng)教程 安裝紅帽子RedHat Linux9.0操作系統(tǒng)教程 Tomcat9.0如何安裝_Tomcat9.0環(huán)境變量配置方法 Tomcat9.0如何安裝_Tomcat9.0環(huán)境變量配置方法 多種操作系統(tǒng)NTP客戶端配置 多種操作系統(tǒng)NTP客戶端配置 Linux操作系統(tǒng)修改IP Linux操作系統(tǒng)修改IP

相關(guān)下載

    人氣排行 Linux下獲取CPUID、硬盤序列號(hào)與MAC地址 dmidecode命令查看內(nèi)存型號(hào) linux tc實(shí)現(xiàn)ip流量限制 安裝紅帽子RedHat Linux9.0操作系統(tǒng)教程 linux下解壓rar文件 lcx.exe、nc.exe、sc.exe入侵中的使用方法 Ubuntu linux 關(guān)機(jī)、重啟、注銷 命令 查看linux服務(wù)器硬盤IO讀寫負(fù)載