因為最近打算把原本的 DNS Server 移到別台機器上,順便把系統和軟體做一下升級。所以先在 VM 中做一下測試及練習。
底下是安裝及設定步驟:
1. 安裝 DNS Server 軟體 bind
# yum install bind* -y
2. 修改設定檔
# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.154.167;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; 192.168.154.0/24; }; ## IP Range ##
allow-transfer { localhost; 192.168.154.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “test.com” IN {
type master;
file “db.test.com”;
allow-update { none; };
};
zone “154.168.192.in-addr.arpa” IN {
type master;
file “db.154.168.192”;
allow-update { none; };
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
[@more@]3. 建立正解和反解的設定檔
# vim /var/named/db.test.com
$TTL 86400
@ IN SOA m2k.test.com. admin.m2k.test.com. (
2013111409 ; serial
86400 ; refresh
1800 ; retry
1728000 ; expire
1200 ; Negative Caching
)
IN NS m2k.test.com.
m2k IN A 192.168.154.167
;@ IN MX 0 mail.test.com.
test.com. IN A 192.168.154.167
;
;
;test.com. IN MX 10 m2k.test.com.
localhost IN A 127.0.0.1
loopback IN CNAME localhost
;mail IN MX 1 m2k.test.com.
www IN A 192.168.154.1
ftp IN CNAME ms1
proxy IN A 192.168.154.250
ms1 IN A 192.168.154.2
bbs IN CNAME ms1
m2k IN A 192.168.154.167
# vim /var/named/db.154.168.192
$TTL 86400
@ IN SOA m2k.test.com. root.m2k.test.com. (
2013111409 ; serial
28800 ; refresh
14400 ; retry
720000 ; expire
86400 ; Negative Caching
)
@ IN NS localhost.localdomain.
;
167 IN PTR m2k.test.com.
1 IN PTR www.test.com.
2 IN PTR ms1.test.com.
250 IN PTR proxy.test.com.
4 IN PTR disk.test.com.
4. 改變檔案擁有者
# chown named:named /var/named/db.*
5. 檢查設定檔
# named-checkconf /etc/named.conf
# named-checkzone test.com /var/named/db.test.com
zone test.com/IN: loaded serial 2013111409
OK
# named-checkzone test.com /var/named/db.154.168.192
zone test.com/IN: loaded serial 2013111409
OK
4. 啟動 DNS Server
# service named start
5. 設定開機時啟動 DNS Server
# chkconfig –level 3 named on
測試 DNS Server
# dig m2k.test.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> m2k.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26409
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;m2k.test.com. IN A
;; ANSWER SECTION:
m2k.test.com. 86400 IN A 192.168.154.167
;; AUTHORITY SECTION:
test.com. 86400 IN NS m2k.test.com.
;; ADDITIONAL SECTION:
m2k.test.com. 86400 IN AAAA 2001:288:a229:1::167
;; Query time: 0 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:02 2013
;; MSG SIZE rcvd: 88
# dig 192.168.154.167
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> 192.168.154.167
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.154.167. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013111401 1800 900 604800 86400
;; Query time: 174 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:26 2013
;; MSG SIZE rcvd: 108
# host free.test.com
free.test.com has address 192.168.154.100
free.test.com has IPv6 address 2001:288:a229:1::100
# host 192.168.154.100
100.154.168.192.in-addr.arpa domain name pointer free.test.com.