環境:CentOS 6.3
需求:建立example.com域用於內部和外部查詢,內網環境192.168.88.0/24,10.1.0.0/16
1.安裝
yum install bind //沒安裝chroot
2.主配置文件
/etc/named.conf //主配置文件
vi /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named"; //此配置文件中區域文件的存放路徑
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" { //建立內部查詢視圖
match-clients { 192.168.0.0/16; 10.1.0.0/16; }; //指定允許查詢主機
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "example.com.zone.internal";
};
zone "88.168.192.in-addr.arpa" IN { //注意反向區域的命名寫法,我之前就錯誤的寫成0.88168.192.in-addr.arpa
type master;
file "88.168.192.zone";
};
include "/etc/named.rfc1912.zones"; //如果有include的話,要包括在每個view裡
include "/etc/named.root.key";
};
view "external" {
match-clients { any; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "example.com.zone.external";
};
zone "1.100.202.in-addr.arpa" IN {
type master;
file "1.100.202.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
3.建立區域配置文件
cp –p /var/named/named.empty /var/named/example.com.zone.internal
cp –p /var/named/named.empty /var/named/example.com.zone.external
cp –p /var/named/named.empty /var/named/88.168.192.zone
cp –p /var/named/named.empty /var/named/1.100.202.zone //注意帶上-p保持文件屬性
example.com.zone.internal //internal view的正向區域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial //序列號注意修改配置後增加此值
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
IN MX 5 mail.example.com.
ns1 IN A 192.168.88.110
mail IN A 192.168.88.111
www IN A 192.168.88.112
bbs IN CNAME www
example.com.zone.external //external view正向區域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
ns1 IN A 202.100.1.110
88.168.192.zone //internal view的反向區域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
110 IN PTR ns1.example.com.
1.100.202.zone //external view的反向區域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
110 IN PTR ns1.example.com.
4.配置檢查
named-checkconf /etc/named.conf
named-checkzone example.com /var/named/example.com.zone.internal
named-checkzone example.com /var/named/example.com.zone.external
named-checkzone 88.168.192.in-addr.arpa 88.168.192.zone
named-checkzone 1.100.202.in-addr.arpa 1.100.202.zone
5.啟動服務
service named start
6.打開防火牆
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT //注意UDP一定也要打開
7.注冊系統服務
chkconfig –level 35 named on
8.修改本機DNS配置 //注意不要直接修改/etc/resolver
vi /etc/sysconfig/network-script/ifcfg-eth0
DNS1=127.0.0.1
9.重啟network服務
service network restart
測試
C:\>nslookup
Default Server: ns1.example.com
Address: 192.168.88.110
> example.com
Server: ns1.example.com
Address: 192.168.88.110
Name: example.com
> 192.168.88.110
Server: ns1.example.com
Address: 192.168.88.110
Name: ns1.example.com
Address: 192.168.88.110
更多CentOS相關信息見CentOS 專題頁面 http://www.linuxidc.com/topicnews.aspx?tid=14