從零開始部署bind9伺服器之三: 配置192.168.1.101
在192.168.1.101上配置test.com.域和1.168.192反向域,以及授權192.168.1.103為ops.test.com.子域的DNS伺服器
一、安裝bind9:
yum install -y bind
二、修改主配置檔案並啟動named服務:
cp /etc/named.conf{,.back} //先做備份
vim /etc/named.conf
chkconfig --level 35 named on //設定開機啟動
service named start
驗證:
ip route del default//刪除預設閘道器,使192.168.1.101自己不能上外網
dig -t A [email protected]
//驗證是否會將請求轉發給192.168.1.104
三、配置test.com.域:
cp /etc/named.rfc1912.zones{,.back} //先備份
vim /etc/named.rfc1912.zones //新增正向域
vim /var/named/test.com.zone
chown :named /var/named/test.com.zone
chmod 640 /var/named/test.com.zone //修改資源庫許可權
rndc reload //過載配置檔案
驗證:
在192.168.1.0/24主機上操作
dig -t A www.test.com @192.168.1.101
dig -t MX test.com @192.168.1.101
dig -t A ftp.test.com @192.168.1.101
在非192.168.1.0/24主機上操作
dig -t A www.test.com @192.168.1.101
dig -t A www.baidu.com @192.168.1.101
四、配置1.168.192反向域:
cp /etc/named.rfc1912.zones{,.back} //備份一下
vim /etc/named.rfc1912.zones
vim /var/named/192.168.1.zone
chown :named /var/named/192.168.1.zone
chmod 640 /var/named/192.168.1.zone //修改檔案許可權
rndc reload
驗證:
dig -x [email protected] //任意主機上執行
附:
/etc/named.conf
// //named.conf // //ProvidedbyRedHatbindpackagetoconfiguretheISCBINDnamed(8)DNS //serverasacachingonlynameserver(asalocalhostDNSresolveronly). // //See/usr/share/doc/bind*/sample/forexamplenamedconfigurationfiles. // aclmyNet{ 192.168.1.0/24; }; acltestSlave{ 192.168.1.102; }; options{ listen-onport53{192.168.1.101;127.0.0.1;}; //listen-on-v6port53{::1;}; directory"/var/named"; dump-file"/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query{any;}; recursionyes; allow-recursion{myNet;}; dnssec-enableno; dnssec-validationno; forwardfirst; forwarders{192.168.1.104;}; /*PathtoISCDLVkey*/ //bindkeys-file"/etc/named.iscdlv.key"; //managed-keys-directory"/var/named/dynamic"; }; logging{ channeldefault_debug{ file"data/named.run"; severitydynamic; }; }; zone"."IN{ typehint; file"named.ca"; }; include"/etc/named.rfc1912.zones"; include"/etc/named.root.key";
/etc/named.rfc1912.zones
//named.rfc1912.zones: // //ProvidedbyRedHatcaching-nameserverpackage // //ISCBINDnamedzoneconfigurationforzonesrecommendedby //RFC1912section4.1:localhostTLDsandaddresszones //andhttp://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt //(c)2007RWFranks // //See/usr/share/doc/bind*/sample/forexamplenamedconfigurationfiles. // zone"localhost.localdomain"IN{ typemaster; file"named.localhost"; allow-update{none;}; }; zone"localhost"IN{ typemaster; file"named.localhost"; allow-update{none;}; }; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN{ typemaster; file"named.loopback"; allow-update{none;}; }; zone"1.0.0.127.in-addr.arpa"IN{ typemaster; file"named.loopback"; allow-update{none;}; }; zone"0.in-addr.arpa"IN{ typemaster; file"named.empty"; allow-update{none;}; }; zone"test.com"IN{ typemaster; file"test.com.zone"; allow-update{none;}; allow-transfer{testSlave;}; }; zone"1.168.192.in-addr.arpa"IN{ typemaster; file"192.168.1.zone"; allow-update{none;}; allow-transfer{testSlave;}; };
/var/named/test.com.zone
$TTL86400 $ORIGINtest.com. @INSOAtest.com.admin( 2016122002 1H 5M 7D 1D) INNSns1 INNSns2 INMX10mx ns1INA192.168.1.101 ns2INA192.168.1.102 mxINA192.168.1.111 wwwINA192.168.1.202 ftpINCNAMEwww opsINNSns1.ops ns1.opsINA192.168.1.103 popINA192.168.1.11
/var/named/192.168.1.zone
$TTL86400 $ORIGIN1.168.192.in-addr.arpa. @INSOAtest.com.admin.test.com.( 2016122002 1H 5M 7D 1D) INNSns1.test.com. INNSns2.test.com. 101INPTRns1.test.com. 102INPTRns2.test.com. 111INPTRmx.test.com. 202INPTRwww.test.com. 103INPTRns1.ops.test.com. 11INPTRpop.test.com.
轉載於:https://blog.51cto.com/362475097/1888381