DNS服务器,实用软件为bind,服务守护进程为named,一下记录一下自己的搭建过程:
1.yum install bind* 其中包括bind本身软件,测试dns的一些工具dig,nslookup等,还有chroot
2.vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "workstation." IN {
type master;
file "named.workstation";
};
在此笔者设置了一个workstation的顶级域,文件位于/var/named下。文件内容如下:
$TTL 600
@ IN SOA master.workstation. afu.master.workstation. (
2014091901 3H 15M 1W 1D)
@ IN NS master.workstation.
master.workstation. IN A 10.103.25.156
www.workstation. IN A 10.103.27.166
nfs.workstation. IN A 10.103.25.34
ftp.workstation. IN CNAME www.workstation.
samba.workstation. IN CNAME nfs.workstation.
~
实验用笔者未设置反解文件,以上配置即可让局域网内主机取得域名解析服务了。
3.service named start
chkconfig named on
设置开机启动解析服务
4.开启防火墙53端口,vim /etc/sysconfig/iptables
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT ~
service iptables restart
5.将客户端dns地址指向本机。解析内网www.workstation。或者外网www.baidu.com成功。
时间: 2024-10-15 04:26:14