环境:CentOS6.3
需求:建立example.com域用于内部和外部查询,内网环境192.168.88.0/24,10.1.0.0/16
1.安装
yum install bind //没安装chroot
2.主配置文件
/etc/named.conf //主配置文件
vi /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named"; //此配置文件中区域文件的存放路径
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" { //建立内部查询视图
match-clients { 192.168.0.0/16; 10.1.0.0/16; }; //指定允许查询主机
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "example.com.zone.internal";
};
zone "88.168.192.in-addr.arpa" IN { //注意反向区域的命名写法,我之前就错误的写成0.88168.192.in-addr.arpa
type master;
file "88.168.192.zone";
};
include "/etc/named.rfc1912.zones"; //如果有include的话,要包括在每个view里
include "/etc/named.root.key";
};
view "external" {
match-clients { any; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN {
type master;
file "example.com.zone.external";
};
zone "1.100.202.in-addr.arpa" IN {
type master;
file "1.100.202.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
3.建立区域配置文件
cp –p /var/named/named.empty /var/named/example.com.zone.internal
cp –p /var/named/named.empty /var/named/example.com.zone.external
cp –p /var/named/named.empty /var/named/88.168.192.zone
cp –p /var/named/named.empty /var/named/1.100.202.zone //注意带上-p保持文件属性
example.com.zone.internal //internal view的正向区域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial //序列号注意修改配置后增加此值
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
IN MX 5 mail.example.com.
ns1 IN A 192.168.88.110
mail IN A 192.168.88.111
www IN A 192.168.88.112
bbs IN CNAME www
example.com.zone.external //external view正向区域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
ns1 IN A 202.100.1.110
88.168.192.zone //internal view的反向区域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
110 IN PTR ns1.example.com.
1.100.202.zone //external view的反向区域文件
$TTL 3H
@ IN SOA ns1.example.com. root.example.com. (
2013051501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.example.com.
110 IN PTR ns1.example.com.
4.配置检查
named-checkconf /etc/named.conf
named-checkzone example.com /var/named/example.com.zone.internal
named-checkzone example.com /var/named/example.com.zone.external
named-checkzone 88.168.192.in-addr.arpa 88.168.192.zone
named-checkzone 1.100.202.in-addr.arpa 1.100.202.zone
5.启动服务
service named start
6.打开防火墙
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT //注意UDP一定也要打开
7.注册系统服务
chkconfig –level 35 named on
8.修改本机DNS配置 //注意不要直接修改/etc/resolver
vi /etc/sysconfig/network-script/ifcfg-eth0
DNS1=127.0.0.1
9.重启network服务
service network restart
测试
C:\>nslookup
Default Server: ns1.example.com
Address: 192.168.88.110
> example.com
Server: ns1.example.com
Address: 192.168.88.110
Name: example.com
> 192.168.88.110
Server: ns1.example.com
Address: 192.168.88.110
Name: ns1.example.com
Address: 192.168.88.110
