RHEL5+bind9简单快速搭建DNS服务器[服务器安全]

1,环境:

系统:rhle5.4

服务器IP:192.168.191.3

测试域名:www.百度.org.tw

2,软件包(用的安装盘自带的RPM包安装):

#rpm -ivh bind-libs-9.3.6-4.P1.el5.rpm
#rpm -ivh bind-utils-9.3.6-4.P1.el5.rpm


#rpm -ivh bind-9.3.6-4.P1.el5.rpm


3,成立bind用到的zone file目录

#mkdir /var/bind

4,安装好程序之后,生成rndc.conf和rndc.key文件

#/usr/sbin/rndc-confgen > /etc/rndc.conf

#cat /etc/rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "kViQTHXyvhfaP8nZsb8kcg==";
};

options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf


#cat /etc/rndc.conf > /etc/rndc.key

(然后把之前rndc.conf中没有注释的几行删掉,再把下面的有注释的留下,并撤消注释)
#cat /etc/rndc.key

# Start of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
key "rndckey" {
algorithm hmac-md5;
secret "kViQTHXyvhfaP8nZsb8kcg==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
# End of named.conf



5,成立/etc/named.conf文件

#cat /etc/named.conf

options{
directory "/var/bind";
allow-query{any;};
};

zone "."{
type hint;
file "named.ca";
};

zone "百度.org.tw"{
type master;
file "named.百度.org.tw";
allow-update {none;};
};

zone "191.168.192.in-addr.arpa"{
type master;
file "named.192.168.191";
};

include "/etc/rndc.key";


6,成立DNS根查询地址文件

#dig > /var/bind/named.ca

#cat /var/bind/named.ca

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19763
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 59186 IN NS c.root-servers.net.
. 59186 IN NS m.root-servers.net.
. 59186 IN NS f.root-servers.net.
. 59186 IN NS d.root-servers.net.
. 59186 IN NS a.root-servers.net.
. 59186 IN NS e.root-servers.net.
. 59186 IN NS g.root-servers.net.
. 59186 IN NS l.root-servers.net.
. 59186 IN NS j.root-servers.net.
. 59186 IN NS b.root-servers.net.
. 59186 IN NS k.root-servers.net.
. 59186 IN NS i.root-servers.net.
. 59186 IN NS h.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 145586 IN A 198.41.0.4
b.root-servers.net. 145607 IN A 192.228.79.201
c.root-servers.net. 255305 IN A 192.33.4.12
d.root-servers.net. 299927 IN A 128.8.10.90
e.root-servers.net. 155401 IN A 192.203.230.10
f.root-servers.net. 299837 IN A 192.5.5.241
g.root-servers.net. 247679 IN A 192.112.36.4
h.root-servers.net. 259378 IN A 128.63.2.53
i.root-servers.net. 299747 IN A 192.36.148.17
i.root-servers.net. 479706 IN AAAA 2001:7fe::53
j.root-servers.net. 259611 IN A 192.58.128.30
j.root-servers.net. 145586 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 153654 IN A 193.0.14.129
k.root-servers.net. 153654 IN AAAA 2001:7fd::1
l.root-servers.net. 151716 IN A 199.7.83.42

;; Query time: 5 msec
;; SERVER: 211.162.78.1#53(211.162.78.1)
;; WHEN: Tue Dec 14 12:42:31 2010
;; MSG SIZE rcvd: 504


7,在/var/bind目录下成立以下文件

#vi /var/bind/named.百度.org.tw

$TTL 600
@ IN SOA 百度.org.tw. root.百度.org.tw. (
2003061800;serial
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ) ;minimum
@ IN NS 百度.org.tw. //(这里要注意,这个最背面有一个点)
www IN A 192.168.191.3
ftp IN A 192.168.191.3
mail IN A 192.168.191.3
百度.org.tw IN A 192.168.191.3
@ IN MX 5 mail


#vi /var/bind/named.192.168.191

$TTL 600
@ IN SOA 百度.org.tw. root.百度.org.tw. (
2003061800;serial
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ) ;minimum
@ IN NS 百度.org.tw.
3 IN PTRwww.百度.org.tw.
3 IN PTRftp.百度.org.tw.
3 IN PTR mail.百度.org.tw.


8,启动named服务

#service named start 　　以上是“RHEL5+bind9简单快速搭建DNS服务器[服务器安全]”的内容，如果你对以上该文章内容感兴趣，你可以看看七道奇为您推荐以下文章：