RHEL5+bind9简单快速搭建DNS服务器[服务器安全]
本文“RHEL5+bind9简单快速搭建DNS服务器[服务器安全]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
1,环境:
系统:rhle5.4
服务器IP:192.168.191.3
测试域名:www.百度.org.tw
2,软件包(用的安装盘自带的RPM包安装):
#rpm -ivh bind-libs-9.3.6-4.P1.el5.rpm
#rpm -ivh bind-utils-9.3.6-4.P1.el5.rpm
#rpm -ivh bind-9.3.6-4.P1.el5.rpm
3,成立bind用到的zone file目录
#mkdir /var/bind
4,安装好程序之后,生成rndc.conf和rndc.key文件
#/usr/sbin/rndc-confgen > /etc/rndc.conf
#cat /etc/rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "kViQTHXyvhfaP8nZsb8kcg==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
#cat /etc/rndc.conf > /etc/rndc.key
(然后把之前rndc.conf中没有注释的几行删掉,再把下面的有注释的留下,并撤消注释)
#cat /etc/rndc.key
# Start of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndckey" {
algorithm hmac-md5;
secret "kViQTHXyvhfaP8nZsb8kcg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
# End of named.conf
5,成立/etc/named.conf文件
#cat /etc/named.conf
options{
directory "/var/bind";
allow-query{any;};
};
zone "."{
type hint;
file "named.ca";
};
zone "百度.org.tw"{
type master;
file "named.百度.org.tw";
allow-update {none;};
};
zone "191.168.192.in-addr.arpa"{
type master;
file "named.192.168.191";
};
include "/etc/rndc.key";
6,成立DNS根查询地址文件
#dig > /var/bind/named.ca
#cat /var/bind/named.ca
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t NS
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19763
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 59186 IN NS c.root-servers.net.
. 59186 IN NS m.root-servers.net.
. 59186 IN NS f.root-servers.net.
. 59186 IN NS d.root-servers.net.
. 59186 IN NS a.root-servers.net.
. 59186 IN NS e.root-servers.net.
. 59186 IN NS g.root-servers.net.
. 59186 IN NS l.root-servers.net.
. 59186 IN NS j.root-servers.net.
. 59186 IN NS b.root-servers.net.
. 59186 IN NS k.root-servers.net.
. 59186 IN NS i.root-servers.net.
. 59186 IN NS h.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 145586 IN A 198.41.0.4
b.root-servers.net. 145607 IN A 192.228.79.201
c.root-servers.net. 255305 IN A 192.33.4.12
d.root-servers.net. 299927 IN A 128.8.10.90
e.root-servers.net. 155401 IN A 192.203.230.10
f.root-servers.net. 299837 IN A 192.5.5.241
g.root-servers.net. 247679 IN A 192.112.36.4
h.root-servers.net. 259378 IN A 128.63.2.53
i.root-servers.net. 299747 IN A 192.36.148.17
i.root-servers.net. 479706 IN AAAA 2001:7fe::53
j.root-servers.net. 259611 IN A 192.58.128.30
j.root-servers.net. 145586 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 153654 IN A 193.0.14.129
k.root-servers.net. 153654 IN AAAA 2001:7fd::1
l.root-servers.net. 151716 IN A 199.7.83.42
;; Query time: 5 msec
;; SERVER: 211.162.78.1#53(211.162.78.1)
;; WHEN: Tue Dec 14 12:42:31 2010
;; MSG SIZE rcvd: 504
7,在/var/bind目录下成立以下文件
#vi /var/bind/named.百度.org.tw
$TTL 600
@ IN SOA 百度.org.tw. root.百度.org.tw. (
2003061800;serial
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ) ;minimum
@ IN NS 百度.org.tw. //(这里要注意,这个最背面有一个点)
www IN A 192.168.191.3
ftp IN A 192.168.191.3
mail IN A 192.168.191.3
百度.org.tw IN A 192.168.191.3
@ IN MX 5 mail
#vi /var/bind/named.192.168.191
$TTL 600
@ IN SOA 百度.org.tw. root.百度.org.tw. (
2003061800;serial
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ) ;minimum
@ IN NS 百度.org.tw.
3 IN PTRwww.百度.org.tw.
3 IN PTRftp.百度.org.tw.
3 IN PTR mail.百度.org.tw.
8,启动named服务
#service named start
以上是“RHEL5+bind9简单快速搭建DNS服务器[服务器安全]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |