BIND安装配置(主从)
我的系统环境:centos 5.2
作者:哈密瓜
主:
我采用的是yum安装
[root@linux src]#yum -y install bind*
生成rndc控制命令的key文件
[root@linux usr]# sbin/rndc-confgen > /etc/rndc.conf
从rndc.conf文件中提取named.conf用的key
[root@linux usr]# cd /etc
[root@linux etc]# tail -10 rndc.conf | head -9 | sed s/# //g >
/var/named/chroot/etc/named.conf
自动在/var/named/chroot/etc下生成named.conf文件
进入/var/named/chroot/etc
[root@linux etc]# cd /var/named/chroot/etc
现在named.conf文件中有了rndc-key区段
[root@linux etc]# more named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Nd0nLoL8t4Mv0iSpqP1noA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
然后我们来完善它:
[root@linux etc]#vi named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "learningsky.org" IN {
type master;
file "learningsky.zone";
allow-transfer { 192.168.22.155 ; }; //192.168.22.155为本机网关
notify yes;
also-notify { 192.168.22.155 ; }; //使用notify指令会自动通知所有这个域的所有在
ns记录上的机器,also-notify指令可以用来通知所有不在ns记录上的dns服务器.
};
zone "22.168.192.in-addr.arpa" IN {
type master;
file "22.168.192";
allow-transfer { 192.168.22.155 ; };
notify yes;
also-notify { 192.168.22.155 ; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Nd0nLoL8t4Mv0iSpqP1noA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
进入/var/named/chroot/var/named
[root@linux etc]# cd /var/named/chroot/var/named
建立localhost.zone文件
[root@linux named]#vi localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
建立named.local文件
[root@linux named]#vi named.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
dig命令直接生成named.ca文件
[root@linux named]#dig > named.ca
建立learningsky.org域名正向解析文件
[root@linux named]#vi learningsky.zone
$TTL 86400
$ORIGIN learningsky.org.
@ 1D IN SOA dns.learningsky.org. root.mail.learningsky.org.
(
1053891162
3H
15M
1W
1D )
1D IN NS dns.learningsky.org.
1D IN MX 5 mail.learningsky.com.
dns IN A 192.168.22.150 //192.168.22.150为本机IP
mail IN A 192.168.22.150
www IN A 192.168.22.150
建立learningsky.org域名反向解析文件
[root@linux named]#vi 22.168.192
$TTL 86400
@ IN SOA dns.learningsky.org. root.mail.learningsky.org.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS dns.learningsky.org.
150 IN PTR dns.learningsky.org.
150 IN PTR mail.learningsky.org.
150 IN PTR www.learningsky.org.
[root@linux named]#netstat -an |grep :53
tcp 0 0 192.168.22.150:53 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN
udp 0 0 192.168.22.150:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
修给reslov.conf
[root@linux named]#vi /etc/reslov.conf
nameserver 192.168.22.150
search learningsky.org
[root@linux etc]# ps -aux|grep named
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
named 13310 0.0 0.5 38160 2900 ? Ssl 14:53 0:00
/usr/sbin/named -u
named -t /var/named/chroot
root 13375 0.0 0.1 5212 688 pts/1 R+ 16:08
0:00 grep named
[root@linux etc]#more nsswitch.conf
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
[root@linux etc]# more host.conf
order hosts,bind
启动named
/[root@linux etc]# usr/local/sbin/named
测试DNS
[root@linux etc]# nslookup
>www.learningsky.org
Server: 192.168.22.150
Address: 192.168.22.150#53
Name: www.learningsky.org
Address: 192.168.0.244
>192.168.22.250
Server: 192.168.22.250
Address: 192.168.22.250#53
150.22.168.192.in-addr.arpa name = dns.learningsky.org.
150.22.168.192.in-addr.arpa name = www.learningsky.org.
150.22.168.192.in-addr.arpa name = mail.learningsky.org.
>set type=MX
>learningsky.org
Server: 192.168.22.150
Address: 192.168.22.150#53
learningsky.org mail exchanger = 5 mail.learningsky.com.
>exit
主DNS配置完成。
从:
安装跟主的一样,不同的就是named.conf
named.conf内容:
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "learningsky.org" IN {
type slave;
file "learningsky.zone";
masters { 192.168.22.150; };
};
zone "22.168.192.in-addr.arpa" IN {
type slave;
file "22.168.192";
masters { 192.168.22.150; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "80hKqo5bkGMAqHqeAlaLCA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
注:
1、主从同步的两台机器要在同一个时区,时间相差不要太大。
2、主的dns服务器在修改了正向解析文件跟反向分解析文件时,要修改相应的 serial(通常
是加数值,这个值必须主的要大于从的,要不同步不了)
3、/var/named/chroot这个文件的宿主要是named,不是那权限other也要是7
4、红色字体一定要注意,同步关键……