CentOS 7安装chroot Named

一 安装相关软件

yum install bind-chroot bind -y

二 复制生成文件

cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/

touch /var/named/chroot/var/named/data/cache_dump.db

touch /var/named/chroot/var/named/data/named_stats.txt

touch /var/named/chroot/var/named/data/named_mem_stats.txt

touch /var/named/chroot/var/named/data/named.run

mkdir /var/named/chroot/var/named/dynamic

touch /var/named/chroot/var/named/dynamic/managed-keys.bind

chmod -R 777 /var/named/chroot/var/named/data

chmod -R 777 /var/named/chroot/var/named/dynamic

cp -p /etc/named.conf /var/named/chroot/etc/named.conf

三配置named.conf

vim /var/named/chroot/etc/named.conf 

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
#       recursing-file  "/var/named/data/named.recursing";
#       secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "weiheng.ink" {
    type master;
    file "weiheng.local.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

四 配置解析文件 

vim /var/named/chroot/var/named/weiheng.local.zone

 

$TTL 86400
@ IN SOA weiheng.local. hostmaster.weiheng.local. (
　　2 　　　　　　; Serial
　　604800 　　  ; Refresh
　　86400 　　　 ; Retry
　　2419200 　　 ; Expire
　　604800 ) 　　; Minimum
; 　　　　 　　 Define the nameservers and the mail servers
@ IN NS ns1.weiheng.local.
@ IN A 127.0.0.1

vm1              IN      A       10.1.1.2
vm2              IN      A       10.1.1.3
vm3              IN      A       10.1.1.4
vm4              IN      A       10.1.1.5
vm5              IN      A       10.1.1.6
ns1              IN      A       10.1.1.6
ns2              IN      A       10.1.1.5

五 启动服务

iptables -F

/usr/libexec/setup-named-chroot.sh /var/named/chroot on

systemctl start named-chroot

systemctl enable named-chroot

systemctl status named-chroot