一、DNS服务器安装
1、 软件列表
BIND 9.3.2
2、 安装BIND 9
安装BIND9:
# tar zxvf bind-9.3.2.tar.gz
# cd bind-9.3.2
# ./configure --prefix=/usr/local/named --disable-ipv6
# make && make install
建立BIND用户:
# groupadd bind
# useradd -g bind -d /usr/local/named -s /sbin/nologin bind
创建配置文件目录:
# mkdir –p /usr/local/named/etc
# chown bind:bind /usr/local/named/etc
# chmod 700 /usr/local/named/etc
二、named.conf的配置
创建主要的配置文件:
# vi /usr/local/named/etc/named.conf
===========================named.conf=======================
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/usr/local/named/etc/";
pid-file "/var/run/named/named.pid";
version "0.0.0";
datasize 40M;
allow-transfer {
"trust-lan";};
recursion yes;
allow-notify {
"trust-lan";
};
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
forwarders {
211.162.106.9;
211.162.106.254;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
acl "CNC" {
58.16.0.0/16;
58.17.0.0/17;
58.17.128.0/17;
58.18.0.0/16;
58.19.0.0/16;
58.20.0.0/16;
58.21.0.0/16;
注:这些根据情况输入IP地址段
};
view "view_cnc" {
match-clients { CNC; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/cnc.def";
};
view "view_any" {
match-clients { any; };
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
include "master/telecom.def";
};
添加完成后,保存。
三、更新根区文件:
# cd /usr/local/named/etc/
创建PID和日志文件:
# mkdir /var/run/named/
# chmod 777 /var/run/named/
# chown bind:bind /var/run/named/
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:bind /var/log/named/*
# mkdir master
# touch master/cnc.def
# touch master/telecom.def
生成rndc-key:
# cd /usr/local/named/etc/
# ../sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释
运行测试:
# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &
状态检查:
# /usr/local/named/sbin/rndc status
四、建立启动脚本:
# vi /etc/init.d/named
============================== named.sh============================
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'
fi
;;
stop)
kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'
;;
restart)
echo .
echo "Restart BIND9 server"
stop
sleep 10
start
;;
*)
echo " start | stop | restart"
;;
esac
===============================named.sh============================
# chmod 755 /etc/init.d/named
# chown root:root /etc/init.d/named
# chkconfig --add named
# chkconfig named on
五、添加一个NS
在域名的管理网站上,设定NS服务器为你安装的DNS
六、添加一个域名
# cd /usr/local/named/etc/master
# mkdir cnc
# mkdir telecom
# vi cnc.def
添加
zone "724cn.com" {
type master;
file "master/cnc/724cn.com";
};
# vi telecom.def
添加
zone "724cn.com" {
type master;
file "master/telecom/724cn.com";
};
添加网通的解析,解析到的IP为61.45.55.78
#vi cnc/724cn.com
添加
$TTL 3600
$ORIGIN 724cn.com.
@ IN SOA ns.724cn.com. root.ns.724cn.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.724cn.com.
@ IN A 211.162.106.9
www IN A 211.162.106.9
;
;end
添加电信的解析,解析到的IP为210.75.1.178
#vi telecom/724cn.com
添加
$TTL 3600
$ORIGIN 724cn.com.
@ IN SOA ns.724cn.com. root.ns.724cn.com.(
2005121013 ;Serial
3600 ; Refresh ( seconds )
900 ; Retry ( seconds )
68400 ; Expire ( seconds )
15 );Minimum TTL for Zone ( seconds )
;
@ IN NS ns.724cn.com.
@ IN A 211.162.106.254
www IN A 211.162.106.254
;
;end
#/usr/local/named/sbin/rndc reload
OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.
附:获取IP地址范围方法:
1、 利用shell程序获取IP地址段
#!/bin/sh
FILE=/root/study/apnic/ip_apnic
rm -f $FILE
grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt
do
echo $ip:$cnt
mask=$(cat > cn.net
NETNAME=`whois
$ip@whois.apnic.net | sed -e '/./{H;$!d;}' -e 'x;/netnum/!d' |grep ^netname | sed -e 's/.*: \(.*\)//g' | sed -e 's/-.*//g'`
case $NETNAME in
CNC)
echo $ip/$mask >> CNCGROUP
;;
CHINANET|CNCGROUP)
echo $ip/$mask >> $NETNAME
;;
CHINATELECOM)
echo $ip/$mask >> CHINANET
;;
*)
echo $ip/$mask >> OTHER
;;
esac
done
2、 可以利用网上的资料,下面是最新的信息,然后利awk行成地址段即可。
stop
sleep 10
注:对于配置智能DNS,主要用途为:1、解决网通与电信问题 2、实现区域规划(不同区域访问各自最近的服务器),下面以解决网通与电信连接问题的配置。至于实现2的功能,只需稍加更改即可。
本文作者:网友 来源:中国IT实验室
CIO之家 www.ciozj.com 微信公众号:imciow