搭建服务器之DNS
DNS服务器,实用软件为bind,服务守护进程为named,一下记录一下自己的搭建过程:
1.yum install bind* 其中包括bind本身软件,测试dns的一些工具dig,nslookup等,还有chroot
2.vim /etc/named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "workstation." IN { type master; file "named.workstation"; };
在此笔者设置了一个workstation的顶级域,文件位于/var/named下。文件内容如下:
$TTL 600 @ IN SOA master.workstation. afu.master.workstation. ( 2014091901 3H 15M 1W 1D) @ IN NS master.workstation. master.workstation. IN A 10.103.25.156 www.workstation. IN A 10.103.27.166 nfs.workstation. IN A 10.103.25.34 ftp.workstation. IN CNAME www.workstation. samba.workstation. IN CNAME nfs.workstation. ~
实验用笔者未设置反解文件,以上配置即可让局域网内主机取得域名解析服务了。
3.service named start
chkconfig named on
设置开机启动解析服务
4.开启防火墙53端口,vim /etc/sysconfig/iptables
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT ~
service iptables restart
5.将客户端dns地址指向本机。解析内网www.workstation。或者外网www.baidu.com成功。
