1 Redhat 6.4 安裝光盤插入光驅
2 安裝上bind 服務
[root@kerberos /]# cd /media/RHEL_6.4\x86_64\ Disc\ 1/Packages/
[root@kerberos Packages]# find -name'*bind*' #查找bind 的安裝包 安裝上
[root@kerberos Packages]# rpm -ivhbind-9.8.2-0.17.rc1.el6.x86_64.rpm
[root@kerberos Packages]# rpm -ivhbind-chroot-9.8.2-0.17.rc1.el6.x86_64.rpm
3 編輯named.conf 文件
[root@kerberos /]#vi /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { #listen-on port 53 { 127.0.0.1; }; #listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; #允許其他主機查詢 recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "example.com" IN { #域 type master; file "named.example.com"; #檔案放在這裏 }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 4 正解數據庫檔案的設定 [root@kerberos /]# vi var/named/named.example.com # 與整個領域相關性較高的設定包括 NS, A, MX, SOA 等標誌的設定處 $TTL 600 @ IN SOA master.example.com. root(2015032209 3H 15M 1W 1D) @ IN NS master.example.com. master.example.com. IN A 190.111.112.50 # 其他幾部主機的主機名正解設定 kerberos.example.com. IN A 190.111.112.50 nfss.example.com. IN A 190.111.112.60 nfsc.example.com. IN A 190.111.112.61 _kerberos-master._udp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com. _kerberos-master._tcp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com. 5 放開防火牆 [root@kerberos /]# vi etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 1011 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1012 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 1011 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT [root@kerberos /]# 6重啓服務 [root@kerberos /]# service named restart Stopping named: OK Generating /etc/rndc.key:dns 卡在這裏 6 修改named 文件 [root@kerberos /]# cat etc/init.d/named if [ ! -s /etc/rndc.key ]; then # Generate rndc.key if doesn't exist echo -n $"Generating /etc/rndc.key:" #if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then if /usr/sbin/rndc-config -r /dev/urandom -a >/dev/null 2>&1;then chmod 640 /etc/rndc.key chown root.named /etc/rndc.key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key success $"/etc/rndc.key generation" echo else failure $"/etc/rndc.key generation" echo fi fi # Handle -c option 7 再次重啓服務 [root@kerberos /]# service named restart Stopping named: OK