主DNS服務器部署文檔（for linux平臺）

DNS服務器部署文檔（for linux平臺）
一.配置yum,以便安裝軟件包
   yum全局文件編輯目錄:  /etc/yum.repos.d/rhel-source.repo
[root@wanghong ~]# vim //etc/yum.repos.d/rhel-source.repo
#[rhel-source]
#name=Red Hat Enterprise Linux $releasever - $basearch - Source
#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

#[rhel-source-beta]
#name=Red Hat Enterprise Linux $releasever Beta - $basearch - Source
#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/
#enabled=0
#gpgcheck=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[wanghong]
Name=123
Baseurl=file:///mnt/Server
enable=1
gpgcheck=0
備註: #是註釋作用,在此對文件沒用任何影響,可以去掉
二.安裝DNS服務軟件包
1.DNS服務軟件包名如下:
   bind-9.3.3-7.el5.i386.rpm
   bind-chroot-9.3.3-7.el5.i386.rpm
[root@wanghong~]#mount /dev/cdrom  /mnt
[root@wanghong~]#yum install bind  bind-chroot
執行此過程,就可以正常的安裝DNS服務包軟件,或者用以下命令也可以正常安裝DNS服務包軟件
[root@wanghong~]#mount /dev/cdrom  /mnt
[root@wanghong~]#rpm -ivh bind-9.3.3-7.el5.i386.rpm  --force
[root@wanghong~]#rpm -ivh bind-chroot-9.3.3-7.el5.i386.rpm  --force
--foce 代表強制安裝
2.編輯主配置文件
主配置文件目錄: /etc/named.conf

[root@wanghong ~]# vim /etc/named.conf
    //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };      註釋: 監聽端口的DNS客戶端主機
        listen-on-v6 port 53 { ::1; };   
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };        註釋: 允許查詢DNS的客戶端主機
        recursion yes;             註釋: 是否允許客戶端進行遞歸查詢

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
按住ESC鍵,打入符號( :wq ) 保存配置文件信息
3. 編輯named.rfc1912.zones配置文件
[root@wanghong ~]# vim /etc/named.rfc1912.zones
zone "openlab.com"  IN {
         type  master;
         file  "test.com.zone";
  };

  zone  "2.168.192.in-addr.arpa" IN {
        type  master；
        file  "2.168.192.zone";
  };
備註:紅色區域爲追加部份
4.創建兩個文件配置文件
[root@wanghong ~]# cp -a /var/named/named.empty   /var/named/test.com.zone
[root@wanghong ~]# cp -a /var/named/named.empty   /var/named/2.168.192.zone
5.編輯配置文件test.com.zone
[root@wanghong ~]# vim /named/test.com.zone
$TTL 3H
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      www.test.com.
        IN   MX  5  mail.test.com.
www     IN   A      192.168.2.1
mail    IN   A      192.168.2.2
ftp     IN   A      192.168.2.3
*       IN   A      192.168.2.4
備註:紅色和藍色區域爲追加和更改區域
6.編輯配置文件2.168.192.zone
[root@wanghong ~]# vim /named/2.168.192.zone
$TTL 3H
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
NS  www.openlab.com.
1      IN  PTR    www.openlab.com.
2      IN PTR     mail.openlab.com.
3      IN PTR     ftp.openlab.com.
備註:紅色和藍色區域爲追加和更改區域
7.閉防火牆或清空防火牆
[root@wanghong ~]# service iptables stop
[root@wanghong ~]# chkconfig iptables off
或者執行清空防火牆命令
[root@wanghong ~]# iptables -F
[root@wanghong ~]# service iptables save
8.開始named服務
[root@wanghong ~]# service named start
[root@wanghong ~]# chkconfig named on
9.測試DNS服務是否成功
找一客戶端主機,把DNS配成DNS服務器IP地址: 192.168.2.* ,這裏*爲1(192.168.2.1)
執行nslookup命令,看是否能解板mail.tets.com / www.test.com  /  ftp.tet.com
/  ***.test.com