最近研究在Linux下健一DNS個緩存服務器,我選擇了一臺淘汰的服務器作爲測試,我的系統環境爲:
1、OS=Linux 5.1 ,版本=Linux fabuapp103 2.6.18-53.el5PAE #1 SMP Wed Oct 10 16:48:18 EDT 2007 i686 i686 i386 GNU/Linux,
2、 系統所安裝的數據包
rpm -qa|grep bind
bind-chroot-9.3.3-10.el5
bind-libs-9.3.3-10.el5
ypbind-1.19-8.el5
bind-utils-9.3.3-10.el5
bind-9.3.3-10.el5
caching-nameserver-9.3.3-10.el5 緩存服務器所需要的
3、系統的配置文件
首先在/var/named/chroot/etc目錄下使用命令建立配置文件named.conf
cp -p named.caching-nameserver.conf named.conf
文件內容如下(添加註釋):
[root@fabuapp103 etc]# cat named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; }; //由127.0.0.1;改爲 any,目的是在所有IP上 //打開監聽
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query {0.0.0.0/0;}; //由localhost改爲0.0.0.0/0;允許所有IP訪問
///allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
//match-clients { localhost; };
//match-destinations { localhost; };
match-clients { any;}; //由localhost 改爲 any
match-destinations{ any;}; //由localhost 改爲 any
recursion yes;
include "/etc/named.rfc1912.zones";
};
4、使用命令檢查
在本機上用netstat -nlu|grep 53判斷是否在所有ip上打開了監聽
在本機上用nslookup 域名測試
5、若想跟蹤一個FQDN名的解析過程,在Linux Shell下輸入dig www.baidu.com +trace,返回的結果包括從跟域開始的遞歸或迭代過程,一直到權威域名服務器。