您的位置:首页 > 运维架构 > Linux

linux下BIND+VIEW实现双线智能解析

2009-08-12 17:22 513 查看
1、 软件列表

BIND 9.3.2
ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz ftp://ftp.isc.org/isc/bind9/9.4.0a6/bind-9.4.0a6.tar.gz
2、 安装BIND 9

安装BIND9:

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure --prefix=/usr/local/named --disable-ipv6

# make && make install

建立BIND用户:

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

创建配置文件目录:

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc

二、named.conf的配置

创建主要的配置文件:

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl "trust-lan" { any; };

options {

directory "/usr/local/named/etc/";

pid-file "/var/run/named/named.pid";

version "0.0.0";

auth-nxdomain no;

allow-query { any; };

allow-transfer { "trust-lan"; };

allow-notify { "trust-lan"; };

};

logging {

channel warning { file "/var/log/named/dns_warnings" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

channel general_dns

{ file "/var/log/named/dns_logs" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

acl "telecom" {

58.154.0.0/15;

58.192.0.0/12;

59.64.0.0/12;

116.13.0.0/16;

116.56.0.0/15;

118.202.0.0/15;

118.228.0.0/15;

118.230.0.0/16;

121.48.0.0/15;

121.52.160.0/19;

121.192.0.0/14;

121.248.0.0/14;

122.204.0.0/14;

125.216.0.0/13;

162.105.0.0/16;

166.111.0.0/16;

202.4.128.0/19;

202.38.64.0/18;

202.38.140.0/23;

202.38.184.0/21;

202.38.192.0/18;

202.112.0.0/13;

202.120.0.0/15;

202.127.216.0/21;

202.127.224.0/19;

202.179.240.0/20;

202.192.0.0/12;

203.91.120.0/21;

210.25.0.0/17;

210.25.128.0/18;

210.26.0.0/15;

210.28.0.0/14;

210.32.0.0/12;

211.64.0.0/13;

211.80.0.0/13;

218.192.0.0/13;

219.216.0.0/13;

219.224.0.0/13;

219.242.0.0/15;

219.244.0.0/14;

222.16.0.0/12;

222.192.0.0/12;

};

view "view_telecom" {

match-clients { telecom; };

zone "." {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

添加完成后,保存。

三、更新根区文件:

# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root
创建PID和日志文件:

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key:

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中:

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试:

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查:

# /usr/local/named/sbin/rndc status

四、建立启动脚本:

# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# named a network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "$1" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo "Restart BIND9 server"

$0 stop

sleep 10

$0 start

;;

*)

echo "$0 start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on

五、添加一个NS

在域名的管理网站上,设定NS服务器为你安装的DNS

六、添加一个域名

# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone "724cn.com" {

type master;

file "master/cnc/724cn.com";

};

# vi telecom.def

添加

zone "724cn.com" {

type master;

file "master/telecom/724cn.com";

};

添加网通的解析,解析到的IP为61.45.55.78

#vi cnc/724cn.com

添加

$TTL 3600

$ORIGIN 724cn.com.

@ IN SOA ns.724cn.com. root.ns.724cn.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.724cn.com.

@ IN A 211.162.106.9

www IN A 211.162.106.9

;

;end

添加电信的解析,解析到的IP为210.75.1.178

#vi telecom/724cn.com

添加

$TTL 3600

$ORIGIN 724cn.com.

@ IN SOA ns.724cn.com. root.ns.724cn.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.724cn.com.

@ IN A 211.162.106.254

www IN A 211.162.106.254

;

;end

#/usr/local/named/sbin/rndc reload

OK,到此你的DNS服务器就算是跑起来了。试一下分别用网通和电信的线路ping一下吧.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: