Rhel6 DNS配置全过程
2011-10-07 14:11
375 查看
DNS正向解析
1.yum install bind* -y
2./etc/init.d/named restart
3 cd /var/named/chroot/etc/
4.vim named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; }; 打开53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN { 添加的自己要解析的域
type master;
file "luoning.cn.zone";
};
include "/etc/named.rfc1912.zones";
5 cd /var/named/chroot/var/named
cp -p named.localhost luoning.cn.zone
5.vim luoning.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day 解析的域名 邮件的所有人
luoning.cn IN SOA luoning.cn. root. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS luoning.cn.
A 192.168.0.132 A记录
AAAA ::1
$ORIGIN luoning.cn.
$TTL 600 ; 10 minutes
www A 192.168.0.119 usdate添加的A记录
DNS update
1.使用不安全的ip地址
vim /etc/named.conf
最后的添加域名的地方
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {192.168.0.132;};
};
2.rndc reload
3.cd /var/named/chroot/var/
4chmod 77 named
5getsebool -a|grep named
5setebool -p named_wirte_master_zones on
6nsudate
>(server 192.168.0.132
>zone luoning.cn
>update add www.luoning.cn 500 A 192.168.0.119)远程添加A记录
>send
>quit
2.使用安全的加密key
cd /var/namedchroot/etc
dnssec-keygen -a HMAC-MDS -B 2 -N HOST westos 加密算法以及公钥私钥
vim /var/named/chroot/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key westos{
algorithm hmac-md5; 加密的算法
secret 6Q==; key
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {key westos;}; 允许升级的类型,和名字
};
include "/etc/named.rfc1912.zones";
rndc reload
update -k Kwestos.+ 157+37219.key
>server 192.168.0.113
>zone luoning.cn
>update add ftp.luoning.cn 600 A 192.168.0.11
>send
>quit
本文出自 “罗宁的技术生活” 博客,谢绝转载!
1.yum install bind* -y
2./etc/init.d/named restart
3 cd /var/named/chroot/etc/
4.vim named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; }; 打开53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN { 添加的自己要解析的域
type master;
file "luoning.cn.zone";
};
include "/etc/named.rfc1912.zones";
5 cd /var/named/chroot/var/named
cp -p named.localhost luoning.cn.zone
5.vim luoning.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day 解析的域名 邮件的所有人
luoning.cn IN SOA luoning.cn. root. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS luoning.cn.
A 192.168.0.132 A记录
AAAA ::1
$ORIGIN luoning.cn.
$TTL 600 ; 10 minutes
www A 192.168.0.119 usdate添加的A记录
DNS update
1.使用不安全的ip地址
vim /etc/named.conf
最后的添加域名的地方
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {192.168.0.132;};
};
2.rndc reload
3.cd /var/named/chroot/var/
4chmod 77 named
5getsebool -a|grep named
5setebool -p named_wirte_master_zones on
6nsudate
>(server 192.168.0.132
>zone luoning.cn
>update add www.luoning.cn 500 A 192.168.0.119)远程添加A记录
>send
>quit
2.使用安全的加密key
cd /var/namedchroot/etc
dnssec-keygen -a HMAC-MDS -B 2 -N HOST westos 加密算法以及公钥私钥
vim /var/named/chroot/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1;localnets; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key westos{
algorithm hmac-md5; 加密的算法
secret 6Q==; key
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "luoning.cn" IN {
type master;
file "luoning.cn.zone";
allow-update {key westos;}; 允许升级的类型,和名字
};
include "/etc/named.rfc1912.zones";
rndc reload
update -k Kwestos.+ 157+37219.key
>server 192.168.0.113
>zone luoning.cn
>update add ftp.luoning.cn 600 A 192.168.0.11
>send
>quit
本文出自 “罗宁的技术生活” 博客,谢绝转载!
相关文章推荐
- RHEL5 配置DNS
- Linux(RHEL7及CentOS7)下DNS服务器的搭建与配置
- Linux系统域名服务(DNS)配置方法----RHEL4
- LINUX 第四章 Linux(RHEL 5)中Bind服务的安装与配置全过程
- 在RHEL5系统中配置DNS服务源码
- rhel6 dhcp dns配置小贴士
- [rhel6.5]ISCSI配置过程详解
- RHEL5搭建apache服务器全过程(四)配置heartbeat和ipvsadm
- RHEL4- DNS服务(五)DNS主从服务器的配置
- RHEL5下DNS服务的配置与故障处理
- Red Hat Linux 5.4 DDNS(DHCP+DNS)详细配置过程
- RHEL5下安装配置DNS服务
- 智能DNS安装配置过程全纪录
- RHEL5系统DNS服务配置
- RHEL5下DNS的安装配置与调试排障
- Linux(RHEL 4)系列 之 DNS配置
- CentOS设置静态IP,以及解决设置静态IP过程中,修改DNS配置后重启网络nameserver被删除的问题
- rhel6 DNS正向区域配置
- RHEL7: unbound(DNS server)的简单配置
- Linux(RHEL 5)中Apache服务的安装与配置全过程