Centos 6 DNS Server Configuration

Install bind

Yum install-y bind Bind-chroot Bind-utis

If it's CentOS 5

# yum-y Install bind Caching-nameserver

File structure

# ll/etc/named.*
-rw-r-----1 root named 1021 May 8 16:39/etc/named.conf
-rw-r--r--1 root named 2389 Mar 23:55/etc/named.iscdlv.key
-rw-r-----1 root named 1073 May 9 11:27/etc/named.rfc1912.zones
-rw-r--r--1 root named 487 Jul 2010/etc/named.root.key

# tree/var/named/
/var/named/
├──chroot
│├──dev
││├──null
││├──random
││└──zero
│├──etc
││├──localtime
││├──named
││├──named.conf
││├──named.iscdlv.key
││├──named.rfc1912.zones
││├──named.root.key
││├──pki
│││└──dnssec-keys
││└──rndc.key
│├──usr
││└──lib64
││└──bind
│└──var
│├──log
│├──named
││├──199.168.192.zone
││├──app.com.zone
││├──chroot
│││├──dev
││││├──null
││││├──random
││││└──zero
│││├──etc
││││├──localtime
││││├──named
││││├──named.conf
││││├──named.iscdlv.key
││││├──named.rfc1912.zones
││││├──named.root.key
││││├──pki
│││││└──dnssec-keys
││││└──rndc.key
│││├──usr
││││└──lib64
││││└──bind
│││└──var
│││├──log
│││├──named
│││├──run
││││└──named
││││├──named.pid
││││└──session.key
│││└──tmp
││├──data
│││└──named.run
││├──dynamic
│││├──managed-keys.bind
│││└──managed-keys.bind.jnl
││├──named.ca
││├──named.empty
││├──named.localhost
││├──named.loopback
││└──slaves
│├──run
││└──named
││├──named.pid
││└──session.key
│└──tmp
├──data
│└──named.run
├──dynamic
│├──managed-keys.bind
│└──managed-keys.bind.jnl
├──named.ca
├──named.empty
├──named.localhost
├──named.loopback
└──slaves

The bind configuration file is guaranteed to exist:

/etc/named.conf Master configuration file

/var/named/Domain zone file location

Configuration changes:

Vim/etc/named.conf

Vim/etc/named.rfc1912.zones

Vim/var/named/app.com.zone

SOA represents authorization Start/* Above in indicates that the data behind it is using Internet standards. The @ represents the corresponding domain name, as it represents app.com, which represents the beginning of a domain name record definition. The ns.app.com is the primary domain name server for this domain, and root.app.com. Is the administrator's email address. Note that this is the e-mail address used to replace the @ in the common e-mail address. And SOA represents the beginning of authorization */1; Serial (d. Adams)/* The number in front of the bank indicates the modified version of the configuration file, which is the number of revisions modified on or after the date of the month, and should be modified every time the configuration file is modified, or your changes will not be updated to the database on the other DNS servers on the web. That is, your updates are likely to not reflect your updates to clients that do not use your configured DNS servers as DNS servers, and it makes no sense for them to update you. */1d; refresh/* defines the refresh rate of the unit, which specifies how long to query a master server from the domain name server to ensure that the data from the server is up-to-date */1h; retry/* above this value is the time interval that specifies the retry in seconds, That is, when the service tries to query on the primary server, and the connection fails, this value specifies how long it will take to retry the */1w from the service; expiry/* above this is used to specify from the server after the failure of the primary service update failed after the corresponding record, the above value is in minutes */3h)/* The above data is used to specify the buffer server can not contact the main service for how long to clear the corresponding record * *

@ in NS ns.app.com.
Ns.app.com. In A 192.168.199.61
Www.app.com. In A 192.168.199.60
Mail.app.com. In MX 5 ns.app.com.
Nginx1 in CNAME www

/* The first column above indicates the name of the host, eliminating the subsequent domain. NS: Indicates that the host is a domain name server, a: Defines a record, that is, the host name to the IP address of the corresponding record MX defines a message record CNAME: Defines an alias for the corresponding host

Vim/var/named/199.168.192.zone

/* The meanings of the keywords above are the same as app.com in NS ns.app.com.
In PTR ns.app.com.
In PTR www.app.com.
In PTR nginx1.app.com.
/* The second column above represents the host's IP address. The Network Address section is omitted. As 61 complete should be: 192.168.199.61

PTR: Indicates that the last column of the reverse record represents the domain name of the host.

Syntax Detection:

Named-checkconf/etc/named.conf #配置文件检测

Named-checkzone App.com/var/named/app.com.zone #zone文件检测

Firewall settings:

Vim/etc/sysconfig/iptables #配置防火墙端口

-ainput-m State--state new-m tcp-p TCP--dport 53-j ACCEPT

-ainput-m State--state new-m udp-p UDP--dport 53-j ACCEPT

-ainput-m State--state new-m tcp-p TCP--dport 953-j ACCEPT

Client testing:

# cat/etc/resolv.conf
NameServer 192.168.199.61

# Yum Install Bind-utils

Nslookup

Dig

Host

Troubleshooting

# tail-f/var/log/messages | grep named
# Service named restart

Zone xxx.xxx/in:loading from master file xxx.xxx.xxx Failed:permission denied
named[4089]: Zone Xxx.xxx/in:not loaded due to errors.

This error is reported because the named service is running through the named user and does not have permission to read the configuration file under/var/named

Execute chmod +r/var/named/* to

Reference:

Build DNS server and configuration file (named.conf) under Linux

Error collection

Construction of DNS server in Centos6.4 environment

Centos 6 DNS Server Configuration