Basic DNS installation under CentOS-5.6-x86_64-bin
1. Installation
### Note: System OS: CentOS-5.6-x86_64-bin-DVD-1of2
# Yum install-y bind-chroot ypbind bind-utils
# Rpm-qa | grep bind
Bind-libs-9.3.6-16.P1.el5
Bind-utils-9.3.6-16.P1.el5
Ypbind-1.19-12.el5_6.1
Bind-9.3.6-16.P1.el5
Bind-chroot-9.3.6-16.P1.el5
# Yum install-y caching-nameserver-9.3. * // you can start named after installation
# Service named start
# Netstat-antup // TCP 53 \ 953 port open, 953 provided to rndc tool for managing DNS servers
2. Master region Configuration
# Cd/var/named/chroot/etc // The following operations are performed in this path
# Cp-p named. caching-nameserver.conf named. conf // note that the group to which-p is added remains unchanged
# Cp-p named. rfc1912.zones named. rfc1912.zones _ back
# Vim named. conf
### Configuration content:
Options {
Listen-on port 53 {any ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named ";
Dump-file "/var/named/data/cache_dump.db ";
Statistics-file "/var/named/data/named_stats.txt ";
Memstatistics-file "/var/named/data/named_mem_stats.txt ";
// Those options shocould be used carefully because they disable port
// Randomization
// Query-source port 53;
// Query-source-v6 port 53;
Allow-query {any ;};
Allow-query-cache {any ;};
};
Logging {
Channel default_debug {
File "data/named. run ";
Severity dynamic;
};
};
View localhost_resolver {
Match-clients {any ;};
Match-destinations {any ;};
Recursion yes;
Include "/etc/named. rfc1912.zones ";
};
### End ###
# Vim named. rfc1912.zones
### Configuration content:
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "laowafang.com" IN {
Type master;
File "laowafang.com. zone ";
Allow-update {none ;};
};
Zone "113.168.192.in-addr. arpa" IN {
Type master;
File "laowafang.com. local ";
Allow-update {none ;};
};
### End ###
3. region file configuration
# Cd/var/named/chroot/var/named // The following operations are performed in this path
# Cp-p localhost. zone laowafang.com. zone // copy the forward Object
# Cp-p named. local laowafang.com. local // copy the reverse File
# Vim laowafang.com. zone
### Configuration content:
$ TTL 86400
@ In soa @ root (
42; serial (d. adams)
3 H; refresh
15 M; retry
1 W; expiry
1D); minimum
In ns dns.laowafang.com.
In mx 10 mail.laowafang.com.
Www1 in a 192.168.113.104
Www2 in a 192.168.113.105
Www in cname www1.laowafang.com.
### End ###
# Vim laowafang.com. local
### Configuration content:
$ TTL 86400
@ In soa dns.laowafang.com. root.laowafang.com .(
1997022700; Serial
28800; Refresh
14400; Retry
3600000; Expire
86400); Minimum
In ns dns.laowafang.com.
104 in ptr www1.laowafang.com.
105 in ptr www2.laowafang.com.
### End ###
# Ln-s/var/named/chroot/etc/named. conf/etc // create a soft connection
# Ll/etc/name * // check whether the connection is successfully created
# Service named restart
# Tail/var/log/messages // check whether the log has running and is started successfully
4. Test
# Nslookup // use the client for forward test Parsing
[Root @ dnsmaster etc] # nslookup
> Server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1 #53
> Www1.laowafang.com
Server: 127.0.0.1
Address: 127.0.0.1 #53
Name: www1.laowafang.com // forward resolution successful
Address: 192.168.113.104
> Www2.laowafang.com
Server: 127.0.0.1
Address: 127.0.0.1 #53
Name: www2.laowafang.com
Address: 192.168.113.105
> 192.168.113.104 // reverse resolution successful
Server: 127.0.0.1
Address: 127.0.0.1 #53
104.113.168.192.in-addr. arpa name = www1.laowafang.com.
> 192.168.113.105
Server: 127.0.0.1
Address: 127.0.0.1 #53
105.113.168.192.in-addr. arpa name = www2.laowafang.com.
5. Use the rndc Tool
Rndc allows you to update data without stopping the DNS server so that the configuration takes effect. 953 provide rndc tools to manage DNS servers.
# Rndc-confgen>/etc/rndc. conf // production configuration file
### Configuration content:
# Start of rndc. conf
Key "rndckey "{
Algorithm hmac-md5;
Secret "xO/qxwFJjYE41OrsbEAexQ = ";
};
Options {
Default-key "rndckey ";
Default-server 127.0.0.1;
Default-port 953;
};
# End of rndc. conf
# Use with the following in named. conf, adjusting the allow list as needed:
# Key "rndckey "{
# Algorithm hmac-md5;
# Secret "xO/qxwFJjYE41OrsbEAexQ = ";
#};
#
# Controls {
# Inet 127.0.0.1 port 953
# Allow {127.0.0.1;} keys {"rndckey ";};
#};
# End of named. conf
### End ###
# Vim/etc/named. conf // copy the content with # comments to the end of named. conf
### Add the following content:
### Rndc. conf 2011-08-26 ###
Key "rndckey "{
Algorithm hmac-md5;
Secret "xO/qxwFJjYE41OrsbEAexQ = ";
};
Controls {
Inet 127.0.0.1 port 953
Allow {127.0.0.1;} keys {"rndckey ";};
};
### Configure end ###
### End ###
# Service named restart
# Rndc reload // After modifying the. zone file, use the rndc tool to load the file. You can check Part 4 for testing.
6. Secondary DNS
Note: The installation content is the same as that of the primary DNS.
# Scp-p 22 root@192.168.113.100:/var/named/chroot/etc/*. // copy the configuration file of the primary DNS server to the secondary DNS
# Chown root. named/var/named/chroot/etc/named. conf // modify its permissions
Note: The above operations are performed on the secondary DNS
(1) modify the configuration file of the primary DNS Server
# Vim/etc/named. rfc1912.zones
### Configuration content:
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "laowafang.com" IN {
Type master;
File "laowafang.com. zone ";
Allow-update {none ;};
Allow-transfer {192.168.113.101 ;}; // note {space 192.168.113.101; space} semicolon
Also-policy {192.168.113.101 ;};
};
Zone "113.168.192.in-addr. arpa" IN {
Type master;
File "laowafang.com. local ";
Allow-update {none ;};
Allow-transfer {192.168.113.101 ;};
Also-policy {192.168.113.101 ;};
};
### End ###
(2) modify the configuration file of the secondary DNS Server
# Vim/etc/named. rfc1912.zones
### Configuration content:
Zone "." IN {
Type hint;
File "named. ca ";
};
Zone "laowafang.com" IN {
Type slave;
File "slaves/laowafang.com. zone ";
Masters {192.168.113.100 ;};
};
Zone "113.168.192.in-addr. arpa" IN {
Type slave;
File "slaves/laowafang.com. local ";
Masters {192.168.113.100 ;};
};
### End ###
# Ln-s/var/named/chroot/etc/named. conf/etc // create a soft connection
# Ll/etc/name * // check whether the connection is successfully created
# Service named restart
# Tail/var/log/messages // check whether the log has running and is started successfully
# Ls/var/named/chroot/var/named/slaves // check whether regional files are synchronized
7. Notes
(1) Note the permission of the/var/named/chroot/etc/named. conf file: root. named
(2) the working directory is not writable. You can try to solve the problem by adding permissions:
# Chmod g + w/var/named/chroot/var/named
(3) The serial value must be changed to 42 +
This article is from the "old wafang" blog