Full Bind configuration under CentOS6.4

Full Bind configuration under CentOS6.4

First, you must install the Centos operating system successfully. The latest version is Centos 6.4, minimizing installation.

[Root @ localhost named] # ifconfig-

Eth1 Link encap: Ethernet HWaddr 00: 15: 5D: 01: 69: 2C
Inet addr: 192.168.1.20.bcast: 192.168.1.255 Mask: 255.255.255.0
Inet6 addr: f180: 225: 5cff: fe01: 691c/64 Scope: Link
Up broadcast running multicast mtu: 1500 Metric: 1
RX packets: 10252 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 5782 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 FIG: 1000
RX bytes: 9993401 (9.5 MiB) TX bytes: 471402 (460.3 KiB)

Lo Link encap: Local Loopback
Inet addr: 127.0.0.1 Mask: 255.0.0.0
Inet6 addr: 1/128 Scope: Host
Up loopback running mtu: 16436 Metric: 1
RX packets: 21 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 21 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 txqueuelen: 0
RX bytes: 1944 (1.8 KiB) TX bytes: 1944 (1.8 KiB)

You can see that the local Nic is eth1 and lookback, and edit eth1 Nic.

[Root @ localhost named] # vi/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE = eth1 # Nic DEVICE name
BOOTPROTO = static # static IP
IPADDR = 192.168.1.133 # static IP Address
NETMASK = 255.255.255.0 # Subnet Mask
GATEWAY = 192.168.1.1 # GATEWAY

If the configuration is correct, you can access the Internet now. ping An IP address to test. However, domain name resolution fails, so you need to set the local dns.
[Root @ localhost named] # vi/etc/resolv. conf

Content:

Nameserver 8.8.8.8 # DNS Server
Nameserver 8.8.4.4 # backup DNS Server

Now, the network has been configured. Let's start the bind configuration journey!

[Root @ localhost ~] # Yum install bind
Downloading Packages:
(1/4): bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 4.0 MB
(2/4): bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 71 kB
(3/4): bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 890 kB
(4/4): bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm | 181 kB
[Root @ localhost ~] # Service named restart
Stop named [OK]
Generating/etc/rndc. key:
In the new window, enter:
[Root @ localhost ~] # Rndc-confgen-r/dev/urandom-
Wrote key file "/etc/rndc. key"
[Root @ localhost ~] # Service named restart
Stop named [OK]
Start named [OK]
[Root @ localhost ~] #
When bind-chroot is installed, the configuration file is saved in the/var/named/chroot/etc/directory.
[Root @ localhost ~] # Cd/var/named/chroot/etc/
[Root @ localhost etc] # vi named. conf
The configuration file of named. conf is as follows:

//
// Named. conf
//
// Provided by Red Hat bind package to configure the isc bind named (8) DNS
// Server as a caching only nameserver (as a localhost DNS resolver only ).
//
// See/usr/share/doc/bind */sample/for example named configuration files.
//

Options {
Listen-on port 53 {any ;};
Listen-on-v6 port 53 {: 1 ;};
Directory "/var/named"; # server working directory, relative path of the configuration file
Dump-file "/var/named/data/cache_dump.db"; # The default server stores database files.
Statistics-file "/var/named/data/named_stats.txt"; # default statistics path
Memstatistics-file "/var/named/data/named_mem_stats.txt"; # default memory usage statistics file
Allow-query {any ;}; # queryable host
Allow-query-cache {any ;}; # cache
Recursion yes; # Whether recursive queries are allowed
Dnssec-enable yes;
Dnssec-validation yes;
Dnssec-lookaside auto;

/* Path to isc dlv key */
Bindkeys-file "/etc/named. iscdlv. key ";

Managed-keys-directory "/var/named/dynamic ";
};

// Logging {
// Channel default_debug {
// File "data/named. run ";
// Severity dynamic;
//};
//};
Logging {
Channel default_debug {
File "data/named. run ";
Severity dynamic;
};
Channel gsquery {
File "data/query. log" versions 3 size 20 m;
Severity info;
Print-time yes;
Print-category yes;
Print-severity yes;
};
Category queries {gsquery ;};
};

Zone "." IN {
Type hint;
File "named. ca ";
};

Include "/etc/named. rfc1912.zones ";
Include "/etc/named. root. key ";

At this point, the DNS server can basically run. Oh, don't forget to change/etc/resolv. conf to the IP address of your server !~ Create a domain and a domain file.

You can directly modify named. conf or create it under named. rfc1912.zones. I like to create it under named. rfc1912.zones.

[Root @ localhost etc] # vi/var/named/chroot/etc/named. rfc1912.zones
OR
[Root @ localhost etc] # vi/etc/named. rfc1912.zones

Can be modified. We create an a.com domain.

Zone "a.com" IN {
Type master;
File "a.com. zone ";
Allow-update {none ;};
};

Then
[Root @ localhost etc] # cd/var/named/chroot/var/named/
OR
[Root @ localhost etc] # cd/var/named/
Create a forward region file named a.com. zone.
[Root @ localhost named] # vi/var/named/a.com. zone
The contents of a.com. zone are as follows:

$ TTL 1D
$ TTL 600
@ In soa ns.a.com admin.a.com .(
0; serial
1D; refresh
1 H; retry
1 W; expire
3 H); minimum
In ns ns
In a 192.168.1.250
In aaaa: 1
Www in a 192.168.1.191
Ns in a 192.168.1.250
Qwer in a 4.3.2.1

Pay attention to the second line !! @ In soa a.com admin.a.com. Is very important !~
Then, create a reverse region file.
First, create a reverse region in named. rfc1912.zones.

Zone "a.com" IN {# This is positive
Type master;
File "a.com. zone ";
Allow-update {none ;};
};
Zone "1.168.192.in-addr. arpa" IN {# This is reverse
Type master;
File "192.168.1.zone ";
Allow-update {none ;};
};

Then create a file named 192.168.1.zone.
[Root @ localhost named] # vi/var/named/192.168.1.zone

$ TTL 1D
@ In soa a.com admin.a.com .(
0; serial
1D; refresh
1 H; retry
1 W; expire
3 H); minimum
NS @
A 127.0.0.1
AAAA: 1
250 in ptr ns.a.com.
1.2.3.4 in ptr qwer.a.com.

The basic creation is complete. After testing, the forward and reverse operations are correct. I have referenced many network articles. If I do not list them one by one, the local configuration is successful.

Oh, right. Do not forget to enable the TCP and UDP 53 ports of the firewall !!
[Root @ localhost ~] # Vi/etc/sysconfig/iptables
Add the following content:

-A input-m state -- state NEW-m tcp-p tcp -- dport 53-j ACCEPT
-A input-m state -- state NEW-m udp-p udp -- dport 53-j ACCEPT