Redhat 6.4 bindによるDNSサーバの構築
5149 ワード
dnsサーバをローカルに架設するのに役立つ場合があります.srv記録hostsファイルを実験的に使用すると実現できないようです.bindでdnsサーバ1 Redhat 6.4を架設します.インストールディスク挿入オプティカル(光学式)ドライブ2をインストールしてbindサービスをインストールします[root@kerberos/]# cd/media/RHEL_6.4\x86_64\Disc\1/Packages/[root@kerberosPackages]#find-name'*bind*'#bindのインストールパッケージを検索[root@kerberos Packages]# rpm -ivhbind-9.8.2-0.17.rc1.el6.x86_64.rpm [root@kerberos Packages]# rpm -ivhbind-chroot-9.8.2-0.17.rc1.el6.x86_64.rpm 3編集named.confファイル[root@kerberos/]#vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" IN { #
type master;
file "named.example.com"; #
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
4 [root@kerberos /]# vi var/named/named.example.com
# NS, A, MX, SOA
$TTL 600
@ IN SOA master.example.com. root(2015032209 3H 15M 1W 1D)
@ IN NS master.example.com.
master.example.com. IN A 190.111.112.50
#
kerberos.example.com. IN A 190.111.112.50
nfss.example.com. IN A 190.111.112.60
nfsc.example.com. IN A 190.111.112.61
_kerberos-master._udp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com.
_kerberos-master._tcp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com.
5
[root@kerberos /]# vi etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1011 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 1012 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 1011 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@kerberos /]#
6
[root@kerberos /]# service named restart
Stopping named: OK
Generating /etc/rndc.key:dns
6 named
[root@kerberos /]# cat etc/init.d/named
if [ ! -s /etc/rndc.key ]; then
# Generate rndc.key if doesn't exist
echo -n $"Generating /etc/rndc.key:"
#if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then
if /usr/sbin/rndc-config -r /dev/urandom -a >/dev/null 2>&1;then
chmod 640 /etc/rndc.key
chown root.named /etc/rndc.key
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key
success $"/etc/rndc.key generation"
echo
else
failure $"/etc/rndc.key generation"
echo
fi
fi
# Handle -c option
7
[root@kerberos /]# service named restart
Stopping named: OK