Redhat 6.4 bindによるDNSサーバの構築

5149 ワード

dnsサーバをローカルに架設するのに役立つ場合があります.srv記録hostsファイルを実験的に使用すると実現できないようです.bindでdnsサーバ1 Redhat 6.4を架設します.インストールディスク挿入オプティカル(光学式)ドライブ2をインストールしてbindサービスをインストールします[root@kerberos/]# cd/media/RHEL_6.4\x86_64\Disc\1/Packages/[root@kerberosPackages]#find-name'*bind*'#bindのインストールパッケージを検索[root@kerberos Packages]# rpm -ivhbind-9.8.2-0.17.rc1.el6.x86_64.rpm [root@kerberos Packages]# rpm -ivhbind-chroot-9.8.2-0.17.rc1.el6.x86_64.rpm 3編集named.confファイル[root@kerberos/]#vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//



options {

       #listen-on port 53 { 127.0.0.1; };

       #listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };         #        

        recursion yes;



        dnssec-enable yes;

        dnssec-validation yes;

        dnssec-lookaside auto;



        

        bindkeys-file "/etc/named.iscdlv.key";



        managed-keys-directory "/var/named/dynamic";

};



logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};



zone "." IN {

        type hint;

        file "named.ca";

};

zone "example.com" IN {                # 

        type master;            

        file "named.example.com";    #      

 };

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";



4             [root@kerberos /]# vi  var/named/named.example.com 
#                 NS, A, MX, SOA        
 $TTL 600

@      IN SOA master.example.com. root(2015032209 3H 15M 1W 1D)

@      IN NS master.example.com.

master.example.com.  IN A 190.111.112.50

#               
 kerberos.example.com. IN A 190.111.112.50

nfss.example.com.  IN A 190.111.112.60

nfsc.example.com. IN A 190.111.112.61

_kerberos-master._udp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com.

_kerberos-master._tcp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com.



5      

[root@kerberos /]# vi etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 1011 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 1012 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 1011 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

[root@kerberos /]# 



6    

[root@kerberos /]# service named restart

Stopping named:  OK 

Generating /etc/rndc.key:dns

     









6   named   

[root@kerberos /]# cat etc/init.d/named 

 if [ ! -s /etc/rndc.key ]; then

    # Generate rndc.key if doesn't exist

    echo -n $"Generating /etc/rndc.key:"

   #if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then

    if /usr/sbin/rndc-config -r /dev/urandom -a >/dev/null 2>&1;then

      chmod 640 /etc/rndc.key

      chown root.named /etc/rndc.key

      [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key

      success $"/etc/rndc.key generation"

      echo

    else

      failure $"/etc/rndc.key generation"

      echo

    fi

  fi



  # Handle -c option


7       

[root@kerberos /]# service named restart

Stopping named: OK