网络环境:一条移动线路,一条连通线路。
主DNS配置:SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
主DNS:192.168.1.250SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
创建控制密匙:
|
0 1 2 3 4 |
[root@ns1 ~]#rndc-confgen -a [root@ns1 ~]#rndc-confgen -a -c /var/named/cnc.key -k liantong [root@ns1 ~]#rndc-confgen -a -c /var/named/cmcc.key -k yidong [root@ns1 ~]#rndc-confgen -a -c /var/named/chinanet.key -k chinanet [root@ns1 ~]#rndc-confgen -a -c /var/named/any.key -k any |
修改密匙权限:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
[root@ns1 named]# chown named:named cmcc.key [root@ns1 named]# chown named:named cnc.key [root@ns1 named]# chown named:named chinanet.key [root@dns1 data]# vi /var/named/chroot/etc/named.conf // named.conf options { listen-on port 53 { 192.168.1.0/24; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-transfer { 192.168.1.251; }; allow-query { 192.168.1.0/24; }; datasize 100M; recursion yes; version "1.1.1"; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
[root@dns1 data]# vi /etc/named.rfc1912.zonesSourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
// named.rfc1912.zones: acl internal { 192.168.1.0/24; 127.0.0.0/8; }; acl external { !192.168.1.0/24; any; }; view "CNC" { match-clients { CNC; 192.168.1.250; 联通DNS; }; server 192.168.1.250 { keys liantong; }; # server 192.168.1.251 { keys liantong; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; }; view "CMCC" { match-clients { CMCC; 192.168.1.251; 移动DNS; }; # server 192.168.1.250 { keys yidong; }; server 192.168.1.251 { keys yidong; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; }; view "LOCAL" { match-clients { internal; }; server 192.168.1.250 { keys any; }; server 192.168.1.251 { keys any; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; zone "t4x.org" IN { type master; file "t4x.org.zone"; allow-transfer { 192.168.1.251; }; }; zone "28.172.in-addr.arpa" { type master; file "172.28.zone"; allow-transfer { 192.168.1.251; }; }; zone "games.qq.com" IN { type master; file "urlfilter.zone"; allow-transfer { 192.168.1.251; }; }; }; view "EXNET" { match-clients { any; }; recursion no; zone "." IN { type hint; file "named.ca"; }; }; include "/var/named/cnc_acl.conf"; include "/var/named/cmcc_acl.conf"; include "/var/named/cnc.key"; include "/var/named/cmcc.key"; include "/var/named/any.key"; |
从DNS配置:SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
从DNS:192.168.1.251
[root@ns2 ~]#rndc-confgen -a
[root@ns2 ~]#rndc-confgen -a -c /var/named/cnc.key -k liantong
[root@ns2 ~]#rndc-confgen -a -c /var/named/cmcc.key -k yidong
[root@ns2 ~]#rndc-confgen -a -c /var/named/chinanet.key -k chinanet
[root@ns2 ~]#rndc-confgen -a -c /var/named/any.key -k any
cnc.key、cmcc.key密匙必须相同,可以使用vim去修改相关密匙
[root@ns2 named]# vi /var/named/chroot/etc/named.conf
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
// // named.conf // options { listen-on port 53 { 192.168.1.0/24; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 192.168.1.0/24; }; datasize 100M; recursion yes; version "1.1.1"; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel gsquery { file "data/query.log" versions 3 size 20m; severity info; print-time yes; print-category yes; print-severity yes; }; category queries { gsquery; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; |
[root@ns2 named]# vi /etc/named.rfc1912.zones
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
// named.rfc1912.zones acl internal { 192.168.1.0/24; 127.0.0.0/8; }; acl external { !192.168.1.0/24; any; }; view "CMCC" { match-clients { CMCC; 192.168.1.251; 移动DNS; }; server 192.168.1.251 { keys yidong; }; # server 192.168.1.250 { keys yidong; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; }; view "CNC" { match-clients { CNC; 192.168.1.250; 联通DNS; }; # server 192.168.1.251 { keys liantong; }; server 192.168.1.250 { keys liantong; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; }; view "LOCAL" { match-clients { internal; }; server 192.168.1.251 { keys any; }; server 192.168.1.250 { keys any; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; zone "t4x.org" IN { type slave; file "slaves/t4x.org.zone"; masters { 192.168.1.250; }; }; zone "28.172.in-addr.arpa" { type slave; file "slaves/172.28.zone"; masters { 192.168.1.250; }; }; }; view "EXNET" { match-clients { any; }; recursion no; zone "." IN { type hint; file "named.ca"; }; }; include "/var/named/cnc_acl.conf"; include "/var/named/cmcc_acl.conf"; include "/var/named/cnc.key"; include "/var/named/cmcc.key"; include "/var/named/any.key"; |
未完待续SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
申明:本文由BYRD原创(基于Centos6.4 X64),未经许可禁止转载!SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/ SourceByrd's Weblog-https://note.t4x.org/system/bind-configuring-advanced/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
