今天
网络安全折腾linux又折腾了一天。心情不好,做什么都不顺利。今天做的事DNS的搭建,原本很简单的东西却做了一天。累。以下是步奏。做个记录。想学的朋友也可以动手试试。
一、 安装
[root@localhost ~]# rpm -q bind
[root@localhost /]# cd /media/Fedora/ 8/ i386/ DVD/Packages/
[root@localhost Packages]# find . -name “bind*”
bind-9.5.0-16.a6.fc8.i386.rpm
bind-chroot-9.5.0-16.a6.fc8.i386.rpm
bind-libs-9.5.0-16.a6.fc8.i386.rpm
bind-utils-9.5.0-16.a6.fc8.i386.rpm
BIND程序的虚拟目录是/var/named/chroot/
如:/etc/named.conf其实就是 /var/named/chroot/etc/named.conf
如:/var/named/其真正的路径是/var/named/chroot/ var/named/
[root@localhost Packages]# rpm -ivh bind-libs-9.5.0-16.a6.fc8.i386.rpm
warning: bind-libs-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
package bind-libs-9.5.0-16.a6.fc8 is already installed
[root@localhost Packages]# rpm -ivh util-linux-ng-2.13-3.fc8.i386.rpm
warning: util-linux-ng-2.13-3.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
package util-linux-ng-2.13-3.fc8 is already installed
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
libmysqlclient.so.15 is needed by bind-9.5.0-16.a6.fc8.i386
libmysqlclient.so.15(libmysqlclient_15) is needed by bind-9.5.0-16.a6.fc8.i386
libodbc.so.1 is needed by bind-9.5.0-16.a6.fc8.i386
libpq.so.5 is needed by bind-9.5.0-16.a6.fc8.i386
mysql is needed by bind-9.5.0-16.a6.fc8.i386
postgresql is needed by bind-9.5.0-16.a6.fc8.i386
unixODBC is needed by bind-9.5.0-16.a6.fc8.i386
[root@localhost Packages]# rpm -ivh mysql-libs-5.0.45-4.fc8.i386.rpm
warning: mysql-libs-5.0.45-4.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:mysql-libs ########################################### [100%]
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
libodbc.so.1 is needed by bind-9.5.0-16.a6.fc8.i386
libpq.so.5 is needed by bind-9.5.0-16.a6.fc8.i386
mysql is needed by bind-9.5.0-16.a6.fc8.i386
postgresql is needed by bind-9.5.0-16.a6.fc8.i386
unixODBC is needed by bind-9.5.0-16.a6.fc8.i386
[root@localhost Tuxtools]# rpm -ivh unixODBC-2.2.12-5.fc8.i386.rpm
warning: unixODBC-2.2.12-5.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:unixODBC ########################################### [100%]
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
libpq.so.5 is needed by bind-9.5.0-16.a6.fc8.i386
mysql is needed by bind-9.5.0-16.a6.fc8.i386
postgresql is needed by bind-9.5.0-16.a6.fc8.i386
[root@localhost Tuxtools]# rpm -ivh postgresql-libs-8.2.7-1.fc8.i386.rpm
warning: postgresql-libs-8.2.7-1.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:postgresql-libs ########################################### [100%]
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
mysql is needed by bind-9.5.0-16.a6.fc8.i386
postgresql is needed by bind-9.5.0-16.a6.fc8.i386
[root@localhost Tuxtools]# rpm -ivh postgresql-8.2.7-1.fc8.i386.rpm
warning: postgresql-8.2.7-1.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:postgresql ########################################### [100%]
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
mysql is needed by bind-9.5.0-16.a6.fc8.i386
[root@localhost Packages]# rpm -ivh mysql-5.0.45-4.fc8.i386.rpm(如果这个安装不上的他会有个提示有依赖关系 rpm -ivh perl-DBI-1.58-2.FC8.I386.rpm)
warning: mysql-5.0.45-4.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:mysql ########################################### [100%]
[root@localhost Packages]# rpm -ivh bind-9.5.0-16.a6.fc8.i386.rpm
warning: bind-9.5.0-16.a6.fc8.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing… ########################################### [100%]
1:bind ########################################### [100%]
[root@localhost ~]# rpm -q bind
bind-9.5.0-16.a6.fc8
二、 安装完毕后启动DNS服务器并测试回环
[root@localhost etc]# /etc/rc.d/init.d/named start
启动 named: [确定]
[root@localhost etc]# nslookup
> localhost
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: localhost
Address: 127.0.0.1
> 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
> exit
[root@localhost etc]# /etc/rc.d/init.d/named stop
停止 named: [确定]
三、 修改网络配置脚本文件(/etc/sysconfig/network-scripts/ifcfg-eth0):
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
修改后
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29:65:21:05
BROADCAST=192.168.1.255
IPADDR=192.168.1.6
NETMASK=255.255.255.0
NETWORK=192.168.1.1
ONBOOT=yes
四、 修改本机域名服务器IP地址(/etc/resolv.conf):
domain 91ri.org
nameserver 192.168.1.6
演示文档/usr/share/doc/bind-9.5.0/sample
[root@localhost etc]# cp named.conf named.conf.old
修改named.conf文件(/etc/named.conf):
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
Fedora 8中,默认仅仅在回环地址127.0.0.1和::1(IPV6的回环地址)上打开53端口,如果希望在所有地址上都打开53端口,则应该修改成:
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { localhost; };
Fedora 8中的DNS服务器默认只允许127.0.0.1这个客户端(即本机)发起查询,一般我们需要允许所有人查询,则因该修改成:
allow-query { any; };
五、 设置主区域(/etc/named.conf):
为了配置的方便和减少出错我们从系统(127.0.0.1)回环/etc/named.rfc1912.zones文件复制到named.conf文件并修改,将以下从named.rfc1912.zones文件复制
zone “localhost” IN {
type master; 注:type和file是两个必选项,type项用于指明区域类型(master,slave,stub,forward,hint)
file “named.localhost”; 注:用于指明区域文件的名字
allow-update { none; }; 注:不允许区域复制,
};
zone “1.0.0.127.in-addr.arpa” IN {
type master;
file “named.loopback”;
allow-update { none; };
};
修改成
zone “91ri.org” IN {
type master;
file “91ri.org.zone”;
allow-update { none; };
};
zone “1.168.192.in-addr.arpa” IN {
type master;
file “1.168.192.arpa”;
allow-update { none; };
};
六、 建立区域文件在(/var/named):
[root@localhost ~]# cd /var/named/
为了配置方便和减少出错我们复制系统(127.0.0.1)回环文件(正向区域文件/var/named/named.localhost拟向区域文件/var/named/named.loopback)
[root@localhost named]# cp named.localhost 91ri.org.zone
[root@localhost named]# cp named.loopback 1.168.192.arpa
91ri.org.zone原文件内容
$TTL 1D
@ IN SOA @ rname.invalid. ( 注:授权开始,指定名字服务器
0 ; serial添加修改时相应的序列号
1D ; refresh是SOA信息的刷新时间间隔
1H ; retry是与授权服务器联系的频率
1W ; expire是从服务器保存有关区域信息,而不更新它的时间间隔
3H ) ; minimum是区域中记录存活的时间
NS @ 注:本域授权名字服务器
A 127.0.0.1 注:主机地址,映射主机名字到IP地址
AAAA ::1
91ri.org.zone修改后的文件内容
$TTL 1D
91ri.org. IN SOA dns.91ri.org. admin.91ri.org. (
2008041201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
91ri.org. IN NS dns.91ri.org.
dns.91ri.org. IN A 192.168.1.6
www.91ri.org. IN A 192.168.1.6
bbs.91ri.org. IN A 192.168.1.6
blog.91ri.org. IN A 192.168.1.6
mail.91ri.org. IN A 192.168.1.6
91ri.org. IN MX 10 mail.91ri.org.
aaa.91ri.org IN CNAME www.91ri.org.
1.168.192.arpa原文件内容
$TTL 1D
@ IN SOA @ rname.invalid. (
0; serial添加修改时相应的序列号
1D; refresh是SOA信息的刷新时间间隔
1H; retry是与授权服务器联系的频率
1W; expire是从服务器保存有关区域信息,而不更新它的时间间隔
3H ); minimum是区域中记录存活的时间
NS @
PTR localhost. 注:指针记录,执行逆向域名访问,映射IP地址到主机名
1.168.192.arpa修改后的文件内容
$TTL 1D
1.168.192.in-addr.arpa. IN SOA dns.91ri.org. admin.91ri.org. (
2008041201 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
1.168.192.in-addr.arpa. IN NS dns.91ri.org.
6 IN PTR dns.91ri.org.
6 IN PTR www.91ri.org.
6 IN PTR bbs.91ri.org.
6 IN PTR blog.91ri.org.
6 IN PTR mail.91ri.org.
七、 修改文件所属组:
[root@localhost named]# chgrp named 91ri.org.zone
[root@localhost named]# chgrp named 1.168.192.arpa
[root@localhost ~]# /etc/rc.d/init.d/named start
启动 named: [确定]
八、 测试
[root@localhost ~]# nslookup
> localhost
Server: 192.168.1.6
Address: 192.168.1.6#53
Name: localhost
Address: 127.0.0.1
> 127.0.0.1
Server: 192.168.1.6
Address: 192.168.1.6#53
1.0.0.127.in-addr.arpa name = localhost.
> www.91ri.org 注:测试主机地址A资源记录
Server: 192.168.1.6
Address: 192.168.1.6#53
Name: www.91ri.org
Address: 192.168.1.6
> dns.91ri.org
Server: 192.168.1.6
Address: 192.168.1.6#53
Name: dns.91ri.org
Address: 192.168.1.6
> 192.168.1.6 注:测试反向解析指针PTR资源记录
Server: 192.168.1.6
Address: 192.168.1.6#53
6.1.168.192.in-addr.arpa name = www.91ri.org.
6.1.168.192.in-addr.arpa name = bbs.91ri.org.
6.1.168.192.in-addr.arpa name = blog.91ri.org.
6.1.168.192.in-addr.arpa name = dns.91ri.org.
> set type=ns 注:测试名称服务器NS资源记录
> 91ri.org
Server: 192.168.1.6
Address: 192.168.1.6#53
91ri.org nameserver = dns.91ri.org.
> set type=mx 注:测试邮件交换器MX资源记录
> 91ri.org
Server: 192.168.1.6
Address: 192.168.1.6#53
91ri.org mail exchanger = 10 mail.91ri.org.
> set type=soa 注:测试起始授权机构SOA资源记录
> 91ri.org
Server: 192.168.1.6
Address: 192.168.1.6#53
91ri.org
origin = dns.91ri.org
mail addr = admin.91ri.org
serial = 2008041201
refresh = 86400
retry = 3600
expire = 604800
minimum = 10800
> set type=cname 注:测试别名CNAME资源记录
> aaa.91ri.org
Server: 192.168.1.6
Address: 192.168.1.6#53
aaa.91ri.org.91ri.org canonical name = www.91ri.org.
> exit
九、 关闭服务
[root@localhost ~]# /etc/rc.d/init.d/named stop
停止 named:
注意:BIND程序的虚拟目录是/var/named/chroot/
如:/etc/named.conf其实就是 /var/named/chroot/etc/named.conf
如:/var/named/其真正的路径是/var/named/chroot/ var/named/
