linux下智能DNS配置过程(1)(2)

channel general_dns

{ file "/var/log/named/dns_logs" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone "." {

type hint;

file "named.root";

};

acl "CNC" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

注：这些根据情况输入IP地址段

};

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

添加完成后，保存。

三、更新根区文件：

# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

创建PID和日志文件：

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key：

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注释

运行测试：

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

状态检查：

# /usr/local/named/sbin/rndc status

四、建立启动脚本：

# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# named a network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo "Restart BIND9 server"

stop

sleep 10

start

;;

*)

echo " start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on

五、添加一个NS

在域名的管理网站上，设定NS服务器为你安装的DNS