Redhat 6.4 用bind 搭建DNS服务器

有时候本地架设一个dns 服务器很有用，因为做实验用到了srv 记录hosts 文件貌似实现不了，用bind 架设一台dns 服务器

1 Redhat 6.4 安装光盘插入光驱
2 安装上bind 服务
[root@kerberos /]# cd /media/RHEL_6.4\x86_64\ Disc\ 1/Packages/
[root@kerberos Packages]# find  -name'*bind*'   #查找bind 的安装包 安装上
[root@kerberos Packages]# rpm -ivhbind-9.8.2-0.17.rc1.el6.x86_64.rpm
[root@kerberos Packages]# rpm -ivhbind-chroot-9.8.2-0.17.rc1.el6.x86_64.rpm
3 编辑named.conf 文件
[root@kerberos /]#vi /etc/named.conf

//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {       #listen-on port 53 { 127.0.0.1; };       #listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };         #允许其他主机查询        recursion yes;        dnssec-enable yes;        dnssec-validation yes;        dnssec-lookaside auto;                bindkeys-file "/etc/named.iscdlv.key";        managed-keys-directory "/var/named/dynamic";};logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };};zone "." IN {        type hint;        file "named.ca";};zone "example.com" IN {                 #域        type master;                    file "named.example.com";     #档案放在这里 };include "/etc/named.rfc1912.zones";include "/etc/named.root.key";4  正解数据库档案的设定   [root@kerberos /]# vi  var/named/named.example.com # 与整个领域相关性较高的设定包括 NS, A, MX, SOA 等标志的设定处 $TTL 600@      IN SOA master.example.com. root(2015032209 3H 15M 1W 1D)@      IN NS master.example.com.master.example.com.  IN A 190.111.112.50# 其他几部主机的主机名正解设定 kerberos.example.com. IN A 190.111.112.50nfss.example.com.  IN A 190.111.112.60nfsc.example.com. IN A 190.111.112.61_kerberos-master._udp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com._kerberos-master._tcp.EXAMPLE.COM. SRV 0 0 88 kerberos.example.com.5 放开防火墙[root@kerberos /]# vi etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 1011 -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 1012 -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 1011 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT[root@kerberos /]# 6重启服务[root@kerberos /]# service named restartStopping named:  OK Generating /etc/rndc.key:dns卡在这里 6 修改named 文件[root@kerberos /]# cat etc/init.d/named  if [ ! -s /etc/rndc.key ]; then    # Generate rndc.key if doesn't exist    echo -n $"Generating /etc/rndc.key:"   #if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then    if /usr/sbin/rndc-config -r /dev/urandom -a >/dev/null 2>&1;then      chmod 640 /etc/rndc.key      chown root.named /etc/rndc.key      [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key      success $"/etc/rndc.key generation"      echo    else      failure $"/etc/rndc.key generation"      echo    fi  fi  # Handle -c option7 再次重启服务[root@kerberos /]# service named restartStopping named: OK