详解如何在 CentOS7.0 上搭建DNS 服务器
<p>BIND也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序。这篇文章将要讲述如何在 chroot 监牢中运行 BIND,这样它就无法访问文件系统中除“监牢”以外的其它部分。</p>
<p>
例如,在这篇文章中,我会将BIND的运行根目录改为 /var/named/chroot/。当然,对于BIND来说,这个目录就是 /(根目录)。 “jail”(监牢,下同)是一个软件机制,其功能是使得某个程序无法访问规定区域之外的资源,同样也为了增强安全性(LCTT 译注:chroot “监牢”,所谓“监牢”就是指通过chroot机制来更改某个进程所能看到的根目录,即将某进程限制在指定目录中,保证该进程只能对该目录及其子目录的文件进行操作,从而保证整个服务器的安全)。Bind Chroot DNS 服务器的默认“监牢”为 /var/named/chroot。</p>
<p>
你可以按照下列步骤,在CentOS 7.0 上部署 Bind Chroot DNS 服务器。</p>
<p>
<strong>1、安装Bind Chroot DNS 服务器</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_768806">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># yum install bind-chroot bind -y</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>2、拷贝bind相关文件,准备bind chroot 环境</strong></p>
<p>
</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code85461">
<br>
# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/</div>
<br><p>
</p>
<p>
<strong>3、在bind chroot 的目录中创建相关文件</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_886540">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># touch /var/named/chroot/var/named/data/cache_dump.db</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"></code><code class="bash comments"># touch /var/named/chroot/var/named/data/named_stats.txt</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"></code><code class="bash comments"># touch /var/named/chroot/var/named/data/named_mem_stats.txt</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain"></code><code class="bash comments"># touch /var/named/chroot/var/named/data/named.run</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain"></code><code class="bash comments"># mkdir /var/named/chroot/var/named/dynamic</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain"></code><code class="bash comments"># touch /var/named/chroot/var/named/dynamic/managed-keys.bind</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>4、 将 Bind 锁定文件设置为可写</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_820724">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># chmod -R 777 /var/named/chroot/var/named/data</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"></code><code class="bash comments"># chmod -R 777 /var/named/chroot/var/named/dynamic</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>5、 将 /etc/named.conf 拷贝到 bind chroot目录</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_257672">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># cp -p /etc/named.conf /var/named/chroot/etc/named.conf</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>6、 在/etc/named.conf中对 bind 进行配置。</strong></p>
<p>
在 named.conf 文件尾添加 example.local 域信息, 创建转发域(Forward Zone)与反向域(Reverse Zone)(LCTT 译注:这里example.local 并非一个真实有效的互联网域名,而是通常用于本地测试的一个域名;如果你需要做权威 DNS 解析,你可以将你拥有的域名如这里所示配置解析。):</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_4916">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># vi /var/named/chroot/etc/named.conf</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_557565">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">..</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">..</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">zone "example.local" {</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain spaces"> </code><code class="plain plain">type master;</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain spaces"> </code><code class="plain plain">file "example.local.zone";</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain plain">};</code>
</div>
<div class="line number7 index6 alt2">
</div>
<div class="line number8 index7 alt1">
<code class="plain plain">zone "0.168.192.in-addr.arpa" IN {</code>
</div>
<div class="line number9 index8 alt2">
<code class="plain spaces"> </code><code class="plain plain">type master;</code>
</div>
<div class="line number10 index9 alt1">
<code class="plain spaces"> </code><code class="plain plain">file "192.168.0.zone";</code>
</div>
<div class="line number11 index10 alt2">
<code class="plain plain">};</code>
</div>
<div class="line number12 index11 alt1">
<code class="plain plain">..</code>
</div>
<div class="line number13 index12 alt2">
<code class="plain plain">..</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
named.conf 完全配置如下:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_461071">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
<div class="line number28 index27 alt1">
28</div>
<div class="line number29 index28 alt2">
29</div>
<div class="line number30 index29 alt1">
30</div>
<div class="line number31 index30 alt2">
31</div>
<div class="line number32 index31 alt1">
32</div>
<div class="line number33 index32 alt2">
33</div>
<div class="line number34 index33 alt1">
34</div>
<div class="line number35 index34 alt2">
35</div>
<div class="line number36 index35 alt1">
36</div>
<div class="line number37 index36 alt2">
37</div>
<div class="line number38 index37 alt1">
38</div>
<div class="line number39 index38 alt2">
39</div>
<div class="line number40 index39 alt1">
40</div>
<div class="line number41 index40 alt2">
41</div>
<div class="line number42 index41 alt1">
42</div>
<div class="line number43 index42 alt2">
43</div>
<div class="line number44 index43 alt1">
44</div>
<div class="line number45 index44 alt2">
45</div>
<div class="line number46 index45 alt1">
46</div>
<div class="line number47 index46 alt2">
47</div>
<div class="line number48 index47 alt1">
48</div>
<div class="line number49 index48 alt2">
49</div>
<div class="line number50 index49 alt1">
50</div>
<div class="line number51 index50 alt2">
51</div>
<div class="line number52 index51 alt1">
52</div>
<div class="line number53 index52 alt2">
53</div>
<div class="line number54 index53 alt1">
54</div>
<div class="line number55 index54 alt2">
55</div>
<div class="line number56 index55 alt1">
56</div>
<div class="line number57 index56 alt2">
57</div>
<div class="line number58 index57 alt1">
58</div>
<div class="line number59 index58 alt2">
59</div>
<div class="line number60 index59 alt1">
60</div>
<div class="line number61 index60 alt2">
61</div>
<div class="line number62 index61 alt1">
62</div>
<div class="line number63 index62 alt2">
63</div>
<div class="line number64 index63 alt1">
64</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">//</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">// named.conf</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">//</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain plain">// 由Red Hat提供,将 ISC BIND named(8) DNS服务器 </code>
</div>
<div class="line number5 index4 alt2">
<code class="plain plain">// 配置为暂存域名服务器 (用来做本地DNS解析).</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain plain">//</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain plain">// See /usr/share/doc/bind*/sample/ for example named configuration files.</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain plain">//</code>
</div>
<div class="line number9 index8 alt2">
</div>
<div class="line number10 index9 alt1">
<code class="plain plain">options {</code>
</div>
<div class="line number11 index10 alt2">
<code class="plain spaces"> </code><code class="plain plain">listen-on port 53 { any; };</code>
</div>
<div class="line number12 index11 alt1">
<code class="plain spaces"> </code><code class="plain plain">listen-on-v6 port 53 { ::1; };</code>
</div>
<div class="line number13 index12 alt2">
<code class="plain spaces"> </code><code class="plain plain">directory "/var/named";</code>
</div>
<div class="line number14 index13 alt1">
<code class="plain spaces"> </code><code class="plain plain">dump-file "/var/named/data/cache_dump.db";</code>
</div>
<div class="line number15 index14 alt2">
<code class="plain spaces"> </code><code class="plain plain">statistics-file "/var/named/data/named_stats.txt";</code>
</div>
<div class="line number16 index15 alt1">
<code class="plain spaces"> </code><code class="plain plain">memstatistics-file "/var/named/data/named_mem_stats.txt";</code>
</div>
<div class="line number17 index16 alt2">
<code class="plain spaces"> </code><code class="plain plain">allow-query { any; };</code>
</div>
<div class="line number18 index17 alt1">
</div>
<div class="line number19 index18 alt2">
<code class="plain spaces"> </code><code class="plain plain">/*</code>
</div>
<div class="line number20 index19 alt1">
<code class="plain spaces"> </code><code class="plain plain">- 如果你要建立一个 授权域名服务器 服务器, 那么不要开启 recursion(递归) 功能。</code>
</div>
<div class="line number21 index20 alt2">
<code class="plain spaces"> </code><code class="plain plain">- 如果你要建立一个 递归 DNS 服务器, 那么需要开启recursion 功能。</code>
</div>
<div class="line number22 index21 alt1">
<code class="plain spaces"> </code><code class="plain plain">- 如果你的递归DNS服务器有公网IP地址, 你必须开启访问控制功能,</code>
</div>
<div class="line number23 index22 alt2">
<code class="plain spaces"> </code><code class="plain plain">只有那些合法用户才可以发询问. 如果不这么做的话,那么你的服</code>
</div>
<div class="line number24 index23 alt1">
<code class="plain spaces"> </code><code class="plain plain">服务就会受到DNS 放大攻击。实现BCP38将有效抵御这类攻击。</code>
</div>
<div class="line number25 index24 alt2">
<code class="plain spaces"> </code><code class="plain plain">*/</code>
</div>
<div class="line number26 index25 alt1">
<code class="plain spaces"> </code><code class="plain plain">recursion yes;</code>
</div>
<div class="line number27 index26 alt2">
</div>
<div class="line number28 index27 alt1">
<code class="plain spaces"> </code><code class="plain plain">dnssec-enable yes;</code>
</div>
<div class="line number29 index28 alt2">
<code class="plain spaces"> </code><code class="plain plain">dnssec-validation yes;</code>
</div>
<div class="line number30 index29 alt1">
<code class="plain spaces"> </code><code class="plain plain">dnssec-lookaside auto;</code>
</div>
<div class="line number31 index30 alt2">
</div>
<div class="line number32 index31 alt1">
<code class="plain spaces"> </code><code class="plain plain">/* Path to ISC DLV key */</code>
</div>
<div class="line number33 index32 alt2">
<code class="plain spaces"> </code><code class="plain plain">bindkeys-file "/etc/named.iscdlv.key";</code>
</div>
<div class="line number34 index33 alt1">
</div>
<div class="line number35 index34 alt2">
<code class="plain spaces"> </code><code class="plain plain">managed-keys-directory "/var/named/dynamic";</code>
</div>
<div class="line number36 index35 alt1">
</div>
<div class="line number37 index36 alt2">
<code class="plain spaces"> </code><code class="plain plain">pid-file "/run/named/named.pid";</code>
</div>
<div class="line number38 index37 alt1">
<code class="plain spaces"> </code><code class="plain plain">session-keyfile "/run/named/session.key";</code>
</div>
<div class="line number39 index38 alt2">
<code class="plain plain">};</code>
</div>
<div class="line number40 index39 alt1">
</div>
<div class="line number41 index40 alt2">
<code class="plain plain">logging {</code>
</div>
<div class="line number42 index41 alt1">
<code class="plain spaces"> </code><code class="plain plain">channel default_debug {</code>
</div>
<div class="line number43 index42 alt2">
<code class="plain spaces"> </code><code class="plain plain">file "data/named.run";</code>
</div>
<div class="line number44 index43 alt1">
<code class="plain spaces"> </code><code class="plain plain">severity dynamic;</code>
</div>
<div class="line number45 index44 alt2">
<code class="plain spaces"> </code><code class="plain plain">};</code>
</div>
<div class="line number46 index45 alt1">
<code class="plain plain">};</code>
</div>
<div class="line number47 index46 alt2">
</div>
<div class="line number48 index47 alt1">
<code class="plain plain">zone "." IN {</code>
</div>
<div class="line number49 index48 alt2">
<code class="plain spaces"> </code><code class="plain plain">type hint;</code>
</div>
<div class="line number50 index49 alt1">
<code class="plain spaces"> </code><code class="plain plain">file "named.ca";</code>
</div>
<div class="line number51 index50 alt2">
<code class="plain plain">};</code>
</div>
<div class="line number52 index51 alt1">
</div>
<div class="line number53 index52 alt2">
<code class="plain plain">zone "example.local" {</code>
</div>
<div class="line number54 index53 alt1">
<code class="plain spaces"> </code><code class="plain plain">type master;</code>
</div>
<div class="line number55 index54 alt2">
<code class="plain spaces"> </code><code class="plain plain">file "example.local.zone";</code>
</div>
<div class="line number56 index55 alt1">
<code class="plain plain">};</code>
</div>
<div class="line number57 index56 alt2">
</div>
<div class="line number58 index57 alt1">
<code class="plain plain">zone "0.168.192.in-addr.arpa" IN {</code>
</div>
<div class="line number59 index58 alt2">
<code class="plain spaces"> </code><code class="plain plain">type master;</code>
</div>
<div class="line number60 index59 alt1">
<code class="plain spaces"> </code><code class="plain plain">file "192.168.0.zone";</code>
</div>
<div class="line number61 index60 alt2">
<code class="plain plain">};</code>
</div>
<div class="line number62 index61 alt1">
</div>
<div class="line number63 index62 alt2">
<code class="plain plain">include "/etc/named.rfc1912.zones";</code>
</div>
<div class="line number64 index63 alt1">
<code class="plain plain">include "/etc/named.root.key";</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>7、 为 example.local 域名创建转发域与反向域文件</strong></p>
<p>
a)创建转发域</p>
<p>
</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code77175">
<br>
# vi /var/named/chroot/var/named/example.local.zone</div>
<br><p>
</p>
<p>
添加如下内容并保存:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_399875">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">;</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">; Addresses and other host information.</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">;</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain plain">$TTL 86400</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain plain">@ IN SOA example.local. hostmaster.example.local. (</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain spaces"> </code><code class="plain plain">2014101901 ; Serial</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain spaces"> </code><code class="plain plain">43200 ; Refresh</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain spaces"> </code><code class="plain plain">3600 ; Retry</code>
</div>
<div class="line number9 index8 alt2">
<code class="plain spaces"> </code><code class="plain plain">3600000 ; Expire</code>
</div>
<div class="line number10 index9 alt1">
<code class="plain spaces"> </code><code class="plain plain">2592000 ) ; Minimum</code>
</div>
<div class="line number11 index10 alt2">
</div>
<div class="line number12 index11 alt1">
<code class="plain plain">; Define the nameservers and the mail servers</code>
</div>
<div class="line number13 index12 alt2">
</div>
<div class="line number14 index13 alt1">
<code class="plain spaces"> </code><code class="plain plain">IN NS ns1.example.local.</code>
</div>
<div class="line number15 index14 alt2">
<code class="plain spaces"> </code><code class="plain plain">IN NS ns2.example.local.</code>
</div>
<div class="line number16 index15 alt1">
<code class="plain spaces"> </code><code class="plain plain">IN A 192.168.0.70</code>
</div>
<div class="line number17 index16 alt2">
<code class="plain spaces"> </code><code class="plain plain">IN MX 10 mx.example.local.</code>
</div>
<div class="line number18 index17 alt1">
</div>
<div class="line number19 index18 alt2">
<code class="plain plain">centos7 IN A 192.168.0.70</code>
</div>
<div class="line number20 index19 alt1">
<code class="plain plain">mx IN A 192.168.0.50</code>
</div>
<div class="line number21 index20 alt2">
<code class="plain plain">ns1 IN A 192.168.0.70</code>
</div>
<div class="line number22 index21 alt1">
<code class="plain plain">ns2 IN A 192.168.0.80</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
b)创建反向域</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_208185">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># vi /var/named/chroot/var/named/192.168.0.zone</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_449442">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">;</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">; Addresses and other host information.</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">;</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain plain">$TTL 86400</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain plain">@ IN SOA example.local. hostmaster.example.local. (</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain spaces"> </code><code class="plain plain">2014101901 ; Serial</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain spaces"> </code><code class="plain plain">43200 ; Refresh</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain spaces"> </code><code class="plain plain">3600 ; Retry</code>
</div>
<div class="line number9 index8 alt2">
<code class="plain spaces"> </code><code class="plain plain">3600000 ; Expire</code>
</div>
<div class="line number10 index9 alt1">
<code class="plain spaces"> </code><code class="plain plain">2592000 ) ; Minimum</code>
</div>
<div class="line number11 index10 alt2">
</div>
<div class="line number12 index11 alt1">
<code class="plain plain">0.168.192.in-addr.arpa. IN NS centos7.example.local.</code>
</div>
<div class="line number13 index12 alt2">
</div>
<div class="line number14 index13 alt1">
<code class="plain plain">70.0.168.192.in-addr.arpa. IN PTR mx.example.local.</code>
</div>
<div class="line number15 index14 alt2">
<code class="plain plain">70.0.168.192.in-addr.arpa. IN PTR ns1.example.local.</code>
</div>
<div class="line number16 index15 alt1">
<code class="plain plain">80.0.168.192.in-addr.arpa. IN PTR ns2.example.local.。</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>8、开机自启动 bind-chroot 服务</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_750150">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># /usr/libexec/setup-named-chroot.sh /var/named/chroot on</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"></code><code class="bash comments"># systemctl stop named</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"></code><code class="bash comments"># systemctl disable named</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain"></code><code class="bash comments"># systemctl start named-chroot</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain"></code><code class="bash comments"># systemctl enable named-chroot</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash functions">ln</code> <code class="bash plain">-s </code><code class="bash string">'/usr/lib/systemd/system/named-chroot.service'</code> <code class="bash plain">'</code><code class="bash plain">/etc/systemd/system/multi-user</code><code class="bash plain">.target.wants</code><code class="bash plain">/named-chroot</code><code class="bash plain">.s</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。</p>
<p>
原文链接:http://www.linuxprobe.com/centos7-chroot-bind-dns.html?utm_source=tuicool&utm_medium=referral</p>
頁:
[1]