2006隨手札記

DNS建置

FQDN= Hostname + Domain Name

domain: example.com
hostname: dns1

安裝套件: bind, bind-chroot, caching-nameserver

config files[named.conf, example.com.zone]權限設定(很重要): root.named, 640

Dns1(IP:10)------Dns2(IP:20)
Master Slave

Master:(正解)

/var/named/chroot/etc/named.conf

options{
listen-on-v6 {none;}
directory "/var/named/";
allow-recursion {192.168.0.0/24;}; //允許Intranet可以查詢非本機的DNS
allow-transfer {192.168.0.20;}; //允許Slaves可以下載zone資料
#allow-query {192.168.0.0/24;} //不限制, 允許外部可以查詢(EX: MX Record)
};

zone "example.com" IN {
type master;
file "example.com.zone";
};

zone "0.168.192.in-addr.arap" IN {
type master;
file "example.com.arpa";
};

/var/named/chroot/var/named/example.com.zone

[root@mail named]# cat example.com.zone
@ IN SOA dns.example.com. jacky.example.com. (
43 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

@ IN NS dns.example.com.
@ IN NS dns2.example.com.

@ IN MX 10 mail.example.com.
@ IN MX 20 mail2.examplecom.

dns IN A 192.168.0.10
www IN A 192.168.0.10
mail IN A 192.168.0.10

dns2 IN A 192.168.0.20
mail2 IN A 192.168.0.20
tp IN A 192.168.0.20


Slave(正解)

/var/named/chroot/etc/named.conf

options{
listen-on-v6 {none;}
directory "/var/named/";
allow-recursion {192.168.0.0/24;}; //允許Intranet可以查詢非本機的DNS
};

zone "example.com" IN {
type slave;
masters {192.168.0.10;};
file "slaves/example.com.zone";
};

zone "0.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.0.10;};
file "slaves/example.com.arap";
};

Master: (反解)

/var/named/chroot/var/named/example.com.arpa

@ IN SOA dns.example.com. jacky.example.com. (
43 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

@ IN NS dns.example.com.
@ IN NS dns2.example.com.

10 IN PTR mail.example.com.
20 IN PTR mail2.example.com.