2006隨手札記

DNS建置 FQDN= Hostname + Domain Name domain: example.com hostname: dns1 安裝套件: bind, bind-chroot, caching-nameserver config files[named.conf, example.com.zone]權限設定(很重要): root.named, 640 Dns1(IP:10)------Dns2(IP:20) Master Slave Master:(正解) /var/named/chroot/etc/named.conf options{ listen-on-v6 {none;} directory "/var/named/"; allow-recursion {192.168.0.0/24;}; //允許Intranet可以查詢非本機的DNS allow-transfer {192.168.0.20;}; //允許Slaves可以下載zone資料 #allow-query {192.168.0.0/24;} //不限制, 允許外部可以查詢(EX: MX Record) }; zone "example.com" IN { type master; file "example.com.zone"; }; zone "0.168.192.in-addr.arap" IN { type master; file "example.com.arpa"; }; /var/named/chroot/var/named/example.com.zone [root@mail named]# cat example.com.zone @ IN SOA dns.example.com. jacky.example.com. ( 43 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS dns.example.com. @ IN NS dns2.example.com. @ IN MX 10 mail.example.com. @ IN MX 20 mail2.examplecom. dns IN A 192.168.0.10 www IN A 192.168.0.10 mail IN A 192.168.0.10 dns2 IN A 192.168.0.20 mail2 IN A 192.168.0.20 tp IN A 192.168.0.20 Slave(正解) /var/named/chroot/etc/named.conf options{ listen-on-v6 {none;} directory "/var/named/"; allow-recursion {192.168.0.0/24;}; //允許Intranet可以查詢非本機的DNS }; zone "example.com" IN { type slave; masters {192.168.0.10;}; file "slaves/example.com.zone"; }; zone "0.168.192.in-addr.arpa" IN { type slave; masters {192.168.0.10;}; file "slaves/example.com.arap"; }; Master: (反解) /var/named/chroot/var/named/example.com.arpa @ IN SOA dns.example.com. jacky.example.com. ( 43 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS dns.example.com. @ IN NS dns2.example.com. 10 IN PTR mail.example.com. 20 IN PTR mail2.example.com.