一、DNS服務器安裝

1、 軟件列表

BIND 9.3.2

ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz

ftp://ftp.isc.org/isc/bind9/9.4.0a6/bind-9.4.0a6.tar.gz

2、 安裝BIND 9

安裝BIND9：

# tar zxvf bind-9.3.2.tar.gz

# cd bind-9.3.2

# ./configure --prefix=/usr/local/named --disable-ipv6

# make && make install

建立BIND用戶：

# groupadd bind

# useradd -g bind -d /usr/local/named -s /sbin/nologin bind

創建配置文件目錄：

# mkdir –p /usr/local/named/etc

# chown bind:bind /usr/local/named/etc

# chmod 700 /usr/local/named/etc

二、named.conf的配置

創建主要的配置文件：

# vi /usr/local/named/etc/named.conf

===========================named.conf=======================

acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};

options {

directory "/usr/local/named/etc/";

pid-file "/var/run/named/named.pid";

version "0.0.0";

datasize 40M;

allow-transfer {

"trust-lan";};

recursion yes;

allow-notify {

"trust-lan";

};

allow-recursion {

"trust-lan";

};

auth-nxdomain no;

forwarders {

211.162.106.9;

211.162.106.254;};

};

logging {

channel warning

{ file "/var/log/named/dns_warnings" versions 3 size 1240k;

severity warning;

print-category yes;

print-severity yes;

print-time yes;

};

#p#

channel general_dns

{ file "/var/log/named/dns_logs" versions 3 size 1240k;

severity info;

print-category yes;

print-severity yes;

print-time yes;

};

category default { warning; };

category queries { general_dns; };

};

zone "." {

type hint;

file "named.root";

};

acl "CNC" {

58.16.0.0/16;

58.17.0.0/17;

58.17.128.0/17;

58.18.0.0/16;

58.19.0.0/16;

58.20.0.0/16;

58.21.0.0/16;

注：這些根據情況輸入IP地址段

};

view "view_cnc" {

match-clients { CNC; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/cnc.def";

};

view "view_any" {

match-clients { any; };

zone "." {

type hint;

file "named.root";

};

zone "0.0.127.IN-ADDR.ARPA" {

type master;

file "localhost.rev";

};

include "master/telecom.def";

};

添加完成后，保存。

三、更新根區文件：

# cd /usr/local/named/etc/

# wget ftp://ftp.internic.org/domain/named.root

創建PID和日志文件：

# mkdir /var/run/named/

# chmod 777 /var/run/named/

# chown bind:bind /var/run/named/

# mkdir /var/log/named/

# touch /var/log/named/dns_warnings

# touch /var/log/named/dns_logs

# chown bind:bind /var/log/named/*

# mkdir master

# touch master/cnc.def

# touch master/telecom.def

生成rndc-key：

# cd /usr/local/named/etc/

# ../sbin/rndc-confgen > rndc.conf

把rndc.conf中：

# Use with the following in named.conf, adjusting the allow list as needed:

后面以的部分加到/usr/local/named/etc/named.conf中并去掉注釋

運行測試：

# /usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf &

狀態檢查：

# /usr/local/named/sbin/rndc status

四、建立啟動腳本：

# vi /etc/init.d/named

============================== named.sh============================

#!/bin/bash

#

# named a network name service.

#

#

# chkconfig: 545 35 75

# description: a name server

#

if [ `id -u` -ne 0 ]

then

echo "ERROR:For bind to port 53,must run as root."

exit 1

fi

case "" in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -u bind -c /usr/local/named/etc/named.conf && echo . && echo 'BIND9 server started.'

fi

;;

stop)

kill `cat /var/run/named/pid` && echo . && echo 'BIND9 server stopped.'

;;

restart)

echo .

echo "Restart BIND9 server"

stop

sleep 10

start

;;

*)

echo " start | stop | restart"

;;

esac

===============================named.sh============================

# chmod 755 /etc/init.d/named

# chown root:root /etc/init.d/named

# chkconfig --add named

# chkconfig named on

五、添加一個NS

在域名的管理網站上，設定NS服務器為你安裝的DNS

#p#六、添加一個域名

# cd /usr/local/named/etc/master

# mkdir cnc

# mkdir telecom

# vi cnc.def

添加

zone "724cn.com" {

type master;

file "master/cnc/724cn.com";

};

# vi telecom.def

添加

zone "724cn.com" {

type master;

file "master/telecom/724cn.com";

};

添加網通的解析，解析到的IP為61.45.55.78

#vi cnc/724cn.com

添加

$TTL 3600

$ORIGIN 724cn.com.

@ IN SOA ns.724cn.com. root.ns.724cn.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.724cn.com.

@ IN A 211.162.106.9

www IN A 211.162.106.9

;

;end

添加電信的解析，解析到的IP為210.75.1.178

#vi telecom/724cn.com

添加

$TTL 3600

$ORIGIN 724cn.com.

@ IN SOA ns.724cn.com. root.ns.724cn.com.(

2005121013 ;Serial

3600 ; Refresh ( seconds )

900 ; Retry ( seconds )

68400 ; Expire ( seconds )

15 );Minimum TTL for Zone ( seconds )

;

@ IN NS ns.724cn.com.

@ IN A 211.162.106.254

www IN A 211.162.106.254

;

;end

#/usr/local/named/sbin/rndc reload

OK，到此你的DNS服務器就算是跑起來了。試一下分別用網通和電信的線路ping一下吧.

附：獲取IP地址范圍方法:

1、 利用shell程序獲取IP地址段

#!/bin/sh

FILE=/root/study/apnic/ip_apnic

rm -f $FILE

wget http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest -O $FILE

grep 'apnic|CN|ipv4|' $FILE | cut -f 4,5 -d'|'|sed -e 's/|/ /g' | while read ip cnt

do

echo $ip:$cnt

mask=$(cat > cn.net

NETNAME=`whois $ip@whois.apnic.net | sed -e '/./{H;$!d;}' -e 'x;/netnum/!d' |grep ^netname | sed -e 's/.*: \(.*\)//g' | sed -e 's/-.*//g'`

case $NETNAME in

CNC)

echo $ip/$mask >> CNCGROUP

;;

CHINANET|CNCGROUP)

echo $ip/$mask >> $NETNAME

;;

CHINATELECOM)

echo $ip/$mask >> CHINANET

;;

*)

echo $ip/$mask >> OTHER

;;

esac

done

2、 可以利用網上的資料，下面是最新的信息，然后利awk行成地址段即可。

wget http://218.66.103.230/vpn_route/cnc.new 新的網通路由表

wget http://218.66.103.230/vpn_route/chinanet.new 新的電信路由表

stop

sleep 10

注：對于配置智能DNS，主要用途為：1、解決網通與電信問題 2、實現區域規劃（不同區域訪問各自最近的服務器），下面以解決網通與電信連接問題的配置。至于實現2的功能，只需稍加更改即可。

【編輯推薦】

1. Linux命令行修改IP、網關、DNS的方法
2. 如何在Linux上建立DNS服務器
3. 從零起步教您常見DNS解析故障排除方法