设置服务开机自启动
# chkconfig named on
修改resolv.conf文件,添加下面行
# vi /etc/resolv.conf nameserver 127.0.0.1
检查named.conf的权限
# ls -l named.conf -rw-r----- 1 root named 1056 Mar 13 09:32 named.conf
在named.conf中添加一个新条目
# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
forwarders { 192.168.1.10; };
forward only;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
上面的块将导致缓存名称服务器将它无法解析的 DNS 请求转发到 DNS 服务器。
这里的 192.168.1.10 是我的 DNS 服务器。
准备工作
确保安装了以下所有软件包
- bind(包括 DNS 服务器,named)
- bind-utils(用于查询有关主机信息的 DNS 服务器的实用程序)
- bind-libs(绑定服务器和 utils 包使用的库)
- bind-chroot(可用作绑定的 chroot 监狱的文件树)
# rpm -qa | grep bind bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686 bind-9.8.2-0.23.rc1.el6_5.1.i686 bind-utils-9.8.2-0.23.rc1.el6_5.1.i686 bind-libs-9.8.2-0.23.rc1.el6_5.1.i686
现在按照以下步骤配置
验证您的缓存名称服务器
# ping google.com PING google.com (74.125.236.64) 56(84) bytes of data. 64 bytes from maa03s05-in-f0.1e100.net (74.125.236.64): icmp_seq=1 ttl=56 time=85.4 ms 64 bytes from maa03s05-in-f0.1e100.net (74.125.236.64): icmp_seq=2 ttl=56 time=29.2 ms ^C --- google.com ping statistics -- 2 packets transmitted, 2 received, 0% packet loss, time 1281ms rtt min/avg/max/mdev = 29.298/57.350/85.402/28.052 ms
# dig onitroad.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> onitroad.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59633 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;onitroad.com. IN A
;; ANSWER SECTION: onitroad.com. 3102 IN A 50.63.202.15
;; Query time: 26 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 13 09:45:38 2014 ;; MSG SIZE rcvd: 48 Retry to query onitroad.com # dig onitroad.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> onitroad.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52632 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;onitroad.com. IN A
;; ANSWER SECTION: onitroad.com. 3068 IN A 50.63.202.15
;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 13 09:46:12 2014 ;; MSG SIZE rcvd: 48
如您所见,我们的查询时间从 26 毫秒减少到 0 毫秒
仅缓存名称服务器不允许通过主机名引用内部客户端,但它允许客户端利用缓存的频繁请求的域。
重启named服务
# service named restart Stopping named: . [ OK ] Starting named: [ OK ]
检查 the named.conf 文件是否有语法错误
# named-checkconf /etc/named.conf
# echo $? 0
看起来 named.conf 没有问题
日期:2020-06-02 22:18:26 来源:oir作者:oir