DNS сервер на CentOS 6.5.

Имеем 2 сетевых интерфейса:
eth0 — локальная сеть 192.168.0.1
eth1 — интернет 100.200.1.1
Домен example.com

Добавляем репозитории

yum -y install bind-chroot

cp /etc/named.conf /var/named/chroot/etc/
vim /var/named/chroot/etc/named.conf:

options {
listen-on port 53 { 127.0.0.1;100.200.1.1;192.168.0.1; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
allow-recursion {
127.0.0.1;
192.168.0.0/24;
};
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
version "my dns server";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
category lame-servers { null; };
};
#Локальная зона
view "internal" {
match-clients {
127.0.0.1;
192.168.0.0/24;
};
zone "example.com" IN {
type master;
file "/etc/master/example.com.lan";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/etc/master/example.com.lan.rev";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
#Интернет зона
view "external" {
match-clients { any; };
allow-query { any; };
zone "example.com" IN {
type master;
file "/etc/master/example.com.wan";
allow-update { none; };
};
zone "1.200.100.in-addr.arpa" IN {
type master;
file "/etc/master/example.com.wan.rev";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
};

Делаем файлы зон:
mkdir /var/named/chroot/etc/master
vi /var/named/chroot/etc/master/example.com.lan:

$TTL 3600 ; 1 hour
@ IN SOA ns.example.com. admin.example.com. (
2014230201 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
360000 ; expire (4 days 4 hours)
3600 ; minimum (1 hour)
)
IN NS ns.example.com.
IN A 192.168.0.1
ns IN A 192.168.0.1
example.com. IN A 192.168.0.1

vi /var/named/chroot/etc/master/example.com.lan.rev:

$TTL 86400
@ IN SOA ns.example.com. admin.example.com. (
2014230201 ;serial
8H ;refresh
4H ;retry
5W ;expire
1D ;minimum
)
IN NS ns.example.com.
IN A 255.255.255.0
1 IN PTR example.com.
1 IN PTR ns.example.com.

vi /var/named/chroot/etc/master/example.com.wan:

$TTL 3600 ; 1 hour
@ IN SOA ns.example.com. admin.example.com. (
2014230201 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
360000 ; expire (4 days 4 hours)
3600 ; minimum (1 hour)
)
IN NS ns.example.com.
IN A 100.200.1.1
ns IN A 100.200.1.1
example.com. IN A 100.200.1.1

vi /var/named/chroot/etc/master/example.com.wan.rev:

$TTL 86400
@ IN SOA ns.example.com. admin.example.com. (
2014230201 ;serial
8H ;refresh
4H ;retry
5W ;expire
1D ;minimum
)
IN NS ns.example.com.
IN PTR example.com.
IN A 255.255.255.0
1 IN PTR example.com.
1 IN PTR ns.example.com.

Открываем порты в фаерволле:
iptables -I INPUT 2 -d 100.200.1.1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 3 -d 192.168.0.1 -i eth0 -p udp --dport 53 -j ACCEPT
service iptables save

Запускаем и добавляем в автозагрузку:
service named start
chkconfig named on

Переключаемся на свой DNS сервер, редактируем /etc/resolv.conf:

search example.com
nameserver 127.0.0.1

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *