Имеем 2 сетевых интерфейса:
eth0 — локальная сеть 192.168.0.1
eth1 — интернет 100.200.1.1
Домен example.com
Добавляем репозитории
yum -y install bind-chroot
cp /etc/named.conf /var/named/chroot/etc/
vim /var/named/chroot/etc/named.conf:
options { listen-on port 53 { 127.0.0.1;100.200.1.1;192.168.0.1; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-recursion { 127.0.0.1; 192.168.0.0/24; }; notify yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; version "my dns server"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; category lame-servers { null; }; }; #Локальная зона view "internal" { match-clients { 127.0.0.1; 192.168.0.0/24; }; zone "example.com" IN { type master; file "/etc/master/example.com.lan"; allow-update { none; }; }; zone "0.168.192.in-addr.arpa" IN { type master; file "/etc/master/example.com.lan.rev"; allow-update { none; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; }; #Интернет зона view "external" { match-clients { any; }; allow-query { any; }; zone "example.com" IN { type master; file "/etc/master/example.com.wan"; allow-update { none; }; }; zone "1.200.100.in-addr.arpa" IN { type master; file "/etc/master/example.com.wan.rev"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; };
Делаем файлы зон:
mkdir /var/named/chroot/etc/master
vi /var/named/chroot/etc/master/example.com.lan:
$TTL 3600 ; 1 hour @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 360000 ; expire (4 days 4 hours) 3600 ; minimum (1 hour) ) IN NS ns.example.com. IN A 192.168.0.1 ns IN A 192.168.0.1 example.com. IN A 192.168.0.1
vi /var/named/chroot/etc/master/example.com.lan.rev:
$TTL 86400 @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ;serial 8H ;refresh 4H ;retry 5W ;expire 1D ;minimum ) IN NS ns.example.com. IN A 255.255.255.0 1 IN PTR example.com. 1 IN PTR ns.example.com.
vi /var/named/chroot/etc/master/example.com.wan:
$TTL 3600 ; 1 hour @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 360000 ; expire (4 days 4 hours) 3600 ; minimum (1 hour) ) IN NS ns.example.com. IN A 100.200.1.1 ns IN A 100.200.1.1 example.com. IN A 100.200.1.1
vi /var/named/chroot/etc/master/example.com.wan.rev:
$TTL 86400 @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ;serial 8H ;refresh 4H ;retry 5W ;expire 1D ;minimum ) IN NS ns.example.com. IN PTR example.com. IN A 255.255.255.0 1 IN PTR example.com. 1 IN PTR ns.example.com.
Открываем порты в фаерволле:
iptables -I INPUT 2 -d 100.200.1.1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 3 -d 192.168.0.1 -i eth0 -p udp --dport 53 -j ACCEPT
service iptables save
Запускаем и добавляем в автозагрузку:
service named start
chkconfig named on
Переключаемся на свой DNS сервер, редактируем /etc/resolv.conf:
search example.com nameserver 127.0.0.1