Имеем 2 сетевых интерфейса:
eth0 — локальная сеть 192.168.0.1
eth1 — интернет 100.200.1.1
Домен example.com
Добавляем репозитории
yum -y install bind-chroot
cp /etc/named.conf /var/named/chroot/etc/
vim /var/named/chroot/etc/named.conf:
options {
listen-on port 53 { 127.0.0.1;100.200.1.1;192.168.0.1; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
allow-recursion {
127.0.0.1;
192.168.0.0/24;
};
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
version "my dns server";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
category lame-servers { null; };
};
#Локальная зона
view "internal" {
match-clients {
127.0.0.1;
192.168.0.0/24;
};
zone "example.com" IN {
type master;
file "/etc/master/example.com.lan";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/etc/master/example.com.lan.rev";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
#Интернет зона
view "external" {
match-clients { any; };
allow-query { any; };
zone "example.com" IN {
type master;
file "/etc/master/example.com.wan";
allow-update { none; };
};
zone "1.200.100.in-addr.arpa" IN {
type master;
file "/etc/master/example.com.wan.rev";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
};
Делаем файлы зон:
mkdir /var/named/chroot/etc/master
vi /var/named/chroot/etc/master/example.com.lan:
$TTL 3600 ; 1 hour @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 360000 ; expire (4 days 4 hours) 3600 ; minimum (1 hour) ) IN NS ns.example.com. IN A 192.168.0.1 ns IN A 192.168.0.1 example.com. IN A 192.168.0.1
vi /var/named/chroot/etc/master/example.com.lan.rev:
$TTL 86400 @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ;serial 8H ;refresh 4H ;retry 5W ;expire 1D ;minimum ) IN NS ns.example.com. IN A 255.255.255.0 1 IN PTR example.com. 1 IN PTR ns.example.com.
vi /var/named/chroot/etc/master/example.com.wan:
$TTL 3600 ; 1 hour @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 360000 ; expire (4 days 4 hours) 3600 ; minimum (1 hour) ) IN NS ns.example.com. IN A 100.200.1.1 ns IN A 100.200.1.1 example.com. IN A 100.200.1.1
vi /var/named/chroot/etc/master/example.com.wan.rev:
$TTL 86400 @ IN SOA ns.example.com. admin.example.com. ( 2014230201 ;serial 8H ;refresh 4H ;retry 5W ;expire 1D ;minimum ) IN NS ns.example.com. IN PTR example.com. IN A 255.255.255.0 1 IN PTR example.com. 1 IN PTR ns.example.com.
Открываем порты в фаерволле:
iptables -I INPUT 2 -d 100.200.1.1 -i eth1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT 3 -d 192.168.0.1 -i eth0 -p udp --dport 53 -j ACCEPT
service iptables save
Запускаем и добавляем в автозагрузку:
service named start
chkconfig named on
Переключаемся на свой DNS сервер, редактируем /etc/resolv.conf:
search example.com nameserver 127.0.0.1