1.檢查網路設定是否為固定IP
root@smallken:~# vi /etc/network/interfaces
iface eth0 inet static
address 192.168.1.105
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 168.95.1.1
dns-search vblog.tw
2.檢查 /etc/hosts 的設定,特別是192.168.1.105的設定
root@smallken:~# vi /etc/hosts
127.0.0.1 localhost
192.168.1.105 smallken.vblog.tw smallken
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
3.設定 hostname 為 smallken.vblog.tw
root@smallken:~# echo "smallken.vblog.tw" > /etc/hostname
root@smallken:~# /etc/init.d/hostname.sh start
檢查一下設定有沒有生效
root@smallken:~# hostname
root@smallken:~# hostname -f
4.停用 apparmor (類似SELinux的東西),一定要停掉,否則後面裝不起來
root@smallken:~# /etc/init.d/apparmor stop
root@smallken:~# update-rc.d -f apparmor remove
5. 開始安裝 DNS Server
root@smallken:~# apt-get install bind9
為了安全考量,我們做一下 chroot,換一下目錄
root@smallken:~# /etc/init.d/bind9 stop
root@smallken:~# vi /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
我們想要 chroot 目錄到 /var/lib/named,所以在/var/lib/named 建立好相關的目錄
root@smallken:/var/lib# mkdir -p /var/lib/named/etc
root@smallken:/var/lib# mkdir /var/lib/named/dev
root@smallken:/var/lib# mkdir -p /var/lib/named/var/cache/bind
root@smallken:/var/lib# mkdir -p /var/lib/named/var/run/bind/run
把 bind 的設定檔目錄搬到 /var/lib/named/etc/
root@smallken:~# mv /etc/bind/ /var/lib/named/etc/
再用 symbolic link 串回原來的位置
root@smallken:~# ln -s /var/lib/named/etc/bind /etc/bind
手動製造null跟random設備
root@smallken:~# mknod /var/lib/named/dev/null c 1 3
root@smallken:~# mknod /var/lib/named/dev/random c 1 8
修改設備的permissions
root@smallken:~# chmod 666 /var/lib/named/dev/null
root@smallken:~# chmod 666 /var/lib/named/dev/random
把目錄的permissions設定給運行DNS的系統使用者 bind(相當於fedora的named)
root@smallken:~# chown -R bind:bind /var/lib/named/var/*
root@smallken:~# chown -R bind:bind /var/lib/named/etc/bind
我們希望把DNS Server 運行的log紀錄下來,修改SYSLOGD="",成為SYSLOGD="-a /var/lib/named/dev/log"
root@smallken:~# vi /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
重跑syslogd
root@smallken:~# /etc/init.d/sysklogd restart
啟動 bind
root@smallken:~# /etc/init.d/bind9 start
檢查 /var/log/syslog
root@smallken:/etc/bind# tail -f /var/log/syslog
如果無法正常啟動,就重新開機一下,應該是 apparmor 還沒disable 掉
root@smallken:/etc/bind# reboot
開機完成之後,再次 restart bind9,check /var/log/syslog 有無錯誤訊息? 修正錯誤直到正常為止
因為 /etc/bind/named.conf 最後一行
include "/etc/bind/named.conf.local";
所以變動部分我們只編輯named.conf.local就好了
root@smallken:/etc/bind# vi /etc/bind/named.conf.local
// 正解部分
zone "vblog.tw" {
type master;
file "/etc/bind/zones/vblog.tw.db";
};
// 反解部分
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};
建立 zones 目錄
root@smallken:/etc/bind# mkdir /etc/bind/zones
建立正解部分的設定檔 vblog.tw.db
root@smallken:/etc/bind# vi /etc/bind/zones/vblog.tw.db
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
vblog.tw. IN NS smallken.vblog.tw.
smallken IN A 192.168.1.105
webserver1 IN A 192.168.1.103
media IN A 192.168.1.104
db2 IN A 192.168.1.101
建立反解部分的設定檔 rev.1.168.192.in-addr.arpa
root@smallken:/etc/bind# vi /etc/bind/zones/rev.1.168.192.in-addr.arpa
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
IN NS smallken.vblog.tw.
105 IN PTR smallken.vblog.tw.
103 IN PTR webserver1.vblog.tw.
104 IN PTR media.vblog.tw.
101 IN PTR db2.vblog.tw.
設定forwarders,設定forwarders的意思是說,如果查詢範圍超出了本機DNS所設定的範圍之外的話,本機的DNS會自動幫你去問其他DNS Server 然後回傳結果,類似被問到無法回答的問題時,再出去外面討救兵的意思,所以一般的forwarders都會設定ISP的DNS,我習慣設hinet的DNS 168.95.1.1
root@smallken:/etc/bind# vi /etc/bind/named.conf.options
forwarders {
168.95.1.1;
};
以上全部都設定完成之後,重新啟動 bind
root@smallken:/etc/bind# /etc/init.d/bind9 restart
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]
設定 /etc/resolv.conf,把本機ip 192.168.1.105 設定在 hinet 的dns ip 168.95.1.1 之前,這樣會先查本機的dns設定,以便接下來的測試
root@smallken:/etc/bind# vi /etc/resolv.conf
search vblog.tw
nameserver 192.168.1.105
nameserver 168.95.1.1
測試 smallken.vblog.tw
root@smallken:/etc/bind# nslookup smallken
Server: 192.168.1.105
Address: 192.168.1.105#53
Name: smallken.vblog.tw
Address: 192.168.1.105
測試 media.vblog.tw
root@smallken:/etc/bind# nslookup media
Server: 192.168.1.105
Address: 192.168.1.105#53
Name: media.vblog.tw
Address: 192.168.1.104
測試成功!
root@smallken:~# vi /etc/network/interfaces
iface eth0 inet static
address 192.168.1.105
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 168.95.1.1
dns-search vblog.tw
2.檢查 /etc/hosts 的設定,特別是192.168.1.105的設定
root@smallken:~# vi /etc/hosts
127.0.0.1 localhost
192.168.1.105 smallken.vblog.tw smallken
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
3.設定 hostname 為 smallken.vblog.tw
root@smallken:~# echo "smallken.vblog.tw" > /etc/hostname
root@smallken:~# /etc/init.d/hostname.sh start
檢查一下設定有沒有生效
root@smallken:~# hostname
root@smallken:~# hostname -f
4.停用 apparmor (類似SELinux的東西),一定要停掉,否則後面裝不起來
root@smallken:~# /etc/init.d/apparmor stop
root@smallken:~# update-rc.d -f apparmor remove
5. 開始安裝 DNS Server
root@smallken:~# apt-get install bind9
為了安全考量,我們做一下 chroot,換一下目錄
root@smallken:~# /etc/init.d/bind9 stop
root@smallken:~# vi /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
我們想要 chroot 目錄到 /var/lib/named,所以在/var/lib/named 建立好相關的目錄
root@smallken:/var/lib# mkdir -p /var/lib/named/etc
root@smallken:/var/lib# mkdir /var/lib/named/dev
root@smallken:/var/lib# mkdir -p /var/lib/named/var/cache/bind
root@smallken:/var/lib# mkdir -p /var/lib/named/var/run/bind/run
把 bind 的設定檔目錄搬到 /var/lib/named/etc/
root@smallken:~# mv /etc/bind/ /var/lib/named/etc/
再用 symbolic link 串回原來的位置
root@smallken:~# ln -s /var/lib/named/etc/bind /etc/bind
手動製造null跟random設備
root@smallken:~# mknod /var/lib/named/dev/null c 1 3
root@smallken:~# mknod /var/lib/named/dev/random c 1 8
修改設備的permissions
root@smallken:~# chmod 666 /var/lib/named/dev/null
root@smallken:~# chmod 666 /var/lib/named/dev/random
把目錄的permissions設定給運行DNS的系統使用者 bind(相當於fedora的named)
root@smallken:~# chown -R bind:bind /var/lib/named/var/*
root@smallken:~# chown -R bind:bind /var/lib/named/etc/bind
我們希望把DNS Server 運行的log紀錄下來,修改SYSLOGD="",成為SYSLOGD="-a /var/lib/named/dev/log"
root@smallken:~# vi /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
重跑syslogd
root@smallken:~# /etc/init.d/sysklogd restart
啟動 bind
root@smallken:~# /etc/init.d/bind9 start
檢查 /var/log/syslog
root@smallken:/etc/bind# tail -f /var/log/syslog
如果無法正常啟動,就重新開機一下,應該是 apparmor 還沒disable 掉
root@smallken:/etc/bind# reboot
開機完成之後,再次 restart bind9,check /var/log/syslog 有無錯誤訊息? 修正錯誤直到正常為止
因為 /etc/bind/named.conf 最後一行
include "/etc/bind/named.conf.local";
所以變動部分我們只編輯named.conf.local就好了
root@smallken:/etc/bind# vi /etc/bind/named.conf.local
// 正解部分
zone "vblog.tw" {
type master;
file "/etc/bind/zones/vblog.tw.db";
};
// 反解部分
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};
建立 zones 目錄
root@smallken:/etc/bind# mkdir /etc/bind/zones
建立正解部分的設定檔 vblog.tw.db
root@smallken:/etc/bind# vi /etc/bind/zones/vblog.tw.db
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
vblog.tw. IN NS smallken.vblog.tw.
smallken IN A 192.168.1.105
webserver1 IN A 192.168.1.103
media IN A 192.168.1.104
db2 IN A 192.168.1.101
建立反解部分的設定檔 rev.1.168.192.in-addr.arpa
root@smallken:/etc/bind# vi /etc/bind/zones/rev.1.168.192.in-addr.arpa
$TTL 1500
@ IN SOA smallken.vblog.tw. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
IN NS smallken.vblog.tw.
105 IN PTR smallken.vblog.tw.
103 IN PTR webserver1.vblog.tw.
104 IN PTR media.vblog.tw.
101 IN PTR db2.vblog.tw.
設定forwarders,設定forwarders的意思是說,如果查詢範圍超出了本機DNS所設定的範圍之外的話,本機的DNS會自動幫你去問其他DNS Server 然後回傳結果,類似被問到無法回答的問題時,再出去外面討救兵的意思,所以一般的forwarders都會設定ISP的DNS,我習慣設hinet的DNS 168.95.1.1
root@smallken:/etc/bind# vi /etc/bind/named.conf.options
forwarders {
168.95.1.1;
};
以上全部都設定完成之後,重新啟動 bind
root@smallken:/etc/bind# /etc/init.d/bind9 restart
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]
設定 /etc/resolv.conf,把本機ip 192.168.1.105 設定在 hinet 的dns ip 168.95.1.1 之前,這樣會先查本機的dns設定,以便接下來的測試
root@smallken:/etc/bind# vi /etc/resolv.conf
search vblog.tw
nameserver 192.168.1.105
nameserver 168.95.1.1
測試 smallken.vblog.tw
root@smallken:/etc/bind# nslookup smallken
Server: 192.168.1.105
Address: 192.168.1.105#53
Name: smallken.vblog.tw
Address: 192.168.1.105
測試 media.vblog.tw
root@smallken:/etc/bind# nslookup media
Server: 192.168.1.105
Address: 192.168.1.105#53
Name: media.vblog.tw
Address: 192.168.1.104
測試成功!
全站熱搜
留言列表
