bx2aa
2008-09-22, 11:42 PM
增加使用者 named 不給 Shell 不給 ~
useradd -s /bin/false -d /dev/null named
建立 named 的 pid-file 使用的目錄
mkdir /var/run/named
修改 /var/run/named 擁有者
chown named.named /var/run/named
修改 /var/run/named 使用者 named 擁有 讀寫執行權限 其餘所有無任何權限
chmod 700 /var/run/named
將 named group 加入 /var/named 有存取權
nachgrp named /var/named
終止執行中的 named
killall -9 named
named 以 User named 執行
named -u named
將 named -u named 附加到 rc.local 使每次開機都自動執行
echo "/usr/local/sbin/named -u named" >> /etc/rc.local
修改 named.conf
增加 zone localhost 和 amateur.radio
增加反向 zone 0.0.127.in-addr.arpa 與 192.168.0.zone
vi /etc/named.conf
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "amateur.radio" {
type master;
file "amateur.radio.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.zone";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "192.168.0.zone";
};
key "rndc-key" {
algorithm hmac-md5;
secret "SSYN1ZOIcz1l76MPVPqfGQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
編輯 localhost zone
vi /var/named/named.local
@ IN SOA localhost. root ( 2008092001 1H 15M 1W 1D )
IN NS @
IN A 127.0.0.1
編輯 localhost 反查
vi /var/named/127.0.0.zone
@ IN SOA @ root.localhost. ( 2004081201 1H 15M 1W 1D )
IN NS localhost.
1 IN PTR localhost.
編輯 amateur.radio zone
vi /var/named/amateur.radio.zone
@ IN SOA @ root ( 2008092201 1H 15M 1W 1D )
IN NS @
IN A 192.168.0.249
IN MX 10 mail.amateur.radio.
ns IN A 192.168.0.249
mail IN A 192.168.0.249
www IN A 192.168.0.249
news IN CNAME www
nb IN A 192.168.0.129
編輯 amateur.radio 反查
vi /var/named/192.168.0.zone
@ IN SOA amateur.radio. root.amateur.radio. ( 2008092201 1H 15M 1W 1D )
IN NS amateur.radio.
129 IN PTR nb.amateur.radio.
249 IN PTR www.amateur.radio.
249 IN PTR mail.amateur.radio.
重新載入設定
rndc reload
測試所設定的是否正確
host localhost
host nb.amateur.radio
host www.amateur.radio
host mail.amateur.radio
nslookup
server 127.0.0.1
127.0.0.1
192.168.0.129
129.168.0.249
useradd -s /bin/false -d /dev/null named
建立 named 的 pid-file 使用的目錄
mkdir /var/run/named
修改 /var/run/named 擁有者
chown named.named /var/run/named
修改 /var/run/named 使用者 named 擁有 讀寫執行權限 其餘所有無任何權限
chmod 700 /var/run/named
將 named group 加入 /var/named 有存取權
nachgrp named /var/named
終止執行中的 named
killall -9 named
named 以 User named 執行
named -u named
將 named -u named 附加到 rc.local 使每次開機都自動執行
echo "/usr/local/sbin/named -u named" >> /etc/rc.local
修改 named.conf
增加 zone localhost 和 amateur.radio
增加反向 zone 0.0.127.in-addr.arpa 與 192.168.0.zone
vi /etc/named.conf
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "amateur.radio" {
type master;
file "amateur.radio.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.zone";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "192.168.0.zone";
};
key "rndc-key" {
algorithm hmac-md5;
secret "SSYN1ZOIcz1l76MPVPqfGQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
編輯 localhost zone
vi /var/named/named.local
@ IN SOA localhost. root ( 2008092001 1H 15M 1W 1D )
IN NS @
IN A 127.0.0.1
編輯 localhost 反查
vi /var/named/127.0.0.zone
@ IN SOA @ root.localhost. ( 2004081201 1H 15M 1W 1D )
IN NS localhost.
1 IN PTR localhost.
編輯 amateur.radio zone
vi /var/named/amateur.radio.zone
@ IN SOA @ root ( 2008092201 1H 15M 1W 1D )
IN NS @
IN A 192.168.0.249
IN MX 10 mail.amateur.radio.
ns IN A 192.168.0.249
mail IN A 192.168.0.249
www IN A 192.168.0.249
news IN CNAME www
nb IN A 192.168.0.129
編輯 amateur.radio 反查
vi /var/named/192.168.0.zone
@ IN SOA amateur.radio. root.amateur.radio. ( 2008092201 1H 15M 1W 1D )
IN NS amateur.radio.
129 IN PTR nb.amateur.radio.
249 IN PTR www.amateur.radio.
249 IN PTR mail.amateur.radio.
重新載入設定
rndc reload
測試所設定的是否正確
host localhost
host nb.amateur.radio
host www.amateur.radio
host mail.amateur.radio
nslookup
server 127.0.0.1
127.0.0.1
192.168.0.129
129.168.0.249