NXDomain Redirect

2012年11月30日 | 分类: Linux | 标签: , , ,

一、说明:

1.需求

DNS无法解析的域名重定向到固定IP

2.现状

常用DNS地址10.248.36.11

3.解决方法

新增Bind服务器,版本9.9.2,自带NXDomain Redirect功能,设置成forward,无法解析的域名重定向到10.248.36.35

4.服务器

CentOS 6.3最小化安装,服务器IP10.248.36.101

二、安装配置

1.安装必要的包

yum install gcc

yum install make

yum install ftp

yum install perl

2.下载bind-9.9.2.tar.gz

tar zxvf bind-9.9.2.tar.gz

cd bind-9.9.2

./configure –prefix=/usr/local/named –enable-threads –without-openssl –sysconfdir=/etc/named –with-libtool

make

make install

3.增加环境变量(重启了似乎就没用了,可以在/etc/profile中添加,执行

. /etc/profile生效)

export PATH=$PATH:/usr/local/named/sbin:/usr/local/named/bin

4.配置启动服务的帐户和文件夹权限

groupadd -r named

useradd -g named -r -s /sbin/nologin named

mkdir /var/named

mkdir /var/named/data

chown -R named /etc/named/named.conf /var/named/ /usr/local/named/

5.生成根

dig -t NS . > /var/named/named.ca

6.修改配置文件

cd /etc/named

vi named.conf

 

// named.conf

//

options {

listen-on port 53 { 10.248.33.206; };

listen-on-v6 port 53 { ::1; };

directory       “/var/named”;

//      dump-file       “/var/named/data/cache_dump.db”;

//      statistics-file “/var/named/data/named_stats.txt”;

//      memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query     { any; };

recursion yes;

forward only;

forwarders{10.248.36.11;10.248.36.12;};

dnssec-enable no;

dnssec-validation no;

dnssec-lookaside no;

 

/* Path to ISC DLV key */

bindkeys-file “/etc/named/bind.key”;

};

 

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

};

 

zone “.” IN {

type hint;

file “named.ca”;

};

 

zone “.” {

type redirect;

file “redirect.db”;

};

7.配置本地域

cd /var/named

vi localhost.zone

$TTL    86400

@        IN SOA    @       root (

42        ; serial (d. adams)

3H        ; refresh

15M        ; retry

1W        ; expiry

1D )        ; minimum

 

IN NS        @

IN A        127.0.0.1

IN AAAA        ::1

 

vi named.local

$TTL    86400

@       IN      SOA     localhost. root.localhost.  (

1997022700 ; Serial

28800      ; Refresh

14400      ; Retry

3600000    ; Expire

86400 )    ; Minimum

IN      NS      localhost.

 

1       IN      PTR     localhost.

 

8.配置重定向配置文件

vi redirect.db

$TTL 300

@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0

@ IN NS ns.example.net

;

; NS records do not need address records in this zone as it is not in the

; normal namespace.

;

*. IN A 10.248.36.35

*. IN AAAA 2001:ffff:ffff::10.248.36.35

 

9.配置named服务脚本

vi /etc/init.d/named

#!/bin/bash

# named a network name service.

# chkconfig: 345 35 75

# description: a name server

 

if [ `id -u` -ne 0 ]

then

echo “ERROR:For bind to port 53,must run as root.”

exit 1

fi

case “$1″ in

start)

if [ -x /usr/local/named/sbin/named ]; then

/usr/local/named/sbin/named -c /etc/named/named.conf -u named && echo . && echo ‘BIND9 server started’

fi

;;

stop)

kill `cat /usr/local/named/var/run/named/named.pid` && echo . && echo ‘BIND9 server stopped’

;;

restart)

echo .

echo “Restart BIND9 server”

$0 stop

sleep 10

$0 start

;;

#reload)

#/usr/local/sbin/rndc reload

#;;

#status)

#/usr/local/sbin/rndc status

#;;

*)

echo “$0 start | stop | restart |reload |status”

;;

esac

 

10.启动脚本添加执行权限

chmod +x /etc/init.d/named

 

11.将named服务配置为自动启动

chkconfig –add named

chkconfig named on

 

12.启动服务

service named start

 

13.修改防火墙,允许TCP和UDP 53端口

vi /etc/sysconfig/iptables

在最后一行之前插入以下两行

-A INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT

-A INPUT -m state –state NEW -m udp -p udp –dport 53 -j ACCEPT

重启iptables服务

service iptables restart

Written by an6097

  1. stone
    2012年12月11日08:29

    真是高手啊!

  2. yang
    2013年5月8日12:10

    有实验过吗??? 看起来模糊

  3. wuge
    2013年5月8日16:54

    [root@localhost init.d]# service named start
    /etc/init.d/named: line 33: status”: command not found
    restart: missing job name
    Try `restart –help’ for more information.
    reload: missing job name
    Try `reload –help’ for more information.
    stop: missing job name
    Try `stop –help’ for more information.

    到这一步就启动不了啊!!!! 是什么原因 请教

  4. terry an
    2013年5月27日12:48

    一直在用,没问题的,你加我QQ吧,271376609

注意: 评论者允许使用'@user空格'的方式将自己的评论通知另外评论者。例如, ABC是本文的评论者之一,则使用'@ABC '(不包括单引号)将会自动将您的评论发送给ABC。使用'@all ',将会将评论发送给之前所有其它评论者。请务必注意user必须和评论者名相匹配(大小写一致)。