yum install bind-chroot
chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
touch /var/named/chroot/etc/named.conf
chkconfig --levels 235 named on
service named start
cd /var/named/chroot/etc
rndc-confgen > rndc.key
chown root:named rndc.key
vi /var/named/chroot/etc/named.conf (แก้ไข หรือ Copy ให้ได้ตามตัวอย่างครับ และเปลี่ยน IP 192.168.1.0 ให้ ตรงกับ SERVER เราด้วย)
###############################################################
// we include the rndckey (copy-paste from rndc.key created earlier)
include "/var/named/chroot/etc/rndc.key";
// assume our server has the IP 192.168.1.254 serving the 192.168.1.0/24 subnet
controls {
inet 192.168.1.254 allow { 192.168.1.0/24; } keys { "rndckey"; };
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
recursion yes;
allow-recursion {
192.168.1.0/24;
127.0.0.1;
};
// these are the opendns servers (optional)
forwarders {
8.8.8.8;
208.67.222.222;
202.69.137.137;
202.69.137.138;
203.121.130.39;
};
listen-on {
192.168.1.254;
127.0.0.1;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
#query-source address * port 53;
// so people can't try to guess what version you're running
version "REFUSED";
allow-query {
192.168.1.0/24;
127.0.0.1;
};
};
server 192.168.1.254 {
keys { rndckey; };
};
###########################################################
service named start
เครติดคุณ Ton-Or
