yum -y install bind bind-utils

echo ‘OPTIONS=”-4″‘ >> /etc/sysconfig/named

# set if you don’t use IPv6 ( if use, don’t set it )

[root@dlp ~]#

vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

# make it comment ( listen all interfaces on the server )

#

listen-on port 53 { 127.0.0.1; };

# change ( if not use IPv6 )

listen-on-v6

{ none; };

directory

“/var/named”;

dump-file

“/var/named/data/cache_dump.db”;

statistics-file

“/var/named/data/named_stats.txt”;

memstatistics-file

“/var/named/data/named_mem_stats.txt”;

# query range ( set internal server and so on )

allow-query

{ localhost;

10.0.0.0/24;

};

# transfer range ( set it if you have secondary DNS )

allow-transfer { localhost; 10.0.0.0/24; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;

};

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

};

# change all from here

view “internal” {

match-clients {

localhost;

10.0.0.0/24;

};

zone “.” IN {

type hint;

file “named.ca”;

};

zone “server.world” IN {

type master;

file “server.world.lan”;

allow-update { none; };

};

zone “0.0.10.in-addr.arpa” IN {

type master;

file “0.0.10.db”;

allow-update { none; };

};

include “/etc/named.rfc1912.zones”;

include “/etc/named.root.key”;

};

view “external” {

match-clients { any; };

allow-query { any; };

recursion no;

zone “server.world” IN {

type master;

file “server.world.wan”;

allow-update { none; };

};

zone “80.0.16.172.in-addr.arpa” IN {

type master;

file “80.0.16.172.db”;

allow-update { none; };

};

};

# allow-query

⇒ query range you permit

# allow-transfer

⇒ the range you permit to transfer zone info

# recursion

⇒ allow or not to search recursively

# view “internal” { *** };

⇒ write for internal definition

# view “external” { *** };

⇒ write for external definition

# For How to write for reverse resolving, Write network address reversely like below.
# 10.0.0.0/24
# network address

⇒ 10.0.0.0

# range of network

⇒ 10.0.0.0 – 10.0.0.255

# how to write

⇒ 0.0.10.in-addr.arpa

# 172.16.0.80/29
# network address

⇒ 172.16.0.80

# range of network

⇒ 172.16.0.80 – 172.16.0.87

# how to write

⇒ 80.0.16.172.in-addr.arpa

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name serve

IN  NS      dlp.server.world.

# internal IP address of name server

IN  A       10.0.0.30

# define Mail exchanger

IN  MX 10   dlp.server.world.

# define IP address and hostname

dlp     IN  A       10.0.0.30

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

IN  NS      dlp.server.world.

# external IP address of name server

IN  A       172.16.0.82

# define Mail exchanger

IN  MX 10   dlp.server.world.

# define IP address and hostname

dlp     IN  A       172.16.0.82

vi /var/named/0.0.10.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

IN  NS      dlp.server.world.

# define range that this domain name is in

IN  PTR     server.world.

IN  A       255.255.255.0

# define IP address and hostname

30      IN  PTR     dlp.server.world.

vi /var/named/80.0.16.172.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

IN  NS      dlp.server.world.

# define range that this domain name is in

IN  PTR     server.world.

IN  A       255.255.255.248

# define IP address and hostname

82      IN  PTR     dlp.server.world.

yum -y install bind-chroot

[root@dlp ~]#

/etc/rc.d/init.d/named restart

Stopping named:

[ OK ]

Starting named:

[ OK ]

[root@dlp ~]#

ll /var/named/chroot/etc

total 28

-rw-r–r– 1 root root   331 Jul  9 11:17 localtime

drwxr-x— 2 root named 4096 Nov 11  2010 named

-rw-r—– 1 root named 1550 Jul  9 23:19 named.conf

-rw-r–r– 1 root named  601 Nov 11  2010 named.iscdlv.key

-rw-r—– 1 root named  931 Jun 21  2007 named.rfc1912.zones

drwxr-xr-x 3 root root  4096 Jul  9 23:30 pki

-rw-r—– 1 root named   77 Jul  9 23:02 rndc.key

[root@dlp ~]#

ll /var/named/chroot/var/named

total 40

-rw-r–r– 1 root  root   359 Jul  9 23:25 0.0.10.db

drwxr-x— 6 root  named 4096 Jul  9 23:30 chroot

drwxrwx— 2 named named 4096 Jul  9 23:25 data

drwxrwx— 2 named named 4096 Jul  9 23:26 dynamic

-rw-r—– 1 root  named 1892 Feb 18  2008 named.ca

-rw-r—– 1 root  named  152 Dec 15  2009 named.empty

-rw-r—– 1 root  named  152 Jun 21  2007 named.localhost

-rw-r—– 1 root  named  168 Dec 15  2009 named.loopback

-rw-r–r– 1 root  root   350 Jul  9 23:24 server.world.lan

drwxrwx— 2 named named 4096 Nov 11  2010 slaves

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

2011071002  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

IN  A       10.0.0.30

IN  MX 10   dlp.server.world.

dlp     IN  A       10.0.0.30

# [ aliase IN CNAME server’s name ]

ftp     IN  CNAME   dlp.server.world.

[root@dlp ~]#

rndc reload

server reload successful

[root@dlp ~]#

dig ftp.server.world.

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> ftp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ftp.server.world.

IN

A

;; ANSWER SECTION:
ftp.server.world.

86400

IN

CNAME

dlp.server.world.

dlp.server.world.

86400

IN

A

10.0.0.30

;; AUTHORITY SECTION:

server.world.

86400

IN

NS

dlp.server.world.

;; Query time: 0 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sun Jul 10 23:32:48 2011
;; MSG SIZE rcvd: 82

vi /etc/named.conf

# add secondary DNS server in the section below

allow-transfer { localhost;

172.16.0.85;

};

[root@dlp ~]#

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

2011071003  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

# add slave name server

IN  NS      ns.example.host.

IN  A       172.16.0.82

IN  MX 10   dlp.server.world.

dlp     IN  A       172.16.0.82

[root@dlp ~]#

rndc reload

server reload successful

vi /etc/named.conf

# add lines like below

zone “server.world” IN {

type slave;

masters { 172.16.0.82; };

file “slaves/server.world.wan”;

notify no;

};

[root@ns ~]#

rndc reload

server reload successful
[root@ns ~]#

ls /var/named/slaves

server.world.wan

# zone file in master DNS has been just transfered