rhce7 dns chroot 配置

dns server BIND 安装与配置
配置文件
安装 DNS
yum install bind*
根域配置文件
/=/var/named/chroot/
/etc/named.conf --> /var/named/chroot/etc/name.conf
复制chroot模式根域配置文件
cp -a /etc/named.conf /var/named/chroot/etc/
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 192.168.0.254; };
    directory    "/var/named";
    dump-file    "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

};

#logging {
#channel default_debug {
#file "data/named.run";
#severity dynamic;
#};
#};

zone "." IN {
    type hint;
    file "named.ca";
};
zone "linuxidc.com." IN {
    type master;
    file "linuxidc.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
    type master;
    file "192.168.0.zone";
};区域配置文件
/var/named --> /var/named/chroot/var/named/
cp -a /var/named/named.ca /var/named/chroot/var/named/
cp -a /var/named/named.localhost /var/named/chroot/var/named/linuxidc.com.zone
正向解析
$TTL 1D
@    IN SOA    linuxidc.com.  root.linuxidc.com. (
                    2015101401    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
    NS    ns.linuxidc.com.
ns    A    192.168.0.254
www    A    192.168.0.254
www    A    192.168.0.250
ftp    A    192.168.0.254
bbs    A    192.168.0.254
@    IN    MX 10  mail.linuxidc.com.
mail    A    192.168.0.254
game    CNAME    www.linuxidc.com.cn.反向解析
$TTL 1D
@    IN SOA    linuxidc.com.  root.linuxidc.com. (
                    2015101401    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
    NS    ns.linuxidc.com.
254    IN    PTR    ns.linuxidc.com.
254    IN    PTR    www.linuxidc.com.
254    IN    PTR    mail.linuxidc.com.
254    IN    PTR    ftp.linuxidc.com.
254    IN    PTR    bbs.linuxidc.com.
@    IN    MX 10  mail.linuxidc.com.
game    CNAME    www.linuxidc.com.cn.

开机自启动 bind-chroot 服务
[root@CentOS7 ~]#/usr/libexec/setup-named-chroot.sh /var/named/chroot on

[root@centos7 ~]# systemctl stop named

[root@centos7 ~]# systemctl disable named

[root@centos7 ~]# systemctl start named-chroot

[root@centos7 ~]# systemctl enable named-chroot