1 版本
1 .1 操作系统:
数据库服务器: rhel 5.4 32位
内核版本:
#uname -r
2.6.18-164.el5
1 .2 软件版本:
$sqplus / as sysdba
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
1 .3官方下载地址:
http://www.oracle.com/technetwork/indexes/downloads/index.html#database
1 .4实际下载地址:
wget ftp://172.25.200.254/Oracle/Database/oracle10g01_10.2.0.1.0_database_linux32.zip
版本简要说明:
当前实验环境所有服务器使用版本统一为: 10.2.0.1.0
2 安装前准备
2 .1 硬件准备
VMware workstion xxxxx
硬盘空间:10g
2 .2网络条件
局域网百兆带宽
2 .3 系统调整
根据官方优化提示,建议修改文件描述符数量:
临时修改文件描述符数量:
# ulimit –SHn 65536
永久修改文件描述符数量:
# vim /usr/include/bits/typesizes.h
#define __FD_SETSIZE 65536
#vi /etc/security/limits.conf
* hard nofile 102400
* soft nofile 102400# vim /etc/sysctl.conf
fs.file-max=102400
3 DNS安装
3 .1安装编译:
安装文件如下:
tar zxvf bind-9.6.1.tar.gz
cd bind-9.6.1./configure –enable-largefile –enable-threads –prefix=/usr/local/named
make&&make install
/usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
cd /usr/local/named/etc
tail -10 rndc.conf | head -9 | sed s/#\ //g > named.conf
vi /usr/local/named/etc/named.conf
追加以下内容:
options {
listen-on port 53 { 172.15.0.140; };
Directory “/usr/local/named”;
Pid-file “named.pid”;
Allow-query {any;};
Dump-file “/usr/local/named/data/cache_dump.db”;
Statistics-file “/usr/local/named/data/named_stats.txt”;
#forward only;
forwarders {218.104.111.114;218.104.111.122;}; //设置转发的公网DNS服务器地址
#forwarders {202.103.24.68;202.103.44.150;};
#forwarders {172.18.0.6;};
//设置内网DNS服务器转发
#atcp-clients 10000;
#listen-on { any;};
};zone “.” in {
Type hint;
File “named.root”;
};zone “localhost” in {
Type master;
File “localhost.zone”;
};zone “0.0.127.in-addr.arpa” in {
Type master;
File “localhost.rev”;
};
cd /usr/local/named/
vi localhost.zone
内容如下:
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
vi localhost.rev
内容如下:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
wget ftp://ftp.rs.internic.net/domain/named.root
自此主题配置已经完成
测试bind启动:
/usr/local/named/sbin/named -gc /usr/local/named/etc/named.conf
没有报错就把g去掉就可以到了
vi /etc/init.d/named
#!/bin/bash
#
# named a network name service.
#
#
# chkconfig: 545 35 75
# description: a name server
#
if [ `id -u` -ne 0 ]
then
echo “ERROR:For bind to port 53,must run as root.”
exit 1
fi
case “$1” instart)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -u root -c /usr/local/named/etc/named.conf && echo ‘start named [ok]’
fi
;;stop)
kill `cat /usr/local/named/named.pid` && echo ‘stop named [ok]’
;;
restart)
echo “restart named”
$0 stop
$0 start
;;
*)
echo “$0 start | stop | restart”
;;esac
chmod 777 named
cd /etc/init.d/
chkconfig –add named
chkconfig named on
chkconfig –list named
service named restart
3 .2智能解析:
BIND实现智能DNS的原理是通过view的方式,首先判断客户请求的来源,然后返回不同的IP
规划:为www.25.com域进行智能解析
分3个网段,172.24.90.0/24网段的请求解析到172.24.90.43主机上,172.24.80.0/24网段的请求解析到172.24.90.44主机上 其它网段解析到172.24.90.46主机。
cp /etc/named.conf named.conf.back #用cp备份原配置文件,建立要使用的配置文件,然后进行修改
vim /usr/local/named/etc/named.conf
内容如下:
acl innet {
172.24.90.0/24;
};
acl anyi {
172.24.80.0/24;
};
options {
allow-query {0.0.0.0/0;};
Directory “/usr/local/named”;
};
view in {
match-clients { innet; }; #定义用户为控制列表中所定义的
recursion yes; #允许内网用户进行递归查询
zone “.” in {
Type hint;
File “named.root”;
};
zone “localhost” in {
Type master;
File “localhost.zone”;
};
zone “0.0.127.in-addr.arpa” in {
Type master;
File “localhost.rev”;
};
zone “25.com” IN {
type master;
file “25.com.in”;
allow-transfer { none; }; #不允许区域传送
allow-update { none; }; #不允许更新
};
};
view out {
match-clients { anyi; }; #允许所有用户
recursion yes; #不允许外部网络用户进行递归查询(我们不是免费的公共dns)
zone “.” in {
Type hint;
File “named.root”;
};
zone “localhost” in {
Type master;
File “localhost.zone”;
};
zone “0.0.127.in-addr.arpa” in {
Type master;
File “localhost.rev”;
};
zone “25.com” IN {
type master;
file “25.com.out”;
allow-transfer { none; };
allow-update { none; };
};
};
view anyone {
match-clients { any; }; #允许所有用户(这里之所以
recursion yes; #不允许外部网络用户进行递归查询(我们不是免费的公共dns)
zone “25.com” IN {
type master;
file “25.com.any”;
allow-transfer { none; };
allow-update { none; };
};
};
cd /usr/local/named/
vim 25.com.in
$TTL 86400
@ IN SOA admin ns1.25.com. (
20081112001 ; Serial
28800 ; Refresh (s)
3600 ; Retry (s)
604800 ; Expiration (s)
38400 ; Negative Cache TTL (s)
)
@ IN NS ns1
ns1 IN A 172.24.90.43
www IN CNAME ns1
mta IN CNAME ns1
vim 25.com.out
$TTL 86400
@ IN SOA admin ns1.25.com. (
20081112001 ; Serial
28800 ; Refresh (s)
3600 ; Retry (s)
604800 ; Expiration (s)
38400 ; Negative Cache TTL (s)
);
@ IN NS ns1
ns1 IN A 172.24.90.44
www IN CNAME ns1
mta IN CNAME ns1
vim 25.com.any
$TTL 86400
@ IN SOA admin ns1.25.com. (
20081112001 ; Serial
28800 ; Refresh (s)
3600 ; Retry (s)
604800 ; Expiration (s)
38400 ; Negative Cache TTL (s)
);
@ IN NS ns1
ns1 IN A 172.24.20.46
www IN CNAME ns1
mta IN CNAME ns1
配置全部完成
给您一个大大的赞,感谢您的无私分享
dns欺骗可以做到吗?