|
实验环境:
一台CentOS 6.0 服务器:IP:192.168.5.1 服务器名:master.haitian.com 主DNS服务器
一台CentOS 5.5 服务器:IP:192.168.5.2 服务器名:slave.haitian.com 从DNS服务器
一台windows xp 客户机 ip:192.168.5.7
一、安装软件包;
1、让yum安装包保留在服务器上
[root@proxy ~]# vi /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1 #修改此处,让其保留yum内容;
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
2、使用yum 安装Bind (主DNS CentOS 6.0)服务器;
[root@master ~# yum -y install bind bind-chroot bind-libs bind-devel
3、配置主DNS服务器
3.1 修改resovl.conf解析和hosts,目的是为了提高域名解析效率,需要将主从DNS的地址写入到/etc/hosts,同时在/etc/resolv.conf文件中指定主从DNS地址。
[root@master named]# vi /etc/resolv.conf
nameserver 192.168.5.1
nameserver 192.168.5.2
[root@master named]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
1::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.1 master.haitian.com
192.168.5.2 slave.haitian.com
[root@master ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=master.haitian.com #设置主机名
GATEWAY=192.168.5.254
3.2、设置Bind配置文件
#[root@master ~]# vi /etc/nanmed.conf
加入以下内容:options {
listen-on port 53 { any; }; #将127.0.0.1 改为 any;
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #将localhost 改为 any;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## 新增加的内容###
zone "haitian.com" IN { ##设置正向DNS区域名称
type master; ##区域类型为主域
file "/etc/named/named.haitian.com"; ##正向区域的地址数据库文件名
allow-transfer { 192.168.5.2; }; ##设置允许下载区域数据库信息的从域名服务器地址
allow-update { none; }; ##设置允许动态更新的客户端地址为禁止
};
zone "htsprings.com.cn" IN {
type master;
file "/etc/named/named.htsprings.com.cn";
allow-transfer { 192.168.5.2; };
allow-update { none; };
};
##反向解析
zone "5.168.192.in-addr.arpa" IN { ##设置反向DNS区域名称
type master; ##区域类型为主域
file "/etc/named/named.haitian.com.rev"; ##反向区域的地址数据库文件名
allow-transfer { 192.168.5.2; }; ##设置允许下载区域数据库信息的从域名服务器地址
allow-update { none; }; ##设置允许动态更新的客户端地址为禁止
};
include "/etc/named.rfc1912.zones";
3.3、设置正反向解析数据库
可以复制模版进行修改
#[root@master ~]# cp /var/named/named.localhost /etc/named/named.haitian.com
正向数据库如下:
#[root@master ~]# vi /etc/named/named.haitian.com
$TTL 1D
@ IN SOA haitian.com admin.haitian.com. (#设置SOA标记、域名、域管理邮箱
2011081200 ; serial ##更新序列号,用于标记地址数据库的变化,可以是10位以内的整数
1D ; refresh #刷新时间
1H ; retry #从域名服务器更新该地址数据库文件的间隔时间
1W ; expire #失效时间,超过该时间(1 Week)仍无法更新地址数据库,则不再尝试
3H ) ; minimum #设置无效地址解析记录的默认缓存时间(1 Day)
IN NS haitian.com. #NS为域名服务器记录,用于设置当前域的DNS服务器的域名地址,注意名称后都有"."
@ IN NS master.haitian.com.
@ IN NS slave.haitian.com.
IN MX 5 mail.haitian.com. #MX邮件交换记录,用于设置当前域的邮件服务器域名地址,数字表优先级,越大越低
master.haitian.com. IN A 192.168.5.1 #A地址记录,用于记录正向域名解析
slave.haitian.com. IN A 192.168.5.2
ftp IN NS 192.168.5.1
www IN NS 192.168.5.1 #WWW 此处假设一个域名对应多个IP,可以实现基于DNS解析的负载均衡
www IN NS 192.168.5.2
vpn IN NS 192.168.5.2
gz IN CNAME www #CNAME别名记录,表示gz.haitain.com是www.haitian.com的别名,可以通过nslookup
:wq
修改完成后保存退出
#[root@master ~]#vi /etc/named/named.haitian.com
$TTL 1D
@ IN SOA @ admin.haitian.com. (
2011081200 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS master.haitian.com. #注意名称后有"."
@ IN NS slave.haitian.com.
1 IN PTR www.haitian.com. #PTR指针记录,第一列为主机地址
1 IN PTR ftp.haitian.com. #此处对应正向区域数据库中的假设一个域名对应多个IP
2 IN PTR vpn.haitian.com.
:wq
修改完成后保存退
重新启动DNS服务
[root@master named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@mster ~]# chkconfig --level 35 named on #将named服务设为开机自启 动
使用named -g 查错
[root@localhost etc]# named -g
Jun 13 11:18:01.227 starting BIND 9.2.4rc6 -g
Jun 13 11:18:01.227 using 1 CPU
Jun 13 11:18:01.233 loading configuration from '/etc/named.conf'
Jun 13 11:18:01.241 no IPv6 interfaces found
Jun 13 11:18:01.242 listening on IPv4 interface lo, 127.0.0.1#53
Jun 13 11:18:01.243 binding TCP socket: address in use
Jun 13 11:18:01.243 listening on IPv4 interface eth0, 150.31.3.251#53
Jun 13 11:18:01.244 binding TCP socket: address in use
Jun 13 11:18:01.249 /etc/named.conf:19: couldn't add command channel 127.0.0.1#953: address in use
Jun 13 11:18:01.250 ignoring config file logging statement due to -g option
Jun 13 11:18:01.250 couldn't open pid file '/var/run/named/named.pid': Permission denied
Jun 13 11:18:01.250 exiting (due to early fatal error)
named.pid permission denied
如果出现以上错误,解决方法如下:
[root@master named]# chown root:named /var/run/named
检查主机
[root@master named]# named-checkzone zonename named.haitian.com
named.haitian.com:12: ignoring out-of-zone data (master.haitian.com)
named.haitian.com:13: ignoring out-of-zone data (slave.haitian.com)
named.haitian.com:14: NS record '192.168.5.1' appears to be an address
named.haitian.com:15: NS record '192.168.5.1' appears to be an address
named.haitian.com:16: NS record '192.168.5.2' appears to be an address
zone zonename/IN: ftp.zonename/NS '192.168.5.1.zonename' has no address records (A or AAAA)
zone zonename/IN: vpn.zonename/NS '192.168.5.2.zonename' has no address records (A or AAAA)
zone zonename/IN: www.zonename/NS '192.168.5.1.zonename' has no address records (A or AAAA)
zone zonename/IN: loaded serial 2011081200
OK
[root@master named]# named-checkzone zonename named.haitian.com.rev
zone zonename/IN: loaded serial 2011081200
OK
[root@master named]#
四、安装配置Slave DNS(从DNS)服务器
1、安装Slave DNS Server必备的软件;CentOS5.5需要多安装一个包caching-nameserver
[root@slave ~]# yum -y install bind bind-chroot bind-libs bind-devel caching-nameserver
2、配置从DNS服务器
2.1、从DNS相关配置
修改resovl.conf解析和hosts,目的是为了提高域名解析效率,和配置主DNS相同;
[root@slave~]# vi /etc/resolv.conf
nameserver 192.168.5.1
nameserver 192.168.5.2
[root@slave~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
1::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.1 master.haitian.com
192.168.5.2 slave.haitian.com
[root@slave~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=slave.haitian.com #设置主机名
GATEWAY=192.168.5.254
2.2、配置slave DNS服务器,CentOS 5.5 yum安装bind在/etc/下没有named目录,也没有named.conf配置文件,需要从模版中复制出来,或者自己创建
复制配置文件,记得后面要加参数-p,让权限保持一致;
[root@slave etc]# cp -p mv named.caching-nameserver.conf named.conf
具体内容如下;
[root@slave etc]# vim named.conf
options {
listen-on port 53 { any; }; #修改为any
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; #修改为any
allow-query-cache { any; }; #修改为any
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; #修改为any
match-destinations { any; }; #修改为any
recursion yes;
include "/etc/named.rfc1912.zones";
##以下是手工配置内容#####
zone "haitian.com" IN {
type slave;
masters { 192.168.5.1; };
file "slaves/slave.haitian.com";
};
zone "htsprings.com.cn" IN {
type slave;
masters { 192.168.5.1; };
file "slaves/slave.htsprings.com.cn";
};
zone "5.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.5.1; };
file "slaves/slave.haitian.com.rev";
};
};
:wq
保存退出;
重新启动DNS服务
[root@master named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
将named服务设为开机自启动
[root@slave slaves]# chkconfig --level 35 named on
查看/var/named/slaves/有没有更新NDS数据库,如果没有使用以下方法
使用named -g 查错
[root@localhost etc]# named -g
15-Aug-2011 08:10:27.264 starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -g
15-Aug-2011 08:10:27.264 adjusted limit on open files from 1024 to 1048576
15-Aug-2011 08:10:27.265 found 1 CPU, using 1 worker thread
15-Aug-2011 08:10:27.265 using up to 4096 sockets
15-Aug-2011 08:10:27.269 loading configuration from '/etc/named.conf'
15-Aug-2011 08:10:27.270 using default UDP/IPv4 port range: [1024, 65535]
15-Aug-2011 08:10:27.271 using default UDP/IPv6 port range: [1024, 65535]
15-Aug-2011 08:10:27.272 listening on IPv6 interface lo, ::1#53
15-Aug-2011 08:10:27.273 binding TCP socket: address in use
15-Aug-2011 08:10:27.273 listening on IPv4 interface lo, 127.0.0.1#53
15-Aug-2011 08:10:27.273 binding TCP socket: address in use
15-Aug-2011 08:10:27.273 listening on IPv4 interface eth0, 192.168.5.2#53
15-Aug-2011 08:10:27.273 binding TCP socket: address in use
15-Aug-2011 08:10:27.275 couldn't add command channel 127.0.0.1#953: address in use
15-Aug-2011 08:10:27.275 couldn't add command channel ::1#953: address in use
15-Aug-2011 08:10:27.275 ignoring config file logging statement due to -g option
15-Aug-2011 08:10:27.293 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
15-Aug-2011 08:10:27.293 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
15-Aug-2011 08:10:27.293 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
15-Aug-2011 08:10:27.293 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
15-Aug-2011 08:10:27.294 zone localdomain/IN/localhost_resolver: loaded serial 42
15-Aug-2011 08:10:27.294 zone localhost/IN/localhost_resolver: loaded serial 42
15-Aug-2011 08:10:27.294 running
15-Aug-2011 08:10:27.296 zone haitian.com/IN/localhost_resolver: Transfer started.
15-Aug-2011 08:10:27.297 transfer of 'haitian.com/IN' from 192.168.5.1#53: connected using 192.168.5.2#44746
15-Aug-2011 08:10:27.298 dumping master file: slaves/tmp-lHqJkXyrSb: open: permission denied
15-Aug-2011 08:10:27.299 transfer of 'haitian.com/IN' from 192.168.5.1#53: failed while receiving responses: permission denied
15-Aug-2011 08:10:27.299 transfer of 'haitian.com/IN' from 192.168.5.1#53: end of transfer
15-Aug-2011 08:10:28.121 zone 5.168.192.in-addr.arpa/IN/localhost_resolver: Transfer started.
15-Aug-2011 08:10:28.122 transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using 192.168.5.2#46494
15-Aug-2011 08:10:28.124 dumping master file: slaves/tmp-SXUfvOpQou: open: permission denied
15-Aug-2011 08:10:28.124 transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while receiving responses: permission denied
15-Aug-2011 08:10:28.124 transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: end of transfer
15-Aug-2011 08:11:06.353 shutting down
15-Aug-2011 08:11:06.353 no longer listening on ::1#53
15-Aug-2011 08:11:06.354 no longer listening on 127.0.0.1#53
15-Aug-2011 08:11:06.354 no longer listening on 192.168.5.2#53
出现"transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while receiving responses: permission denied"的解决办法
解决办法:
[root@slave slaves]# chown root:named /var/named/slaves/
[root@slave slaves]# named
[root@slave slaves]# ls
slave.haitian.com slave.haitian.com.rev slave.htsprings.com.cn
出现以上三个文件,说明slave DNS从Master DNS复制成功!
[root@slave slaves]# tail -f /var/log/messages
Aug 15 13:00:52 slave named[4165]: zone htsprings.com.cn/IN/localhost_resolver: Transfer started.
Aug 15 13:00:52 slave named[4165]: transfer of 'htsprings.com.cn/IN' from 192.168.5.1#53: connected using 192.168.5.2#56580
Aug 15 13:00:52 slave named[4165]: zone htsprings.com.cn/IN/localhost_resolver: transferred serial 2011081200
Aug 15 13:00:52 slave named[4165]: transfer of 'htsprings.com.cn/IN' from 192.168.5.1#53: end of transfer
Aug 15 13:00:53 slave named[4165]: zone haitian.com/IN/localhost_resolver: Transfer started.
Aug 15 13:00:53 slave named[4165]: zone 5.168.192.in-addr.arpa/IN/localhost_resolver: Transfer started.
Aug 15 13:00:53 slave named[4165]: transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using 192.168.5.2#60612
Aug 15 13:00:53 slave named[4165]: transfer of 'haitian.com/IN' from 192.168.5.1#53: connected using 192.168.5.2#58178
Aug 15 13:00:53 slave named[4165]: zone 5.168.192.in-addr.arpa/IN/localhost_resolver: transferred serial 0
Aug 15 13:00:53 slave named[4165]: transfer of '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: end of transfer
Aug 15 13:00:53 slave named[4165]: zone 5.168.192.in-addr.arpa/IN/localhost_resolver: sending notifies (serial 0)
Aug 15 13:00:53 slave named[4165]: zone haitian.com/IN/localhost_resolver: transferred serial 2011081200
Aug 15 13:00:53 slave named[4165]: transfer of 'haitian.com/IN' from 192.168.5.1#53: end of transfer
Aug 15 13:00:53 slave named[4165]: zone haitian.com/IN/localhost_resolver: sending notifies (serial 2011081200)
Aug 15 13:00:53 slave named[4165]: client 192.168.5.2#36784: view localhost_resolver: received notify for zone 'haitian.com'
Aug 15 13:00:53 slave named[4165]: zone haitian.com/IN/localhost_resolver: refused notify from non-master: 192.168.5.2#36784
在winxp下将网卡的DNS指向192.168.5.2,测试DNS
C:\>nslookup
Default Server: vpn.haitian.com
Address: 192.168.5.2
> 192.168.5.1
Server: vpn.haitian.com
Address: 192.168.5.2
Name: ftp.haitian.com
Address: 192.168.5.1
> 192.168.5.2
Server: vpn.haitian.com
Address: 192.168.5.2
Name: vpn.haitian.com
Address: 192.168.5.2
> haitian.com
Server: vpn.haitian.com
Address: 192.168.5.2
Name: haitian.com
Addresses: 192.168.5.1, 192.168.5.2
> htsprings.com.cn
Server: vpn.haitian.com
Address: 192.168.5.2
Name: htsprings.com.cn
Address: 192.168.5.1
说明主、从DNS配置成功!到此完成!
(责任编辑:IT) |
