|
一、缓存域名服务器 1、安装与配置 [root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs DNS服务器所需的软件包 [root@localhost ~]# vim /etc/named.conf DNS服务器的主配置文件 options { listen-on port 53 { 192.168.1.24; }; 使用53端口监听,监听的ip地192.168.1.24 listen-on-v6 port 53 { ::1; }; 监听ipv6的IP地址选项 directory "/var/named"; DNS的根目录,由于安装了bind-chroot的所致, 因此服务的实际工作目录为/var/named/chroot/var/named dump-file "/var/named/data/cache_dump.db"; 缓存转储文件 statistics-file "/var/named/data/named_stats.txt"; 记录了内存使用的统计信息 memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许查询的主机,默认为localhost recursion yes; 可以递归查询 dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
logging { named服务的日志文件信息 channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { 根(.)域的配置及信息(也可以通过其它上级域名转发功能来 配置缓存域名服务器,可以自己去了解) type hint; file "named.ca"; }; [root@localhost ~]# ls -lh /etc/named.conf 主配置文件权限如下(红色字体) -rw-r----- 1 root named 934 10月 21 23:06 /etc/named.conf [root@localhost ~]# service named restart DNS的服务名称为named 停止 named:. [确定] 启动 named: [确定] [root@localhost ~]# netstat -ltunp |grep named 查看端口监听状态 tcp 0 0 192.168.1.24:53 0.0.0.0:* LISTEN 8049/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8049/named tcp 0 0 ::1:53 :::* LISTEN 8049/named tcp 0 0 ::1:953 :::* LISTEN 8049/named udp 0 0 192.168.1.24:53 0.0.0.0:* 8049/named 2、客户端测试 [root@localhost ~]# echo nameserver 192.168.1.24 >> /etc/resolv.conf [root@localhost ~]# dig www.baidu.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> www.baidu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57864 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION: ;www.baidu.com. IN A
;; ANSWER SECTION: www.baidu.com. 1200 IN CNAME www.a.shifen.com. www.a.shifen.com. 300 IN A 180.97.33.107 www.a.shifen.com. 300 IN A 180.97.33.108
;; AUTHORITY SECTION: a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. 3、注意事项 客户端必须要跟服务器端通信(能ping通)及关闭selinux
二、主域名服务器配置 1、配置(可以与缓存服务器共享一台主机) [root@localhost ~]# vim /etc/named.conf options { listen-on port 53 { 192.168.1.24; }; 使用53端口监听,监听的ip地192.168.1.24 listen-on-v6 port 53 { ::1; }; 监听ipv6的IP地址选项 directory "/var/named"; DNS的根目录,由于安装了bind-chroot的所致, 因此服务的实际目录为/var/named/chroot/var/named dump-file "/var/named/data/cache_dump.db"; 缓存转储文件 statistics-file "/var/named/data/named_stats.txt"; 记录了内存使用的统计信息 memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许查询的主机,默认为localhost recursion yes; 可以递归查询 dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; };
logging { named服务的日志文件信息 channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { 根(.)域的配置及信息 type hint; file "named.ca"; }; zone "wxw.com" IN { 指定区名 type master; 服务器类别,master为主域名 file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建 allow-transfer {192.168.1.124;}; 指定从(辅助)域名服务器IP }; zone "1.168.192.in-addr.arpa" IN { 域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写 type master; file "192.168.1.zone"; 反向解析文件名192.168.1.zone allow-transfer {192.168.1.124;}; }; [root@localhost ~]# vim /var/named/wxw.com_zone 编辑正向解析文件 $TTL 1D @ IN SOA ns1.wxw.com. mail.www.wxw.com. ( 2014102101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.wxw.com. 主域名的域名地址 ns1.wxw.com. IN A 192.168.1.24 主域名的ip地址 @ IN NS ns2.wxw.com. 从域名的域名地址 ns2.wxw.com. IN A 192.168.1.124 从域名的ip地址 @ IN MX 10 mail.ww.wxw.com. 邮件服务器的域名地址 mail.www.wxw.com. IN A 192.168.1.4 www.wxw.com. IN A 192.168.1.2 ftp.wxw.com IN A 192.168.1.3 win7.wxw.com. IN A 192.168.1.224 linux.wxw.com. IN CNAME ns1.wxw.com. smb.wxw.com. IN CNAME ns1.wxw.com. dhcp.wxw.com. IN CNAME ns1.wxw.com. [root@localhost ~]# vim /var/named/192.168.1.zone 反向解析文件 $TTL 1D @ IN SOA ns1.wxw.com. mail.www.wxw.com. ( 2014102101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns1.wxw.com. @ IN NS ns2.wxw.com. 24 IN PTR ns1.wxw.com. 124 IN PTR ns2.wxw.com. @ IN MX 10 mail.www.wxw.com. 4 IN PTR mail.www.wxw.com. 2 IN PTR www.wxw.com. 3 IN PTR ftp.wxw.com. 124 IN PTR win7.wxw.com. [root@localhost ~]# service named restart 停止 named:. [确定] 启动 named: [确定] [root@localhost ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search wxw.com nameserver 192.168.1.24 2、客户端测试 [root@localhost ~]# dig www.wxw.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> www.wxw.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13587 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;www.wxw.com. IN A ;; ANSWER SECTION: www.wxw.com. 86400 IN A 192.168.1.2 ;; AUTHORITY SECTION: wxw.com. 86400 IN NS ns2.wxw.com. wxw.com. 86400 IN NS ns1.wxw.com. ;; ADDITIONAL SECTION: ns1.wxw.com. 86400 IN A 192.168.1.24 ns2.wxw.com. 86400 IN A 192.168.1.124 ;; Query time: 1 msec ;; SERVER: 192.168.1.24#53(192.168.1.24) ;; WHEN: Wed Oct 22 11:47:47 2014 ;; MSG SIZE rcvd: 113
三、从域名服务器搭建与配置 1、重新开启一台linux虚拟主机(CentOS 6.5),网卡ip为192.168.1.124 2、服务的安装与配置 [root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs [root@localhost ~]# vim /etc/named.conf options { listen-on port 53 { 192.168.1.124; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; # managed-keys-directory "/var/named/dynamic"; };
logging { named服务的日志文件信息 channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { 根(.)域的配置及信息 type hint; file "named.ca"; }; zone "wxw.com" IN { 指定区名 type slave; 服务器类别,slave为从域名服务器选项 file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建 masters {192.168.1.24;}; 指定主域名服务器IP }; zone "1.168.192.in-addr.arpa" IN { 域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写 type slave; file "192.168.1.zone"; 反向解析文件名192.168.1.zone masters {192.168.1.24;}; }; [root@localhost ~]# chmod 770 /var/named/ [root@localhost ~]# ll /var/named/ -d drwxrwx--- 6 root named 4096 Oct 22 10:49 /var/named/
[root@localhost ~]# service named restart 停止 named: [确定] 启动 named: [确定] 3、客户端测试 [root@localhost ~]# dig @192.168.1.124 www.wxw.com ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @192.168.1.124 www.wxw.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;www.wxw.com. IN A
;; ANSWER SECTION: www.wxw.com. 86400 IN A 192.168.1.2
;; AUTHORITY SECTION: wxw.com. 86400 IN NS ns1.wxw.com. wxw.com. 86400 IN NS ns2.wxw.com.
;; ADDITIONAL SECTION: ns1.wxw.com. 86400 IN A 192.168.1.24 ns2.wxw.com. 86400 IN A 192.168.1.124
;; Query time: 1 msec ;; SERVER: 192.168.1.124#53(192.168.1.124) ;; WHEN: Wed Oct 22 10:49:58 2014 4、注意事项: (1)、如果还是无法解析,请返回主域名服务器的/var/named目录给区域配置文件加上权限(单纯是为了练习的话,就加到最大权限777吧) (2)、以上的练习都是在关闭防火墙与seLinux的状态下操作的,如果防火墙开启,可自行去添加规则 四、还有根据接口来配置的DNS服务器,在此就不做介绍了,可自行去查阅资料练。 (责任编辑:IT) |