DNS配置综合实例。
配置DNS服务器,要求如下
一台主DNS服务器:ip为192.168.100.20,主机名为:
一台辅助DNS服务器:ip为192.168.100.21,主机名为:
一台子域服务器:ip为192.168.100.22,主机名为:
主DNS服务器为域进行解析,同时为进行解析,并提供为192.168.100.0网段提供反向解析
当其他域DNS服务器不能解析时,将交给互联网域中DNS服务器来处理,IP为:219.146.0.130
www. 192.168.100.200
ftp. 192.168.100.201
mail. 192.168.100.202
nfs. 192.168.100.203
samba. 192.168.100.204
并且为区域添加交换记录,邮件服务器为mail.
子域DNS服务器为bj.、ah.、bj.和ah.域进行解析
并解析以下名称
www.bj. 192.168.100.205
www.ah. 192.168.100.206
www.bj. 192.168.100.207
www.ah. 192.168.100.208
辅助DNS为以上所有区域提供备份功能
操作步骤:
主服务器配置:
配置主机名:
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=
也可使用更改,重启后失效。
[root@localhost ~]# hostname
[root@localhost ~]# hostname
配置ip地址:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.100.20
NETMASK=255.255.255.0
[root@localhost ~]# service network restart
安装DNS软件:
[root@localhost ~]# cd /misc/cd/Server/
[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm
编辑配置文件:
[root@localhost Server]# vi /var/named/chroot/etc/named.caching-nameserver.conf //也可直接编辑/etc/named.caching-nameserver.conf,这是一个链接文件。
listen-on port 53 { 192.168.100.20; };
forwarders {219.146.0.130;}; //提供转发功能。
allow-query { any; };
match-clients { any; };
match-destinations { any; };
新建区域:
[root@localhost Server]# vi /var/named/chroot/etc/named.rfc1912.zones
同上,也可以编辑链接文件/etc/named.caching-nameserver.conf
zone "" IN {
type master;
file ".zone";
};
zone "" IN {
type master;
file ".zone";
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "in-addr..zone";
};
编辑区域配置文件:
[root@localhost Server]# cd /var/named/chroot/var/named/
[root@localhost named]# cp -p localhost.zone .zone //别忘了加-p,要真忘了那手工更改named文件夹的属性,named文件夹必须让named用户有写的权限,笔者曾经因为这个问题搞得一头雾水,而且不止一次,教训!
[root@localhost named]# cp -p localhost.zone .zone
[root@localhost named]# cp -p named.local in-addr..zone
[root@localhost named]# vi .zone
添加内容如下:
www IN A 192.168.100.200
ftp IN A 192.168.100.201
nfs IN A 192.168.100.203
samba IN A 192.168.100.204
mail IN MX 192.168.100.202
[root@localhost named]# vi .zone
www IN A 192.168.100.210
ftp IN A 192.168.100.211
反向解析文件:
[root@localhost named]# vi in-addr..zone
200 IN PTR www.. //注意后面还有一个点。
201 IN PTR ftp..
202 IN PTR mail..
203 IN PTR nfs..
204 IN PTR samba..
现在要重启服务了,但这时出现了错误。经过排查原因如下:
第一,在添加MX记录时在MX后面要添加一个优先级值。如:
mail IN MX 10 192.168.100.202
第二,可能是刚才修改计算机名没有重启的原因,要在区域配置文件里手工指定一个默认区域。如在下添加:
$ORIGIN .
也同样,但反向查找区域配置文件不用加。
好了,终于成功重启DNS服务了。
[root@localhost named]# service named restart
子域DNS服务器的配置:
同样,先配IP地址和计算机名。
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.100.22
NETMASK=255.255.255.0
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=
[root@localhost ~]# hostname //用上面改后不重启不生效,所以这样改。(谁能告诉我呢?)
[root@localhost ~]# service network restart
安装软件:
[root@localhost ~]# cd /misc/cd/Server/
[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm
编辑配置文件:
[root@localhost Server]# cd
[root@localhost ~]# vi /var/named/chroot/etc/named.caching-nameserver.conf
listen-on port 53 { 192.168.100.22; };
allow-query { any; };
match-clients { any; };
match-destinations { any; };
新建区域:
[root@localhost ~]# vi /var/named/chroot/etc/named.rfc1912.zones
zone "bj." IN {
type master;
file "bj..zone ";
};
zone "ah." IN {
type master;
file "ah..zone ";
};
zone "bj." IN {
type master;
file "bj..zone ";
};
zone "ah." IN {
type master;
file "ah..zone ";
};
编辑区域配置文件:
[root@localhost ~]# cd /var/named/chroot/var/named/
[root@localhost named]# cp -p localhost.zone bj..zone
[root@localhost named]# cp -p localhost.zone ah..zone
[root@localhost named]# cp -p localhost.zone bj..zone
[root@localhost named]# cp -p localhost.zone ah..zone
[root@localhost named]# vi bj..zone
www IN A 192.168.100.205
[root@localhost named]# vi ah..zone
www IN A 192.168.100.206
[root@localhost named]# vi bj..zone
www IN A 192.168.100.207
[root@localhost named]# vi ah..zone
www IN A 192.168.100.208
[root@localhost named]# service named restart
这里重启服务就没问题了,不知道为什么。以后再研究。
接下来要想成为子域,只需在父域上进行授权即可。添加内容如下:
[root@localhost named]# vi .zone
bj IN NS bj..
bj IN A 192.168.100.22
ah IN NS ah..
ah IN A 192.168.100.22
[root@localhost named]# vi .zone
bj IN NS bj..
bj IN A 192.168.100.22
ah IN NS ah..
ah IN A 192.168.100.22
[root@localhost named]# service named restart
在win7下测试:
D:\Users\chenbin>nslookup
> server 192.168.100.20
DNS request timed out.
timeout was 2 seconds.
默认服务器: [192.168.100.20]
Address: 192.168.100.20
> www.
服务器: [192.168.100.20]
Address: 192.168.100.20
名称: www.
Address: 192.168.100.200
> www.
服务器: [192.168.100.20]
Address: 192.168.100.20
名称: www.
Address: 192.168.100.210
> www.bj.
服务器: [192.168.100.20]
Address: 192.168.100.20
非权威应答:
名称: www.bj.
Address: 192.168.100.205
> www.bj.
服务器: [192.168.100.20]
Address: 192.168.100.20
非权威应答:
名称: www.bj.
Address: 192.168.100.207
> www.ah.
服务器: [192.168.100.20]
Address: 192.168.100.20
非权威应答:
名称: www.ah.
Address: 192.168.100.206
> www.ah.
服务器: [192.168.100.20]
Address: 192.168.100.20
非权威应答:
名称: www.ah.
Address: 192.168.100.208
子域配置完成。但在子域下却不能解析父域的地址。如:
> server 192.168.100.22
默认服务器: [192.168.100.22]
Address: 192.168.100.22
> www.
服务器: [192.168.100.22]
Address: 192.168.100.22
*** [192.168.100.22] 找不到 www.: Server failed
解决的办法可以添加两转发区域。如:
[root@localhost named]# vi /var/named/chroot/etc/named.rfc1912.zones
zone "" IN {
type forward;
forwarders {192.168.100.20;};
};
zone "" IN {
type forward;
forwarders {192.168.100.20;};
};
[root@localhost named]# service named restart
> www.
服务器: [192.168.100.22]
Address: 192.168.100.22
非权威应答:
名称: www.
Address: 192.168.100.200
接下来配置辅助DNS服务器。
因为辅助区域要备份所有区域的数据,所以让这个辅助区域同时成为两个区域的辅助区域即可。配置如下:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.100.21
NETMASK=255.255.255.0
[root@localhost ~]# hostname
[root@localhost ~]# service network restart
[root@localhost ~]# cd /misc/cd/Server/
[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm
[root@localhost Server]# cd
[root@localhost ~]# vi /var/named/chroot/etc/named.caching-nameserver.conf
listen-on port 53 { 192.168.100.21; };
allow-query { any; };
match-clients { any; };
match-destinations { any; };
[root@localhost ~]# vi /var/named/chroot/etc/named.rfc1912.zones
zone "" IN {
type slave;
masters {192.168.100.20;};
file "slaves/.zone";
};
zone "" IN {
type slave;
masters {192.168.100.20;};
file "slaves/.zone";
};
zone "bj." IN {
type slave;
masters {192.168.100.22;};
file "slaves/bj..zone";
};
zone "bj." IN {
type slave;
masters {192.168.100.22;};
file "slaves/bj..zone";
};
zone "ah." IN {
type slave;
masters {192.168.100.22;};
file "slaves/ah..zone";
};
zone "ah." IN {
type slave;
masters {192.168.100.22;};
file "slaves/ah..zone";
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.100.20;};
file "slaves/in-addr..zone";
};
[root@localhost ~]# service named restart
[root@localhost ~]# cd /var/named/chroot/var/named/
[root@localhost named]# ls slaves/
ah..zone bj..zone in-addr..zone .zone
ah..zone bj..zone .zone
所有区域配置文件都已经复制过来了,实现了备份功能。
测试一下:
> server 192.168.100.21
DNS request timed out.
timeout was 2 seconds.
默认服务器: [192.168.100.21]
Address: 192.168.100.21
> www.
服务器: [192.168.100.21]
Address: 192.168.100.21
名称: www.
Address: 192.168.100.200
> www.ah.
服务器: [192.168.100.21]
Address: 192.168.100.21
名称: www.ah.
Address: 192.168.100.206
> 192.168.100.204
服务器: [192.168.100.21]
Address: 192.168.100.21
名称: samba.
Address: 192.168.100.204
到此,本实例所有要求完成。
