/etc/named.conf DNS主配置文件,申明域
/var/named 存放解析数据库
bind-chroot包 把DNS禁锢在/var/named/chroot下工作,防止黑客入侵
实验拓扑:
DNS Slave
-----DNS Master(vmnet1)----------(vmnet1)
Win7 Client
实验一:搭建主DNS服务器
tarena.com
www.tarena.com 192.168.10.253
bbs.tarena.com 192.168.10.100
blog是bbs别名
1、安装软件包
[root@svr1 ~]# yum -y install bind-chroot bind caching-nameserver
2,修改主配置文件
[root@svr1 etc]# cp -p named.caching-nameserver.conf named.conf //把模板文件复制为主配置文件
[root@svr1 etc]# vim named.conf
options {
listen-on port 53 { 192.168.1.254; }; //监听192.168.1.254的53端口
// listen-on-v6 port 53 { ::1; };
...
allow-query { any; }; //允许...访问
allow-query-cache { any; }; //允许...访问缓存
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@svr1 etc]# vim named.rfc1912.zones
zone "tarena.com" IN { //定义正向区域
type master; //定义类型
file "tarena.com.zone"; //定义数据库文件
};
zone "1.168.192.in-addr.arpa" IN { //定义反响区域
type master;
file "192.168.1.arpa";
};
[root@svr1 etc]# named-checkconf named.conf //检测配置文件,无输出表示正确
3,配置数据库文件
[root@svr1 etc]# cd ../var/named/
[root@svr1 named]# cp -p named.local tarena.com.zone
[root@svr1 named]# cat tarena.com.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
2014061701 ; Serial //标签
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS svr1.tarena.com. //服务器域名
svr1 IN A 192.168.1.254 //A记录
www IN A 192.168.1.254
bbs IN A 192.168.1.100
blog IN CNAME bbs //别名记录
[root@svr1 named]# cat 192.168.1.arpa
$TTL 86400
@ IN SOA localhost. root.localhost. (
2014061701 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS svr1.tarena.com.
254 IN PTR svr1.tarena.com. //反向解析
254 IN PTR www.tarena.com.
100 IN PTR bbs.tarena.com.
100 IN PTR blog.tarena.com.
[root@svr1 named]# named-checkzone tarena.com tarena.com.zone //检测文件语法
zone tarena.com/IN: loaded serial 2014061701
OK
[root@svr1 named]# service named restart
[root@svr1 named]# chkconfig named on //启动服务
在客户端测试:
首先清空hosts文件之前添加的配置,然后在命令行利用nslookup来测试域名解析
C:\Users\Administrator>nslookup
默认服务器: svr1.tarena.com
Address: 192.168.1.254
> www.tarena.com
服务器: svr1.tarena.com
Address: 192.168.1.254
名称: www.tarena.com
Address: 192.168.1.254
> bbs.tarena.com
服务器: svr1.tarena.com
Address: 192.168.1.254
名称: bbs.tarena.com
Address: 192.168.1.100
实验二:DNS高级应用
实现DNS负载均衡,当用户访问www.tarena.com的时候,2/3用 户访问10.253,1/3用户访问10.100
确保用户访问tarena.com的时候仍然可以访问www.tarena.com 的网站
实现用户在访问的时候只要域名正确就可以访问www.tarena.com 的网站
[root@svr1 named]# vim tarena.com.zone
www IN A 192.168.1.254 --
www IN A 192.168.1.254 -->DNS轮询
www IN A 192.168.1.253 --
tarena.com. IN A 192.168.1.254
* IN A 192.168.1.254 -->泛域名,要写在最后一
$GENERATE 20-50 station$ IN A 192.168.10.$ //匹配函数
行
重启服务在客户端测试
vim
替换 %s/aaa/bbb/c 表示把所有aaa替换为bbb,每次替换时有提示
实验三:搭建从DNS服务器
给上面的主DNS搭建一个辅助DNS
1、安装软件包
[root@localhost ~]# rpm -q bind bind-chroot caching-nameserver
package bind is not installed
package bind-chroot is not installed
package caching-nameserver is not installed
[root@localhost ~]# yum -y install bind bind-chroot caching- nameserver
2、修改从DNS的主配置文件
[root@localhost ~]# cd /var/named/chroot/etc/
[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf
[root@localhost etc]# vim named.conf
...
15 listen-on port 53 { 192.168.10.100; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
37 match-clients { any; };
38 match-destinations { any; };
[root@ser2 etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN {
52 type slave;
53 file "slaves/tarena.com.zone";
54 masters { 192.168.10.253; };
55 };
56
57 zone "10.168.192.in-addr.arpa" IN {
58 type slave;
59 file "slaves/tarena.com.arpa";
60 masters { 192.168.10.253; };
61 };
[root@ser2 etc]# named-checkconf named.conf
3、修改主DNS的主配置文件,添加授权信息
[root@localhost ~]# cd /var/named/chroot/etc/
[root@localhost etc]# vim named.conf //添加21行内容
...
21 allow-transfer { 192.168.10.100; };
...
[root@localhost etc]# cd /var/named/chroot/var/named/
[root@localhost named]# cat tarena.com.zone
$TTL 86400
@ IN SOA tarena.com. root.tarena.com. (
2014041802 ; Serial //序列号加1
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
IN NS dns02.tarena.com. //添加从DNS服务器
IN A 192.168.10.253
dns01 IN A 192.168.10.253
dns02 IN A 192.168.10.100 //为从DNS正向解析
www IN A 192.168.10.253
www IN A 192.168.10.253
www IN A 192.168.10.100
bbs IN A 192.168.10.100
blog IN CNAME bbs
$GENERATE 20-50 station$ IN A 192.168.10.$
* IN A 192.168.10.101
[root@localhost named]# cat tarena.com.arpa
$TTL 86400
@ IN SOA tarena.com. root.tarena.com. (
2014041802 ; Serial //序列号加1
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
IN NS dns02.tarena.com. //添加从DNS服务器
253 IN PTR dns01.tarena.com.
100 IN PTR dns02.tarena.com. //为从DNS反向解析
253 IN PTR www.tarena.com.
100 IN PTR bbs.tarena.com.
[root@localhost etc]# service named restart
4、启动从DNS服务器并验证
[root@localhost etc]# service named restart
[root@localhost etc]# chkconfig named on
[root@localhost etc]# ls /var/named/chroot/var/named/slaves/
tarena.com.zone tarena.com.arpa