[初始环境配置dns主从]
1,配置网络参数
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network
/etc/hosts
/etc/resolv.conf
确保selinux,iptables在关闭状态
实验环境为两台rhel5.10
svr1 172.30.6.118 主dns
svr2 172.30.6.119 从dns
2,安装软件包
[root@svr1 ~]# yum -y install vim-enhanced bind bind-chroot caching-nameserver
3,配置主dns
[root@svr1 ~]# cp -p /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.conf
[root@svr1 ~]# vim /var/named/chroot/etc/named.conf //只给出需要改动的行
...
listen-on port 53 { 172.30.6.118; }; //监听端口与IP
...
allow-query { any; };
allow-query-cache { any; };
...
match-clients { any; }; //接受所有客户端请求
match-destinations { any; };
...
[root@svr1 ~]# vim /var/named/chroot/etc/named.rfc1912.zones
...
zone "tarena.com" IN { //正向解析
type master; //主dns
file "tarena.com.zone"; //域名文件
allow-transfer { 172.30.6.119; }; //仅允许172.30.6.119同步
};
zone "6.30.172.in-addr.arpa" IN { //反向解析
type master;
file "tarena.com.arpa";
allow-transfer { 172.30.6.119; };
};
[root@svr1 ~]# cp -p /var/named/chroot/var/named/named.zero /var/named/chroot/var/named/tarena.com.zone //拷贝模版
[root@svr1 ~]# cp -p /var/named/chroot/var/named/named.zero /var/named/chroot/var/named/tarena.com.arpa
[root@svr1 ~]# cat /var/named/chroot/var/named/tarena.com.zone
$TTL 86400 //缓存时间单位秒
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS svr1.tarena.com.
IN NS svr2.tarena.com.
svr1 IN A 172.30.6.118
svr2 IN A 172.30.6.119
[root@svr1 ~]# cat /var/named/chroot/var/named/tarena.com.arpa
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS svr1.tarena.com.
IN NS svr2.tarena.com.
118 IN PTR svr1.tarena.com.
119 IN PTR svr2.tarena.com.
[root@svr1 ~]# service named restart
[root@svr1 ~]# chkconfig named on //启动服务
4,配置从dns
安装软件包与参照主dns
[root@svr2 ~]# cp -p /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.conf
[root@svr2 ~]# vim /var/named/chroot/etc/named.conf
...
listen-on port 53 { 172.30.6.119; };
...
allow-query { any; };
allow-query-cache { any; };
...
match-clients { any; };
match-destinations { any; };
...
[root@svr2 ~]# vim /var/named/chroot/etc/named.rfc1912.zones
...
zone "tarena.com" IN {
type slave; //设置为从dns
file "slaves/tarena.com.zone";
masters { 172.30.6.118; }; //从172.30.6.118同步数据库文件
};
zone "6.30.172.in-addr.arpa" IN {
type slave;
file "slaves/tarena.com.arpa";
masters { 172.30.6.118; };
};
[root@svr2 ~]# ls /var/named/chroot/var/named/slaves/ //查看是否同步成功
tarena.com.arpa tarena.com.zone
[DNS子域授权配置]
1,父dns配置
[root@svr1 ~]# cat /var/named/chroot/var/named/tarena.com.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS svr1.tarena.com.
sh.tarena.com. IN NS svr2.sh.tarena.com. //指定sh.tarena.com.的域名服务器
svr2.sh.tarena.com. IN A 172.30.6.119 //指定记录
svr1 IN A 172.30.6.118
2,子dns配置
[root@svr2 ~]# cat /var/named/chroot/etc/named.rfc1912.zones //定义子域
zone "sh.tarena.com" IN {
type master;
file "sh.tarena.com.zone";
allow-transfer { none; };
};
[root@svr2 ~]# cat /var/named/chroot/var/named/sh.tarena.com.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS svr2.sh.tarena.com.
svr2 IN A 172.30.6.119
www IN A 1.1.1.1
重启两台服务器的dns服务,然后测试
[root@svr1 ~]# host svr2.sh.tarena.com 172.30.6.118
Using domain server:
Name: 172.30.6.118
Address: 172.30.6.118#53
Aliases:
svr2.sh.tarena.com has address 172.30.6.119
[root@svr1 ~]# host www.sh.tarena.com 172.30.6.118
Using domain server:
Name: 172.30.6.118
Address: 172.30.6.118#53
Aliases:
www.sh.tarena.com has address 1.1.1.1
反过来客户端dns指向子域,解析父域条目
[root@dns2 named]# vim /var/named/chroot/etc/named.conf
21 forwarders { 192.168.100.10; }; //添加一条转发记录即可
[root@dns2 named]# service named restart
【DNS分离解析/视图】
判断不同的来源地址访问相同域名给解析不同结果
[root@dns1 ~]# cd /var/named/chroot/etc/
[root@dns1 etc]# vim named.conf
...
15 listen-on port 53 { 192.168.100.10; };
16 // listen-on-v6 port 53 { ::1; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
36 view lt { //定义视图
37 match-clients { 192.168.100.20; }; //接受来自192.168.100.20主机的请求
38 match-destinations { any; };
39 recursion yes; //启用递归查询
40 include "/etc/named.rfc1912.zones";
41 };
42
43 view yd {
44 match-clients { any; };
45 match-destinations { any; };
46 recursion yes;
47 include "/etc/named.rfc1913.zones";
48 };
[root@dns1 etc]# cp -p named.rfc1912.zones named.rfc1913.zones
[root@dns1 etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN {
52 type master;
53 file "lt.tarena.com.zone";
54 allow-transfer { none; };
55 };
[root@dns1 etc]# vim named.rfc1913.zones
51 zone "tarena.com" IN {
52 type master;
53 file "yd.tarena.com.zone";
54 allow-transfer { none; };
55 };
[root@dns1 etc]# cd /var/named/chroot/var/named/
[root@dns1 named]# cp -p named.zero lt.tarena.com.zone
[root@dns1 named]# cp -p named.zero yd.tarena.com.zone
[root@dns1 named]# cat lt.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 1.1.1.1
[root@dns1 named]# cat yd.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 2.2.2.2
[root@dns1 named]# service named restart
客户端常用的测试命令(linux)
# host FQDN/IP [server]
-a FQDN/IP [server] //列出该主机所有相关信息
-l domain/IP [server] //列出所有domain管理的主机名与IP对应信息(需要allow-transfer允许)
# nslookup FQDN/IP [server]
# nslookup
> server //查看当前设置的DNS
> server 192.168.100.10 //设置当前DNS
> set type=any //查询所有正解信息
> set type=mx //查询与mx相关的信息
# dig FQDN [@server]
# dig +trace FQDN [@server] //从.开始跟踪
# dig -x IP [@server] //查询反解
# dig -t type mx/ns/soa FQDN [@server] //查询mx/ns/soa等类型数据
