linux 系统DNS配置详解

linux下DNS设置详解DNS 是 (Domain Name Server) 的缩写，该体系用于定名构造到域条理结构中的和网络做事。在Internet上域名与IP所在之间是逐一对应的，域名固然便于人们影象，但呆板之间只能相互认识IP所在，它们之间的转换事变称为域名理会，域名理会必要由专门的域名理会做事器来完成，DNS就是举办域名理会的做事器。 DNS 定名用于 等  网络中，通过用户交情的名称查找打定机和做事。当用户在操纵措施中输入 DNS 名称时，DNS 做事可以将此名称理会为与之干系的其他信息，如 IP 所在。由于，你在上网时输入的网址，是通过域名理会体系理会找到了相对应的IP所在，如许手法上网。着实，域名的终极指向是IP。必要了解的几个观念，正向地区（ A记实 NS 记实 SOA记实，）反向地区，以及（PTR记实）重要有这么几个步调，配ip与dns，安装dns包，批改设置文件，以及地区数据文件，验证设置是否乐成必要留意的几个设置文件ip所在的设置文件/etc/sysconfig/network-scripts/ifcfg-eth0dns的设置文件 /etc/resolv.conf/etc/named.conf根域文件 /var/named/named.ca正向地区文件 /var/named/localhost,zone反向地区文件 /var/nsmed/named.local尝试环境：VMware6.5.2 redhat Enterprise 5 有图形界面起首 ，配ip[root@localhost ~]# setup选择网络设置回车eth0 为第一块网卡 回车按tab键移动 按空格选择不启用DHCP 之后tab到 ok上生涯回车tab到 退出 回车退出[root@localhost ~]# service network restart[root@localhost ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:9F:41:CDinet addr:192.168.11.10 Bcast:192.168.11.255 Mask:255.255.255.0inet6 addr: fe80::20c:29ff:fe9f:41cd/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:27 errors:0 dropped:0 overruns:0 frame:0TX packets:97 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:5261 (5.1 KiB) TX bytes:19310 (18.8 KiB)Interrupt:67 Base address:0x2024lo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.0.0.0inet6 addr: ::1/128 Scope:HostUP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:1561 errors:0 dropped:0 overruns:0 frame:0TX packets:1561 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:2098017 (2.0 MiB) TX bytes:2098017 (2.0 MiB)[root@localhost ~]#这时你可以 ifconfig 查察一下ip所在设置DNS[root@localhost ~]# vi /etc/resolv.conf填写内容如下name server 192.168.11.10之后生涯退出下一步 安装DNSrpm包挂上镜像，[root@localhost ~]# cd /mnt[root@localhost mnt]# lscdrom hgfs[root@localhost mnt]# mount /dev/cdrom /mnt/cdrommount: block device /dev/cdrom is write-protected, mounting read-only[root@localhost mnt]# cd /mnt/cdrom[root@localhost cdrom]# cd Server[root@localhost Server]#我们必要安装几个[root@localhost Server]# rpm -ivh bind-bind-9.3.3-10.el5.i386.rpmbind-chroot-9.3.3-10.el5.i386.rpmbind-devel-9.3.3-10.el5.i386.rpmbind-libbind-devel-9.3.3-10.el5.i386.rpmbind-libs-9.3.3-10.el5.i386.rpmbind-sdb-9.3.3-10.el5.i386.rpmbind-utils-9.3.3-10.el5.i386.rpm先装第一个插一句BIND（Berkeley Internet Name Domain）我们要安装的DNS只是BIND 里的一个做事项[root@localhost Server]# rpm -ivh bind-9.3.3-10.el5.i386.rpmwarning: bind-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%]1:bind ########################################### [100%][root@localhost Server]#尚有 先装主包 后装从包[root@localhost Server]# rpm -ivh bind-utils-9.3.3-10.el5.i386.rpmwarning: bind-utils-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%]package bind-utils-9.3.3-10.el5 is already installed[root@localhost Server]#出现告诫[root@localhost Server]# rpm -e bind-utils[root@localhost Server]# rpm -ivh bind-utils-9.3.3-10.el5.i386.rpmwarning: bind-utils-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%]1:bind-utils ########################################### [100%][root@localhost Server]#我删掉再来一遍 ，好这下行了还要装一个[root@localhost Server]# rpm -ivh caching-nameserver-9.3.3-10.el5.i386.rpmwarning: caching-nameserver-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186Preparing... ########################################### [100%]1:caching-nameserver ########################################### [100%][root@localhost Server]#下一步，编辑 DNS主设置文件在linux2.6 内核中的/etc/named.caching-nameserver.conf的这个文件写的并不要好以是不提议应用，下面这个事从2.4内核中拷过来的，我们只需稍作批改即可这里的//以后和/* */之间的内容为表明，可能说是解释// generated by named-bootconf.ploptions {directory "/var/named"; 指明当前主目次/** If there is a firewall between you and nameservers you want* to talk to, you might need to uncomment the query-source* directive below. Previous versions of BIND always asked* questions using port 53, but BIND 8.1 uses an unprivileged* port by default.*/// query-source address * port 53;};//// a caching only nameserver config//controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};zone "." IN { .就是根type hint; 地区范例file "named.ca";};zone "localhost" IN { 正向地区type master; 范例file "localhost.zone"; 默认文件allow-update { none; }; 不允许动态更新};zone "0.0.127.in-addr.arpa" IN { 反向查找地区type master; 反向范例file "named.local"; 理会职位allow-update { none; }; 不允许动态更新};include "/etc/rndc.key";批改如下// generated by named-bootconf.ploptions {directory "/var/named";/** If there is a firewall between you and nameservers you want* to talk to, you might need to uncomment the query-source* directive below. Previous versions of BIND always asked* questions using port 53, but BIND 8.1 uses an unprivileged* port by default.*/// query-source address * port 53;};//// a caching only nameserver config//controls {inet 127.0.0.1 allow { localhost; } keys { rndckey; };};zone "." IN {type hint;file "named.ca";};zone "abc.com" IN {type master;file "abc.zone";allow-update { none; };};zone "11.168.192.in-addr.arpa" IN {type master;file "abc.local";allow-update { none; };};include "/etc/rndc.key";ok 下一步编辑正向地区和反向地区文件[root@localhost ~]# cd /var/named[root@localhost named]# lschroot localdomain.zone named.broadcast named.ip6.local named.zerodata localhost.zone named.ca named.local slaves[root@localhost named]# cp named.local abc.zone[root@localhost named]# cp named.local abc.local[root@localhost named]#cd到/var/named 目次下这里呢我是用的本来的反向地区文件，复制成如今要用的正向和反向地区，之后我们要做的是批改这两个文件[root@localhost named]# vi abc.zone本来的内容是如许的$TTL 86400@ IN SOA localhost. root.localhost. (1997022700 ; Serial 设置文件的批改版本28800 ; Refresh 革新频率14400 ; Retry 重试工夫3600000 ; Expire 逾期工夫86400 ) ; MinimumIN NS localhost.1 IN PTR localhost.有点类似windows下的DNS批改后如下$TTL 86400@ IN SOA abc.com. root.abc.com. (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS abc.com.www IN A 192.168.11.10生涯退出，之后[root@localhost named]# vi abc.local批改反向地区数据文件$TTL 86400@ IN SOA abc.com. root.abc.com. (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS abc.com.10 IN PTR 如今[root@localhost named]# ll总计 96-rw-r----- 1 root root 427 04-24 03:49 abc.local-rw-r----- 1 root root 413 04-24 03:46 abc.zonedrwxr-x--- 5 root named 4096 04-24 01:57 chrootdrwxrwx--- 2 named named 4096 2007-07-19 data-rw-r----- 1 root named 198 2007-07-19 localdomain.zone-rw-r----- 1 root named 195 2007-07-19 localhost.zone-rw-r----- 1 root named 427 2007-07-19 named.broadcast-rw-r----- 1 root named 2518 2007-07-19 named.ca-rw-r----- 1 root named 424 2007-07-19 named.ip6.local-rw-r----- 1 root named 426 2007-07-19 named.local-rw-r----- 1 root named 427 2007-07-19 named.zerodrwxrwx--- 2 named named 4096 2007-07-19 slaves[root@localhost named]#ll一下创造 适才建的 正向和反向的文件的属组都是root 而默认选项则是named 我们要做的就是批改这两个的属性[root@localhost named]# chgrp named abc.local[root@localhost named]# chgrp named abc.zone[root@localhost named]#下一步重启做事[root@localhost named]# service named restart收场 named： [失败]启动 named： [断定][root@localhost named]#阐发一点 收场的时间失败是由于做事没有开启下一步 测试网络[root@localhost named]# nslookup Server: 127.0.0.1Address: 127.0.0.1#53Name: Address: 192.168.11.10[root@localhost named]#ok 正向理会乐成[root@localhost named]# nslookup 192.168.11.10Server: 127.0.0.1Address: 127.0.0.1#5310.11.168.192.in-addr.arpa name = You have new mail in /var/spool/mail/root[root@localhost named]#ok 反向理会乐成增补 这个尝试由于要批改很多设置文件，以是要更加鉴戒，起首查察是不是本身的下令打错了，假如做完之后named 即dns做事不能启动，那多数是设置文件的题目，假如单纯是正向和反向理会不乐成，那就是你的设置文件的题目，末了留意属组此次尝试只管采用终端操纵，对付图形界面为主的操纵暂不涉及