案例 1
有一个域abc.com,dns 服务器为192.168.6.6,有主机www1.1.1.1,
ftp主机,地址为2.2.2.2,mail3.3.3.3,mail的别名为pop3,smtp。
邮件交换器是MX。
拓扑图:
1.挂载光驱,安装软件包
mkdir /media/cdrom
[root@centos ~]# mount /dev/cdrom /media/cdrom/
[root@centos ~]# cd /media/cdrom/Packages/
查询和bind有关的软件包
[root@centos Packages]# ll bind*
-r--r--r-- 2 root root 4157992 Feb 24 2013 bind-9.8.2-0.17.rc1.el6.x86_64.rpm
-r--r--r-- 2 root root 71924 Feb 24 2013 bind-chroot-9.8.2-0.17.rc1.el6.x86_64.rpm
-r--r--r-- 2 root root 70056 Feb 24 2013 bind-dyndb-ldap-2.3-2.el6.x86_64.rpm
-r--r--r-- 2 root root 902940 Feb 24 2013 bind-libs-9.8.2-0.17.rc1.el6.i686.rpm
-r--r--r-- 2 root root 891916 Feb 24 2013 bind-libs-9.8.2-0.17.rc1.el6.x86_64.rpm
-r--r--r-- 2 root root 186068 Feb 24 2013 bind-utils-9.8.2-0.17.rc1.el6.x86_64.rpm
用yum安装: bind,bind-chroot,bind-utils。
2.产生钥匙文件
在本地终端里面执行:
rndc confgen -a
启动named:
service named start
[root@centos ~]# cd /var/named/chroot/etc
ll 查看生成的钥匙文件
[root@centos etc]# ll
total 32
-rw-r--r-- 1 root root 405 Mar 29 04:26 localtime
drwxr-x--- 2 root named 4096 Feb 22 2013 named
-rw-r----- 1 root named 1008 Jul 19 2010 named.conf
-rw-r--r-- 1 root named 2389 Feb 22 2013 named.iscdlv.key
-rw-r----- 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r--r-- 1 root named 487 Jul 19 2010 named.root.key
drwxr-x--- 3 root named 4096 May 2 05:56 pki
-rw------- 1 root root 77 May 3 08:28 rndc.key
改变rndc.key的所属组为named,加上r权限:
[root@centos etc]# chgrp named rndc.key
[root@centos etc]# chmod g+r rndc.key
3.执行[root@centos ~]# rndc reload
查看日志看是否成功
[root@centos etc]# tail -f /var/log/messages
结果:执行成功。
May 3 08:56:34 centos named[2474]: reloading configuration succeeded
May 3 08:56:34 centos named[2474]: reloading zones succeeded
4.编辑主配置文档
[root@centos ~]# cd /var/named/chroot/etc
[root@centos etc]# vim named.conf
内容:
10 options {
11 listen-on port 53 { any; }; //改为any
17 allow-query { any; }; //改为any
5.编辑区域声明文件:
/var/named/chroot/etc目录下:
[root@centos etc]# vim named.rfc1912.zones
添加25到29 5行;
6.编辑区域文件
[root@centos ~]# cd /var/named/chroot/var/named/
把named.localhost拷贝到abc.com.zone
[root@centos named]# cp -p named.localhost abc.com.zone
[root@centos named]# vim abc.com.zone
7. windows server 2003测试(DNS服务器虚拟机和2003虚拟机都选择仅主机模式)
ip 配置: 192.168.6.50 2555.255.255.0 网关 192.168.6.1 DNS 192.168.6.6
用nslookup 解析:
C:\Documents and Settings\Administrator>nslookup www.abc.com
Server: UnKnown
Address: 192.168.6.6
Name: www.abc.com
Address: 1.1.1.1
案例2 主辅同步
有一个域abc.com
dns1 【 主linux 192.168.6.6】
dns2 【辅linux 192.168.6.7】
www 1.1.1.1 ftp 2.2.2.2
mail3.3.3.3
pop3 smtp
MX
拓扑图:
一.编辑主dns服务器(192.168.6.6)
在案例一的基础上
二.建立一台辅助dns服务器(192.168.6.7)
1.
[root@host2 ~]# cd /var/named/chroot/etc
[root@host2 etc]# vim named.rfc1912.zones
指明masters是192.168.6.6,自己的类型是slave,从主服务器拷贝的文件放在
/var/named/chroot/var/named/slaves目录下面
2.主服务器执行rndc reload,在辅助服务器上查看日志,传输开始,序列号为2
到slaves目录下查看拷贝的文件:
[root@host2 ~]# cd /var/named/chroot/var/named/slaves
[root@host2 slaves]# ll
total 4
-rw-r--r--. 1 named named 330 May 6 03:42 abc.com.zone
4.主服务器的abc.com.zone添加mail记录的别名,MX记录,并把序列号改为5
pop3 IN CNAME mail
smtp IN CNAME mail
@ IN MX 10 mail
然后执行:rndc reload
辅助dns服务器上查看日志:
序列号变为5,
May 6 19:15:45 host2 named[1216]: zone abc.com/IN: Transfer started.
May 6 19:15:45 host2 named[1216]: transfer of 'abc.com/IN' from 192.168.6.6#53: connected using 192.168.6.7#50851
May 6 19:15:45 host2 named[1216]: zone abc.com/IN: transferred serial 5
May 6 19:15:45 host2 named[1216]: transfer of 'abc.com/IN' from 192.168.6.6#53: Transfer completed: 1 messages, 10 records, 258 bytes, 0.004 secs (64500 bytes/sec)
再来到slaves目录下查看拷贝的文件:有了添加的内容。
vim /var/named/chroot/var/named/slaves/abc.com.zone
案例3 授权与转发
父域dns对子域dns实现授权,
子域对父域
1.改变根提示,把父域dns视为根
2.转发器
sh.b.com dns
1.声明要管辖的区域:
[root@host2 ~]# vim /var/named/chroot/etc/named.rfc1912.zones
添加以下代码:
25 zone "sh.b.com" IN {
26 type master;
27 file "sh.b.com.zone";
28 allow-update { none; };
29 };
[root@host2 ~]# cd /var/named/chroot/var/named/
2.创建sh.b.com.zone文件:
[root@host2 named]# cp -p named.localhost sh.b.com.zone
[root@host2 named]# ll
3.[root@host2 named]# vim sh.b.com.zone
1 $TTL 1D
2 @ IN SOA ns.sh.b.com rname.invalid. (
3 1 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 @ IN NS ns.sh.b.com.
9 ns IN A 192.168.6.7
10 www IN A 3.3.3.3 //添加www记录
11
4.[root@host2 named]# rndc reload
5.有条件转发
编辑主配置文件:
[root@host2 ~]# cd /var/named/chroot/etc
[root@host2 etc]# vim named.conf
编辑named.rfc1912.zones ,
[root@host2 ~]# cd /var/named/chroot/etc
[root@host2 etc]# vim named.rfc1912.zones
zone "b.com" IN {[root@host2 ~]# cd /var/named/chroot/etc
type forward;
forwarders { 192.168.6.6; };
};
b.com 父域
1.[root@host2 ~]# cd /var/named/chroot/etc
声明2个区域 b.com 和bj.b.com
[root@centos etc]# vim named.rfc1912.zones
zone "b.com" IN {
type master;
file "b.com.zone";
allow-update { none; };
};
zone "bj.b.com" IN {
type master;
file "bj.b.com.zone";
allow-update { none; };
};
2.给sh.b.com授权:
[root@host2 ~]# cd /var/named/chroot
[root@centos chroot]# cd var/named/
[root@centos named]# cp -p named.localhost b.com.zone
[root@centos named]# vim b.com.zone
3.北京子域
[root@host2 ~]# cd /var/named/chroot
[root@centos chroot]# cd var/named/
root@centos named]# cp -p named.localhost bj.b.com.zone
[root@centos named]# vim bj.b.com.zone
测试:转发成功
PC 的dns指向192.168.6.7
C:\Documents and Settings\Administrator>nslookup www.sh.b.com
Name: www.sh.b.com
Address: 3.3.3.3
C:\Documents and Settings\Administrator>nslookup www.b.com
*** Can't find server name for address 192.168.6.7: Timed ou
Non-authoritative answer:
Name: www.b.com
Address: 1.1.1.1
C:\Documents and Settings\Administrator>nslookup www.bj.b.com
Non-authoritative answer:
Name: www.bj.b.com
Address: 2.2.2.2
