二、DNS的简单概述、工作原理与分类
1、DNS(Domain Name System)域名系统,能够提供域名与IP地址的解析服务。网络中为了
区别各个主机,必须为每台主机分配一个惟一的地址,这个地址即称为“IP地址”。但这些
数字难以记忆,所以就采用“域名”的方式来取代这些数字了。
Internet域名空间结构可以分成:根域、顶级域、二级域、子域
全球只有13台根域服务器,而且所有的dot DNS服务器都是bind软件架设的。
顶级域有3中类型,分别:
·组织域:比如com为商业机构组织,edu为教育机构组织,gov为政府机构组织,mil为军事
机构组织,net为网络机构组织,org为非营利机构组织,int为国际机构组织
·地址域:采用两个字符的国家或地区代号。如cn为中国,kr为韩国,us为美国
·反向域:这是个特殊域,名字为in-addr.arpa,用于将IP地址映射到名字(反向查询)
2、DNS域名解析工作原理(重中之重)
1、客户机提交域名解析请求,并将该请求发送给本地的域名服务器
2、当本地的域名服务器收到请求后,就先查询本地的缓存。如果有查询的DNS信息记录,
则直接返回查询的结果。如果没有该记录,本地域名服务器就把请求发给根域名服务器
3、根域名服务器再返回给本地域名服务器一个所查询域的顶级域名服务器的地址
4、本地服务器再向返回的域名服务器发送请求
5、接收到该查询请求的域名服务器查询其缓存和记录,如果有相关信息则返回本地域名
服务器查询结果,否则通知本地域名服务器下级的域名服务器的地址。
6、本地域名服务器将查询请求发送给下级的域名服务器的地址,直到获取查询结果
7、本地域名服务器将返回的结果保存到缓存,并且将结果返回给客户机,完成解析过程
3、DNS的分类(具体下面讲述)
主域名服务器,辅助域名服务器,缓存域名服务器,转发域名服务器
三、DNS服务器的安装、配置文件与DNS的配置步骤
1、DNS服务器所需安装的RPM包:
bind-9.3.4-10.P1.el5 //bind服务器软件包
caching-nameserver-9.3.4-10.P1.el5 //dns服务器的配置文件模版
bind-chroot-9.3.4-10.P1.el5 //安全包
[root@51cto ~]# mount /dev/cdrom /media/cdrom/
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@51cto ~]# cd /media/cdrom/Server/
[root@51cto Server]# rpm -ivh bind-* caching-nameserver-* postgresql-libs-* --force
warning: bind-9.3.4-10.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################## [100%]
1:bind-libs ########################################## [ 11%]
2:bind ########################################### [ 22%]
3:bind-utils ########################################## [ 33%]
4:postgresql-libs ######################################## [ 44%]
5:bind-chroot ######################################### [ 56%]
6:bind-devel ######################################### [ 67%]
7:bind-libbind-devel ####################################### [ 78%]
8:bind-sdb ########################################## [ 89%]
9:caching-nameserver ###################################### [100%]
2、DNS服务器的配置文件:
/etc/named.caching-nameserver.conf 选项,权限,日志,视图
/etc/named.rfc1912.zones 区域的定义
/var/named/chroot/var/named/localhost.zone 正向区域的模版
/var/named/chroot/var/named/named.local 反向区域的模版
/var/named/chroot/var/named/named.ca 根域的配置文件
/etc/init.d/named DNS的启动脚本
/usr/sbin/named DNS的守护进程
/var/log/messages 日志文件
/var/named/chroot/var/named/data/named.run 日志文件
/etc/resolv.conf DNS的客户端配置文件
3、DNS的配置步骤
1、安装DNS服务器
2、修改named.caching-nameserver.conf配置文件,修改监听IP地址,查询网段,视图IP地址
3、修改named.rfc1912.zones配置文件,在文件末尾添加正向和反向区域文件
4、复制正向和反向区域文件,并添加相关记录
5、启动DNS服务器,查看端口
6、修改客户端配置文件resolv.conf,测试
四、架设一台主域名服务器,实现直接解析域名、添加别名记录、负载均衡、泛域名解析
1、查看所安装的bind软件包:
[root@51cto ~]# rpm -qa bind-*
bind-libbind-devel-9.3.4-10.P1.el5
bind-libs-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
bind-devel-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-sdb-9.3.4-10.P1.el5
2、修改named.caching-nameserver.conf配置文件
[root@51cto ~]# vim /etc/named.caching-nameserver.conf
通过set nu 修改如下行,使得:
15 listen-on port 53 { 本机ip地址; }; //我的ip是218.192.87.86
27 allow-query { any; };
36 match-clients { any; };
37 match-destinations { any; };
3、修改named.rfc1912.zones配置文件
[root@51cto ~]# vim /etc/named.rfc1912.zones
通过set nu 复制第21行到第31行,然后粘贴在文件的最后
21 zone "localhost" IN {
22 type master;
23 file "localhost.zone";
24 allow-update { none; };
25 };
26
27 zone "0.0.127.in-addr.arpa" IN {
28 type master;
29 file "named.local";
30 allow-update { none; };
31 };
并且修改拷贝的内容,也就是修改正向和反向区域文件,使得如下:
51 zone "51cto.com" IN {
52 type master;
53 file "51cto.com.zone";
54 };
55
56 zone "87.192.218.in-addr.arpa" IN {
57 type master;
58 file "rev.218.192.87";
59 };
保存文件退出
4、复制正向和反向区域文件,并添加相关记录
[root@51cto named]# pwd
/var/named/chroot/var/named
[root@51cto named]# cp localhost.zone 51cto.com.zone
[root@51cto named]# cp named.local rev.218.192.87
[root@51cto named]# ll
总计 88
-rw-r----- 1 root root 195 10-24 01:47 51cto.com.zone
drwxrwx--- 2 named named 4096 10-24 00:00 data
-rw-r----- 1 root named 198 2009-01-06 localdomain.zone
-rw-r----- 1 root named 195 2009-01-06 localhost.zone
-rw-r----- 1 root named 427 2009-01-06 named.broadcast
-rw-r----- 1 root named 1892 2009-01-06 named.ca
-rw-r----- 1 root named 424 2009-01-06 named.ip6.local
-rw-r----- 1 root named 426 2009-01-06 named.local
-rw-r----- 1 root named 427 2009-01-06 named.zero
-rw-r----- 1 root root 426 10-24 01:49 rev.218.192.87
drwxrwx--- 2 named named 4096 2004-07-27 slaves
localhost.zone和named.local分别是正向区域模版和反向区域模版
把两份模版copy重命名跟/etc/named.rfc1912.zones新添加部分一致的区域文件
然后就分别修改51cto.com.zone和rev.218.192.87实现DNS的正向解析和反向解析
[root@51cto named]# cat 51cto.com.zone //查看正向区域文件
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
对于该文件的解释如下:
TTL是生存期,单位是秒,如果这里就表示一天
$TTL是全局定义的
SOA段中的数字,分别为:序列号、刷新、重试、过期、生存期
序列号:序列号用于DNS数据库文件的版本控制。每当数据被改变,这个序列号就应该被增加。
刷新:从服务器向主服务器查询最新数据的间隔周期。每一次检查时从服务器的数据是否需要
更改,则根据序列号来判别。
重试:一旦从服务器尝试连接主服务器失败,下一次查询主服务器的延迟时间。
过期:如果从服务器无法连通主服务器,则在经过此时间后,宣告其数据过期。
生存期:服务器回答 ‘无此域名’ 的间隔时间。
数字的默认单位为秒。否则:W= 周、D= 日、H= 小时、M= 分钟
最后把该正向区域文件修改成如下:
[root@51cto named]# cat 51cto.com.zone
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.51cto.com.
ns IN A 218.192.87.86
a IN A 218.192.87.1
b IN A 218.192.87.2
c IN A 218.192.87.3
正向区域文件确定后,反向区域文件也是对应的,先查看一下源文件:
[root@51cto named]# cat rev.218.192.87 //查看反向区域文件
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
该文件跟正向区域文件差不多,把该文件修改成如下:
[root@51cto named]# cat rev.218.192.87
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.51cto.com.
86 IN PTR ns.51cto.com.
1 IN PTR a.51cto.com.
2 IN PTR b.51cto.com.
3 IN PTR c.51cto.com.
5、启动DNS服务器,查看端口
[root@51cto ~]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@51cto ~]# netstat -antup |grep 53
tcp 0 0 218.192.87.86:53 0.0.0.0:* LISTEN 4104/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4104/named
tcp 0 0 127.0.0.1:37351 127.0.0.1:953 TIME_WAIT -
tcp 0 0 ::1:53 :::* LISTEN 4104/named
tcp 0 0 ::1:953 :::* LISTEN 4104/named
udp 0 0 218.192.87.86:53 0.0.0.0:* 4104/named
udp 0 0 ::1:53 :::* 4104/named
6、修改客户端配置文件resolv.conf,把nameserver 改成本地IP地址:
[root@51cto ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 218.192.87.86
[root@51cto ~]# host -l 51cto.com
Host 51cto.com not found: 2(SERVFAIL)
; Transfer failed.
可以看到解析失败,这里去查看一下日志文件显示内容:
[root@51cto ~]# tail -f /var/log/messages
Oct 24 02:38:11 51cto named[4104]: command channel listening on ::1#953
Oct 24 02:38:11 51cto named[4104]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Oct 24 02:38:11 51cto named[4104]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Oct 24 02:38:11 51cto named[4104]: zone 87.192.218.in-addr.arpa/IN/localhost_resolver: loading master file rev.218.192.87: permission denied
Oct 24 02:38:11 51cto named[4104]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Oct 24 02:38:11 51cto named[4104]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
Oct 24 02:38:11 51cto named[4104]: zone 51cto.com/IN/localhost_resolver: loading master file 51cto.com.zone: permission denied
Oct 24 02:38:11 51cto named[4104]: zone localdomain/IN/localhost_resolver: loaded serial 42
Oct 24 02:38:11 51cto named[4104]: zone localhost/IN/localhost_resolver: loaded serial 42
Oct 24 02:38:11 51cto named[4104]: running
从这里就可以看到因为权限不够被拒绝,以为对于正向区域文件和反向区域文件,所有者和所属组
都是root,而不是named,所以这里是解析不了的:
[root@51cto ~]# cd /var/named/chroot/var/named/
[root@51cto named]# ll 51cto.com.zone rev.218.192.87
-rw-r----- 1 root root 290 10-24 02:24 51cto.com.zone
-rw-r----- 1 root root 546 10-24 02:35 rev.218.192.87
[root@51cto named]# chmod 644 51cto.com.zone rev.218.192.87
[root@51cto named]# ll 51cto.com.zone rev.218.192.87
-rw-r--r-- 1 root root 290 10-24 02:24 51cto.com.zone
-rw-r--r-- 1 root root 546 10-24 02:35 rev.218.192.87
这里可以把所属组改成named或者修改其他组可读,然后重启服务测试:
[root@51cto ~]# host -l 51cto.com
51cto.com name server ns.51cto.com.
a.51cto.com has address 218.192.87.1
b.51cto.com has address 218.192.87.2
c.51cto.com has address 218.192.87.3
ns.51cto.com has address 218.192.87.86
[root@51cto ~]# nslookup
> ns.51cto.com
Server: 218.192.87.86
Address: 218.192.87.86#53
Name: ns.51cto.com
Address: 218.192.87.86
> a.51cto.com //正向解析
Server: 218.192.87.86
Address: 218.192.87.86#53
Name: a.51cto.com
Address: 218.192.87.1
> 218.192.87.2 //反向解析
Server: 218.192.87.86
Address: 218.192.87.86#53
2.87.192.218.in-addr.arpa name = b.51cto.com.
>
到这里,一台主DNS服务器就搭建好了,下面继续实现需求功能:
7、直接解析域名
[root@51cto ~]# ping 51cto.com //在本地ping发现无法解析
ping: unknown host 51cto.com
编辑正向区域文件,在最后一行添加:
[root@51cto named]# cat 51cto.com.zone
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.51cto.com.
ns IN A 218.192.87.86
a IN A 218.192.87.1
b IN A 218.192.87.2
c IN A 218.192.87.3
51cto.com. IN A 218.192.87.86
重启服务测试:
[root@51cto named]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@51cto named]# ping 51cto.com
PING 51cto.com (218.192.87.86) 56(84) bytes of data.
64 bytes from 5151cto.com (218.192.87.86): icmp_seq=1 ttl=64 time=0.997 ms
64 bytes from 5151cto.com (218.192.87.86): icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from 5151cto.com (218.192.87.86): icmp_seq=3 ttl=64 time=0.045 ms
64 bytes from 5151cto.com (218.192.87.86): icmp_seq=4 ttl=64 time=0.047 ms
--- 51cto.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.045/0.295/0.997/0.405 ms
可以发现直接解析成功!
8、添加别名记录
首先查看一下218.192.87.1对应的域名:
[root@51cto ~]# host 218.192.87.1
1.87.192.218.in-addr.arpa domain name pointer a.51cto.com.
然后编辑正向区域文件,给a.51cto.com.添加别名记录:
[root@51cto named]# cat 51cto.com.zone
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.51cto.com.
ns IN A 218.192.87.86
a IN A 218.192.87.1
b IN A 218.192.87.2
c IN A 218.192.87.3
51cto.com. IN A 218.192.87.86
www IN CNAME a.51cto.com.
重启服务测试:
[root@51cto ~]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@51cto ~]# host -t cname www.51cto.com
www.51cto.com is an alias for a.51cto.com.
[root@51cto ~]# nslookup www.51cto.com
Server: 218.192.87.86
Address: 218.192.87.86#53
www.51cto.com canonical name = a.51cto.com.
Name: a.51cto.com
Address: 218.192.87.1
9、负载均衡
DNS负载均衡的优点是经济简单易行,它在DNS服务器中为同一个域名配置多个IP地址,
不过现在在大企业很少应用了,不过在小企业还是可以应用,因为它没有算法。
现在国内负载均衡一般使用的 lvs+heartbeat+HA
LVS是集群技术
heartbeat 是心跳线
HA 是高可用性,解决方案
这个就涉及到fence device ,电源交换机,光纤存储交换机,FASTER ethernet交换机
心跳线是BS和备份BS之间通信,如果BS宕机了,备份BS马上起来取代BS的任务,BS是负载均衡服务器
红帽有集群的专门解决方案GFS+conga+XEN
[root@51cto ~]# host c.51cto.com //解析该域名
c.51cto.com has address 218.192.87.3
然后对该域名做负载均衡,编辑正向区域文件,最后添加内容:
[root@51cto named]# cat 51cto.com.zone
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.51cto.com.
ns IN A 218.192.87.86
a IN A 218.192.87.1
b IN A 218.192.87.2
c IN A 218.192.87.3
51cto.com. IN A 218.192.87.86
www IN CNAME a.51cto.com.
c IN A 218.192.87.4
c IN A 218.192.87.5
c IN A 218.192.87.6
c IN A 218.192.87.7
重启服务测试:
[root@51cto ~]# host c.51cto.com
c.51cto.com has address 218.192.87.3
c.51cto.com has address 218.192.87.4
c.51cto.com has address 218.192.87.5
c.51cto.com has address 218.192.87.6
c.51cto.com has address 218.192.87.7
当ping c.51cto.com这个域名的时候会发现每次解析的IP地址都是不一样的,由此实现负载均衡
10、泛域名解析
当在浏览器输入ww.baidu.com或者wwww.baidu.com的时候,故意少一个w或多一个w都可以把
[root@51cto ~]# host www.51cto.com
www.51cto.com is an alias for a.51cto.com.
a.51cto.com has address 218.192.87.1
[root@51cto ~]# host ww.51cto.com
Host ww.51cto.com not found: 3(NXDOMAIN)
[root@51cto ~]# host wwww.51cto.com
Host wwww.51cto.com not found: 3(NXDOMAIN)
为了实现泛域名解析,可以编辑正向区域文件,最后添加内容使得:
[root@51cto named]# cat 51cto.com.zone
$TTL 86400
@ IN SOA ns.51cto.com. root.51cto.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns.51cto.com.
ns IN A 218.192.87.86
a IN A 218.192.87.1
b IN A 218.192.87.2
c IN A 218.192.87.3
51cto.com. IN A 218.192.87.86
www IN CNAME a.51cto.com.
c IN A 218.192.87.4
c IN A 218.192.87.5
c IN A 218.192.87.6
c IN A 218.192.87.7
* IN A 218.192.87.86
重启服务测试:
[root@51cto named]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@51cto named]# host ww.51cto.com
ww.51cto.com has address 218.192.87.86
[root@51cto named]# host wwwwwww.51cto.com
wwwwwww.51cto.com has address 218.192.87.86
[root@51cto named]# host adsflkj.51cto.com //就连这个域名也可以解析的
adsflkj.51cto.com has address 218.192.87.86
同样,可以在Windows中把DNS改成218.192.87.86测试:
Windows--开始--运行--cmd--C:\>ipconfig /all 可以查看对应的DNS
五、架设一台辅助域名服务器
1、辅助DNS服务器可以从主DNS服务器中复制一整套域信息,区域文件是从主
DNS服务器中复制生成的,并作为本地文件存储在DNS服务器中。当主DNS
服务器出现故障,辅助DNS可以转换成主DNS服务器。
架设辅助DNS服务器有两个条件:
1、主DNS服务器正常工作
2、主DNS服务器授权给辅助DNS服务器
在第四点已经说明如何架设主域名服务器,并且实现了正常工作,所以只有编辑主DNS服务器的
/etc/named.caching-nameserver.conf文件,使得允许备份服务器可以copy zone文件
27 allow-query { any; };
28 allow-transfer { 218.192.87.88; };
29 allow-notify { 218.192.87.88; };
这里的218.192.87.88就是辅助域名服务器
allow-transfer 允许服务器进行区域传输的地址列表(Allow-transfer):
(注意的是视区和域中的设置将覆盖全局设置).
allow-notify 允许更新通知的地址列表(allow-notify)
当服务器作为辅助服务器的时候,设置这个可以对收到的更新通知进行判断,只是接收该列表的
更新通知.默认情况下,只是接收来自主服务器的更新通知。对于其他服务器的更新通知,会忽略掉
2、给辅助DNS安装必须的软件包,参考如上,然后编辑/etc/named.rfc1912.zones文件
在文件的最后添加如下内容:
zone "51cto.com" IN {
type slave; 设置辅助域
masters { 218.192.87.86; }; 指定主DNS服务器的IP地址
};
3、然后编辑/etc/resolv.conf,指定nameserver为主DNS服务器的IP地址
重启服务、查看端口就OK了~~
六、架设一台缓存域名服务器
缓存域名服务器配置很简单,不需要区域文件,编辑好/etc/named.caching-nameserver.conf就行
27 allow-query { any; };
28 forward only; //指明这个服务器是缓存域名服务器
29 forwarders { 119.145.71.129; 202.192.72.33; };
在这里指明 119.145.71.129这个主DNS服务器和202.192.72.33这个备份DNS服务器
重启服务就行了
七、架设一台企业级域名服务器,实现多个域的正反向解析
假设应用环境:无忧创想公司打算采用多个DNS区域管理部分网络,技术部属于
“tech.51cto”域、人力资源部属于“hr.51cto”域、互动部属于“interaction.51cto”域;
技术部有10人,采用的IP范围“192.168.1.1-192.168.1.10”,人力资源部有8人,采用
的IP范围“192.168.2.1-192.168.2.8”,互动部有6人,采用的IP范围“192.168.3.1-192.168.3.6”
现在通过一台RHEL5.3架设域名服务器可以完成内网所有区域的正/反向解析,并且所有51员工均
可以访问外网地址。具体的实现步骤如下:
1、安装DNS服务器
[root@51cto ~]# rpm -qa bind-*
bind-libbind-devel-9.3.4-10.P1.el5
bind-libs-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
bind-devel-9.3.4-10.P1.el5
bind-utils-9.3.4-10.P1.el5
bind-sdb-9.3.4-10.P1.el5
2、修改named.caching-nameserver.conf配置文件
[root@51cto ~]# vim /etc/named.caching-nameserver.conf
通过set nu 修改如下行,使得:
15 listen-on port 53 { 218.192.87.86; };
27 allow-query { any; };
36 match-clients { any; };
37 match-destinations { any; };
3、修改named.rfc1912.zones配置文件
[root@51cto ~]# tail -27 /etc/named.rfc1912.zones
zone "tech.51cto.com" IN {
type master;
file "tech.51cto.com.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "rev.1.168.192";
};
zone "hr.51cto.com" IN {
type master;
file "hr.51cto.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "rev.2.168.192";
};
zone "interaction.51cto.com" IN {
type master;
file "interaction.51cto.com.zone";
};
zone "3.168.192.in-addr.arpa" IN {
type master;
file "rev.3.168.192";
};
4、建立如下的正向、反向区域文件
[root@51cto named]# pwd
/var/named/chroot/var/named
[root@51cto named]# cp localhost.zone tech.51cto.com.zone
[root@51cto named]# cp localhost.zone hr.51cto.com.zone
[root@51cto named]# cp localhost.zone interaction.51cto.com.zone
[root@51cto named]# cp named.local rev.1.168.192
[root@51cto named]# cp named.local rev.2.168.192
[root@51cto named]# cp named.local rev.3.168.192
最终修改使得各个区域文件显示如下:
对于技术部:
[root@51cto named]# cat tech.51cto.com.zone
$TTL 86400
@ IN SOA dns.tech.51cto.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.tech.51cto.com.
dns IN A 218.192.87.86
client1 IN A 192.168.1.1
client2 IN A 192.168.1.2
client3 IN A 192.168.1.3
client4 IN A 192.168.1.4
client5 IN A 192.168.1.5
client6 IN A 192.168.1.6
client7 IN A 192.168.1.7
client8 IN A 192.168.1.8
client9 IN A 192.168.1.9
client10 IN A 192.168.1.10
[root@51cto named]# cat rev.1.168.192
$TTL 86400
@ IN SOA dns.tech.51cto.com. root.tech.51cto.com (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.tech.51cto.com.
86 IN PTR dns.tech.51cto.com.
1 IN PTR client1.tech.51cto.com.
2 IN PTR client2.tech.51cto.com.
3 IN PTR client3.tech.51cto.com.
4 IN PTR client4.tech.51cto.com.
5 IN PTR client5.tech.51cto.com.
6 IN PTR client6.tech.51cto.com.
7 IN PTR client7.tech.51cto.com.
8 IN PTR client8.tech.51cto.com.
9 IN PTR client9.tech.51cto.com.
10 IN PTR client10.tech.51cto.com.
对于人力资源部:
[root@51cto named]# cat hr.51cto.com.zone
$TTL 86400
@ IN SOA dns.hr.51cto.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.hr.51cto.com.
dns IN A 218.192.87.86
client1 IN A 192.168.2.1
client2 IN A 192.168.2.2
client3 IN A 192.168.2.3
client4 IN A 192.168.2.4
client5 IN A 192.168.2.5
client6 IN A 192.168.2.6
client7 IN A 192.168.2.7
client8 IN A 192.168.2.8
[root@51cto named]# cat rev.2.168.192
$TTL 86400
@ IN SOA dns.hr.51cto.com. root.hr.51cto.com (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.hr.51cto.com.
86 IN PTR dns.hr.51cto.com.
1 IN PTR client1.hr.51cto.com.
2 IN PTR client2.hr.51cto.com.
3 IN PTR client3.hr.51cto.com.
4 IN PTR client4.hr.51cto.com.
5 IN PTR client5.hr.51cto.com.
6 IN PTR client6.hr.51cto.com.
7 IN PTR client7.hr.51cto.com.
8 IN PTR client8.hr.51cto.com.
对于互动部:
[root@51cto named]# cat interaction.51cto.com.zone
$TTL 86400
@ IN SOA dns.interaction.51cto.com. root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.interaction.51cto.com.
dns IN A 218.192.87.86
client1 IN A 192.168.3.1
client2 IN A 192.168.3.2
client3 IN A 192.168.3.3
client4 IN A 192.168.3.4
client5 IN A 192.168.3.5
client6 IN A 192.168.3.6
[root@51cto named]# cat rev.3.168.192
$TTL 86400
@ IN SOA dns.interaction.51cto.com. root.interaction.51cto.com (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns.interaction.51cto.com.
86 IN PTR dns.interaction.51cto.com.
1 IN PTR client1.interaction.51cto.com.
2 IN PTR client2.interaction.51cto.com.
3 IN PTR client3.interaction.51cto.com.
4 IN PTR client4.interaction.51cto.com.
5 IN PTR client5.interaction.51cto.com.
6 IN PTR client6.interaction.51cto.com.
5、修改6个正反向区域文件的权限,然后重启服务测试:
[root@51cto named]# chmod 644 tech.51cto.com.zone hr.51cto.com.zone interaction.51cto.com.zone rev.1.168.192 rev.2.168.192 rev.3.168.192
[root@51cto named]# ll tech.51cto.com.zone hr.51cto.com.zone interaction.51cto.com.zone rev.1.168.192 rev.2.168.192 rev.3.168.192
-rw-r--r-- 1 root root 441 10-24 10:51 hr.51cto.com.zone
-rw-r--r-- 1 root root 403 10-24 10:53 interaction.51cto.com.zone
-rw-r--r-- 1 root root 799 10-24 10:45 rev.1.168.192
-rw-r--r-- 1 root root 705 10-24 10:52 rev.2.168.192
-rw-r--r-- 1 root root 731 10-24 10:55 rev.3.168.192
-rw-r--r-- 1 root root 502 10-24 10:40 tech.51cto.com.zone
[root@51cto named]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@51cto named]# host -l tech.51cto.com
tech.51cto.com name server dns.tech.51cto.com.
client1.tech.51cto.com has address 192.168.1.1
client10.tech.51cto.com has address 192.168.1.10
client2.tech.51cto.com has address 192.168.1.2
client3.tech.51cto.com has address 192.168.1.3
client4.tech.51cto.com has address 192.168.1.4
client5.tech.51cto.com has address 192.168.1.5
client6.tech.51cto.com has address 192.168.1.6
client7.tech.51cto.com has address 192.168.1.7
client8.tech.51cto.com has address 192.168.1.8
client9.tech.51cto.com has address 192.168.1.9
dns.tech.51cto.com has address 218.192.87.86
[root@51cto named]# host -l hr.51cto.com
hr.51cto.com name server dns.hr.51cto.com.
client1.hr.51cto.com has address 192.168.2.1
client2.hr.51cto.com has address 192.168.2.2
client3.hr.51cto.com has address 192.168.2.3
client4.hr.51cto.com has address 192.168.2.4
client5.hr.51cto.com has address 192.168.2.5
client6.hr.51cto.com has address 192.168.2.6
client7.hr.51cto.com has address 192.168.2.7
client8.hr.51cto.com has address 192.168.2.8
dns.hr.51cto.com has address 218.192.87.86
[root@51cto named]# host -l interaction.51cto.com
interaction.51cto.com name server dns.interaction.51cto.com.
client1.interaction.51cto.com has address 192.168.3.1
client2.interaction.51cto.com has address 192.168.3.2
client3.interaction.51cto.com has address 192.168.3.3
client4.interaction.51cto.com has address 192.168.3.4
client5.interaction.51cto.com has address 192.168.3.5
client6.interaction.51cto.com has address 192.168.3.6
dns.interaction.51cto.com has address 218.192.87.86
[root@51cto ~]# host 192.168.1.5
5.1.168.192.in-addr.arpa domain name pointer client5.tech.51cto.com.
[root@51cto ~]# host 192.168.2.5
5.2.168.192.in-addr.arpa domain name pointer client5.hr.51cto.com.
[root@51cto ~]# host 192.168.3.5
5.3.168.192.in-addr.arpa domain name pointer client5.interaction.51cto.com.
测试结果完整无误!!!
Windows--开始--运行--cmd--C:\>ipconfig /all 可以查看对应的DNS
五、架设一台辅助域名服务器1、辅助DNS服务器可以从主DNS服务器中复制一整套域信息,区域文件是从主DNS服务器中复制生成的,并作为本地文件存储在DNS服务器中。当主DNS服务器出现故障,辅助DNS可以转换成主DNS服务器。架设辅助DNS服务器有两个条件:1、主DNS服务器正常工作2、主DNS服务器授权给辅助DNS服务器在第四点已经说明如何架设主域名服务器,并且实现了正常工作,所以只有编辑主DNS服务器的/etc/named.caching-nameserver.conf文件,使得允许备份服务器可以copy zone文件27 allow-query { any; };28 allow-transfer { 218.192.87.88; };29 allow-notify { 218.192.87.88; };这里的218.192.87.88就是辅助域名服务器allow-transfer 允许服务器进行区域传输的地址列表(Allow-transfer):(注意的是视区和域中的设置将覆盖全局设置).allow-notify 允许更新通知的地址列表(allow-notify)当服务器作为辅助服务器的时候,设置这个可以对收到的更新通知进行判断,只是接收该列表的更新通知.默认情况下,只是接收来自主服务器的更新通知。对于其他服务器的更新通知,会忽略掉2、给辅助DNS安装必须的软件包,参考如上,然后编辑/etc/named.rfc1912.zones文件在文件的最后添加如下内容:zone "51cto.com" IN {type slave; 设置辅助域masters { 218.192.87.86; }; 指定主DNS服务器的IP地址};3、然后编辑/etc/resolv.conf,指定nameserver为主DNS服务器的IP地址重启服务、查看端口就OK了~~六、架设一台缓存域名服务器缓存域名服务器配置很简单,不需要区域文件,编辑好/etc/named.caching-nameserver.conf就行27 allow-query { any; };28 forward only; //指明这个服务器是缓存域名服务器29 forwarders { 119.145.71.129; 202.192.72.33; };在这里指明 119.145.71.129这个主DNS服务器和202.192.72.33这个备份DNS服务器重启服务就行了七、架设一台企业级域名服务器,实现多个域的正反向解析假设应用环境:无忧创想公司打算采用多个DNS区域管理部分网络,技术部属于“tech.51cto”域、人力资源部属于“hr.51cto”域、互动部属于“interaction.51cto”域;技术部有10人,采用的IP范围“192.168.1.1-192.168.1.10”,人力资源部有8人,采用的IP范围“192.168.2.1-192.168.2.8”,互动部有6人,采用的IP范围“192.168.3.1-192.168.3.6”现在通过一台RHEL5.3架设域名服务器可以完成内网所有区域的正/反向解析,并且所有51员工均可以访问外网地址。具体的实现步骤如下:1、安装DNS服务器[root@51cto ~]# rpm -qa bind-*bind-libbind-devel-9.3.4-10.P1.el5bind-libs-9.3.4-10.P1.el5bind-chroot-9.3.4-10.P1.el5bind-devel-9.3.4-10.P1.el5bind-utils-9.3.4-10.P1.el5bind-sdb-9.3.4-10.P1.el52、修改named.caching-nameserver.conf配置文件[root@51cto ~]# vim /etc/named.caching-nameserver.conf通过set nu 修改如下行,使得:15 listen-on port 53 { 218.192.87.86; };27 allow-query { any; };36 match-clients { any; };37 match-destinations { any; };3、修改named.rfc1912.zones配置文件[root@51cto ~]# tail -27 /etc/named.rfc1912.zoneszone "tech.51cto.com" IN {type master;file "tech.51cto.com.zone";};zone "1.168.192.in-addr.arpa" IN {type master;file "rev.1.168.192";};zone "hr.51cto.com" IN {type master;file "hr.51cto.com.zone";};zone "2.168.192.in-addr.arpa" IN {type master;file "rev.2.168.192";};zone "interaction.51cto.com" IN {type master;file "interaction.51cto.com.zone";};zone "3.168.192.in-addr.arpa" IN {type master;file "rev.3.168.192";};4、建立如下的正向、反向区域文件[root@51cto named]# pwd/var/named/chroot/var/named[root@51cto named]# cp localhost.zone tech.51cto.com.zone[root@51cto named]# cp localhost.zone hr.51cto.com.zone[root@51cto named]# cp localhost.zone interaction.51cto.com.zone[root@51cto named]# cp named.local rev.1.168.192[root@51cto named]# cp named.local rev.2.168.192[root@51cto named]# cp named.local rev.3.168.192最终修改使得各个区域文件显示如下:对于技术部:[root@51cto named]# cat tech.51cto.com.zone$TTL 86400@ IN SOA dns.tech.51cto.com. root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS dns.tech.51cto.com.dns IN A 218.192.87.86client1 IN A 192.168.1.1client2 IN A 192.168.1.2client3 IN A 192.168.1.3client4 IN A 192.168.1.4client5 IN A 192.168.1.5client6 IN A 192.168.1.6client7 IN A 192.168.1.7client8 IN A 192.168.1.8client9 IN A 192.168.1.9client10 IN A 192.168.1.10[root@51cto named]# cat rev.1.168.192$TTL 86400@ IN SOA dns.tech.51cto.com. root.tech.51cto.com (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS dns.tech.51cto.com.86 IN PTR dns.tech.51cto.com.1 IN PTR client1.tech.51cto.com.2 IN PTR client2.tech.51cto.com.3 IN PTR client3.tech.51cto.com.4 IN PTR client4.tech.51cto.com.5 IN PTR client5.tech.51cto.com.6 IN PTR client6.tech.51cto.com.7 IN PTR client7.tech.51cto.com.8 IN PTR client8.tech.51cto.com.9 IN PTR client9.tech.51cto.com.10 IN PTR client10.tech.51cto.com.对于人力资源部:[root@51cto named]# cat hr.51cto.com.zone$TTL 86400@ IN SOA dns.hr.51cto.com. root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS dns.hr.51cto.com.dns IN A 218.192.87.86client1 IN A 192.168.2.1client2 IN A 192.168.2.2client3 IN A 192.168.2.3client4 IN A 192.168.2.4client5 IN A 192.168.2.5client6 IN A 192.168.2.6client7 IN A 192.168.2.7client8 IN A 192.168.2.8[root@51cto named]# cat rev.2.168.192$TTL 86400@ IN SOA dns.hr.51cto.com. root.hr.51cto.com (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS dns.hr.51cto.com.86 IN PTR dns.hr.51cto.com.1 IN PTR client1.hr.51cto.com.2 IN PTR client2.hr.51cto.com.3 IN PTR client3.hr.51cto.com.4 IN PTR client4.hr.51cto.com.5 IN PTR client5.hr.51cto.com.6 IN PTR client6.hr.51cto.com.7 IN PTR client7.hr.51cto.com.8 IN PTR client8.hr.51cto.com.对于互动部:[root@51cto named]# cat interaction.51cto.com.zone$TTL 86400@ IN SOA dns.interaction.51cto.com. root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS dns.interaction.51cto.com.dns IN A 218.192.87.86client1 IN A 192.168.3.1client2 IN A 192.168.3.2client3 IN A 192.168.3.3client4 IN A 192.168.3.4client5 IN A 192.168.3.5client6 IN A 192.168.3.6[root@51cto named]# cat rev.3.168.192$TTL 86400@ IN SOA dns.interaction.51cto.com. root.interaction.51cto.com (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS dns.interaction.51cto.com.86 IN PTR dns.interaction.51cto.com.1 IN PTR client1.interaction.51cto.com.2 IN PTR client2.interaction.51cto.com.3 IN PTR client3.interaction.51cto.com.4 IN PTR client4.interaction.51cto.com.5 IN PTR client5.interaction.51cto.com.6 IN PTR client6.interaction.51cto.com.5、修改6个正反向区域文件的权限,然后重启服务测试:[root@51cto named]# chmod 644 tech.51cto.com.zone hr.51cto.com.zone interaction.51cto.com.zone rev.1.168.192 rev.2.168.192 rev.3.168.192[root@51cto named]# ll tech.51cto.com.zone hr.51cto.com.zone interaction.51cto.com.zone rev.1.168.192 rev.2.168.192 rev.3.168.192-rw-r--r-- 1 root root 441 10-24 10:51 hr.51cto.com.zone-rw-r--r-- 1 root root 403 10-24 10:53 interaction.51cto.com.zone-rw-r--r-- 1 root root 799 10-24 10:45 rev.1.168.192-rw-r--r-- 1 root root 705 10-24 10:52 rev.2.168.192-rw-r--r-- 1 root root 731 10-24 10:55 rev.3.168.192-rw-r--r-- 1 root root 502 10-24 10:40 tech.51cto.com.zone[root@51cto named]# service named restart停止 named: [确定]启动 named: [确定][root@51cto named]# host -l tech.51cto.comtech.51cto.com name server dns.tech.51cto.com.client1.tech.51cto.com has address 192.168.1.1client10.tech.51cto.com has address 192.168.1.10client2.tech.51cto.com has address 192.168.1.2client3.tech.51cto.com has address 192.168.1.3client4.tech.51cto.com has address 192.168.1.4client5.tech.51cto.com has address 192.168.1.5client6.tech.51cto.com has address 192.168.1.6client7.tech.51cto.com has address 192.168.1.7client8.tech.51cto.com has address 192.168.1.8client9.tech.51cto.com has address 192.168.1.9dns.tech.51cto.com has address 218.192.87.86[root@51cto named]# host -l hr.51cto.comhr.51cto.com name server dns.hr.51cto.com.client1.hr.51cto.com has address 192.168.2.1client2.hr.51cto.com has address 192.168.2.2client3.hr.51cto.com has address 192.168.2.3client4.hr.51cto.com has address 192.168.2.4client5.hr.51cto.com has address 192.168.2.5client6.hr.51cto.com has address 192.168.2.6client7.hr.51cto.com has address 192.168.2.7client8.hr.51cto.com has address 192.168.2.8dns.hr.51cto.com has address 218.192.87.86[root@51cto named]# host -l interaction.51cto.cominteraction.51cto.com name server dns.interaction.51cto.com.client1.interaction.51cto.com has address 192.168.3.1client2.interaction.51cto.com has address 192.168.3.2client3.interaction.51cto.com has address 192.168.3.3client4.interaction.51cto.com has address 192.168.3.4client5.interaction.51cto.com has address 192.168.3.5client6.interaction.51cto.com has address 192.168.3.6dns.interaction.51cto.com has address 218.192.87.86[root@51cto ~]# host 192.168.1.55.1.168.192.in-addr.arpa domain name pointer client5.tech.51cto.com.[root@51cto ~]# host 192.168.2.55.2.168.192.in-addr.arpa domain name pointer client5.hr.51cto.com.[root@51cto ~]# host 192.168.3.55.3.168.192.in-addr.arpa domain name pointer client5.interaction.51cto.com.测试结果完整无误!!!
