Linux下的DNS服务

操作系统：Redhat5.8

软件安装：

#yum install bind bind-utils bind-chroot caching-nameserver

软件启动：

#/etc/init.d/named start

#chkconfig named on

软件配置：

1）ex:

#vim /var/named/chroot/etc/named.conf --> dns服务器主配置文件

options {

directory "/var/named";

};

zone "uplooking.com" {

type master;

file "uplooking.com.zone";

}; --> 正向解析

zone "1.168.192.in-addr.arpa" {

type master;

file "1.168.192.arpa";

}; --> 反向解析

zone "." IN {

type hint;

file "named.ca";

}; --> 根域

#vim /var/named/chroot/var/named/uplooking.com.zone

--> dns服务器正向解析区域配置文件

$TTL 86400

@IN SOA dns.uplooking.com. root.uplooking.com. (

201372301

3H

15M

1W

1D )

IN NS dns.uplooking.com.

dns.uplooking.com. IN A 192.168.1.100

server1.uplooking.com. IN A 192.168.1.101

ftp IN CNAME server1

mail IN CNAME server1

uplooking.com. IN MX 10 mail.uplooking.com

uplooking.com. IN MX 11 mail1.uplooking.com

server2.uplooking.com. IN A 192.168.1.102

server2.uplooking.com. IN A 192.168.1.103

server2.uplooking.com. IN A 192.168.1.104

*.uplooking.com. IN A 192.168.1.105

#vim /var/named/chroot/var/named/1.168.192.arpa

--> dns服务器反向解析区域配置文件

$TTL 86400

@IN SOAdns.uplooking.com. root.uplooking.com. (

201372301

3H

15M

1W

1D )

IN NS dns.uplooking.com.

111 IN PTR server11.uplooking.com.

112 IN PTR server12.uplooking.com.

1-1) 只缓存DNS服务器--> 完全转发

ex:

#vim /var/named/chroot/etc/named.conf

options {

directory "/var/named";

forward only;

--> 只使用forwarders DNS服务器做域名解析，查询不到则返回DNS客户端查询失败

forwarders { 192.168.1.110;192.168.1.112; };

--> 设置将DNS请求转发到哪个服务器，可以指定多个服务器IP地址

};

1-2）转发DNS服务器--> 完全转发

ex:

#vim /var/named/chroot/etc/named.conf

options {

directory "/var/named";

recursion yes;

--> 允许递归，转发服务器查询模式必须允许递归，否则无法正确完成转发

forward first;

--> 优先使用forwarders DNS服务器做域名解析，查询不到使用本地DNS服务器做域名解析

forwarders { 192.168.1.110;192.168.1.112; };

};

1-3) 访问未经授权的DNS域--> 部分转发

ex:

#vim /var/named/chroot/etc/named.conf

zone "b.com" IN {

type forward;

forward { IP; };--> IP为b.com域的DNS主机IP地址

}

2) 主从DNS服务器/主辅DNS服务器

ex:

主dns服务器

#vim /var/named/chroot/etc/named.conf --> 主dns服务器主配置文件

options {

directory "/var/named";

};

zone "uplooking.com" {

type master;

file "uplooking.com.zone";

--> 配置从DNS时需下面两行

notify yes;

allow-transfer { 192.168.1.104; };

}; --> 正向解析

zone "1.168.192.in-addr.arpa" {

type master;

file "1.168.192.arpa";

notify yes;

allow-transfer { 192.168.1.104; };

}; --> 反向解析

zone "." IN {

type hint;

file "named.ca";

}; --> 根域

#vim /var/named/chroot/var/named/uplooking.com.zone

--> 主dns服务器正向解析区域配置文件

$TTL 86400

@IN SOA dns.uplooking.com. root.uplooking.com. (

201372301

3H

15M

1W

1D )

IN NS dns.uplooking.com.

dns.uplooking.com. IN A 192.168.1.100

server1.uplooking.com. IN A 192.168.1.101

ftp IN CNAME server1

mail IN CNAME server1

uplooking.com. IN MX 10 mail.uplooking.com

uplooking.com. IN MX 11 mail1.uplooking.com

server2.uplooking.com. IN A 192.168.1.102

server2.uplooking.com. IN A 192.168.1.103

server2.uplooking.com. IN A 192.168.1.104

*.uplooking.com. IN A 192.168.1.105

#vim /var/named/chroot/var/named/1.168.192.arpa

--> 主dns服务器反向解析区域配置文件

$TTL 86400

@IN SOAdns.uplooking.com. root.uplooking.com. (

201372301

3H

15M

1W

1D )

IN NS dns.uplooking.com.

111 IN PTR server11.uplooking.com.

112 IN PTR server12.uplooking.com.

辅/从dns服务器

#vim /var/named/chroot/etc/named.conf

--> 辅/从dns服务器主配置文件（辅/从dns不需要区域配置文件）

options {

directory "/var/named";

};

zone "uplooking.com" {

type slave;

file "slave.uplooking.zone";

masters { 192.168.1.100; };

};

zone "1.168.192.in-addr.arpa" {

type slave;

file "1.168.192.arpa";

masters { 192.168.1.100; };

};

zone "." IN {

type hint;

file "named.ca";

};