linux系统中DNS的功能配置

DNS

一 实验环境
服务器：192.168.1.254/24 192.168.1.253/24
ns1.masa.com 192.168.1.254
ns2.masa.com192.168.1.253

host1.masa.com 192.168.1.1

二 主域名服务器

1 安装软件包
# yum install bind bind-chroot caching-nameserver

2 主域名服务器
# vim /var/named/chroot/etc/named.caching-nameserver.conf
listen-on port 53 { any; };
allow-query { any; };
match-clients { any; };
match-destinations { any; };
# vim /var/named/chroot/etc/named.rfc1912.zones
zone "masa.com" {
type master;
file "masa.com.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.rev";
};
# cd /var/named/chroot/var/named/
# cp -a localhost.zone masa.com.zone
# vim masa.com.zone
@ IN NS ns1.masa.com.
ns1 IN A 192.168.1.254
host1 IN A 192.168.1.1
# cp -a named.local 192.168.1.rev
@ IN NS ns1.masa.com.
1 IN PTR host1.masa.com.
254 IN PTR ns1.masa.com.
#service named start

3 从域名服务器
# vim named.rfc1912.zones
zone "masa.com" {
type slave;
file "slaves/masa.com.zone";
masters { 192.168.1.254 ; } ;
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "slaves/192.168.1.rev";
masters { 192.168.1.254 ; };
# service named start

4 转发域服务器
options {
allow-query { 192.168.1.0/24; };
forward first;
forwarders {61.175.153.129;};
};
allow-query-cache { any; };
forward only;
forwarders {
192.168.1.254;
};

5 视图与ACL
acl cnc { 192.168.1.101; };
acl tel { 192.168.1.102; };
view cncnet {
match-clients { cnc; };
recursion yes;
include “/etc/masacnc”;
};
view telnet {
match-clients { tel; };
recursion yes;
include “/etc/masatel”;
};

6 DNS主从数据transfer的TSIG方法
TSIG 事务签名的m 方式（Key）
dnssec-keygen -a hmac-md5 -b 128 -n HOST 名字.
master dns:
server 192.168.0.253 { keys { pgkey ; };
key pgkey {
algorithm hmac-md5;
secret "BmGdrEJzYDFegy4wM8TBdQ==";
};
zone "masa.com" IN {
type master;
file "masa.com.zone";
allow-transfer { key pgkey; };
};
slave dns:
server 192.168.0.254 { keys { pgkey ; };
key pgkey {
algorithm hmac-md5;
secret "BmGdrEJzYDFegy4wM8TBdQ==";
};
zone "masa.com" IN {
type slave;
file "slaves/masa.com.slave.zone";
masters { 192.168.1.254 key pgkey; };
};

7 子域授权
masa.com ns.masa.com 192.168.1.1
sales.masa.com ns.sales.masa.com 192.168.1.2
父域：
zone "masa.com" {
type master;
file "masa.com.zone";
};
@ IN NS ns1.masa.com.
ns1 IN A 192.168.1.1
sales IN NS ns.sales
ns.sales IN A 192.168.1.2
子域：
zone "sales.masa.com" {
type master;
file "sales.masa.com.zone";
};
@ IN NS ns.sales.masa.com.
ns IN A 192.168.1.2
www IN A 1.1.1.1

8 泛域名
* IN A 192.168.1.1
$GENERATE 1-253 stu$ IN A 192.168.1.$  即：stu1的ip地址为：192.168.1.1

9、测试DNS服务器

vi /etc/resolv.conf #编辑文件 

nameserver 127.0.0.1 #将linux服务器的DNS设置为本身

nameserver 8.8.8.8 #为了能够访问外网需要设置备用DNS

nslookup -type=soa osyunwei.com #测试起始授权机构SOA资源记录
nslookup -type=a www.osyunwei.com #测试主机地址A记录资源
nslookup -type=ptr 192.168.21.129 #测试反向解析指针PTR资源记录
nslookup -type=cname ftp.osyunwei.com #测试别名CNAME资源记录
nslookup -type=ns osyunwei.com #测试名称服务器NS资源记录
nslookup -type=mx osyunwei.com #测试邮件交换器MX资源记录
tail /var/log/messages #查看日志