实验准备工作

DNS服务器

1.配置主机域名

[root@all ~]# hostname xuan.com   ///临时修改名,永久修改需要去/etc/sysconfig/network 修改。然后记住在/etc/hosts 里更新自己的域,为了方便实验,先修改了名字

2.取消dhcpip地址改为静态

3.安装DNS

[root@xuan ]# yum -y install bind

 

配置DNS服务器

1.查看安装文件目录

[root@xuan ]# rpm -ql bind

/etc/NetworkManager/dispatcher.d/13-named

/etc/logrotate.d/named

/etc/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/portreserve/named

/etc/rc.d/init.d/named

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

2.DNS自身配置文件更改

[root@xuan ~]# vim /etc/named.conf

options {

       listen-on port 53 { any;};        //ipv4   表示监听的本机所有网卡

       listen-on-v6 port 53 { any; };     //ipv6

       directory      "/var/named";     //数据存放目录

       dump-file      "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

       allow-query     { any; };             //表示允许网络中所有主机来访问

       recursion yes;

 

        dnssec-enable yes;

       dnssec-validation yes;

       dnssec-lookaside auto;

 

       /* Path to ISC DLV key */

       bindkeys-file "/etc/named.iscdlv.key";

 

       managed-keys-directory "/var/named/dynamic";

};

 

logging {

       channel default_debug {

                file"data/named.run";

                severity dynamic;

       };

};

 

zone "." IN {

       type hint;

       file "named.ca";

};

 

include"/etc/named.rfc1912.zones";   //区域描述文件

include "/etc/named.root.key";

 

 

3.定义区域文件(区域文件可以直接在named.conf中添加也可以像下面样添加到自身配置文件定义的文件中)

[root@xuan ~]# vim/etc/named.rfc1912.zones     //最后一行添加4条信息,两条正向两条方向解析

 

zone "baidu.com" IN {

       type master;                //指主域服务器

       file "baidu.com.hosts";     //指定文件保存的名字,可以自定义,但一般遵循此规范

};

 

zone "qq.com" IN {

       type master;

       file "qq.com.hosts";

};

 

zone "2.21.222.in-addr.arpa" IN {

       type master;

       file "222.21.2.rev";

};

 

zone "33.16.172.in-addr.arpa" IN{

       type master;

       file "172.16.33.rev";

};

 

4.创建数据文件

1 [root@xuan ~]# vim/var/named/baidu.com.hosts

$TTL 1D

@      IN SOA  xuan.com user@xuan.com. (

                                 201509160001

                                        1D

                                        1H

                                        1W

                                        3H )

                IN   NS     xuan.com.

                IN   MX 5   xuan.com.

server2         IN  A       222.21.2.21             //简单的负载均衡

server2         IN  A       222.21.2.22             //

www             IN   A      172.16.33.33

ftp             IN   CNAME  www                   //别名

 

2[root@xuan ~]# vim/var/named/qq.com.hosts

$TTL 1D

@      IN SOA  xuan.com user@xuan.com. (

                                 201509160005

                                       1D

                                        1H

                                        1W

                                        3H )

                IN   NS     xuan.com.

                IN   MX 5   xuan.com.

server2        IN   A      222.101.0.10    

server2         IN  A       222.101.0.11    

www             IN   A      172.16.33.99

ftp             IN   CNAME  www

 

3[root@xuan ~]# vim/var/named/222.21.2.rev

$TTL 1D

@      IN SOA xuan.com user@xuan.com.(

                    201509160003

                    3h

                    1h

                    1w

                    1h)

        IN  NS  xuan.com.

21      IN  PTR server2.baidu.com.             //负载均衡的反向解析

22      IN  PTR server2.baidu.com.             //

 

4[root@xuan ~]# vim/var/named/172.16.33.rev

$TTL 1D

@      IN SOA xuan.com user@xuan.com.(

                    201509160003

                    3h

                    1h

                    1w

                    1h)

        IN  NS  xuan.com.

33       IN PTR www.baidu.com.

33      IN  PTR ftp.baidu.com.

99      IN  PTR www.qq.com.

99      IN  PTR ftp.qq.com.

 

 

5.重启DNS服务(如果报错可以根据/var/log/messages日志排错)

[root@xuan ~]# service named restart

停止 named                                              [确定]

启动 named                                              [确定]

 

6.测试

正向解析测试:

[root@xuan named]# nsloopup

bash: nsloopup: command not found

[root@xuan named]# nslookup

> www.baidu.com

Server:           172.16.30.97

Address:  172.16.30.97#53

 

Name:     www.baidu.com

Address: 172.16.33.33

> ftp.qq.com

Server:           172.16.30.97

Address:  172.16.30.97#53

 

ftp.qq.com      canonicalname = www.qq.com.

Name:     www.qq.com

Address: 172.16.33.99

> server2.qq.com

Server:           172.16.30.97

Address:  172.16.30.97#53

 

Name:     server2.qq.com

Address: 222.101.0.10

Name:     server2.qq.com

Address: 222.101.0.11

 

 

反向解析测试:

> 172.16.33.33

Server:           172.16.30.97

Address:  172.16.30.97#53

 

33.33.16.172.in-addr.arpa     name = www.baidu.com.

33.33.16.172.in-addr.arpa     name = ftp.baidu.com.

> 172.16.33.99

Server:           172.16.30.97

Address:  172.16.30.97#53

 

99.33.16.172.in-addr.arpa     name = ftp.qq.com.

99.33.16.172.in-addr.arpa     name = www.qq.com.

 

> 222.21.2.21        

Server:           172.16.30.97

Address:  172.16.30.97#53

 

21.2.21.222.in-addr.arpa       name = server2.baidu.com.

> 222.21.2.22

Server:           172.16.30.97

Address:  172.16.30.97#53

 

22.2.21.222.in-addr.arpa       name = server2.baidu.com.

 

 

 

辅助DNS服务器:

7.定义区域配置文件

[root@xuan ~]# vim/etc/named.rfc1912.zones    //最后一行添加,这边只添加了一条正向解析,反向也是一样配置。只要指定主DNS服务器配置有相关域解析就能直接获取

 

zone "test.com" IN {

       type slave;

       file "slaves/test.com.hosts";

       masters {172.16.30.53;};

};

 

8.配置好后重启服务

[root@xuan ~]# service named restart

停止 named                                              [确定]

启动 named                                              [确定]

 

9.查看slaves文件夹是否已经获取主服务器test.com的解析

[root@xuan ~]# cat/var/named/slaves/test.com.hosts

$ORIGIN .

$TTL 86400    ;1 day

test.com         INSOA  lhost4.test.com.root.lhost4.test.com. (

                            2015091602; serial

                            10800      ; refresh (3 hours)

                            3600       ; retry (1 hour)

                            604800     ; expire (1 week)

                            3600       ; minimum (1 hour)

                            )

                     NS   lhost4.test.com.

                     MX  5 lhost4.test.com.

$ORIGIN test.com.

lhost4                    A     172.16.30.1

win03                   A     172.16.30.33

win04                   A     172.16.30.44

 

 

10.测试从主DNS获取的解析

[root@xuan ~]# nslookup

> win03.test.com

Server:           172.16.30.97

Address:  172.16.30.97#53

 

Name:     win03.test.com

Address: 172.16.30.33

 

> lhost4.test.com

Server:           172.16.30.97

Address:  172.16.30.97#53

 

Name:     lhost4.test.com

Address: 172.16.30.1

 

 

以前自己自学linux时,感觉DNS挺难的,后来参加培训听老师讲后理解很多。自学那会在读大学,搭建DNS时是用的system-config-bind,视窗下搭建,只要理解了概念就比较简单。那时自己查阅了很多资料,视窗下搭建了智能DNS,因为自己是机房主管,所以利用机房里不同网段主机做客户机。等后面有时间,更新智能DNS的配置