DNS编译安装步骤:
--------------------------------------------------------------
第一部分:编译安装
--------------------------------------------------------------
一、 所需软件
bind-9.4.2.tar.gz //http://www.isc.org/
wget http://ftp.isc.org/isc/bind9/9.4.2/bind-9.4.2.tar.gz
编译安装之前将系统默认安装的卸载!
二 解压、安装
# tar zxvf bind-9.4.2.tar.gz
# cd bind-9.4.2
# ./configure --sysconfdir=/etc
# make
# make install
安装好以后查看其版本:
# /usr/local/sbin/named -v
三 主配置文件
# vi /etc/named.conf
options {
directory "/var/named";
};
zone "." {
type hint;
file "named.ca";
};
新建配置目录
# mkdir /var/named
产生named.ca文件
1 配置DNS
# echo "nameserver 202.99.192.68" >/etc/resolv.conf
由于这里已经能上网,所以不需要导入dns解析文件!
2 挖掘DNS工具,查看根(这里要到官方网站上更新DNS文件,
服务器IP地址需要能够上网)
# dig -t NS .
3 产生named.ca文件
# dig -t NS . >/var/named/named.ca
四 用RNDC控制服务器
产生rndc配置文件
# rndc-confgen > /etc/rndc.conf
显示行号
# cat -n /etc/rndc.conf
从13行开始到结束追加到named.conf文件
# tail -12 /etc/rndc.conf>>/etc/named.conf
去掉刚追加的注释
# vi /etc/named.conf
rndc文件主要时控制named文件。
五 运行及测试
运行DNS服务
# named
检查状态
# rndc status
查看日志文件
#cat /var/log/messages | grep named
六 添加本地DNS服务器解析文件
# vi /etc/named.conf
zone "localhost"{
type master;
file "named.local";
};
zone "china.com"{
type master;
file "china.com.zone";
};
# vi /var/named/named.local
$TTL 38400
@ IN SOA localhost. root (
2009040701 ;serial
1H ;refresh
15M ;retry
1W ;expire
1D ) ;TTL
IN NS @
IN A 127.0.0.1
# vi /var/named/china.com.zone
$TTL 38400
@ IN SOA win.china.com. root (
2009040701 ;serial
1H ;refresh
15M ;retry
1W ;expire
1D ) ;TTL
IN NS win.china.com.
IN MX 10 mail
win IN A 192.168.11.1
www IN A 192.168.11.1
mail IN A 192.168.11.50
news IN CNAME www
重新加载
# rndc reload
七、反向解析文件
# vi /etc/named.conf
zone"0.0.127.in-addr.arpa" in {
type master;
file "named.local01";
};
zone "11.168.192.in-addr.arpa" in {
type master;
file "china.zone";
};
# vi /var/named/named.local01
------------------------------------------
$TTL 38400
0.0.127.in-addr.arpa. IN SOA win.china.com. root(
2009040701 ;serial
3H ; refresh
15M ;retry
1W ;expiry
1D) ;minimum
IN NS win.china.com.
1 IN PTR win.china.com.
# vi /var/named/china.zone
------------------------------------------
$TTL 38400
11.168.192.in-addr.arpa. IN SOA win.china.com. root(
2009040701;serial
3H ; refresh
15M ;retry
1W ;expiry
1D) ;minimum
IN NS win.china.com.
1 IN PTR win.china.com.
1 IN PTR win.china.com.
50 IN PTR mail.china.com.
#named-checkconf
测试配置:
正向解析:成功!
反向解析:成功!没有50的记录!所以不能成功!
----------------------------------------------------------------------------------
第二部分:配置主从服务器
----------------------------------------------------------------------------------
1.设置主DNS区域选项
# vi /etc/named.conf
zone "china.com"{
type master;
file "china.com.zone";
allow-transfer{192.168.11.2;}; //只允许计算机192.168.11.2复制
};
# vi /etc/named.conf
zone "11.168.192.in-addr.arpa" in {
type master;
file "china.zone";
allow-transfer{192.168.11.2;}; #只允许计算机192.168.11.2复制#
};
2.设置主DNS区域文件
# vi/var/named/china.com.zone
$TTL 38400
@ IN SOA win.china.com. root (
2009040701 ;serial
1H ;refresh
15M ;retry
1W ;expire
1D ) ;TTL
IN NS win.china.com.
IN MX 10 mail
win IN A 192.168.11.1
www IN A 192.168.11.1
mail IN A 192.168.11.50
news IN CNAME www
son IN A 192.168.11.2 #添加从DNS的A记录#
# vi /var/named/china.zone
$TTL 38400
11.168.192.in-addr.arpa. IN SOA win.china.com. root(
2009040701;serial
3H ; refresh
15M ;retry
1W ;expiry
1D) ;minimum
IN NS win.china.com.
1 IN PTR win.china.com.
1 IN PTR win.china.com.
50 IN PTR mail.china.com.
2 IN PTR son.china.com.
----------------------------------------------------------------------------------
第三部分:配置slave服务器
----------------------------------------------------------------------------------
1.安装bind
# tar zxvf bind-9.4.2.tar.gz
# cd bind-9.4.2
# ./configure --sysconfdir=/etc
# make
# make install
安装好以后查看其版本:
# /usr/local/sbin/named -v
#mkdir -p /var/named/slaves
2.从主复制配置文件
2.1 开启用户远程登录
#vi /etc/xinetd.d/telnet
打开文件后,将里面的 disable=yes 行前面加上#注释掉,保存退出,重新启动xinetd 服务
/etc/rc.d/init.d/xinetd restart
2.2配置允许 root 用户登录
3vi /etc/pam.d/login
将文件中的
auth required pam_securetty.so
加上“#”注释掉,就可以实现在登录的时候允许 root 用户了。
2.3 复制文件
#scp root@192.168.11.1:/etc/named.conf /etc
The authenticity of host '192.168.11.1 (192.168.11.1)' can't be established.
RSA key fingerprint is 27:28:86:d1:63:38:80:75:bd:7b:43:8b:27:1a:32:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.11.1' (RSA) to the list of known hosts.
root@192.168.11.1's password:
named.conf 100% 718 0.7KB/s 00:00
[root@son ~]# scp root@192.168.11.1:/var/named/named.ca /var/named/
root@192.168.11.1's password:
named.ca 100% 1441 1.4KB/s 00:00
3.用RNDC控制服务器
产生rndc配置文件
# rndc-confgen > /etc/rndc.conf
显示行号
# cat -n /etc/rndc.conf
从13行开始到结束追加到named.conf文件
# tail -12 /etc/rndc.conf>>/etc/named.conf
去掉刚追加的注释并且把先前存在的删除:
# vi /etc/named.conf
rndc文件主要时控制named文件。
4.运行及测试
运行DNS服务
# named
检查状态
# rndc status
查看日志文件
#cat /var/log/messages | grep named
5.编辑
# vi /etc/named.conf
zone "china.com"{
type slave;
file "slaves/son.china.com.zone";
masters{192.168.11.1;};
};
zone "11.168.192.in-addr.arpa" in {
type slave;
file "slaves/son.china.zone";
masters{192.168.11.1;};
};
6.从主DNS复制
6.1 重新加载DNS
# rndc reload
6.2 查看日志情况
#cat /var/log/messages
Apr 8 13:08:48 son named[746]: loading configuration from '/etc/named.conf'
Apr 8 13:08:48 son named[746]: zone china.com/IN: Transfer started.
Apr 8 13:08:48 son named[746]: transfer of 'china.com/IN' from 192.168.11.1#53: connected using 192.168.11.2#59729
Apr 8 13:08:48 son named[746]: zone china.com/IN: transferred serial 2009040701
Apr 8 13:08:48 son named[746]: transfer of 'china.com/IN' from 192.168.11.1#53: end of transfer
Apr 8 13:08:48 son named[746]: zone 11.168.192.in-addr.arpa/IN: Transfer started.
Apr 8 13:08:48 son named[746]: transfer of '11.168.192.in-addr.arpa/IN' from 192.168.11.1#53: connected using 192.168.11.2#49833
Apr 8 13:08:48 son named[746]: zone 11.168.192.in-addr.arpa/IN: transferred serial 2009040701
Apr 8 13:08:48 son named[746]: transfer of '11.168.192.in-addr.arpa/IN' from 192.168.11.1#53: end of transfer
6.3 查看对应目录,是否复制成功
# ls /var/named/slaves/
son.china.com.zone son.china.zone
--------------------------------------------------------------
第四部分:客户端验证
--------------------------------------------------------------
1.正常解析
C:\>nslookup
Default Server: win.china.com --从主服务器查询
Address: 192.168.11.1
> www.china.com
Server: win.china.com
Address: 192.168.11.1
Name: www.china.com
Address: 192.168.11.1
> mail.china.com
Server: win.china.com
Address: 192.168.11.1
Name: mail.china.com
Address: 192.168.11.50
2.断开主DNS
设置客户端DNS为辅助DNS
3.客户端通过辅助DNS解析
C:\>nslookup
Default Server: son.china.com
Address: 192.168.11.2
> www.china.com
Server: son.china.com
Address: 192.168.11.2
Name: www.china.com
Address: 192.168.11.1
> mail.china.com
Server: son.china.com
Address: 192.168.11.2
Name: mail.china.com
Address: 192.168.11.50
--------------------------------------------------------------
第五部分:常见排错方法
--------------------------------------------------------------
1.查看辅助的日志
#rndc trace 99 --该命令将在DNS服务器和辅助DNS服务器的named目录下生成一个named.run日志文件
2.开启防火墙需要的端口
iptables -A FORWARD -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -i eth0 -p udp --dport 53 -j ACCEPT
3.关闭selinux
#cat /etc/sysconfig/selinux
#SELINUX=enforcing
SELINUX=disabled
