一、缓存域名服务器
1、安装与配置
[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs DNS服务器所需的软件包
[root@localhost ~]# vim /etc/named.conf DNS服务器的主配置文件
options {
listen-on port 53 { 192.168.1.24; }; 使用53端口监听,监听的ip地192.168.1.24
listen-on-v6 port 53 { ::1; }; 监听ipv6的IP地址选项
directory "/var/named"; DNS的根目录,由于安装了bind-chroot的所致, 因此服务的实际工作目录为/var/named/chroot/var/named
dump-file "/var/named/data/cache_dump.db"; 缓存转储文件
statistics-file "/var/named/data/named_stats.txt"; 记录了内存使用的统计信息
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; 允许查询的主机,默认为localhost
recursion yes; 可以递归查询
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging { named服务的日志文件信息
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { 根(.)域的配置及信息(也可以通过其它上级域名转发功能来
配置缓存域名服务器,可以自己去了解)
type hint;
file "named.ca";
};
[root@localhost ~]# ls -lh /etc/named.conf 主配置文件权限如下(红色字体)
-rw-r----- 1 root named
[root@localhost ~]# service named restart DNS的服务名称为named
停止 named:. [确定]
启动 named: [确定]
[root@localhost ~]# netstat -ltunp |grep named 查看端口监听状态
tcp 0 0 192.168.1.24:53 0.0.0.0:* LISTEN 8049/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8049/named
tcp 0 0 ::1:53 :::* LISTEN 8049/named
tcp 0 0 ::1:953 :::* LISTEN 8049/named
udp 0 0 192.168.1.24:53 0.0.0.0:* 8049/named
2、客户端测试
[root@localhost ~]# echo nameserver 192.168.1.24 >> /etc/resolv.conf
[root@localhost ~]# dig www.baidu.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57864
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
www.a.shifen.com. 300 IN A 180.97.33.107
www.a.shifen.com. 300 IN A 180.97.33.108
;; AUTHORITY SECTION:
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
3、注意事项
客户端必须要跟服务器端通信(能ping通)及关闭selinux
二、主域名服务器配置
1、配置(可以与缓存服务器共享一台主机)
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.24; }; 使用53端口监听,监听的ip地192.168.1.24
listen-on-v6 port 53 { ::1; }; 监听ipv6的IP地址选项
directory "/var/named"; DNS的根目录,由于安装了bind-chroot的所致,
因此服务的实际目录为/var/named/chroot/var/named
dump-file "/var/named/data/cache_dump.db"; 缓存转储文件
statistics-file "/var/named/data/named_stats.txt"; 记录了内存使用的统计信息
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; 允许查询的主机,默认为localhost
recursion yes; 可以递归查询
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging { named服务的日志文件信息
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { 根(.)域的配置及信息
type hint;
file "named.ca";
};
zone "wxw.com" IN { 指定区名
type master; 服务器类别,master为主域名
file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建
allow-transfer {192.168.1.124;}; 指定从(辅助)域名服务器IP
};
zone "1.168.192.in-addr.arpa" IN { 域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写
type master;
file "192.168.1.zone"; 反向解析文件名192.168.1.zone
allow-transfer {192.168.1.124;};
};
[root@localhost ~]# vim /var/named/wxw.com_zone 编辑正向解析文件
$TTL 1D
@ IN SOA ns1.wxw.com. mail.www.wxw.com. (
2014102101 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.wxw.com. 主域名的域名地址
ns1.wxw.com. IN A 192.168.1.24 主域名的ip地址
@ IN NS ns2.wxw.com. 从域名的域名地址
ns2.wxw.com. IN A 192.168.1.124 从域名的ip地址
@ IN MX 10 mail.ww.wxw.com. 邮件服务器的域名地址
mail.www.wxw.com. IN A 192.168.1.4
www.wxw.com. IN A 192.168.1.2
ftp.wxw.com IN A 192.168.1.3
win7.wxw.com. IN A 192.168.1.224
linux.wxw.com. IN CNAME ns1.wxw.com.
smb.wxw.com. IN CNAME ns1.wxw.com.
dhcp.wxw.com. IN CNAME ns1.wxw.com.
[root@localhost ~]# vim /var/named/192.168.1.zone 反向解析文件
$TTL 1D
@ IN SOA ns1.wxw.com. mail.www.wxw.com. (
2014102101 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.wxw.com.
@ IN NS ns2.wxw.com.
24 IN PTR ns1.wxw.com.
124 IN PTR ns2.wxw.com.
@ IN MX 10 mail.www.wxw.com.
4 IN PTR mail.www.wxw.com.
2 IN PTR www.wxw.com.
3 IN PTR ftp.wxw.com.
124 IN PTR win7.wxw.com.
[root@localhost ~]# service named restart
停止 named:. [确定]
启动 named: [确定]
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search wxw.com
nameserver 192.168.1.24
2、客户端测试
[root@localhost ~]# dig www.wxw.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> www.wxw.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13587
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.wxw.com. IN A
;; ANSWER SECTION:
www.wxw.com. 86400 IN A 192.168.1.2
;; AUTHORITY SECTION:
wxw.com. 86400 IN NS ns2.wxw.com.
wxw.com. 86400 IN NS ns1.wxw.com.
;; ADDITIONAL SECTION:
ns1.wxw.com. 86400 IN A 192.168.1.24
ns2.wxw.com. 86400 IN A 192.168.1.124
;; Query time: 1 msec
;; SERVER: 192.168.1.24#53(192.168.1.24)
;; WHEN: Wed Oct 22 11:47:47 2014
;; MSG SIZE rcvd: 113
三、从域名服务器搭建与配置
1、重新开启一台linux虚拟主机(CentOS 6.5),网卡ip为192.168.1.124
2、服务的安装与配置
[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.124; };
listen-on-v6 port 53 { ::1; };
directory "/var/named"; dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
# managed-keys-directory "/var/named/dynamic";
};
logging { named服务的日志文件信息
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { 根(.)域的配置及信息
type hint;
file "named.ca";
};
zone "wxw.com" IN { 指定区名
type slave; 服务器类别,slave为从域名服务器选项
file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建
masters {192.168.1.24;}; 指定主域名服务器IP
};
zone "1.168.192.in-addr.arpa" IN { 域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写
type slave;
file "192.168.1.zone"; 反向解析文件名192.168.1.zone
masters {192.168.1.24;};
};
[root@localhost ~]# chmod 770 /var/named/
[root@localhost ~]# ll /var/named/ -d
drwxrwx--- 6 root named 4096 Oct 22 10:49 /var/named/
[root@localhost ~]# service named restart
停止 named: [确定]
启动 named: [确定]
3、客户端测试
[root@localhost ~]# dig @192.168.1.124 www.wxw.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @192.168.1.124 www.wxw.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22358
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.wxw.com. IN A
;; ANSWER SECTION:
www.wxw.com. 86400 IN A 192.168.1.2
;; AUTHORITY SECTION:
wxw.com. 86400 IN NS ns1.wxw.com.
wxw.com. 86400 IN NS ns2.wxw.com.
;; ADDITIONAL SECTION:
ns1.wxw.com. 86400 IN A 192.168.1.24
ns2.wxw.com. 86400 IN A 192.168.1.124
;; Query time: 1 msec
;; SERVER: 192.168.1.124#53(192.168.1.124)
;; WHEN: Wed Oct 22 10:49:58 20144、注意事项:
(1)、如果还是无法解析,请返回主域名服务器的/var/named目录给区域配置文件加上权限(单纯是为了练习的话,就加到最大权限777吧)
(2)、以上的练习都是在关闭防火墙与seLinux的状态下操作的,如果防火墙开启,可自行去添加规则
四、还有根据接口来配置的DNS服务器,在此就不做介绍了,可自行去查阅资料练。
转载于:https://blog.51cto.com/www1991/1566667
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
