让我们举一个例子来详细说明解析域名的过程.假设我们的客户机如果想要访问站点:www.linejet.com , 此客户本地的域名服务器是dns.company.com , 一个根域名服务器是NS.INTER.NET ,
所要访问的网站的域名服务器是dns.linejet.com,域名解析的过程如下所示:
(1)客户机发出请求解析域名www.linejet.com的报文
(2)本地的域名服务器收到请求后, 查询本地缓存, 假设没有该纪录, 则本地域名服务器dns.company.com则向根域名服务器NS.INTER.NET发出请求解析域名www.linejet.com
(3)根域名服务器NS.INTER.NET收到请求后查询本地记录得到如下结果:linejet.com NS dns.linejet.com (表示linejet.com域中的域名服务器为:dns.linejet.com ),
同时给出dns.linejet.com的地址,并将结果返回给域名服务器dns.company.com。
(4)域名服务器dns.company.com 收到回应后,再发出请求解析域名www.linejet.com的报文。
(5)域名服务器 dns.linejet.com收到请求后,开始查询本地的记录,找到如下一条记录: www.linejet.com A 211.120.3.12 (表示linejet.com域中域名服务
器dns.linejet.com的IP地址为:211.120.3.12),并将结果返回给客户本地域名服务器dns.company.com。
(6)客户本地域名服务器将返回的结果保存到本地缓存,同时将结果返回给客户机。
这样就完成了一次域名解析过程,
*********************************************************************************************************************************************************************************
软件包;
bind.i386 --主服务软件包
bind-chroot.i386 -- 笼环境软件包
bind-devel.i386 --开发包
bind-libs.i386 --库文件
bind-utils.i386 --工具包
配置文件的目录:
没有安装bind-chroot.i386的话
配置文件为/etc/named.conf
/var/named
安装了bind-chroot.i386
配置文件为/var/named/chroot/etc/named.conf --默认没有
/var/named/chroot/var/named
从上面看到装了bind-chroot,笼环境为/var/named/chroot/
配置步骤:
1,编辑named.conf
2, 编辑zone区域文件
vim /var/named/chroot/etc/named.conf --手动建立
**********************************************************************************************************************************************************************************
查看DSN相关软件包
[root@station127 ~]# yum list |grep bind
This system is not registered with RHN.
RHN support will be disabled.
bind-libs.i386 30:9.3.6-4.P1.el5 installed
bind-utils.i386 30:9.3.6-4.P1.el5 installed
ypbind.i386 3:1.19-12.el5 installed
bind.i386 30:9.3.6-4.P1.el5_4.2 update
bind-chroot.i386 30:9.3.6-4.P1.el5_4.2 update
bind-devel.i386 30:9.3.6-4.P1.el5_4.2 update
bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2 update
bind-libs.i386 30:9.3.6-4.P1.el5_4.2 update
bind-sdb.i386 30:9.3.6-4.P1.el5_4.2 update
bind-utils.i386 30:9.3.6-4.P1.el5_4.2 update
kdebindings.i386 3.5.4-6.el5 Server
kdebindings-devel.i386 3.5.4-6.el5 Server
system-config-bind.noarch 4.0.3-4.el5 Server
You have new mail in /var/spool/mail/root
----------------------------------------------------------------
安装DNS相关软件包
[root@station127 ~]# yum install bind*
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-chroot.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-devel.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-libs.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-sdb.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-utils.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
bind i386 30:9.3.6-4.P1.el5_4.2 update 978 k
bind-chroot i386 30:9.3.6-4.P1.el5_4.2 update 44 k
bind-devel i386 30:9.3.6-4.P1.el5_4.2 update 2.8 M
bind-libbind-devel i386 30:9.3.6-4.P1.el5_4.2 update 441 k
bind-sdb i386 30:9.3.6-4.P1.el5_4.2 update 229 k
Updating:
bind-libs i386 30:9.3.6-4.P1.el5_4.2 update 857 k
bind-utils i386 30:9.3.6-4.P1.el5_4.2 update 170 k
Transaction Summary
=====================================================================================================================
Install 5 Package(s)
Update 2 Package(s)
Remove 0 Package(s)
Total download size: 5.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): bind-chroot-9.3.6-4.P1.el5_4.2.i386.rpm | 44 kB 00:00
(2/7): bind-utils-9.3.6-4.P1.el5_4.2.i386.rpm | 170 kB 00:00
(3/7): bind-sdb-9.3.6-4.P1.el5_4.2.i386.rpm | 229 kB 00:00
(4/7): bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm | 441 kB 00:00
(5/7): bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm | 857 kB 00:00
(6/7): bind-9.3.6-4.P1.el5_4.2.i386.rpm | 978 kB 00:00
(7/7): bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm | 2.8 MB 00:00
---------------------------------------------------------------------------------------------------------------------
Total 7.5 MB/s | 5.4 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bind-libs 1/9
Installing : bind 2/9
Installing : bind-libbind-devel 3/9
Updating : bind-utils 4/9
Installing : bind-devel 5/9
Installing : bind-sdb 6/9
Installing : bind-chroot 7/9
Cleanup : bind-libs 8/9
Cleanup : bind-utils 9/9
Installed:
bind.i386 30:9.3.6-4.P1.el5_4.2 bind-chroot.i386 30:9.3.6-4.P1.el5_4.2
bind-devel.i386 30:9.3.6-4.P1.el5_4.2 bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2
bind-sdb.i386 30:9.3.6-4.P1.el5_4.2
Updated:
bind-libs.i386 30:9.3.6-4.P1.el5_4.2 bind-utils.i386 30:9.3.6-4.P1.el5_4.2
Complete!
----------------------------------------------------------------------------
******************************************************************************************************************************************************************************************************
正向DNS查询实验
step1: 手动建立一个named.conf文件
[root@station127 ~]# vim /var/named/chroot/etc/named.conf --手动建立
step2:写上下面的
options {
directory "/var/named"; --定义你的目录路径,指的是/var/named/chroot/var/named/
};
zone "yumzone.cn" IN { ---单独对yumzone.cn这个域的定义,注意“引号里不要有空格
type master; --定义dns服务器的类型为主
file "data/master.yumzone.cn.zone"; --定义存放域名和IP地址对应的区域文件存放的地方
};
---------------------------------------------------------------------------
step3:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.yumzone.cn.zone
$TTL 86400
@ IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601
180
240
1D
86400)
IN NS chengyuncai.yumzone.cn.
chengyuncai IN A 10.1.1.127
------------------------------------------------------------------------------
step4:重启服务
[root@station127 ~]# /etc/init.d/named restart
[root@station127 ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
-----------------------------------------------------------------------------------
step5:测试DNS正向查询
[root@station127 ~]# nslookup
> chengyuncai.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: chengyuncai.yumzone.cn
Address: 10.1.1.127
-----------------------------------------------------------------------------------------------------------------------
***********************************************************************************
反向解析实验
step1:
[root@station127 ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "yumzone.cn" IN {
type master;
file "data/master.yumzone.cn.zone";
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "data/master.1.1.10.in-addr.arpa.zone";
};
----------------------------------------------------------------------------------------------------------------------
step2:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.1.1.10.in-addr.arpa.zone
$TTL 86400
@ IN SOA 1.1.10.in-addr.arpa. root.yumzone.cn. (
2010051601
180
240
360
86400 )
IN NS chengyuncai.yumzone.cn.
127 IN PTR chengyuncai.yumzone.cn.
189 IN PTR station189.yumzone.cn.
-----------------------------------------------------------------------------------------------------------------------------------
step3:
测试反向DNS查询
[root@station127 ~]# /etc/init.d/named reload 重新载入 named: [确定]
--重装载配置,(当配置有改动时,不需要重启服务)
[root@station127 ~]# nslookup 10.1.1.127
Server: 10.1.1.127
Address: 10.1.1.127#53
127.1.1.10.in-addr.arpa name = chengyuncai.yumzone.cn.
*************************************************************************************
范围解析域名
step1:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.yumzone.cn.zone
$TTL 86400
@ IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601
180
240
1D
86400)
IN NS chengyuncai.yumzone.cn.
chengyuncai IN A 10.1.1.127
$GENERATE 3-254 station$ IN A 10.1.1.$ 加上这个表示主机名station3-254的对应的是ip是10.1.1.3----254
step2:
[root@station127 ~]# /etc/init.d/named reload
重新载入 named: [确定] 重加DNS服务
step3:验证
[root@station127 ~]# nslookup station3.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station3.yumzone.cn
Address: 10.1.1.3
[root@station127 ~]# nslookup station4.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station4.yumzone.cn
Address: 10.1.1.4
[root@station127 ~]# nslookup station5.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station5.yumzone.cn
Address: 10.1.1.5
--------------------------------------------------------------------------------------
**************************************************************************************
从域名服务器那边的配置 (找台另台LINUX主机,我用的是在LINUX上安装了个虚拟机)
step1:登录到那台从域名服务器,当然也可以直接到那边做,配置好YUM,因为安装软件方面
[root@station127 ~]# ssh 10.1.1.209
The authenticity of host '10.1.1.209 (10.1.1.209)' can't be established.
RSA key fingerprint is b3:a8:8c:25:78:b6:40:75:b2:fe:9a:6b:94:e2:fb:3b.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.1.1.209' (RSA) to the list of known hosts.
root@10.1.1.209's password:
Last login: Sun May 16 11:40:10 2010
[root@station209 ~]# vim /etc/yum.repos.d/remote.repo
-------------------------------------------------------------------------------------
step2: 安装DNS相关的服务
[root@station209 ~]# yum install bind*
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Package 30:bind-sdb-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-libs-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-utils-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Nothing to do
You have new mail in /var/spool/mail/root
--------------------------------------------------------------------------------------
step3:手动建立从域名服务器的配置文件,并指定它的主域名服务器的ip地址
[root@station209 ~]# vim /var/named/chroot/etc/named.conf ----------------也是要手动建立的
options {
directory "/var/named";
};
zone "yumzone.cn" IN {
type slave; --------------定义类型为从
file "slaves/slave.yumzone.cn.zone"; ------ 定义从域名服务器区域文件的位置
masters { 10.1.1.127; }; --定义主域名服务器的IP 注意IP左右最好都有一个空格
};
--------------------------------------------------------------------------------------
step4:重启从域名服务器的DNS服务或是重加装载服务
[root@station209 ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
[root@station209 ~]# /etc/init.d/named reload
重新载入 named: [确定]
---------------------------------------------------------------------------
step5:验证
[root@station209 ~]# ls /var/named/chroot/var/named/slaves/slave.yumzone.cn.zone
/var/named/chroot/var/named/slaves/slave.yumzone.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day
yumzone.cn IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601 ; serial
180 ; refresh (3 minutes)
240 ; retry (4 minutes)
86400 ; expire (1 day)
86400 ; minimum (1 day)
)
NS chengyuncai.yumzone.cn.
$ORIGIN yumzone.cn.
chengyuncai A 10.1.1.127
station10 A 10.1.1.10
station100 A 10.1.1.100
station101 A 10.1.1.101
station102 A 10.1.1.102
station103 A 10.1.1.103
station104 A 10.1.1.104 -----看到了没,这些就是从主的10.1.1.127那台DNS服务器上得到的,从而实现了备用DNS的功能
station105 A 10.1.1.105
station106 A 10.1.1.106
station107 A 10.1.1.107
station108 A 10.1.1.108
station109 A 10.1.1.109
station11 A 10.1.1.11
station110 A 10.1.1.110
station111 A 10.1.1.111
station112 A 10.1.1.112
"/var/named/chroot/var/named/slaves/slave.yum
***********************************************************************************
排错:
如果不能下载过来:
ping一下是否能通
iptable -L 查看一下iptables是否打开 使用iptable -F 消除
getsebool -a 查看selinux是否打开
vim /etc/selinux/config
SELINUX=disabled --把enforcing改为disabled
[root@station209 ~]# tail /var/log/m
mail/ maillog maillog.1 messages messages.1
[root@station209 ~]# tail /var/log/messages
May 16 13:19:58 station209 named[26671]: the working directory is not writable
May 16 13:19:58 station209 named[26671]: running
May 16 13:19:58 station209 named[26671]: zone yumzone.cn/IN: Transfer started.
May 16 13:19:58 station209 named[26671]: transfer of 'yumzone.cn/IN' from 10.1.1.127#53: connected using 10.1.1.209#38080
May 16 13:19:58 station209 named[26671]: zone yumzone.cn/IN: transferred serial 2010051601
May 16 13:19:58 station209 named[26671]: transfer of 'yumzone.cn/IN' from 10.1.1.127#53: end of transfer
May 16 13:20:26 station209 named[26671]: loading configuration from '/etc/named.conf'
May 16 13:20:26 station209 named[26671]: using default UDP/IPv4 port range: [1024, 65535]
May 16 13:20:26 station209 named[26671]: using default UDP/IPv6 port range: [1024, 65535]
May 16 13:20:26 station209 named[26671]: the working directory is not writable
--从上面的日志可以看到从域名服务器在主域名服务下载传输的过程
************************************************************************************
域名服务器转发
1,单域转发
在主服务器的named.conf里加上
[root@station127 Desktop]# vim /var/named/chroot/etc/named.conf
zone "jordon.com" IN { --指定要转发的域
type forward; --类型为转发类型
forwarders { 10.1.1.1; }; --指定转发给谁
};
/etc/init.d/named reload --重装载
nslookup xxx.jordon.com --就可以查找59那台DNS服务器上zone文件里写上域名与IP的对应
2,完全转发
在主服务器的named.conf加上,一般用于内置服务器向外网的转化
options {
directory "/var/named";
forwarders { 10.1.1.1; };
forward only;
};
zone "yumzone.cn" IN {
type master;
file "data/master.yumzone.cn.zone";
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "data/master.1.1.10.in-addr.arpa.zone";
};
所要访问的网站的域名服务器是dns.linejet.com,域名解析的过程如下所示:
(1)客户机发出请求解析域名www.linejet.com的报文
(2)本地的域名服务器收到请求后, 查询本地缓存, 假设没有该纪录, 则本地域名服务器dns.company.com则向根域名服务器NS.INTER.NET发出请求解析域名www.linejet.com
(3)根域名服务器NS.INTER.NET收到请求后查询本地记录得到如下结果:linejet.com NS dns.linejet.com (表示linejet.com域中的域名服务器为:dns.linejet.com ),
同时给出dns.linejet.com的地址,并将结果返回给域名服务器dns.company.com。
(4)域名服务器dns.company.com 收到回应后,再发出请求解析域名www.linejet.com的报文。
(5)域名服务器 dns.linejet.com收到请求后,开始查询本地的记录,找到如下一条记录: www.linejet.com A 211.120.3.12 (表示linejet.com域中域名服务
器dns.linejet.com的IP地址为:211.120.3.12),并将结果返回给客户本地域名服务器dns.company.com。
(6)客户本地域名服务器将返回的结果保存到本地缓存,同时将结果返回给客户机。
这样就完成了一次域名解析过程,
*********************************************************************************************************************************************************************************
软件包;
bind.i386 --主服务软件包
bind-chroot.i386 -- 笼环境软件包
bind-devel.i386 --开发包
bind-libs.i386 --库文件
bind-utils.i386 --工具包
配置文件的目录:
没有安装bind-chroot.i386的话
配置文件为/etc/named.conf
/var/named
安装了bind-chroot.i386
配置文件为/var/named/chroot/etc/named.conf --默认没有
/var/named/chroot/var/named
从上面看到装了bind-chroot,笼环境为/var/named/chroot/
配置步骤:
1,编辑named.conf
2, 编辑zone区域文件
vim /var/named/chroot/etc/named.conf --手动建立
**********************************************************************************************************************************************************************************
查看DSN相关软件包
[root@station127 ~]# yum list |grep bind
This system is not registered with RHN.
RHN support will be disabled.
bind-libs.i386 30:9.3.6-4.P1.el5 installed
bind-utils.i386 30:9.3.6-4.P1.el5 installed
ypbind.i386 3:1.19-12.el5 installed
bind.i386 30:9.3.6-4.P1.el5_4.2 update
bind-chroot.i386 30:9.3.6-4.P1.el5_4.2 update
bind-devel.i386 30:9.3.6-4.P1.el5_4.2 update
bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2 update
bind-libs.i386 30:9.3.6-4.P1.el5_4.2 update
bind-sdb.i386 30:9.3.6-4.P1.el5_4.2 update
bind-utils.i386 30:9.3.6-4.P1.el5_4.2 update
kdebindings.i386 3.5.4-6.el5 Server
kdebindings-devel.i386 3.5.4-6.el5 Server
system-config-bind.noarch 4.0.3-4.el5 Server
You have new mail in /var/spool/mail/root
----------------------------------------------------------------
安装DNS相关软件包
[root@station127 ~]# yum install bind*
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-chroot.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-devel.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-libs.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-sdb.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
---> Package bind-utils.i386 30:9.3.6-4.P1.el5_4.2 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================
Installing:
bind i386 30:9.3.6-4.P1.el5_4.2 update 978 k
bind-chroot i386 30:9.3.6-4.P1.el5_4.2 update 44 k
bind-devel i386 30:9.3.6-4.P1.el5_4.2 update 2.8 M
bind-libbind-devel i386 30:9.3.6-4.P1.el5_4.2 update 441 k
bind-sdb i386 30:9.3.6-4.P1.el5_4.2 update 229 k
Updating:
bind-libs i386 30:9.3.6-4.P1.el5_4.2 update 857 k
bind-utils i386 30:9.3.6-4.P1.el5_4.2 update 170 k
Transaction Summary
=====================================================================================================================
Install 5 Package(s)
Update 2 Package(s)
Remove 0 Package(s)
Total download size: 5.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): bind-chroot-9.3.6-4.P1.el5_4.2.i386.rpm | 44 kB 00:00
(2/7): bind-utils-9.3.6-4.P1.el5_4.2.i386.rpm | 170 kB 00:00
(3/7): bind-sdb-9.3.6-4.P1.el5_4.2.i386.rpm | 229 kB 00:00
(4/7): bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386.rpm | 441 kB 00:00
(5/7): bind-libs-9.3.6-4.P1.el5_4.2.i386.rpm | 857 kB 00:00
(6/7): bind-9.3.6-4.P1.el5_4.2.i386.rpm | 978 kB 00:00
(7/7): bind-devel-9.3.6-4.P1.el5_4.2.i386.rpm | 2.8 MB 00:00
---------------------------------------------------------------------------------------------------------------------
Total 7.5 MB/s | 5.4 MB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bind-libs 1/9
Installing : bind 2/9
Installing : bind-libbind-devel 3/9
Updating : bind-utils 4/9
Installing : bind-devel 5/9
Installing : bind-sdb 6/9
Installing : bind-chroot 7/9
Cleanup : bind-libs 8/9
Cleanup : bind-utils 9/9
Installed:
bind.i386 30:9.3.6-4.P1.el5_4.2 bind-chroot.i386 30:9.3.6-4.P1.el5_4.2
bind-devel.i386 30:9.3.6-4.P1.el5_4.2 bind-libbind-devel.i386 30:9.3.6-4.P1.el5_4.2
bind-sdb.i386 30:9.3.6-4.P1.el5_4.2
Updated:
bind-libs.i386 30:9.3.6-4.P1.el5_4.2 bind-utils.i386 30:9.3.6-4.P1.el5_4.2
Complete!
----------------------------------------------------------------------------
******************************************************************************************************************************************************************************************************
正向DNS查询实验
step1: 手动建立一个named.conf文件
[root@station127 ~]# vim /var/named/chroot/etc/named.conf --手动建立
step2:写上下面的
options {
directory "/var/named"; --定义你的目录路径,指的是/var/named/chroot/var/named/
};
zone "yumzone.cn" IN { ---单独对yumzone.cn这个域的定义,注意“引号里不要有空格
type master; --定义dns服务器的类型为主
file "data/master.yumzone.cn.zone"; --定义存放域名和IP地址对应的区域文件存放的地方
};
---------------------------------------------------------------------------
step3:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.yumzone.cn.zone
$TTL 86400
@ IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601
180
240
1D
86400)
IN NS chengyuncai.yumzone.cn.
chengyuncai IN A 10.1.1.127
------------------------------------------------------------------------------
step4:重启服务
[root@station127 ~]# /etc/init.d/named restart
[root@station127 ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
-----------------------------------------------------------------------------------
step5:测试DNS正向查询
[root@station127 ~]# nslookup
> chengyuncai.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: chengyuncai.yumzone.cn
Address: 10.1.1.127
-----------------------------------------------------------------------------------------------------------------------
***********************************************************************************
反向解析实验
step1:
[root@station127 ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "yumzone.cn" IN {
type master;
file "data/master.yumzone.cn.zone";
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "data/master.1.1.10.in-addr.arpa.zone";
};
----------------------------------------------------------------------------------------------------------------------
step2:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.1.1.10.in-addr.arpa.zone
$TTL 86400
@ IN SOA 1.1.10.in-addr.arpa. root.yumzone.cn. (
2010051601
180
240
360
86400 )
IN NS chengyuncai.yumzone.cn.
127 IN PTR chengyuncai.yumzone.cn.
189 IN PTR station189.yumzone.cn.
-----------------------------------------------------------------------------------------------------------------------------------
step3:
测试反向DNS查询
[root@station127 ~]# /etc/init.d/named reload 重新载入 named: [确定]
--重装载配置,(当配置有改动时,不需要重启服务)
[root@station127 ~]# nslookup 10.1.1.127
Server: 10.1.1.127
Address: 10.1.1.127#53
127.1.1.10.in-addr.arpa name = chengyuncai.yumzone.cn.
*************************************************************************************
范围解析域名
step1:
[root@station127 ~]# vim /var/named/chroot/var/named/data/master.yumzone.cn.zone
$TTL 86400
@ IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601
180
240
1D
86400)
IN NS chengyuncai.yumzone.cn.
chengyuncai IN A 10.1.1.127
$GENERATE 3-254 station$ IN A 10.1.1.$ 加上这个表示主机名station3-254的对应的是ip是10.1.1.3----254
step2:
[root@station127 ~]# /etc/init.d/named reload
重新载入 named: [确定] 重加DNS服务
step3:验证
[root@station127 ~]# nslookup station3.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station3.yumzone.cn
Address: 10.1.1.3
[root@station127 ~]# nslookup station4.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station4.yumzone.cn
Address: 10.1.1.4
[root@station127 ~]# nslookup station5.yumzone.cn
Server: 10.1.1.127
Address: 10.1.1.127#53
Name: station5.yumzone.cn
Address: 10.1.1.5
--------------------------------------------------------------------------------------
**************************************************************************************
从域名服务器那边的配置 (找台另台LINUX主机,我用的是在LINUX上安装了个虚拟机)
step1:登录到那台从域名服务器,当然也可以直接到那边做,配置好YUM,因为安装软件方面
[root@station127 ~]# ssh 10.1.1.209
The authenticity of host '10.1.1.209 (10.1.1.209)' can't be established.
RSA key fingerprint is b3:a8:8c:25:78:b6:40:75:b2:fe:9a:6b:94:e2:fb:3b.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.1.1.209' (RSA) to the list of known hosts.
root@10.1.1.209's password:
Last login: Sun May 16 11:40:10 2010
[root@station209 ~]# vim /etc/yum.repos.d/remote.repo
-------------------------------------------------------------------------------------
step2: 安装DNS相关的服务
[root@station209 ~]# yum install bind*
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Package 30:bind-sdb-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-libs-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-utils-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Nothing to do
You have new mail in /var/spool/mail/root
--------------------------------------------------------------------------------------
step3:手动建立从域名服务器的配置文件,并指定它的主域名服务器的ip地址
[root@station209 ~]# vim /var/named/chroot/etc/named.conf ----------------也是要手动建立的
options {
directory "/var/named";
};
zone "yumzone.cn" IN {
type slave; --------------定义类型为从
file "slaves/slave.yumzone.cn.zone"; ------ 定义从域名服务器区域文件的位置
masters { 10.1.1.127; }; --定义主域名服务器的IP 注意IP左右最好都有一个空格
};
--------------------------------------------------------------------------------------
step4:重启从域名服务器的DNS服务或是重加装载服务
[root@station209 ~]# /etc/init.d/named restart
停止 named: [确定]
启动 named: [确定]
[root@station209 ~]# /etc/init.d/named reload
重新载入 named: [确定]
---------------------------------------------------------------------------
step5:验证
[root@station209 ~]# ls /var/named/chroot/var/named/slaves/slave.yumzone.cn.zone
/var/named/chroot/var/named/slaves/slave.yumzone.cn.zone
$ORIGIN .
$TTL 86400 ; 1 day
yumzone.cn IN SOA chengyuncai.yumzone.cn. root.yumzone.cn. (
2010051601 ; serial
180 ; refresh (3 minutes)
240 ; retry (4 minutes)
86400 ; expire (1 day)
86400 ; minimum (1 day)
)
NS chengyuncai.yumzone.cn.
$ORIGIN yumzone.cn.
chengyuncai A 10.1.1.127
station10 A 10.1.1.10
station100 A 10.1.1.100
station101 A 10.1.1.101
station102 A 10.1.1.102
station103 A 10.1.1.103
station104 A 10.1.1.104 -----看到了没,这些就是从主的10.1.1.127那台DNS服务器上得到的,从而实现了备用DNS的功能
station105 A 10.1.1.105
station106 A 10.1.1.106
station107 A 10.1.1.107
station108 A 10.1.1.108
station109 A 10.1.1.109
station11 A 10.1.1.11
station110 A 10.1.1.110
station111 A 10.1.1.111
station112 A 10.1.1.112
"/var/named/chroot/var/named/slaves/slave.yum
***********************************************************************************
排错:
如果不能下载过来:
ping一下是否能通
iptable -L 查看一下iptables是否打开 使用iptable -F 消除
getsebool -a 查看selinux是否打开
vim /etc/selinux/config
SELINUX=disabled --把enforcing改为disabled
[root@station209 ~]# tail /var/log/m
mail/ maillog maillog.1 messages messages.1
[root@station209 ~]# tail /var/log/messages
May 16 13:19:58 station209 named[26671]: the working directory is not writable
May 16 13:19:58 station209 named[26671]: running
May 16 13:19:58 station209 named[26671]: zone yumzone.cn/IN: Transfer started.
May 16 13:19:58 station209 named[26671]: transfer of 'yumzone.cn/IN' from 10.1.1.127#53: connected using 10.1.1.209#38080
May 16 13:19:58 station209 named[26671]: zone yumzone.cn/IN: transferred serial 2010051601
May 16 13:19:58 station209 named[26671]: transfer of 'yumzone.cn/IN' from 10.1.1.127#53: end of transfer
May 16 13:20:26 station209 named[26671]: loading configuration from '/etc/named.conf'
May 16 13:20:26 station209 named[26671]: using default UDP/IPv4 port range: [1024, 65535]
May 16 13:20:26 station209 named[26671]: using default UDP/IPv6 port range: [1024, 65535]
May 16 13:20:26 station209 named[26671]: the working directory is not writable
--从上面的日志可以看到从域名服务器在主域名服务下载传输的过程
************************************************************************************
域名服务器转发
1,单域转发
在主服务器的named.conf里加上
[root@station127 Desktop]# vim /var/named/chroot/etc/named.conf
zone "jordon.com" IN { --指定要转发的域
type forward; --类型为转发类型
forwarders { 10.1.1.1; }; --指定转发给谁
};
/etc/init.d/named reload --重装载
nslookup xxx.jordon.com --就可以查找59那台DNS服务器上zone文件里写上域名与IP的对应
2,完全转发
在主服务器的named.conf加上,一般用于内置服务器向外网的转化
options {
directory "/var/named";
forwarders { 10.1.1.1; };
forward only;
};
zone "yumzone.cn" IN {
type master;
file "data/master.yumzone.cn.zone";
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "data/master.1.1.10.in-addr.arpa.zone";
};
