一、实验环境:
操作系统:CentOS6.5
二、拓扑结构:
| 角色 | 主机名 | IP地址 |
| LDNS | DC01 | 192.168.2.2/24 |
| DNS | ns1 | 192.168.2.41/24 |
| www | VIP | 192.168.2.18/24 |
| EX2013A | 192.168.2.31/24 |
三、配置脚本
1)安装DNS服务:
[root@ns1 ~]# yum list bind* [root@ns1 ~]# yum install bind [root@ns1 ~]# ls /etc/|grep named # 安装完成之后配置文件自动生成 named named.conf named.iscdlv.key named.rfc1912.zones named.root.key [root@ns1 ~]# mv /etc/named.conf /etc/named.conf.ori # 此处我们不使用默认文件,手工配置服务参数
2)配置/etc/named.conf参数:
options {
directory "/var/named"; //DNS数据库位置
};
zone "." IN {
type hint;
file "named.ca"; // 指定全球13台根节点服务器所在位置
};
zone "localhost" IN { // 正向解析本机IP地址
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN { // 反向解析本机域名
type master;
file "named.local";
};
zone "stephenzhou.net" IN { // 添加域记录
type master;
file "stephenzhou.net.zone";
};并且需要修改配置文件属组:
[root@ns1 etc]# ll /etc/named.conf -rw-r--r--. 1 root root 220 Jul 10 23:24 /etc/named.conf [root@ns1 etc]# chown :named /etc/named.conf [root@ns1 etc]# ll /etc/named.conf -rw-r--r--. 1 root named 220 Jul 10 23:24 /etc/named.conf
3)配置named.ca:
[root@ns1 etc]# cd /var/named/ [root@ns1 named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@ns1 named]# dig -t NS . # 13台根域名服务器记录 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t NS . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51882 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 59687 IN NS k.root-servers.net. . 59687 IN NS j.root-servers.net. . 59687 IN NS f.root-servers.net. . 59687 IN NS m.root-servers.net. . 59687 IN NS e.root-servers.net. . 59687 IN NS d.root-servers.net. . 59687 IN NS c.root-servers.net. . 59687 IN NS l.root-servers.net. . 59687 IN NS b.root-servers.net. . 59687 IN NS g.root-servers.net. . 59687 IN NS i.root-servers.net. . 59687 IN NS h.root-servers.net. . 59687 IN NS a.root-servers.net. ;; Query time: 6 msec ;; SERVER: 116.228.111.118#53(116.228.111.118) ;; WHEN: Thu Jul 10 23:26:32 2014 ;; MSG SIZE rcvd: 228 [root@ns1 named]# mv named.ca named.ca.ori [root@ns1 named]# dig -t NS . > named.ca [root@ns1 named]# chown :named named.ca # 修改属组
4)配置localhost.zone正向解析文件:
$TTL 600 @ IN SOA localhost. admin.localhost. ( 2014071001 1H 10M 1W 1D ) IN NS localhost. localhost. IN A 127.0.0.1
5)配置named.local反向解析文件:
$TTL 600 @ IN SOA localhost. admin.localhost. ( 2014071101 1H 10M 1W 1D ) IN NS localhost. 1 IN PTR localhost.
6)配置stephenzhou.net.zone正向解析文件:
$TTL 600 $ORIGIN stephenzhou.net. @ IN SOA ns1.stephenzhou.net. administrator.stephenzhou.net. ( 2014071101 1H 10M 1W 1D ) IN NS ns1 IN MX 1 mail ns1 IN A 192.168.2.41 mail IN A 192.168.2.31 www IN A 192.168.2.18 autodiscover IN A 192.168.2.31
修改属组:
[root@ns1 named]# chown :named localhost.zone named.local stephenzhou.net.zone
7)测试DNS服务:
[root@ns1 named]# service named configtest zone localhost/IN: loaded serial 2014071001 zone 0.0.127.in-addr.arpa/IN: loaded serial 2014071101 [root@ns1 named]# rndc-confgen -r /dev/urandom -a # CentOS6.x必须单独写rndc.key文件 wrote key file "/etc/rndc.key" [root@ns1 named]# service named start Starting named: [ OK ] [root@ns1 named]# netstat -tunlp|grep :53 # 查看端口使用情况 tcp 0 0 192.168.3.41:53 0.0.0.0:* LISTEN 2204/named tcp 0 0 192.168.2.41:53 0.0.0.0:* LISTEN 2204/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2204/named udp 0 0 192.168.3.41:53 0.0.0.0:* 2204/named udp 0 0 192.168.2.41:53 0.0.0.0:* 2204/named udp 0 0 127.0.0.1:53 0.0.0.0:* 2204/named [root@ns1 named]# dig -t NS localhost # 查看本机正向解析 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t NS localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63358 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost. IN NS ;; ANSWER SECTION: localhost. 10800 IN NS localhost. ;; Query time: 7 msec ;; SERVER: 116.228.111.118#53(116.228.111.118) ;; WHEN: Fri Jul 11 00:13:43 2014 ;; MSG SIZE rcvd: 41 [root@ns1 named]# dig -x 127.0.0.1 # 查看本机反向解析 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39683 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 9945 IN PTR localhost. ;; Query time: 3 msec ;; SERVER: 116.228.111.118#53(116.228.111.118) ;; WHEN: Fri Jul 11 00:15:02 2014 ;; MSG SIZE rcvd: 63
8)修改LDNS:
[root@ns1 ~]# cat /etc/resolv.conf nameserver 192.168.2.2 nameserver 192.168.1.1
9)修改防火墙(分别添加tcp/udp的53号端口):
[root@ns1 named]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp --dport 53 -j ACCEPT -A INPUT -p udp --dport 53 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
10)测试结果:
本机:
[root@ns1 named]# dig -t NS stephenzhou.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t NS stephenzhou.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21983 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;stephenzhou.net. IN NS ;; ANSWER SECTION: stephenzhou.net. 600 IN NS ns1.stephenzhou.net. ;; ADDITIONAL SECTION: ns1.stephenzhou.net. 600 IN A 192.168.2.41 ;; Query time: 0 msec ;; SERVER: 192.168.2.41#53(192.168.2.41) ;; WHEN: Fri Jul 11 02:36:02 2014 ;; MSG SIZE rcvd: 67 [root@ns1 named]# dig mail.stephenzhou.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> mail.stephenzhou.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9155 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.stephenzhou.net. IN A ;; ANSWER SECTION: mail.stephenzhou.net. 600 IN A 192.168.2.31 ;; AUTHORITY SECTION: stephenzhou.net. 600 IN NS ns1.stephenzhou.net. ;; ADDITIONAL SECTION: ns1.stephenzhou.net. 600 IN A 192.168.2.41 ;; Query time: 0 msec ;; SERVER: 192.168.2.41#53(192.168.2.41) ;; WHEN: Fri Jul 11 02:32:34 2014 ;; MSG SIZE rcvd: 88 [root@ns1 named]# ll stephenzhou.net.zone -rw-r--r--. 1 root named 256 Jul 11 02:27 stephenzhou.net.zone [root@ns1 named]# dig -t A www.stephenzhou.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A www.stephenzhou.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40607 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.stephenzhou.net. IN A ;; ANSWER SECTION: www.stephenzhou.net. 600 IN A 192.168.2.18 ;; AUTHORITY SECTION: stephenzhou.net. 600 IN NS ns1.stephenzhou.net. ;; ADDITIONAL SECTION: ns1.stephenzhou.net. 600 IN A 192.168.2.41 ;; Query time: 0 msec ;; SERVER: 192.168.2.41#53(192.168.2.41) ;; WHEN: Fri Jul 11 02:33:53 2014 ;; MSG SIZE rcvd: 87 [root@ns1 named]# host -t A www.stephenzhou.net www.stephenzhou.net has address 192.168.2.18 [root@ns1 named]# host -t A mail.stephenzhou.net mail.stephenzhou.net has address 192.168.2.31 [root@ns1 named]# host -t NS stephenzhou.net stephenzhou.net name server ns1.stephenzhou.net. [root@ns1 named]# host -t MX stephenzhou.net stephenzhou.net mail is handled by 1 mail.stephenzhou.net.
远端:
