标签:dns
一实验准备工作
主DNS服务器
1.配置主机域名
[root@all ~]# hostname xuan.com ///临时修改名,永久修改需要去/etc/sysconfig/network 修改。然后记住在/etc/hosts 里更新自己的域,为了方便实验,先修改了名字
2.取消dhcp,ip地址改为静态
3.安装DNS
[root@xuan ~]# yum -y install bind
二配置DNS服务器
1.查看安装文件目录
[root@xuan ~]# rpm -ql bind
/etc/NetworkManager/dispatcher.d/13-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/portreserve/named
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
。
。
。
2.DNS自身配置文件更改
[root@xuan ~]# vim /etc/named.conf
options {
listen-on port 53 { any;}; //ipv4 表示监听的本机所有网卡
listen-on-v6 port 53 { any; }; //ipv6
directory "/var/named"; //数据存放目录
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //表示允许网络中所有主机来访问
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones"; //区域描述文件
include "/etc/named.root.key";
3.定义区域文件(区域文件可以直接在named.conf中添加也可以像下面样添加到自身配置文件定义的文件中)
[root@xuan ~]# vim/etc/named.rfc1912.zones //最后一行添加4条信息,两条正向两条方向解析
zone "baidu.com" IN {
type master; //指主域服务器
file "baidu.com.hosts"; //指定文件保存的名字,可以自定义,但一般遵循此规范
};
zone "qq.com" IN {
type master;
file "qq.com.hosts";
};
zone "2.21.222.in-addr.arpa" IN {
type master;
file "222.21.2.rev";
};
zone "33.16.172.in-addr.arpa" IN{
type master;
file "172.16.33.rev";
};
4.创建数据文件
(1) [root@xuan ~]# vim/var/named/baidu.com.hosts
$TTL 1D
@ IN SOA xuan.com user@xuan.com. (
201509160001
1D
1H
1W
3H )
IN NS xuan.com.
IN MX 5 xuan.com.
server2 IN A 222.21.2.21 //简单的负载均衡
server2 IN A 222.21.2.22 //
www IN A 172.16.33.33
ftp IN CNAME www //别名
(2)[root@xuan ~]# vim/var/named/qq.com.hosts
$TTL 1D
@ IN SOA xuan.com user@xuan.com. (
201509160005
1D
1H
1W
3H )
IN NS xuan.com.
IN MX 5 xuan.com.
server2 IN A 222.101.0.10
server2 IN A 222.101.0.11
www IN A 172.16.33.99
ftp IN CNAME www
(3)[root@xuan ~]# vim/var/named/222.21.2.rev
$TTL 1D
@ IN SOA xuan.com user@xuan.com.(
201509160003
3h
1h
1w
1h)
IN NS xuan.com.
21 IN PTR server2.baidu.com. //负载均衡的反向解析
22 IN PTR server2.baidu.com. //
(4)[root@xuan ~]# vim/var/named/172.16.33.rev
$TTL 1D
@ IN SOA xuan.com user@xuan.com.(
201509160003
3h
1h
1w
1h)
IN NS xuan.com.
33 IN PTR www.baidu.com.
33 IN PTR ftp.baidu.com.
99 IN PTR www.qq.com.
99 IN PTR ftp.qq.com.
5.重启DNS服务(如果报错可以根据/var/log/messages日志排错)
[root@xuan ~]# service named restart
停止 named: [确定]
启动 named: [确定]
6.测试
正向解析测试:
[root@xuan named]# nsloopup
bash: nsloopup: command not found
[root@xuan named]# nslookup
> www.baidu.com
Server: 172.16.30.97
Address: 172.16.30.97#53
Name: www.baidu.com
Address: 172.16.33.33
> ftp.qq.com
Server: 172.16.30.97
Address: 172.16.30.97#53
ftp.qq.com canonicalname = www.qq.com.
Name: www.qq.com
Address: 172.16.33.99
> server2.qq.com
Server: 172.16.30.97
Address: 172.16.30.97#53
Name: server2.qq.com
Address: 222.101.0.10
Name: server2.qq.com
Address: 222.101.0.11
反向解析测试:
> 172.16.33.33
Server: 172.16.30.97
Address: 172.16.30.97#53
33.33.16.172.in-addr.arpa name = www.baidu.com.
33.33.16.172.in-addr.arpa name = ftp.baidu.com.
> 172.16.33.99
Server: 172.16.30.97
Address: 172.16.30.97#53
99.33.16.172.in-addr.arpa name = ftp.qq.com.
99.33.16.172.in-addr.arpa name = www.qq.com.
> 222.21.2.21
Server: 172.16.30.97
Address: 172.16.30.97#53
21.2.21.222.in-addr.arpa name = server2.baidu.com.
> 222.21.2.22
Server: 172.16.30.97
Address: 172.16.30.97#53
22.2.21.222.in-addr.arpa name = server2.baidu.com.
辅助DNS服务器:
7.定义区域配置文件
[root@xuan ~]# vim/etc/named.rfc1912.zones //最后一行添加,这边只添加了一条正向解析,反向也是一样配置。只要指定主DNS服务器配置有相关域解析就能直接获取
zone "test.com" IN {
type slave;
file "slaves/test.com.hosts";
masters {172.16.30.53;};
};
8.配置好后重启服务
[root@xuan ~]# service named restart
停止 named: [确定]
启动 named: [确定]
9.查看slaves文件夹是否已经获取主服务器test.com的解析
[root@xuan ~]# cat/var/named/slaves/test.com.hosts
$ORIGIN .
$TTL 86400 ;1 day
test.com INSOA lhost4.test.com.root.lhost4.test.com. (
2015091602; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS lhost4.test.com.
MX 5 lhost4.test.com.
$ORIGIN test.com.
lhost4 A 172.16.30.1
win03 A 172.16.30.33
win04 A 172.16.30.44
10.测试从主DNS获取的解析
[root@xuan ~]# nslookup
> win03.test.com
Server: 172.16.30.97
Address: 172.16.30.97#53
Name: win03.test.com
Address: 172.16.30.33
> lhost4.test.com
Server: 172.16.30.97
Address: 172.16.30.97#53
Name: lhost4.test.com
Address: 172.16.30.1
以前自己自学linux时,感觉DNS挺难的,后来参加培训听老师讲后理解很多。自学那会在读大学,搭建DNS时是用的system-config-bind,视窗下搭建,只要理解了概念就比较简单。那时自己查阅了很多资料,视窗下搭建了智能DNS,因为自己是机房主管,所以利用机房里不同网段主机做客户机。等后面有时间,更新智能DNS的配置
本文出自 “一米阳光” 博客,请务必保留此出处http://sunshine3.blog.51cto.com/3988340/1703727
标签:dns
原文地址:http://sunshine3.blog.51cto.com/3988340/1703727
