安装DNS服务器
[root@vhost01 ~]# yum install bind bind-chroot bind-utils
将原本的named.conf备份,并将模版文件复制过来(直接修改named.conf 不行)
[root@vhost01 etc]# cp named.conf named.conf.bk
[root@vhost01 etc]# cp /usr/share/doc/bind-9.8.2/sample/etc/named.conf .
一、配置缓存服务器
1、配置named.conf
[root@vhost01 etc]# vim named.conf
options
{
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { 222.192.72.129; }; // 监听端口53,监听地址222.192.72.129,也可设置成any
allow-query { any; }; // 修改成any
allow-query-cache { any; }; // 修改成any
recursion yes;
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
2、修改resolv.conf 配置文件,将DNS设置成本身,测试缓存
[root@vhost01 etc]# vim /etc/resolv.conf
nameserver 222.192.72.129 // 设置成本机IP
3、启动named服务(第一次启动会比较慢)
[root@vhost01 etc]# vim /etc/resolv.conf
[root@vhost01 etc]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
4、测试解析www.baidu.com
[root@vhost01 etc]# nslookup www.baidu.com
Server: 222.192.72.129
Address: 222.192.72.129#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 220.181.112.143
Name: www.a.shifen.com
Address: 220.181.111.148
缓存的效果是,第一次解析会比较慢,第一次之后解析很快
==========================================================
二、配置正向解析DNS服务器(129)
(1)配置named.conf
[root@vhost01 etc]# vim named.conf
options
{
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { any; }; // 监听所有端口
allow-query { 222.192.72.0/24; }; // 允许222.192.72.0/24 的网段查询
allow-query-cache { any; }; // 允许缓存
recursion yes;
};
logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { // 设置根域查询
type hint;
file "/var/named/named.ca";
};
zone "rhce.com" { // 设置域名rhce.com
type master;
file "rhce.com.zone.db";
};
(2)修改named.conf权限
将新建的named.conf 权限等修改为640 并且属组为named,否则启动服务会报错
[root@vhost01 etc]# chmod 640 /etc/named.conf
[root@vhost01 etc]# chown root.named /etc/named.conf
[root@vhost01 etc]# ll |grep named.conf
-rw-r-----. 1 root named 554 1月 13 08:56 named.conf
(3)创建库文件(管理域名下面的主机)
[root@vhost01 ~]# cd /var/named/
[root@vhost01 named]# vim rhce.com.zone.db
$TTL 1D
@ in soa dns.rhce.com. root 1 3H 15M 1W 1D
ns dns.rhce.com.
dns A 222.192.72.129
www A 222.192.72.128
bbs A 222.192.72.130
(4)修改权限
[root@vhost01 named]# chmod 640 rhce.com.zone.db
[root@vhost01 named]# chown root
[root@vhost01 named]# ll rhce.com.zone.db
-rw-r-----. 1 root named 132 1月 13 09:05 rhce.com.zone.db
.named rhce.com.zone.db
(5)重启服务
[root@vhost01 ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
(6)测试解析
[root@vhost01 named]# nslookup www.rhce.com
Server: 222.192.72.129
Address: 222.192.72.129#53
Name: www.rhce.com
Address: 222.192.72.128
====================================================================
三、转发服务器(128)
示意图如下:
www.rhce.com 222.192.72.129
130 -> 128-> 129
DNS服务器 222.192.72.129
转发DNS服务器 222.192.72.130
1、配置DNS转发服务器
[root@vhost02 ~]# yum install bind bind-chroot bind-utils
[root@vhost02 ~]# cp /etc/named.conf /etc/named.conf.bk
[root@vhost02 ~]# cp /usr/share/doc/bind-9.8.2/sample/etc/named.conf /etc/
(1)配置named.conf 文件
options
options
{
directory "/var/named";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; }; // 注释掉IPv6 的53端口
allow-query { any; };
allow-query-cache { any; };
recursion yes;
forwarders { 222.192.72.129; }; // 设置转发到129 DNS服务器上
};
(2)检查文件权限
[root@vhost02 ~]# ll /etc/named.conf
-rw-r-----. 1 root named 349 1月 13 08:55 /etc/named.conf
(3)启动服务
[root@vhost02 ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
(4)配置转发服务器(128)resolv.conf 文件
将DNS 服务器地址设置成222.192.72.128(本机)
配置转发服务器(129)resolv.conf 文件
将DNS 服务器地址设置成222.192.72.129(本机)
配置转发服务器(130)resolv.conf 文件
将DNS 服务器地址设置成222.192.72.128(转发DNS服务器)
即128作为转发DNS服务器,不负责域名解析,所有解析都转发给129去完成 (5)测试域名解析
[root@client ~]# nslookup www.rhce.com
Server: 222.192.72.128
Address: 222.192.72.128#53
Non-authoritative answer:
Name: www.rhce.com
Address: 222.192.72.128
[root@client ~]# nslookup bbs.rhce.com
Server: 222.192.72.128
Address: 222.192.72.128#53
Non-authoritative answer:
Name: bbs.rhce.com
Address: 222.192.72.130
注意:配置完成若不能正常解析,看/var/log/messages 有如下错误:
Nov 10 09:10:49 centos6-1 named[10407]: error (broken trust chain) resolving 'mail.ab.lm.com.dlv.isc.org/DLV/IN': 199.254.63.254#53
Nov 10 09:10:49 centos6-1 named[10407]: error (broken trust chain) resolving 'mail.ab.lm.com/A/IN': 192.168.1.206#53
编辑named.conf 并将dnssec 相关的注释掉即可。
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
resursion 递归功能的选项是必须开启的
allow-cache { any;}; 允许缓存这个选项默认是开启的。 ===========================================================
四、DNS反向解析
(1)配置named.conf (128)
添加以下反向解析域
zone "72.192.222.in-addr.arpa" IN{
type master;
file "222.192.72.zone.db";
};
(2) 创建库文件
[root@vhost01 named]# pwd
/var/named
[root@vhost01 named]# cp -a rhce.com.zone.db 222.192.72.zone.db
[root@vhost01 named]# vim 222.192.72.zone.db
$TTL 1D
@ in soa dns.rhce.com. root 1 3H 15M 1W 1D
ns dns.rhce.com.
129 PTR dns.rhce.com.
128 PTR www.rhce.com.
130 PTR bbs.rhce.com.
(3)重启服务
[root@vhost01 named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
(4)测试
[root@vhost02 ~]# nslookup www.rhce.com
Server: 222.192.72.128
Address: 222.192.72.128#53
Non-authoritative answer:
Name: www.rhce.com
Address: 222.192.72.128
[root@vhost02 ~]# nslookup 222.192.72.128
Server: 222.192.72.128
Address: 222.192.72.128#53
Non-authoritative answer:
128.72.192.222.in-addr.arpa name = www.rhce.com.
Authoritative answers can be found from:
72.192.222.in-addr.arpa nameserver = dns.rhce.com.
dns.rhce.com internet address = 222.192.72.129
=========================================================
五、DNS 主从服务器
主服务器 222.192.72.129
从服务器 222.192.72.128
主服务器允许从服务器的同步(正解,反解)
(1)配置主DNS服务器
zone "rhce.com" {
type master;
file "rhce.com.zone.db";
allow-transfer { 222.192.72.128; }; // 在正向解析中添加
};
重启服务
[root@vhost01 named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
(2)配置从服务器
options
{
directory "/var/named";
};
zone "rhce.com" IN {
type slave;
file "slave/slave.rhce.com.zone";
masters{ 222.192.72.129; }; // 指定从哪个服务器接收
};
重启从服务器
[root@vhost02 ~]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
可以看到从主机上同步过去的配置文件 [root@vhost02 ~]# ls /var/named/chroot/var/named/slaves/
slave.rhce.com.zone
[root@vhost02 ~]# cat /var/named/chroot/var/named/slaves/slave.rhce.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
rhce.com IN SOA dns.rhce.com. root.rhce.com. (
1 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.rhce.com.
$ORIGIN rhce.com.
bbs A 222.192.72.130
dns A 222.192.72.129
www A 222.192.72.128
注意:修改主配置服务器配置需要修改序号
例如新增了 222.192.72.131这台FTP 服务器
$TTL 1D
@ in soa dns.rhce.com. root 1 3H 15M 1W 1D
ns dns.rhce.com.
dns A 222.192.72.129
www A 222.192.72.128
bbs A 222.192.72.130
ftp A 222.192.72.131
从服务器并不会主动同步,这时候需要在主配置服务器上修改序列号
@in soa dns.rhce.com. root 2 3H 15M 1W 1D