DNS域名解析服务

来源：互联网发布：excel账单数据分列编辑：程序博客网时间：2024/06/04 19:58

DNS域名解析服务

准备工作：服务器端程序安装

bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm将根隐藏

[root@master vidoma]# mount/dev/cdrom /mnt/cdrom/

mount: block device /dev/sr0is write-protected, mounting read-only

[root@master vidoma]# cd/mnt/cdrom/Packages/

1.搭建主域名服务器

安装以上软件.

[root@master Packages]#ll /var/named/chroot/etc/ 无named.conf文件-主配置文件

total 12

-rw-r--r--. 1 root root 2819 Jul 31 02:24 localtime

drwxr-x---. 2 root named 4096Jun 9 2014 named

drwxr-x---. 3 root named 4096Jul 31 02:24 pki

cp -rv/usr/share/doc/bind-9.8.2/sample/etc/* /var/named/chroot/etc/

cp -rv/usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var/

将实例拷贝到chroot下

注意：以下配置主配置文件

[root@master Packages]# cd/var/named/chroot/

[root@master chroot]#vim etc/named.conf

options

{

// Put files that named is allowed towrite in the data/ directory:

directory "/var/named"; // "Working" directory

listen-on port 53 { 173.16.16.1; }; 监听本主机IP

allow-query {192.168.1.0/24; 173.16.16.0/24;};允许访问的主机

};

zone "venet.com" IN{

type master; 此ND为主DNS

file "venet.com.zone"; 文件名-此文件下要存储域内地址对用域名的数据

allow-transfer { 173.16.16.2; }; 允许下载的从服务器

};

zone"16.16.173.in-addr.arpa" IN { 允许逆向查找

type master;

file "173.16.16.arpa";

};

注意：现在开始配置区域文件

[root@master chroot]# vimvar/named/

data/ named.ca named.loopback

my.external.zone.db named.empty slaves/

my.internal.zone.db named.localhost

[root@master chroot]#cpvar/named/named.localhost var/named/venet.com.zone

[root@master chroot]#chown named:named var/named 将var/named/下的文件所有者，所有组改为named-服务名称，不然服务不能读这些文件。

[root@master chroot]# vimvar/named/venet.com.zone

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

AAAA ::1

@ IN NS ns1.venet.com.

IN MX 10 mail.venet.com.

ns1 IN A 58.119.74.203

www IN A 173.16.16.1

mail IN A 173.16.16.4

ftp IN CNAME www

www IN A 173.16.16.173

www IN A 173.16.16.174

www IN A 173.16.16.175

* IN A 173.16.16.173

[root@master chroot]#cpvar/named/named.localhost var/named/173.16.16.arpa

[root@master chroot]# vimvar/named/173.16.16.arpa如果不能写入就检查写权限

$TTL1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

NS @

A 127.0.0.1

AAAA ::1

1 IN PTR www.venet.com.

4 IN PTR mail.venet.com.

[root@master named]# vi/etc/resolv.conf nameserver改为173.16.16.1

[root@master chroot]#service iptables stop

[root@master chroot]#getenforce

Enforcing

[root@master chroot]#setenforce 0

[root@master chroot]#getenforce

Permissive

[root@master named]# servicenamed reload

Reloading named: [ OK ]

验证结果：

[root@master named]# hostwww.venet.com

www.venet.com has address173.16.16.1

[root@master named]# hostmail.venet.com

mail.venet.com has address173.16.16.4

[root@master named]# host173.16.16.4 逆向查找

4.16.16.173.in-addr.arpadomain name pointer mail.venet.com.

[root@master named]#

2.搭建缓存DNS

准备工作与上同

[root@localhost chroot]#cp-rv /usr/share/doc/bind-9.8.2/sample/etc/* /var/named/chroot/etc/

[root@localhost chroot]#cp-rv /usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var/

以上两步养成习惯—复制模板

[root@localhost ~]# vi /etc/named.conf

options

{

// Put files that named is allowed towrite in the data/ directory:

directory "/var/named"; // "Working" directory

dump-file "data/cache_dump.db";

statistics-file "data/named_stats.txt";

listen-on port 53 { 192.168.0.35; };

listen-on-v6 port 53 { ::1; };

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { 192.168.0.0/24; };

recursion yes;

forwarders { 202.96.69.38;8.8.8.8; };

};

zone "." IN {

type hint;

file"/var/named/named.ca";

};

将服务器的DNS改为自己

[root@localhost chroot]# vi/etc/resolv.conf

[root@localhost chroot]# nslookup www.goole.com

Server: 192.168.0.35

Address: 192.168.0.35#53

Non-authoritative answer:

Name: www.goole.com

Address: 87.106.83.127

3.搭建从DNS服务器

准备工作同上,将从服务器Ip设置为 173.16.16.2

[root@localhost etc]# tail-2/etc/hosts 手动去添加

173.16.16.1 ns1.venet.com ns1

173.16.16.2 ns2.venet.com ns2

[root@localhost etc]# tail-2/etc/resolv.conf

nameserver 173.16.16.1

nameserver 173.16.16.2

主服务器配置

options {

directory "/var/named";

};

zone "venet.com" IN{

type master;

file "venet.com.zone";

allow-transfer {173.16.16.2; };

};

zone"16.16.173.in-addr.arpa" IN {

type master;

file "173.16.16.arpa";

allow-transfer { 173.16.16.2; };

};

[root@localhost named]# vivenet.com.zone 区域文件中添加

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns1.venet.com.

IN MX 10 mail.venet.com.

www IN A 173.16.16.1

mail IN A 173.16.16.4

ftp IN CNAME www

ns1 IN A 173.16.16.1

ns2 IN A 173.16.16.2

[root@localhost named]#named-checkzone venet.com venet.com.zone

zone venet.com/IN: loadedserial 0

[root@localhost named]#vim 173.16.16.arpa 区域逆向查找文件中添加

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

NS @

A 127.0.0.1

AAAA ::1

1 IN PTR www.venet.com.

2 IN PTR mail.venet.com.

3 IN PTR study.venet.com.

[root@localhost named]#named-checkzone 16.16.173.in-addr.arpa 173.16.16.arpa

zone16.16.173.in-addr.arpa/IN: loaded serial 0

从服务器配置：

[root@slave chroot ]# vi etc/named.conf

options {

directory "/var/named";

};

zone "venet.com" IN{

type slave;

masters { 173.16.16.1; };

file"slaves/venet.com.zone";

};

zone"16.16.173.in-addr.arpa" IN {

type slave;

masters { 173.16.16.1; };

file "slaves/173.16.16.arpa";

};

[root@slave chroot ]#cp -rv /usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var因为从服务没有slaver,所以咱拷贝一个

[root@slave chroot ]#cdvar/named

[root@slave named ]#chown –R named:named .当前目录下所有文件修改所有者,所属组. –R递归（即对slave等文件内的文件也生效）

关闭防火墙，selinux，启动named服务或重启加载服务。

查看slaves文件下有没有从主DNS上将区域文件同步过来。

同步成功：检测

阅读全文

0 0