BIND9 DNS 小环境搭建实验
来源:互联网 发布:外网端口查询 编辑:程序博客网 时间:2024/05/21 17:10
BIND9 DNS 小环境搭建实验
2013.8.22
Author: db.
转载请注明出处。
1. 服务器基本配置
1) 主根服务器 192.168.56.101
2) 从根服务器 192.168.56.102
3) COM服务器 192.168.56.103
4) 解析服务器 192.168.56.104
2. 编译及安装BIND9
1) # tar xvf bind-9.6.1.tar.gz
# cd bind-9.6.1
# ./configure --prefix=/usr/local/named --enable-threads
//开启多线程处理能力
# make && make install
2) 从rndc.conf文件中提取named.conf用的key
# cd /usr/local/named
# sbin/rndc-confgen > etc/rndc.conf
#cd etc/
# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf
# cat named.conf
#
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
以上环境安装设置在每台服务器上是一样的。
3. 配置主根服务器 在IP为192.168.56.101的服务器上
1) 打开named.conf, 添加如下内容
# vi named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named/";
pid-file "/var/named/named.pid";
recursion no;
};
zone "." IN {
type master;
file "db.root";
allow-transfer {192.168.56.102;};
};
其中: recursion no; 关闭递归查询。
allow-transfer {192.168.56.102;}; 允许区域传送,且仅对给出的IP地址的服务器
有效。 这里192.168.56.102是我们的从根服务器
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
$TTL 86400
@ IN SOA @ root (
12169
1m
1m
1m
1m )
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似
My.com 所对应的地址
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
# dig @192.168.56.101 . NS
root@simba-1:/var/named# dig @192.168.56.101 . NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS root.ns.
;; ADDITIONAL SECTION:
root.ns. 86400 IN A 192.168.56.101
;; Query time: 19 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:15:38 2013
;; MSG SIZE rcvd: 64
# dig @192.168.56.101 com. NS
root@simba-1:/var/named# dig @192.168.56.101 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 17 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:18:16 2013
;; MSG SIZE rcvd: 65
4. 配置从根服务器 在IP为192.168.56.102上
1) 打开named.conf, 添加如下内容
# vi named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "JaHjteR5sZxVrMWWcOne9g==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
transfer-format many-answers;
recursion no;
};
zone "." IN {
type slave;
file "db.root";
masters { 192.168.56.101; };
};
其中: recursion no; 关闭递归查询。
masters {192.168.56.101;}; 指明主服务器地址,这样就可以根据SOA中指定
的刷新时间去与主根同步
2) 创建区配置文件
# cd /var
# mkdir named
从服务器不需要手动建立 区域文件。因为从服务器会自动向主服务器更新。
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
等待一段时间,确定已经获取到了区文件
# ls /var/named/
db.root
# dig @192.168.56.102 . NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS root.ns.
;; ADDITIONAL SECTION:
root.ns. 86400 IN A 192.168.56.101
;; Query time: 12 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:27:18 2013
;; MSG SIZE rcvd: 64
# dig @192.168.56.102 com. NS
root@simba-2:/usr/local/named/etc# dig @192.168.56.102 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 19 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:35:10 2013
;; MSG SIZE rcvd: 65
5. 配置COM服务器 在服务器192.168.56.103上
1) 打开named.conf, 添加如下内容
# vi named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "kMOStrdGYC5WmE1obk7LJg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-query {any;};
recursion no;
};
zone "." IN {
type hint;
file "db.root";
};
zone "com." IN {
type master;
file "db.com";
};
其中: recursion no; 关闭递归查询。
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
$TTL 86000
@ IN SOA @ root (
1
1m
1m
1m
1m
)
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似
My.com 所对应的地址
该文件和主服务器上的db.root一样
# vi db.com
$TTL 86400
@ IN SOA @ root (
2
1m
1m
1m
1m
)
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
my.com. IN A 192.168.56.201
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
# dig @192.168.56.103 com. NS
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; ANSWER SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 21 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:45:15 2013
;; MSG SIZE rcvd: 65
# dig @192.168.56.103 my.com. A
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com. IN A
;; ANSWER SECTION:
my.com. 86400 IN A 192.168.56.201
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 17 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:46:41 2013
;; MSG SIZE rcvd: 84
6. 配置解析服务器 在服务器 192.168.56.104上
1) 打开named.conf, 添加如下内容
# vi named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "kMOStrdGYC5WmE1obk7LJg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-query {any;};
recursion yes;
allow-recursion {any;};
};
zone "." IN {
type hint;
file "db.root";
};
其中: recursion yes; 打开递归查询。
allow-recursion {any;}; 也是打开递归查询的另一个方法,具体区别再次不表。
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
$TTL 8600
@ IN SOA @ root (
1
1m
1m
1m
1m
)
. IN NS root.ns.
root.ns. IN A 192.168.56.101
其中: 这里只需给出根 的NS 和A 记录即可
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
Dig 默认是发送递归查询
# dig @192.168.56.104 com. SOA
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN SOA
;; ANSWER SECTION:
com. 86358 IN SOA com. root.com. 2 60 60 60 60
;; AUTHORITY SECTION:
com. 86354 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86354 IN A 192.168.56.103
;; Query time: 16 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:52:46 2013
;; MSG SIZE rcvd: 106
可以看出 ;; flags: qr rd ra; 此处没有aa, 表明是非 权威查询
# dig @192.168.56.104 my.com. A
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com. IN A
;; ANSWER SECTION:
my.com. 86286 IN A 192.168.56.201
;; AUTHORITY SECTION:
com. 86259 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86259 IN A 192.168.56.103
;; Query time: 15 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:54:21 2013
;; MSG SIZE rcvd: 84
后面在写篇讲 在BIND9 上开启 DNSSEC的文章。
- BIND9 DNS 小环境搭建实验
- BIND9私有DNS服务器小环境搭建实验
- Ubuntu 12.04 搭建bind9域名服务器实验
- Ubuntu 12.04 搭建bind9域名服务器实验
- DNS Bind9 配置小记
- DNS和bind9相关
- DNS bind9配置
- dns-bind9.3
- BIND9.9.9配置DNS
- bind9(DNS服务)错误信息
- [DNS] BIND9详解 BIND9配置方法
- DNS Bind9 错误排除(TroubleShooting)
- Debian 配置Bind9 DNS服务器
- Bind9的dns解析服务
- Centos Bind9 DNS 服务器架设
- Centos Bind9 DNS 服务器架设
- DNS Bind9在windows7下
- Windows 2003 DNS环境搭建
- 采用MQTT协议实现Android消息推送
- ubuntu下安装openfire 心得
- 安装QT集成开发环境
- 【主机插电源发出报警声】
- Python Special Method Names
- BIND9 DNS 小环境搭建实验
- Python 编程常见问题
- TCP IP学习笔记1:基本概念
- java 日期各种样式转化函数集合
- Segmentation fault (core dumped)调试信息处理方式
- ClistCtrl
- C#导出Excel文件Demo(Asp.Net也可用)
- 解决办法Android中Error generating final archive: Debug certificate expired on
- Java 多线程下的单例模式的设计
