服务管理——DNS
来源:互联网 发布:阿里云小号 编辑:程序博客网 时间:2024/05/17 03:59
服务管理——DNS
分类: Linux Linux Server Deployment2013-09-21 17:45 145人阅读 评论(0) 收藏 举报
LinuxDNS服务管理
目录(?)[+]
一 DNS相关知识
什么是DNS服务器
DNS,即Domain Name System,域比如名服务器,实现域名和IP地址对应的解析。将www.baidu.com 转换成某个IP地址,或者将某个IP映射成www.baidu.com。
这里有个小疑问,没有域名服务器是否可以可以正常上网?答案是当然可以。我们可以使用IP地址,但是输入域名无法访问。根域是一个点(.),下面还有子域,比如熟知的com、net、cn、net、org,某个子域,比如com之下,又有163、baidu……,baidu下又有zhidao、wenku……。根域服务器,全球有13台,亚洲有一台在日本。DNS是怎么解析的呢?有两种方式,第一是递归查询:本级不知道,上一级知道,然后沿路返回;第二是迭代查询:上一级给你信息,自己查询。本机配置DNS成功后不被认可,即不能在公网上跑,需要被上一级管理才行。
sql
常用的DNS服务器
bind:最流行的DNS服务器 (公司用)
mydns:和数据库进行集成(域名提供商,发便用户注册),写到数据库里
下面我们讲解DNS的用法,包括DNS正解配置、DNS配置mail服务器、DNS——配置别名、DNS——通配符、DNS做负载均衡、DNS配置——反解、DNS转发、DNS主从服务器、子域授权、DNS高级视图、/etc/named.conf:41: open: /etc/named.acl.dx:file not found解决。
二 DNS配置——正解
- #DNS配置——正解(域名转换成IP地址)
- #Serv01:DNS服务器
- #Serv02:测试用
- --第一步,serv01安装bind
- #安装bind
- [root@serv01~]# yum install bind* -y
- --第二步,修改配置文件named.conf
- [root@serv01~]# /etc/named.conf
- #查询
- [root@serv01~]# rpm -qa|grep bind
- [root@serv01~]# rpm -ql bind|less
- #编辑文件
- [root@serv01~]# vim /etc/named.conf
- options {
- #监听端口 IP地址
- #listen-onport 53 { 127.0.0.1; };
- #监听任何IP地址
- listen-on port 53 { any; };
- listen-on-v6 port 53 { ::1; };
- #指定根目录
- directory "/var/named";
- #对Cache进行备份
- dump-file "/var/named/data/cache_dump.db";
- #静态文件
- statistics-file"/var/named/data/named_stats.txt";
- #内存静态文件
- memstatistics-file"/var/named/data/named_mem_stats.txt";
- #允许查询的IP地址
- #allow-query { localhost; };
- #允许查询所有的IP地址进行查询
- allow-query { any; };
- #默认递归查询
- recursion yes;
- #安全相关的
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- };
- #根域服务器
- zone "." IN {
- type hint;
- file "named.ca";
- };
- #区域文件
- include"/etc/named.rfc1912.zones";
- [root@serv01~]# ls /var/named/
- chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
- #根域服务器的相关信息
- [root@serv01~]# cat /var/named/named.ca
- ;<<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS .@a.root-servers.net
- ;; globaloptions: printcmd
- ;; Gotanswer:
- ;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
- ;; flags:qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
- ;; OPTPSEUDOSECTION:
- ; EDNS:version: 0, flags:; udp: 4096
- ;;QUESTION SECTION:
- ;. IN NS
- ;; ANSWERSECTION:
- . 518400 IN NS M.ROOT-SERVERS.NET.
- . 518400 IN NS A.ROOT-SERVERS.NET.
- . 518400 IN NS B.ROOT-SERVERS.NET.
- . 518400 IN NS C.ROOT-SERVERS.NET.
- . 518400 IN NS D.ROOT-SERVERS.NET.
- . 518400 IN NS E.ROOT-SERVERS.NET.
- . 518400 IN NS F.ROOT-SERVERS.NET.
- . 518400 IN NS G.ROOT-SERVERS.NET.
- . 518400 IN NS H.ROOT-SERVERS.NET.
- . 518400 IN NS I.ROOT-SERVERS.NET.
- . 518400 IN NS J.ROOT-SERVERS.NET.
- . 518400 IN NS K.ROOT-SERVERS.NET.
- . 518400 IN NS L.ROOT-SERVERS.NET.
- ;;ADDITIONAL SECTION:
- #13台根域服务器
- A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
- A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
- B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
- C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
- D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
- E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
- F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
- F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
- G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
- H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
- H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
- I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
- J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
- J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
- K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
- K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
- L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
- M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
- M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
- ;; Querytime: 147 msec
- ;;SERVER: 198.41.0.4#53(198.41.0.4)
- ;; WHEN:Mon Feb 18 13:29:18 2008
- ;; MSGSIZE rcvd: 615
- #本地域名的解析
- [root@larrywen0808]# ping localhost.localdomain
- PINGlocalhost (127.0.0.1) 56(84) bytes of data.
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.024 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.026 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.025 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.027 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.026 ms
- 64 bytesfrom localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.026 ms
- ^C
- ---localhost ping statistics ---
- 6 packetstransmitted, 6 received, 0% packet loss, time 5624ms
- rttmin/avg/max/mdev = 0.024/0.025/0.027/0.005 ms
- --第三步,修改配置文件named.rfc1912.zones
- [root@serv01~]# tail -n5 /etc/named.rfc1912.zones
- zone"hongyi.com" IN {
- typemaster;
- #域名和IP地址的对应关系的存放文件
- file"hongyi.com.zone";
- #不允许更新
- allow-update{none;};
- };
- #保持属性保持一致(所属组)
- [root@serv01named]# cp named.localhost hongyi.com.zone -a
- [root@serv01named]# ll named.localhost hongyi.com.zone
- -rw-r-----.1 root named 152 Jun 21 2007hongyi.com.zone
- -rw-r-----.1 root named 152 Jun 21 2007 named.localhost
- --第四步,拷贝文件,修改hongyi.com.zone文件
- $TTL 1D
- #注意后面有点
- @ IN SOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- #和前面的DNS保持一致
- NS dns.hongyi.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.88
- #文件配置项解析
- [root@serv01~]# cat /var/named/named.localhost
- $TTL 1D
- #@:域名 hongyi.com
- #rname.invalid:出了问题,发送邮件地址
- @ IN SOA @rname.invalid. (
- #序列号,主从服务器更新需要。版本号,文件修改的次数
- 0 ;serial
- #从服务器更新刷新的时间
- 1D ; refresh
- #没有刷新成功,重试时间
- 1H ; retry
- #如果还没成功,失效的时间
- 1W ; expire
- #有效时间:三个小时
- 3H) ; minimum
- #和前面保持一致
- NS @
- A 127.0.0.1
- AAAA ::1
- #最终配置结果
- #/etc/named.conf配置文件
- options {
- listen-on port 53 { any; };
- listen-on-v6 port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursion yes;
- dnssec-enable yes;
- dnssec-validation yes;
- dnssec-lookaside auto;
- /* Path to ISC DLV key */
- bindkeys-file "/etc/named.iscdlv.key";
- };
- #/etc/named.rfc1912.zones配置
- zone "hongyi.com" IN {
- type master;
- file "hongyi.com.zone";
- allow-update {none;};
- };
- #/var/named/hongyi.com.zone 配置
- $TTL 1D
- #注意后面有点
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- #和前面的DNS保持一致
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- www INA 192.168.1.88
- --第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: [ OK ]
- Starting named: [ OK ]
- --第六步,使用dig测试,查看是否配置成功
- [root@serv01 named]# dig www.hongyi.com
- ; <<>> DiG9.7.3-RedHat-9.7.3-2.el6 <<>> www.hongyi.com
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 61132
- ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 1
- ;; QUESTION SECTION:
- ;www.hongyi.com. IN A
- ;; ANSWER SECTION:
- www.hongyi.com. 86400 IN A 192.168.1.88
- ;; AUTHORITY SECTION:
- hongyi.com. 86400 IN NS dns.hongyi.com.
- ;; ADDITIONAL SECTION:
- dns.hongyi.com. 86400 IN A 192.168.1.11
- ;; Query time: 0 msec
- ;; SERVER: 127.0.0.1#53(127.0.0.1)
- ;; WHEN: Thu Aug 8 18:40:12 2013
- ;; MSG SIZE rcvd: 82
- #查看简短的信息
- [root@serv01 named]# dig www.hongyi.com+short
- 192.168.1.88
- --第七步,serv01能ping通域名
- #不能ping通
- [root@serv01 named]# ping www.hongyi.com
- ping: unknown host www.hongyi.com
- #不能ping通
- [root@serv01 named]# ping dns.hongyi.com
- ping: unknown host dns.hongyi.com
- #在resolv.conf文件中加入nameserver
- [root@serv01 ~]# vim /etc/resolv.conf
- [root@serv01 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- #现在可以ping了,可以解析对应的IP地址
- [root@serv01 ~]# ping www.hongyi.com
- PING www.hongyi.com (192.168.1.88) 56(84)bytes of data.
- ^C
- --- www.hongyi.com ping statistics ---
- 2 packets transmitted, 0 received, 100%packet loss, time 1161ms
- #可以ping通dns服务器
- [root@serv01 ~]# ping dns.hongyi.com
- PING dns.hongyi.com (192.168.1.11) 56(84)bytes of data.
- 64 bytes from 192.168.1.11: icmp_seq=1 ttl=64time=0.020 ms
- 64 bytes from 192.168.1.11: icmp_seq=2 ttl=64time=0.071 ms
- 64 bytes from 192.168.1.11: icmp_seq=3 ttl=64time=0.039 ms
- 64 bytes from 192.168.1.11: icmp_seq=4 ttl=64time=0.041 ms
- ^C
- --- dns.hongyi.com ping statistics ---
- 4 packets transmitted, 4 received, 0% packetloss, time 3316ms
- rtt min/avg/max/mdev = 0.020/0.042/0.071/0.019ms
- --第八步,server02测试
- [root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
- [root@serv02 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- [root@serv02 ~]# yum install bind-utils -y
- [root@serv02 ~]# dig www.hongyi.com +short
- 192.168.1.88
- [root@serv02 ~]# nslookup www.hongyi.com
- Server: 192.168.1.11
- Address: 192.168.1.11#53
- Name: www.hongyi.com
- Address: 192.168.1.88
- --第九步,增加其他的解析
- [root@serv01 named]# vim/var/named/hongyi.com.zone
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- [root@serv01 named]# cat/var/named/hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- www INA 192.168.1.88
- ftp INA 192.168.1.89
- #或者这样
- ftp.hongiy.com. IN A 192.168.1.89
- hongiy.com. INMX 5 mail
- mail IN A 192.168.1.90
- [root@serv01 named]# dig ftp.hongyi.com+short
- 192.168.1.89
三 DNS——配置mail服务器
- --第一步,修改配置文件hongyi.com.zone
- [root@serv01 named]# vim hongyi.com.zone
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- #第一种配置,指定全名
- hongyi.com. INMX 5 mail
- mail IN A 192.168.1.90
- --第二步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第三步,检测是否配置成功
- [root@serv01 named]# dig -t mx hongyi.com.+short
- 5 mail.hongyi.com.
- --第四步,查看第二种配置
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ IN SOAdns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- #继承自根
- INMX 5 mail.hongyi.com.
- mail.hongyi.com. IN A 192.168.1.90
- [root@serv01 named]# dig -t mx hongyi.com.+short
- 5 mail.hongyi.com.
四 DNS——配置别名
- --第一步,修改配置文件
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ IN SOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- NS dns.hongyi.com.
- IN MX 5 mail.hongyi.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.88
- ftp IN A 192.168.1.89
- mail.hongyi.com. IN A 192.168.1.90
- smtp IN CNAME mail.hongyi.com.
- pop3 IN CNAME mail.hongyi.com.
- --第二步,重启服务
- [root@serv01 named]# /etc/init.d/named restart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第三步,测试
- [root@serv01 named]# dig -t mx hongyi.com. +short
- 5 mail.hongyi.com.
- [root@serv01 named]# dig pop3.hongyi.com +short
- mail.hongyi.com.
- 192.168.1.90
- [root@serv01 named]# dig smtp.hongyi.com +short
- mail.hongyi.com.
- 192.168.1.90
五 DNS——通配符
- #通配符(其他的不受影响)
- --第一步,修改配置文件
- [root@serv01 named]# vim hongyi.com.zone
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- * INA 192.168.1.88
- --第二步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第三步,测试。只要不在DNS配置项里域名都被解析成192.168.1.88
- 192.168.1.88
- [root@serv01 named]# dig mail.hongyi.com+short
- 192.168.1.88
- [root@serv01 named]# dig xxxx.hongyi.com+short
- 192.168.1.88
- #这个不能检测处IP
- [root@serv01 named]# dig hongyi.com +short
- [root@serv01 named]#
- #把hongyi.com.加上
- [root@serv01 named]# vim hongyi.com.zone
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- hongyi.com. IN A 192.168.1.88
- * INA 192.168.1.88
- #重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- #可以正常匹配出IP
- [root@serv01 named]# dig hongyi.com +short
- 192.168.1.88
- [root@serv01 named]# vim hongyi.com.zone
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- INMX 5 mail.hongyi.com.
- mail.hongyi.com IN A 192.168.0.90
- dns INA 192.168.1.11
- hongyi.com. IN A 192.168.1.88
- * INA 192.168.1.88
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- [root@serv01 named]# dig -t mx hongyi.com.+short
- 5 mail.hongyi.com.
- [root@serv01 named]# dig mail.hongyi.com.+short
- 192.168.1.88
- #本机有效,不循环查找
- [root@serv01 named]# ping -c 2www.larrywen.com
- PING www.larrywen.com (192.168.1.11) 56(84)bytes of data.
- 64 bytes from www.larrywen.com(192.168.1.11): icmp_seq=1 ttl=64 time=0.023 ms
- 64 bytes from www.larrywen.com(192.168.1.11): icmp_seq=2 ttl=64 time=0.039 ms
- --- www.larrywen.com ping statistics ---
- 2 packets transmitted, 2 received, 0% packetloss, time 999ms
- rtt min/avg/max/mdev =0.023/0.031/0.039/0.008 ms
- [root@serv01 named]# vim /etc/hosts
- [root@serv01 named]# tail -n1 /etc/hosts
- 192.168.1.11 www.larrywen.com
六 DNS做负载均衡
- #一个域名解析成多个IP地址
- --第一步,修改配置文件
- [root@serv01 named]# vim hongyi.com.zone
- [root@serv01 named]# cat hongyi.com.zone
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- dns INA 192.168.1.11
- www INA 192.168.1.88
- www INA 192.168.1.188
- --第二步,启动服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第三步,测试
- [root@serv01 named]# dig www.hongyi.com+short
- 192.168.1.88
- 192.168.1.188
- #不建议这样使用,因为会出现Session不一致的问题
七 DNS配置——反解
反解:IP地址解析成域名,比如192.168.1.88解析成www.hongyi.com.反解邮件服务器用得较多。
- --第一步,修改配置文件named.conf,和正解保持不变
- [root@serv01 named]# cat /etc/named.conf
- #搭建DNS——正解 反解都配置
- options {
- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- --第二步,修改配置文件/etc/named.rfc1912.zones
- [root@serv01 named]# vim/etc/named.rfc1912.zones
- [root@serv01 named]# tail -n5/etc/named.rfc1912.zones
- zone "1.168.192.in-addr.arpa" IN {
- type master;
- file "hongyi.com.rev";
- allow-update { none; };
- };
- [root@serv01 named]# tail -n5/etc/named.rfc1912.zones
- zone "1.168.192.in-addr.arpa" IN {
- type master;
- file "hongyi.com.rev";
- allow-update { none;};
- };
- --第三步,拷贝模板文件,并修改
- --#记住一定要有-a或者-p参数,保持属性不变
- [root@serv01 named]# cp named.localhosthongyi.com.rev -a
- [root@serv01 named]# ll hongyi.com.revhongyi.com.zone named.localhost
- -rw-r-----. 1 root named212 Aug 8 21:52 hongyi.com.rev
- -rw-r-----. 1 root named203 Aug 8 21:47 hongyi.com.zone
- -rw-r-----. 1 root named152 Jun 21 2007 named.localhost
- #如果组不是named,使用chgrp改变文件所属组
- [root@serv01 named]# chgrp namedhongyi.com.rev
- [root@serv03 named]# cat hongyi.com.rev
- $TTL 1D
- @ INSOA dns.hongyi.com. root.hongyi.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hongyi.com.
- 11 IN PTR dns.hongyi.com.
- 88 IN PTR www.hongyi.com.
- --第四步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第五步,dig命令检查
- [root@serv01 named]# dig -x 192.168.1.88+short
- www.hongyi.com.
八 DNS转发
DNS转发网络拓扑结构图,如图一:
图一 DNS转发网络拓扑结构图
serv01配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv01 named]# yum install bind* -y
- --第二步,修改named.conf文件,修改如下
- [root@serv01 named]# vim /etc/named.conf
- [root@serv01 named]# cat /etc/named.conf
- options {
- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- forwarders {192.168.1.12;};
- recursionyes;
- #dnssec-enableyes;
- #dnssec-validationyes;
- #dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- [root@serv01 named]# tail -n5/etc/named.rfc1912.zones
- zone "justdb.com" IN {
- typemaster;
- file"justdb.com.zone";
- allow-update{ none; };
- };
- --第三步,拷贝文件,注意加上-a或者-p参数
- [root@serv01 named]# cp named.localhostjustdb.com.zone -a
- --第四步,编辑justdb.com.zone文件
- [root@serv01 named]# cat justdb.com.zone
- $TTL 1D
- @ INSOA dns.justdb.com. root.justdb.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.justdb.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.66
- [root@serv01 named]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
- inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
- --第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第六步,测试本机
- [root@serv01 named]# dig www.justdb.com+short
- 192.168.1.66
serv02配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv02 named]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
- inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:2943 errors:0 dropped:0overruns:0 frame:0
- TX packets:1728 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:265863 (259.6 KiB) TXbytes:279067 (272.5 KiB)
- [root@serv01 named]# yum install bind* -y
- --第二步,修改named.conf文件,修改如下
- root@serv02 named]# vim /etc/named.conf
- [root@serv02 named]# cat /etc/named.conf
- options {
- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- [root@serv02 named]# tail -n6/etc/named.rfc1912.zones
- zone "larrywen.com" IN {
- type master;
- file "larrywen.com.zone";
- allow-update { none; };
- };
- --第三步,拷贝文件,注意加上-a或者-p参数
- [root@serv02 named]# cp named.localhostlarrywen.com.zone -a
- --第四步,编辑larrywen.com.zone文件
- [root@serv02 named]# cat larrywen.com.zone
- $TTL 1D
- @ INSOA dns.larrywen.com. root.larrywen.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.larrywen.com.
- dns IN A 192.168.1.12
- www IN A 192.168.1.88
- --第五步,重启服务
- [root@serv02 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- --第六步,测试本机
- [root@serv02 named]# dig www.larrywen.com+short
- 192.168.1.88
serv03 测试机配置
- --第一步,安装bind-util
- [root@serv03 ~]# yum install bind-util* -y
- --第二步,配置默认的dns
- [root@serv03 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- --第三步,测试www.justdb.com
- [root@serv03 ~]# dig www.justdb.com +short
- 192.168.1.66
- --第四步,测试www.larrywen.com
- [root@serv03 ~]# dig www.larrywen.com +short
- 192.168.1.88
九 DNS主从服务器
从服务器自动成主服务器中同步数据
#serv01:主服务器 IP:192.168.1.11
#serv02:从服务器,主服务器发生变化,从服务器更新 IP 192.168.1.12
#serv03:测试机 IP:192.168.1.13
网络拓扑结构图如图二:
图二 DNS主从服务器网络拓扑结构图
server01配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv01 named]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
- inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
- [root@serv01 named]# yum install bind* -y
- --第二步,修改named.conf文件,修改如下
- [root@serv01 named]# vim /etc/named.conf
- [root@serv01 named]# cat /etc/named.conf
- options {
- -- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- --allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- [root@serv01 named]# tail -n7/etc/named.rfc1912.zones
- zone "justdb.com" IN {
- type master;
- file "justdb.com.zone";
- -- allow-transfer {192.168.1.12;};
- notify yes;
- also-notify { 192.168.1.12;};
- };
- --第三步,拷贝文件,注意加上-a或者-p参数
- [root@serv01 named]# cp named.localhostjustdb.com.zone -a
- --第四步,编辑justdb.com.zone文件
- [root@serv01 named]# cat justdb.com.zone
- $TTL 1D
- @ INSOA dns.justdb.com. root.justdb.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.justdb.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.66
- --第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
server02配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv02 slaves]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
- inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
- TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
- [root@serv01 named]# yum install bind* -y
- --第二步,修改named.conf文件,修改如下
- [root@serv01 named]# vim /etc/named.conf
- [root@serv01 named]# cat /etc/named.conf
- options {
- --listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- -- allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- --第三步,修改named.rfc1912.zones 文件,修改如下
- [root@serv02 slaves]# tail -n5/etc/named.rfc1912.zones
- zone "justdb.com" IN {
- type slave;
- file "slaves/justdb.com.zone";
- masters {192.168.1.11;};
- };
- --第四步,重启服务
- [root@serv02 slaves]# /etc/init.d/namedrestart
- Stopping named: [ OK ]
- Starting named: [ OK ]
- --第五步,进入slaves目录,发现自动生成了文件
- [root@serv02 named]# cd slaves/
- [root@serv02 slaves]# ll
- total 0
- [root@serv02 slaves]# ll
- total 4
- -rw-r--r—. 1 named named 330 Aug 8 23:43 justdb.com.zone
- [root@serv02 slaves]# cat justdb.com.zone
- $ORIGIN .
- $TTL 86400 ;1 day
- justdb.com INSOA dns.justdb.com. root.justdb.com. (
- 0 ; serial
- 86400 ; refresh (1 day)
- 3600 ; retry (1 hour)
- 604800 ; expire (1 week)
- 10800 ; minimum (3 hours)
- )
- NS dns.justdb.com.
- $ORIGIN justdb.com.
- dns A 192.168.1.11
- www A 192.168.1.66
测试
- --第一步,server01加入新的地址,重启服务
- [root@serv01 named]# vim justdb.com.zone
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
- [root@serv01 named]# cat justdb.com.zone
- $TTL 1D
- @ INSOA dns.justdb.com. root.justdb.com. (
- -- #注意把serial改成1,不要和以前的保持一致
- -- 1 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.justdb.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.66
- ftp IN A 192.168.1.88
- --第二步,server02查看文件,发现更新成功
- [root@serv02 slaves]# cat justdb.com.zone
- $ORIGIN .
- $TTL 86400 ;1 day
- justdb.com INSOA dns.justdb.com. root.justdb.com. (
- 1 ; serial
- 86400 ; refresh (1 day)
- 3600 ; retry (1 hour)
- 604800 ; expire (1 week)
- 10800 ; minimum (3 hours)
- )
- NS dns.justdb.com.
- $ORIGIN justdb.com.
- dns A 192.168.1.11
- --ftp A 192.168.1.88
- www A 192.168.1.66
- --#序列号只能改大,不能改小
- #删除后也可以同步
server03配置
可以使用dig测试双方同步的数据是否一致
十 子域授权
子级DNS服务器(子域授权)
#serv01
jutdb.com 192.168.1.11
web.justdb.com
web.hb.justdb.com
web.xn.justdb.com 192.168.1.12
#客户端192.168.1.13
#nameserver配置成192.168.1.11
#DNS转发:域名之间无关系
#子欲授权:域名之间有关系
网络拓扑结构图如图三:
图三 DNS子域授权网络拓扑结构图
serv01配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv01 named]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
- inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
- TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
- [root@serv01 named]# yum install bind* -y>/dev/null 2>&1
- --第二步,修改named.conf文件,修改如下
- [root@serv01 named]# vim /etc/named.conf
- [root@serv01 named]# cat /etc/named.conf
- options {
- --listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- -- allow-query { any; };<
- recursionyes;
- --#dnssec-enable yes;
- #dnssec-validationyes;
- #dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- [root@serv01 named]# tail -n7/etc/named.rfc1912.zones
- zone "justdb.com" IN {
- type master;
- file "justdb.com.zone";
- allow-update { none; };
- };
- zone "hb.justdb.com" IN {
- type master;
- file "hb.justdb.com.zone";
- allow-update { none; };
- };
- --第三步,拷贝文件,注意加上-a或者-p参数
- [root@serv01 named]# cp named.localhostjustdb.com.zone -av
- [root@serv01 named]# cp named.localhosthb.justdb.com.zone -av
- --第四步,编辑justdb.com.zone和hb.justdb.com.zone文件
- [root@serv01 named]# cat justdb.com.zone
- $TTL 1D
- @ INSOA dns.justdb.com. root.justdb.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.justdb.com.
- dns IN A 192.168.1.11
- web IN A 192.168.1.88
- [root@serv01 named]# cat hb.justdb.com.zone
- $TTL 1D
- @ INSOA dns.hb.justdb.com.root.hb.justdb.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.hb.justdb.com.
- dns IN A 192.168.1.11
- web IN A 192.168.1.89
- --第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
serv02配置
- --第一步,查看本机IP,通过yum源安装bind
- [root@serv02 slaves]# ifconfig eth0
- eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
- inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
- TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
- [root@serv01 named]# yum install bind* -y>/dev/null 2>&1
- --第二步,修改named.conf文件,修改如下
- [root@serv01 named]# vim /etc/named.conf
- [root@serv01 named]# cat /etc/named.conf
- options {
- -- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- --allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- --第三步,修改named.rfc1912.zones 文件,修改如下
- [root@serv02 named]# tail -n5/etc/named.rfc1912.zones
- zone "xn.justdb.com" IN {
- typemaster;
- file"xn.justdb.com.zone";
- allow-update{ none;};
- };
- --第四步,重启服务
- [root@serv02 slaves]# /etc/init.d/namedrestart
- Stopping named: [ OK ]
- Starting named: [ OK ]
实现功能
- --第一步,serv01修改配置文件。添加如下两行
- [root@serv01 named]# cat justdb.com.zone
- $TTL 1D
- @ INSOA dns.justdb.com root.justdb.com. (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.justdb.com.
- dns IN A 192.168.1.11
- web IN A 192.168.1.88
- --xn.justdb.com. IN NS dns.xn.justdb.com.
- dns.xn.justdb.com. IN A 192.168.1.12
- --第二步,serv03安装bind-util
- [root@serv03 ~]# yum install bind-util* -y> /dev/null 2>&1
- --第三步,serv03修改resolv配置文件
- [root@serv03 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
- [root@serv03 ~]# cat /etc/resolv.conf
- nameserver 192.168.1.11
- --第四步,进行测试
- [root@serv03 ~]# dig web.justdb.com +short
- 192.168.1.88
- [root@serv03 ~]# dig web.hb.justdb.com +short
- 192.168.1.89
- [root@serv03 ~]# dig web.xn.justdb.com +short
- 192.168.1.90
十一 DNS高级视图
应用场景:不同的IP访问相同的域名,转到各自运营商的服务器
网络拓扑结构图如图四
图四 DNS高级视图网络拓扑结构图
serv01配置
- --第一步,IP地址配置如下
- [root@serv01 ~]# ifconfig eth0|grep"inet addr"
- inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
- [root@serv01 ~]# ifconfig eth1|grep"inet addr"
- inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
- [root@serv01 ~]# ifconfig |grep -A 1 eth
- eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
- inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
- --
- eth1 Link encap:Ethernet HWaddr00:0C:29:07:DD:45
- inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
- [root@serv02 ~]# man named.conf
- --第二步,安装bind
- [root@serv01 named]# yum install bind* -y
- [root@serv01 named]# cat /etc/named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as alocalhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ forexample named configuration files.
- //
- options {
- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- logging {
- channel default_debug {
- file"data/named.run";
- severity dynamic;
- };
- };
- #注释或者删除以下几行内容
- #zone "." IN {
- # typehint;
- # file"named.ca";
- #};
- #如果这几行存在,重启服务会报如下错误:
- Error in named configuration:
- /etc/named.conf:35: when using 'view'statements, all zones must be in views
- [FAILED]
- #注释此行
- #include"/etc/named.rfc1912.zones";
- acl dx {
- 192.168.1.10;
- 192.168.1.11;
- 192.168.1.12;
- 192.168.1.13;
- 192.168.1.14;
- };
- acl wt {
- 172.16.1.10;
- 172.16.1.11;
- 172.16.1.12;
- 172.16.1.13;
- 172.16.1.14;
- };
- view dianxin {
- match-clients{"dx";};
- zone "." IN {
- type hint;
- file "named.ca";
- };
- #在此处进入命令模式,执行以下命令,将文件里的内容拷贝过来。
- r !cat /etc/named.rfc1912.zones
- zone "localhost.localdomain" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "localhost" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "1.0.0.127.in-addr.arpa" IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "0.in-addr.arpa" IN {
- typemaster;
- file"named.empty";
- allow-update{ none; };
- };
- zone "larrywen.com" {
- typemaster;
- file"larrywen.com.zone.dx";
- allow-update{ none;};
- };
- };
- view wangtong {
- match-clients{"wt";};
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost.localdomain" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "localhost" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "1.0.0.127.in-addr.arpa" IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "0.in-addr.arpa" IN {
- typemaster;
- file"named.empty";
- allow-update{ none; };
- };
- zone "larrywen.com" {
- typemaster;
- file"larrywen.com.zone.wt";
- allow-update{ none;};
- };
- };
- --第三步,拷贝并编辑larrywen.com.zone.dx文件
- [root@serv01 named]# cp named.localhost larrywen.com.zone.dx-a
- [root@serv01 named]# vimlarrywen.com.zone.dx
- [root@serv01 named]# catlarrywen.com.zone.dx
- $TTL 1D
- @ INSOA dns.larrywen.com. root.larrywen.com.(
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.larrywen.com.
- dns IN A 192.168.1.11
- www IN A 192.168.1.88
- --第四步,拷贝并编辑larrywen.com.zone.wt 文件
- [root@serv01 named]# cp named.localhostlarrywen.com.zone.wt-a
- [root@serv01 named]# vim larrywen.com.zone.wt
- [root@serv01 named]# cat larrywen.com.zone.wt
- $TTL 1D
- @ INSOA dns.larrywen.com. root.larrywen.com.(
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H) ; minimum
- NS dns.larrywen.com.
- dns IN A 172.16.1.11
- www IN A 172.16.1.88
- --第五步,重启服务
- [root@serv01 named]# /etc/init.d/namedrestart
- Stopping named: . [ OK ]
- Starting named: [ OK ]
serv02 测试
- --第一步,配置IP
- [root@serv02 ~]# ifconfig eth0|grep"inet addr"
- inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
- --第二步,安装bind-utils工具
- [root@serv02 ~]# yum install bind-utils-y
- --第三步,配置DNS
- [root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
- --第四步,检测
- [root@serv02 ~]# dig www.larrywen.com +short
- 192.168.1.88
- [root@serv02 ~]# ifconfig|grep -A 1 eth
- eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
- inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
serv03测试
- --第一步,配置IP
- [root@serv03 ~]# ifconfig eth0|grep"inet addr"
- inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
- [root@serv03 ~]# ifconfig eth1|grep"inet addr"
- inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
- [root@serv03 ~]# ifconfig|grep -A 1 eth
- eth0 Link encap:Ethernet HWaddr00:0C:29:BD:08:05
- inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
- --
- eth1 Link encap:Ethernet HWaddr00:0C:29:BD:08:0F
- inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
- --第二步,安装bind-utils工具
- [root@serv02 ~]# yum install bind-utils-y
- --第三步,配置DNS
- [root@serv03 ~]# echo "nameserver172.16.1.11" > /etc/resolv.conf
- --第四步,检测
- [root@serv03 ~]# dig www.larrywen.com +short
- 172.16.1.88
十二 /etc/named.conf:41: open: /etc/named.acl.dx: file not found解决
chroot:笼环境,阻止因软件的漏洞而任意切换根目录
chroot:虚拟根目录
- [root@serv01 etc]# ls -l /etc/named.conf/var/named/chroot/etc/named.conf -i
- 131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /etc/named.conf
- 131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /var/named/chroot/etc/named.conf
- --第一步,写到配置文件(named.conf)中
- [root@serv01 etc]# cat named.conf
- //
- // named.conf
- //
- // Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
- // server as a caching only nameserver (as alocalhost DNS resolver only).
- //
- // See /usr/share/doc/bind*/sample/ forexample named configuration files.
- //
- options {
- listen-onport 53 { any; };
- listen-on-v6port 53 { ::1; };
- directory "/var/named";
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- memstatistics-file "/var/named/data/named_mem_stats.txt";
- allow-query { any; };
- recursionyes;
- dnssec-enableyes;
- dnssec-validationyes;
- dnssec-lookasideauto;
- /*Path to ISC DLV key */
- bindkeys-file"/etc/named.iscdlv.key";
- };
- logging {
- channel default_debug {
- file"data/named.run";
- severity dynamic;
- };
- };
- #zone "." IN {
- # typehint;
- # file"named.ca";
- #};
- #include "/etc/named.rfc1912.zones";
- include"/etc/named.acl.dx";
- include"/etc/named.acl.wt";
- view dianxin {
- match-clients{"dx";};
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost.localdomain" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "localhost" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "1.0.0.127.in-addr.arpa" IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "0.in-addr.arpa" IN {
- typemaster;
- file"named.empty";
- allow-update{ none; };
- };
- zone "larrywen.com" {
- typemaster;
- file"larrywen.com.zone.dx";
- allow-update{ none;};
- };
- };
- view wangtong {
- match-clients{"wt";};
- zone "." IN {
- type hint;
- file "named.ca";
- };
- zone "localhost.localdomain" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone "localhost" IN {
- typemaster;
- file"named.localhost";
- allow-update{ none; };
- };
- zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "1.0.0.127.in-addr.arpa" IN {
- typemaster;
- file"named.loopback";
- allow-update{ none; };
- };
- zone "0.in-addr.arpa" IN {
- typemaster;
- file"named.empty";
- allow-update{ none; };
- };
- zone "larrywen.com" {
- typemaster;
- file"larrywen.com.zone.wt";
- allow-update{ none;};
- };
- };
- --第二步,查看配置文件
- [root@serv01 etc]# vim /etc/named.acl.dx
- [root@serv01 etc]# cat /etc/named.acl.dx
- acl dx {
- 192.168.1.10;
- 192.168.1.11;
- 192.168.1.12;
- 192.168.1.13;
- 192.168.1.14;
- };
- [root@serv01 etc]# vim /etc/named.acl.wt
- [root@serv01 etc]# cat /etc/named.acl.wt
- acl wt {
- 172.16.1.10;
- 172.16.1.11;
- 172.16.1.12;
- 172.16.1.13;
- 172.16.1.14;
- };
- --第三步,重启服务,发生错误
- [root@serv01 etc]# /etc/init.d/namedrestart
- Stopping named: [ OK ]
- Starting named:
- Error in named configuration:
- /etc/named.conf:41: open: /etc/named.acl.dx:file not found
- [FAILED]
- --第四步,解决问题(将etc目录下的named文件拷贝到 /var/named/chroot/etc/)
- [root@serv01 etc]# cd /var/named/
- chroot/ dynamic/ larrywen.com.zone.wt named.empty named.loopback
- data/ larrywen.com.zone.dx named.ca named.localhost slaves/
- [root@serv01 etc]# cd /var/named/chroot/etc/
- [root@serv01 etc]# ll
- total 12
- -rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
- drwxr-x---. 2 root named 4096 Mar 28 2011 named
- drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
- [root@serv01 etc]# cp /etc/named* ./ -a
- [root@serv01 etc]# ll
- total 36
- -rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
- drwxr-x---. 2 root named 4096 Mar 28 2011 named
- -rw-r-----. 1 root named 123 Aug 12 19:49 named.acl.dx
- -rw-r-----. 1 root named 118 Aug 12 19:50 named.acl.wt
- -rw-r-----. 1 root named 2450 Aug 12 19:54named.conf
- -rw-r--r--. 1 root named 2544 Mar 28 2011 named.iscdlv.key
- -rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones
- -rw-r--r--. 1 root named 487 Mar 28 2011 named.root.key
- drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
- [root@serv01 etc]# /etc/init.d/named restart
- Stopping named: [ OK ]
- Starting named: [ OK ]
我的邮箱:wgbno27@163.com 新浪微博:@Wentasy27 微信公众平台:JustOracle(微信号:justoracle) 数据库技术交流群:336882565(加群时验证 From CSDN XXX) By Larry Wen
- 服务管理——DNS
- 服务管理——DNS
- DNS服务及其管理
- linux 服务——DNS服务
- CentOS6服务管理之DNS-主从DNS服务器的搭建
- 企业级Linux服务攻略——DNS服务全攻略
- 学习运维——高速缓存DNS的服务配置
- DNS服务
- DNS服务
- DNS 服务
- DNS服务
- DNS服务
- dns服务
- dns服务
- DNS服务
- DHCP/DNS服务器配置与管理——1
- DHCP/DNS服务器配置与管理——2
- DHCP/DNS服务器配置与管理——3
- 如何判断Javascript对象是否存在
- 焦点图(图片左右预览)
- 打开word开始出现windows installer
- auto CAD .NET二次开发 之 视图操作(1)通过视图类型改变视图
- c/c++ 管道编程
- 服务管理——DNS
- 用户、组或角色'xxx'在当前数据库中已存在
- Android签名总结
- sharepoint 2013 Field Element (List)
- 标准库函数对象应用举例
- 规则引擎中如何审核发布规则学习笔记
- IBM websphere commerce后台开发步骤
- java版 MAC ANSI x 9.9 算法
- sqldeveloper 安装
