Linux下DNS服务器的配置
来源:互联网 发布:淘宝晚班客服 编辑:程序博客网 时间:2024/05/04 03:55
整体介绍
DNS服务器的分类
- 主DNS服务器
- 承担本域内主要DNS解析任务的服务器;
- 辅助NDS服务器
- 顾名思义,起铺助作用,其解析库是从主DNS服务器复制过来的;
- 缓存服务器
- 仅用于查询并缓存查询到的结果;
DNS服务器的程序
- bind
- 安装
yum install bind
- 配置文件及其他相关文件:
- 全局配置文件:/etc/named.conf;
- 主配置文件:/etc/named.rfc1912.zones;
- 解析库文件:/var/named/named.ZONE_NAME或
/var/named/ZONE_NAME.zone - 日志文件:/var/log/messages
配置文件及解析库文件说明
- /etc/named.conf
全局配置文件
options { listen-on port 53 { 192.168.1.108; 127.0.0.1; }; #说明了监听端口,花括号中应指明监听对外的IP; listen-on-v6 port 53 { ::1; }; #对应的ipv6端口和IP定义; directory "/var/named"; #指定named服务的工作目录,默认即可; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";// allow-query { localhost; }; #允许在此服务器进行查询的主机列表; #可以使用“//”将本行注释掉或在列表中添加“any”对象; #也可以直接指定IP或者网段,例如: allow-query { localhost; 192.168.1.0/24; }; #也可以使用acl(Access Control List)定义一个list:// acl testg1 { 192.168.1.0/24; 192.168.2.2; };// allow-query { testg1; }; recursion yes; #是否作为递归服务器,yes即可;// dnssec-enable yes;// dnssec-validation yes;// dnssec-lookaside auto; #将这些行注释掉即可; /* Path to ISC DLV key */// bindkeys-file "/etc/named.iscdlv.key";// managed-keys-directory "/var/named/dynamic";};logging { channel default_debug { file "data/named.run"; severity dynamic; };}; #logging与日志有关,默认即可;zone "." IN { type hint; file "named.ca";}; #定义了一个hint类型的zone,用以指向顶级域“.”; #zone的定义,也可以定义在/etc/named.rfc1912.zones文件中;include "/etc/named.rfc1912.zones"; #将主配置文件包含进来; #此配置文件中定义了各种zone;include "/etc/named.root.key";
- 主配置文件: /etc/named.rfc1912.zones
- 此文件定义了域名解析用到的zone的定义(但不是zone文件)。
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; };}; # 本地查询的定义;zone "localhost" IN { type master; file "named.localhost"; allow-update { none; };}; # 本地查询的定义;zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; };}; #ipv6的反向解析zone的定义;zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; };}; #ipv4的反向解析zone的定义;zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; };};//下为我自己添加的zone;zone "mysite.com" IN { type master;//master,主DNS服务器;slave,铺助DNS服务器;forward,转发服务器; file "mysite.com.zone";//zone文件名; allow-update { none; };};
- zone文件的说明
- 此文件定义了域名解析的主要内容:IP与域名的对应关系;
- zone文件的group应修改为named,否则named服务无法读取你的zone文件;
- 以下面的内容为例,此内容为我为本次实验专门编写的;
- 文件名为mysite.com.zone;(mysite.com是站点域名。)
$ORIGIN mysite.com. ; Domain name$TTL 86400 ;Time to Live (TTL)// TTL,其他服务器缓存本服务器查询记录的保存时间;@ IN SOA dns1.mysite.com. admin_mail.example.com. (// @用于取代$ORIGIN,否则为zone文件名;// IN为关键字;// dns1.mysite.com. 主DNS服务器名,注意最后必须以“.”结尾;// admin_mail.example.com. 管理员邮箱地址admin_mail@example.com;// 必须以"."结尾,且管理员名后用"."取代"@"; 2016010201 ; serial 21600 ; refresh after 6 hours, or 6H 3600 ; retry after 1 hour, or 1H 604800 ; expire after 1 week, or 1W 86400 ; minimum TTL of 1 day, or 1D )// SOA记录,Start of Authority,授权开始记录,必须是第一条;// SOA的值(value)必须放在“()”内,各种值的内容见其注释;;; IN NS dns1.mysite.com. IN NS dns2.mysite.com.// NS记录,指定DNS服务器名; IN MX 10 mail1.mysite.com. IN MX 20 mail2.mysite.com.// MX记录,指定mail exchange服务器名;;;dns1 IN A 192.168.1.108dns2 IN A 192.168.1.109// A记录,指定DNS服务器的IP;mail1 IN A 192.168.1.110mail2 IN A 192.168.1.111// A记录,指定邮件服务器的IP;;;www IN A 192.168.1.116 IN A 192.168.1.118// A记录;// 指定www服务器的IP,系统会自动根据$ORIGIN补全服务器名;;;web IN CNAME www// CNAME记录,指定web为www的别名,即“web.mysite.com”=“www.mysite.com”;. IN CNAME www// 一条错误的CNAME记录,被我注释掉了;
试验
准备材料:
- 两台CENTOS6主机:dns1.mysite.com/dns2.mysite.com
- dns1地址:192.168.1.108,作为主DNS服务器;
- dns2地址:192.168.1.109,作为辅助DNS服务器;
- 注意:
- 应设置防火墙规则(或关闭防火墙),使其他主机能访问DNS服务器;
试验一:搭建主DNS服务器
- 修改named.conf文件:
(只显示修改过的内容)options { listen-on port 53 { 192.168.1.108; 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 192.168.1.0/24; localhost; }; recursion yes;// dnssec-enable yes;// dnssec-validation yes;// dnssec-lookaside auto; /* Path to ISC DLV key */// bindkeys-file "/etc/named.iscdlv.key";// managed-keys-directory "/var/named/dynamic";};
- 修改named.rfc1912.zones文件,添加如下内容:
zone "mysite.com" IN { type master; file "mysite.com.zone"; allow-update { none; };};
- 在/var/named/目录下创建mysite.com.zone文件:
$ORIGIN mysite.com. ; Domain name$TTL 86400 ;Time to Live (TTL)@ IN SOA dns1.mysite.com. admin_mail.example.com. ( 2016010201 ; serial 21600 ; refresh after 6 hours, or 6H 3600 ; retry after 1 hour, or 1H 604800 ; expire after 1 week, or 1W 86400 ; minimum TTL of 1 day, or 1D );; IN NS dns1.mysite.com. IN NS dns2.mysite.com. IN MX 10 mail1.mysite.com. IN MX 20 mail2.mysite.com.;;dns1 IN A 192.168.1.108dns2 IN A 192.168.1.109mail1 IN A 192.168.1.110mail2 IN A 192.168.1.111;;www IN A 192.168.1.116 IN A 192.168.1.118;;web IN CNAME www;. IN CNAME www;;
- 修改mysite.com.zone的用户组为named:
chgrp named /var/named/mysite.com.zone
- check创建的zone文件:
named-checkzone mysite.com /var/named/mysite.com.zone
- 使用rndc命令重新读取conf和zone文件:
rndc reload
- 关闭防火墙iptables:
service iptables stop
- 用另一台服务器测试此服务器:
[root@mylinux7 ~]# dig -t A www.mysite.com @192.168.1.108; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> -t A www.mysite.com @192.168.1.108;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22753;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.mysite.com. IN A;; ANSWER SECTION:www.mysite.com. 86400 IN A 192.168.1.118www.mysite.com. 86400 IN A 192.168.1.116;; AUTHORITY SECTION:mysite.com. 86400 IN NS dns2.mysite.com.mysite.com. 86400 IN NS dns1.mysite.com.;; ADDITIONAL SECTION:dns1.mysite.com. 86400 IN A 192.168.1.108dns2.mysite.com. 86400 IN A 192.168.1.109;; Query time: 27 msec;; SERVER: 192.168.1.108#53(192.168.1.108);; WHEN: Sat Jan 02 17:33:23 EST 2016;; MSG SIZE rcvd: 145
试验二:搭建铺助DNS服务器
- 修改name.conf文件:
options { listen-on port 53 { 192.168.1.109; 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; recursion yes;// dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file "/etc/named.iscdlv.key";// managed-keys-directory "/var/named/dynamic"; };
- 修改named.rfc1912.zones文件:
- 铺助DNS服务器只需修改这两个文件即可,不需手动创建zone文件;
- 服务器会自动同步主DNS服务器的zone文件,并放置于/var/named/slaves目录下;
(注意此zone与主DNS服务器中的定义不同之处。)zone "mysite.com" IN { type slave; file "slaves/mysite.com"; # 文件存放目录为/var/named/slaves/mysite.com(自动同步生成。) masters { 192.168.1.108; }; # 主DNS服务器IP;};
- 测试铺助DSN服务器(192.168.1.109):
[root@mylinux7 ~]# dig -t A web.mysite.com @192.168.1.109; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> -t A web.mysite.com @192.168.1.109;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40762;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;web.mysite.com. IN A;; ANSWER SECTION:web.mysite.com. 86400 IN CNAME www.mysite.com.www.mysite.com. 86400 IN A 192.168.1.118www.mysite.com. 86400 IN A 192.168.1.116;; AUTHORITY SECTION:mysite.com. 86400 IN NS dns2.mysite.com.mysite.com. 86400 IN NS dns1.mysite.com.;; ADDITIONAL SECTION:dns1.mysite.com. 86400 IN A 192.168.1.108dns2.mysite.com. 86400 IN A 192.168.1.109;; Query time: 1 msec;; SERVER: 192.168.1.109#53(192.168.1.109);; WHEN: Sat Jan 02 18:00:23 EST 2016;; MSG SIZE rcvd: 163
- 测试铺助DNS服务器与主DNS服务器之间的同步:
- 修改主DNS服务器zone文件:
......@ IN SOA dns1.mysite.com. admin_mail.example.com. ( 2016010202 ; serial # 修改序列号;......ftp IN A 192.168.1.112 IN A 192.168.1.113 # 添加ftp记录;......[root@dns1 ~]# rndc reload
- 查看铺助DNS服务器的自动更新的zone:
$ORIGIN .$TTL 86400 ; 1 daymysite.com IN SOA dns1.mysite.com. admin_mail.example.com. ( 2016010202 ; serial # 此为更新内容; 21600 ; refresh (6 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns1.mysite.com. NS dns2.mysite.com. MX 10 mail1.mysite.com. MX 20 mail2.mysite.com.$ORIGIN mysite.com.dns1 A 192.168.1.108dns2 A 192.168.1.109ftp A 192.168.1.112 A 192.168.1.113 # 上面两条为更新内容;mail1 A 192.168.1.110mail2 A 192.168.1.111web CNAME wwwwww A 192.168.1.116 A 192.168.1.118
试验三:在主DNS服务器上设置反向解析
- 修改named.rfc1912.zones文件, 添加如下内容:
zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.in-addr.arpa.zone"; allow-update { none; };};注意:1.168.192是192.168.1的反写;
- 创建1.168.192.in-addr.arpa.zone文件:
$ORIGIN 1.168.192.in-addr.arpa. # 1.168.192是192.168.1的反写,后面接“.in-addr.arpa.”。$TTL 86400 ;Time to Live (TTL)@ IN SOA dns1.mysite.com. admin_mail.example.com. ( 2016010201 ; serial 21600 ; refresh after 6 hours, or 6H 3600 ; retry after 1 hour, or 1H 604800 ; expire after 1 week, or 1W 86400 ; minimum TTL of 1 day, or 1D );; IN NS dns1.mysite.com. IN NS dns2.mysite.com. # NS记录;;;108 IN PTR dns1.mysite.com.109 IN PTR dns2.mysite.com.110 IN PTR mail1.mysite.com.111 IN PTR mail2.mysite.com. # 首列数字为IP; # 反向解析用的是PTR记录;;;116 IN PTR www.mysite.com.118 IN PTR www.mysite.com.112 IN PTR ftp.mysite.com.113 IN PTR ftp.mysite.com.
- 修改1.168.192.in-addr.arpa.zone的属组为named;
- 执行rndc reload命令,重新加载zone文件;
- 测试反向解析
[root@dns1 named]# dig -x 192.168.1.110 @192.168.1.108 # 反向解析,用的是-x选项;; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> -x 192.168.1.110 @192.168.1.108;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63817;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;110.1.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:110.1.168.192.in-addr.arpa. 86400 IN PTR mail1.mysite.com. # 上面为测试返回的结果;;; AUTHORITY SECTION:1.168.192.in-addr.arpa. 86400 IN NS dns2.mysite.com.1.168.192.in-addr.arpa. 86400 IN NS dns1.mysite.com.;; ADDITIONAL SECTION:dns1.mysite.com. 86400 IN A 192.168.1.108dns2.mysite.com. 86400 IN A 192.168.1.109;; Query time: 1 msec;; SERVER: 192.168.1.108#53(192.168.1.108);; WHEN: Sun Jan 3 20:11:46 2016;; MSG SIZE rcvd: 144
试验四:设置反向解析铺助DNS服务器
- 修改辅助DNS服务器的named.rfc1912.zones添加如下内容:
zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/1.168.192.in-addr.arpa.zone"; masters { 192.168.1.108; }; # 主DNS服务器IP是192.168.1.108;};
- 执行rndc reload命令;
- 测试:
[root@mylinux7 ~]# dig -x 192.168.1.113 @192.168.1.109 # 使用dig命令在109辅助DNS上查询192.168.1.113的域名;; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.1 <<>> -x 192.168.1.113 @192.168.1.109;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59511;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;113.1.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION:113.1.168.192.in-addr.arpa. 86400 IN PTR ftp.mysite.com. # 上面为查询结果;;; AUTHORITY SECTION:1.168.192.in-addr.arpa. 86400 IN NS dns2.mysite.com.1.168.192.in-addr.arpa. 86400 IN NS dns1.mysite.com.;; ADDITIONAL SECTION:dns1.mysite.com. 86400 IN A 192.168.1.108dns2.mysite.com. 86400 IN A 192.168.1.109;; Query time: 3 msec;; SERVER: 192.168.1.109#53(192.168.1.109);; WHEN: Sat Jan 02 21:51:27 EST 2016;; MSG SIZE rcvd: 153
0 0
- Linux下DNS(域名服务器)的配置
- Linux下DNS服务器的配置
- Linux环境下DNS服务器的配置
- Linux下DNS服务器的配置
- Linux下DNS服务器的配置
- Linux下DNS服务器的配置
- LINUX下DNS服务器配置
- Linux下配置 DNS 服务器
- linux下DNS服务器配置
- linux下配置DNS服务器
- Linux下配置dns服务器
- DNS服务器的配置------Linux
- linux的DNS服务器配置
- linux 下DNS服务器的安装和配置
- Linux下DNS服务器的安装与配置
- Linux下DNS服务器安装配置
- linux环境下DNS服务器配置教程
- linux下安装和配置DNS服务器
- 数据解析
- windows下socket开发tcp程序 简单例子
- DNS服务器
- Error: cannot mount filesystem: No such device
- Android的CheckBox复选框
- Linux下DNS服务器的配置
- HDU 3398 String(数论)
- 在APP内打开某个网页,只需要一个webview就可以了,还要加上访问网络的权限
- Linux下搭建VPN服务器(CentOS、pptp)
- Unable to access Andriod SDK add-on list
- Android的sdk下载问题
- Hadoop 经典面试问题.
- HttpClient的get和post请求数据
- QTableWidget详解