DNS域名解析服务
准备工作: 服务器端程序安装
bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm将根隐藏
[root@master vidoma]# mount/dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0is write-protected, mounting read-only
[root@master vidoma]# cd/mnt/cdrom/Packages/
1.搭建主域名服务器
安装以上软件.
[root@master Packages]#ll /var/named/chroot/etc/ 无named.conf文件-主配置文件
total 12
-rw-r--r--. 1 root root 2819 Jul 31 02:24 localtime
drwxr-x---. 2 root named 4096Jun 9 2014 named
drwxr-x---. 3 root named 4096Jul 31 02:24 pki
cp -rv/usr/share/doc/bind-9.8.2/sample/etc/* /var/named/chroot/etc/
cp -rv/usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var/
将实例拷贝到chroot下
注意:以下配置主配置文件
[root@master Packages]# cd/var/named/chroot/
[root@master chroot]#vim etc/named.conf
options
{
// Put files that named is allowed towrite in the data/ directory:
directory "/var/named"; // "Working" directory
listen-on port 53 { 173.16.16.1; }; 监听本主机IP
allow-query {192.168.1.0/24; 173.16.16.0/24;};允许访问的主机
};
zone "venet.com" IN{
type master; 此ND为主DNS
file "venet.com.zone"; 文件名-此文件下要存储域内地址对用域名的数据
allow-transfer { 173.16.16.2; }; 允许下载的从服务器
};
zone"16.16.173.in-addr.arpa" IN { 允许逆向查找
type master;
file "173.16.16.arpa";
};
注意:现在开始配置区域文件
[root@master chroot]# vimvar/named/
data/ named.ca named.loopback
my.external.zone.db named.empty slaves/
my.internal.zone.db named.localhost
[root@master chroot]#cpvar/named/named.localhost var/named/venet.com.zone
[root@master chroot]#chown named:named var/named 将var/named/下的文件所有者 ,所有组改为named-服务名称,不然服务不能读这些文件。
[root@master chroot]# vimvar/named/venet.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
@ IN NS ns1.venet.com.
IN MX 10 mail.venet.com.
ns1 IN A 58.119.74.203
www IN A 173.16.16.1
mail IN A 173.16.16.4
ftp IN CNAME www
www IN A 173.16.16.173
www IN A 173.16.16.174
www IN A 173.16.16.175
* IN A 173.16.16.173
[root@master chroot]#cpvar/named/named.localhost var/named/173.16.16.arpa
[root@master chroot]# vimvar/named/173.16.16.arpa如果不能写入就检查写权限
$TTL1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS @
A 127.0.0.1
AAAA ::1
1 IN PTR www.venet.com.
4 IN PTR mail.venet.com.
[root@master named]# vi/etc/resolv.conf nameserver改为173.16.16.1
[root@master chroot]#service iptables stop
[root@master chroot]#getenforce
Enforcing
[root@master chroot]#setenforce 0
[root@master chroot]#getenforce
Permissive
[root@master named]# servicenamed reload
Reloading named: [ OK ]
验证结果:
[root@master named]# hostwww.venet.com
www.venet.com has address173.16.16.1
[root@master named]# hostmail.venet.com
mail.venet.com has address173.16.16.4
[root@master named]# host173.16.16.4 逆向查找
4.16.16.173.in-addr.arpadomain name pointer mail.venet.com.
[root@master named]#
2.搭建缓存DNS
准备工作与上同
[root@localhost chroot]#cp-rv /usr/share/doc/bind-9.8.2/sample/etc/* /var/named/chroot/etc/
[root@localhost chroot]#cp-rv /usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var/
以上两步养成习惯—复制模板
[root@localhost ~]# vi /etc/named.conf
options
{
// Put files that named is allowed towrite in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
listen-on port 53 { 192.168.0.35; };
listen-on-v6 port 53 { ::1; };
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.0.0/24; };
recursion yes;
forwarders { 202.96.69.38;8.8.8.8; };
};
zone "." IN {
type hint;
file"/var/named/named.ca";
};
将服务器的DNS改为自己
[root@localhost chroot]# vi/etc/resolv.conf
[root@localhost chroot]# nslookup www.goole.com
Server: 192.168.0.35
Address: 192.168.0.35#53
Non-authoritative answer:
Name: www.goole.com
Address: 87.106.83.127
3.搭建从DNS服务器
准备工作同上,将从服务器Ip设置为 173.16.16.2
[root@localhost etc]# tail-2/etc/hosts 手动去添加
173.16.16.1 ns1.venet.com ns1
173.16.16.2 ns2.venet.com ns2
[root@localhost etc]# tail-2/etc/resolv.conf
nameserver 173.16.16.1
nameserver 173.16.16.2
主服务器配置
options {
directory "/var/named";
};
zone "venet.com" IN{
type master;
file "venet.com.zone";
allow-transfer {173.16.16.2; };
};
zone"16.16.173.in-addr.arpa" IN {
type master;
file "173.16.16.arpa";
allow-transfer { 173.16.16.2; };
};
[root@localhost named]# vivenet.com.zone 区域文件中添加
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.venet.com.
IN MX 10 mail.venet.com.
www IN A 173.16.16.1
mail IN A 173.16.16.4
ftp IN CNAME www
ns1 IN A 173.16.16.1
ns2 IN A 173.16.16.2
[root@localhost named]#named-checkzone venet.com venet.com.zone
zone venet.com/IN: loadedserial 0
OK
[root@localhost named]#vim 173.16.16.arpa 区域逆向查找文件中添加
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS @
A 127.0.0.1
AAAA ::1
1 IN PTR www.venet.com.
2 IN PTR mail.venet.com.
3 IN PTR study.venet.com.
[root@localhost named]#named-checkzone 16.16.173.in-addr.arpa 173.16.16.arpa
zone16.16.173.in-addr.arpa/IN: loaded serial 0
OK
从服务器配置:
[root@slave chroot ]# vi etc/named.conf
options {
directory "/var/named";
};
zone "venet.com" IN{
type slave;
masters { 173.16.16.1; };
file"slaves/venet.com.zone";
};
zone"16.16.173.in-addr.arpa" IN {
type slave;
masters { 173.16.16.1; };
file "slaves/173.16.16.arpa";
};
[root@slave chroot ]#cp -rv /usr/share/doc/bind-9.8.2/sample/var/* /var/named/chroot/var 因为从服务没有slaver,所以咱拷贝一个
[root@slave chroot ]#cdvar/named
[root@slave named ]#chown –R named:named . 当前目录下所有文件修改所有者,所属组. –R递归(即对slave等文件内的文件也生效)
关闭防火墙,selinux,启动named服务或重启加载服务。
查看slaves文件下有没有从主DNS上将区域文件同步过来。
同步成功:检测