BIND9私有DNS服务器小环境搭建实验

8 篇文章 1 订阅

BIND9私有DNS服务器小环境搭建实验

2013.8.22

Author: db.

 转载请注明出处:http://blog.csdn.net/juneman/article/details/10171815



1. 服务器基本配置

 

1) 主根服务器   192.168.56.101

2) 从根服务器    192.168.56.102

3) COM服务器   192.168.56.103

4) 解析服务器     192.168.56.104

 

 

2. 编译及安装BIND9

1) # tar xvf bind-9.6.1.tar.gz

# cd bind-9.6.1

#  ./configure --prefix=/usr/local/named  --enable-threads
         //开启多线程处理能力

# make && make install

2)  从rndc.conf文件中提取named.conf用的key

# cd /usr/local/named

# sbin/rndc-confgen > etc/rndc.conf

#cd etc/

# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf

# cat named.conf

 

key "rndc-key" {
        algorithm hmac-md5;
        secret "wk7NzsvLaCobiCFxHB2LXQ==";
 };
 
 controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
 };

 

以上环境安装设置在每台服务器上是一样的。

 

 

3. 配置主根服务器 在IP192.168.56.101的服务器上

1) 打开named.conf, 添加如下内容

# vi named.conf

key "rndc-key" {
        algorithm hmac-md5;
        secret "wk7NzsvLaCobiCFxHB2LXQ==";
 };
 
 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
options {
        directory "/var/named/";
        pid-file "/var/named/named.pid";
        recursion no;
};
 
zone "." IN {
        type master;
        file "db.root";
        allow-transfer {192.168.56.102;};
};
 


其中: recursion no; 关闭递归查询。 

           allow-transfer {192.168.56.102;}; 允许区域传送,且仅对给出的IP地址的服务器  

           有效。 这里192.168.56.102是我们的从根服务器

 

2) 创建区配置文件

# cd /var 

# mkdir named

# cd named

# touch db.root

# vi db.root

$TTL 86400
@ IN SOA @ root (
        12169
        1m
        1m
        1m
        1m )
 
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103




其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似 

                          My.com 所对应的地址

3) 启动BIND 并测试

#  cd /usr/local/named

#  sbin/named -g &

#  dig @192.168.56.101 . NS

root@simba-1:/var/named# dig @192.168.56.101 . NS
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS
 
;; ANSWER SECTION:
.                       86400   IN      NS      root.ns.
 
;; ADDITIONAL SECTION:
root.ns.                86400   IN      A       192.168.56.101
 
;; Query time: 19 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:15:38 2013
;; MSG SIZE  rcvd: 64


    


# dig @192.168.56.101 com. NS 

root@simba-1:/var/named# dig @192.168.56.101 com. NS
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.                           IN      NS
 
;; AUTHORITY SECTION:
com.                    86400   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86400   IN      A       192.168.56.103
 
;; Query time: 17 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:18:16 2013
;; MSG SIZE  rcvd: 65
 



  

4. 配置从根服务器 在IP192.168.56.102

1) 打开named.conf, 添加如下内容

# vi named.conf

key "rndc-key" {
        algorithm hmac-md5;
        secret "JaHjteR5sZxVrMWWcOne9g==";
 };
 
controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        transfer-format many-answers;
        recursion no;
};
 
zone "." IN {
        type slave;
        file "db.root";
        masters { 192.168.56.101; };
};



其中: recursion no; 关闭递归查询。 

           masters  {192.168.56.101;};  指明主服务器地址,这样就可以根据SOA中指定

的刷新时间去与主根同步

 

2) 创建区配置文件

# cd /var 

# mkdir named

从服务器不需要手动建立 区域文件。因为从服务器会自动向主服务器更新。

 

3)  启动BIND 并测试

#  cd /usr/local/named

#  sbin/named -g &

 

等待一段时间,确定已经获取到了区文件

# ls /var/named/

  db.root

 

#  dig @192.168.56.102 . NS

; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                              IN      NS
 
;; ANSWER SECTION:
.                       86400   IN      NS      root.ns.
 
;; ADDITIONAL SECTION:
root.ns.                86400   IN      A       192.168.56.101
 
;; Query time: 12 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:27:18 2013
;; MSG SIZE  rcvd: 64
 


    


# dig @192.168.56.102 com. NS 

root@simba-2:/usr/local/named/etc# dig @192.168.56.102 com. NS
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.                           IN      NS
 
;; AUTHORITY SECTION:
com.                    86400   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86400   IN      A       192.168.56.103
 
;; Query time: 19 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:35:10 2013
;; MSG SIZE  rcvd: 65
 



  

5. 配置COM服务器 在服务器192.168.56.103

 

1) 打开named.conf, 添加如下内容

# vi named.conf

key "rndc-key" {
        algorithm hmac-md5;
        secret "kMOStrdGYC5WmE1obk7LJg==";
 };
 
 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        allow-query {any;};
        recursion no;
};
 
zone "." IN {
        type hint;
        file "db.root";
};
 
zone "com." IN {
        type master;
        file "db.com";
};



其中: recursion no; 关闭递归查询。 

           

 

2) 创建区配置文件

# cd /var 

# mkdir named

# cd named

# touch db.root

# vi db.root

$TTL 86000
@ IN SOA @ root (
        1
        1m
        1m
        1m
        1m
)
 
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS  ns.com.
ns.com. IN A 192.168.56.103




其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似 

                          My.com 所对应的地址

该文件和主服务器上的db.root一样

 

 

# vi db.com

 
$TTL 86400
@ IN SOA @ root (
        2
        1m
        1m
        1m
        1m
)
 
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
my.com. IN A 192.168.56.201


 

 

3) 启动BIND 并测试

#  cd /usr/local/named

#  sbin/named -g &

#  dig @192.168.56.103 com. NS

 
   
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.                           IN      NS
 
;; ANSWER SECTION:
com.                    86400   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86400   IN      A       192.168.56.103
 
;; Query time: 21 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:45:15 2013
;; MSG SIZE  rcvd: 65


 

# dig @192.168.56.103  my.com.  A

root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com.                                IN      A
 
;; ANSWER SECTION:
my.com.                 86400   IN      A       192.168.56.201
 
;; AUTHORITY SECTION:
com.                    86400   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86400   IN      A       192.168.56.103
 
;; Query time: 17 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:46:41 2013
;; MSG SIZE  rcvd: 84
 


 

 

6. 配置解析服务器 在服务器 192.168.56.104

 

1) 打开named.conf, 添加如下内容

# vi named.conf

key "rndc-key" {
        algorithm hmac-md5;
        secret "kMOStrdGYC5WmE1obk7LJg==";
 };
 
 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        allow-query {any;};
        recursion yes;
        allow-recursion {any;};
};
 
zone "." IN {
        type hint;
        file "db.root";
};
 
 


 

其中: recursion  yes; 打开递归查询。 

           allow-recursion {any;};  也是打开递归查询的另一个方法,具体区别再次不表。

    

2) 创建区配置文件

# cd /var 

# mkdir named

# cd named

# touch db.root

# vi db.root

$TTL 8600
@ IN SOA @ root (
        1
        1m
        1m
        1m
        1m
)
 
. IN NS root.ns.
root.ns. IN A 192.168.56.101


 

其中:  这里只需给出根 的NS 记录即可

 

  

3) 启动BIND 并测试

#  cd /usr/local/named

#  sbin/named -g &

 

Dig 默认是发送递归查询

 

#  dig @192.168.56.104 com. SOA


    
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.                           IN      SOA
 
;; ANSWER SECTION:
com.                    86358   IN      SOA     com. root.com. 2 60 60 60 60
 
;; AUTHORITY SECTION:
com.                    86354   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86354   IN      A       192.168.56.103
 
;; Query time: 16 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:52:46 2013
;; MSG SIZE  rcvd: 106


 

可以看出 ;; flags: qr rd ra 此处没有aa, 表明是非 权威查询

 

# dig @192.168.56.104  my.com.  A

root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A
 
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com.                                IN      A
 
;; ANSWER SECTION:
my.com.                 86286   IN      A       192.168.56.201
 
;; AUTHORITY SECTION:
com.                    86259   IN      NS      ns.com.
 
;; ADDITIONAL SECTION:
ns.com.                 86259   IN      A       192.168.56.103
 
;; Query time: 15 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:54:21 2013
;; MSG SIZE  rcvd: 84
 

 

后面在写篇讲 在BIND9 上开启 DNSSEC的文章。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值