一、实验目标
一台Linux服务器提供多个DNS服务。
二、实验环境
Linux服务器版本为Red Hat Enterprise Linux Server release 5.2 (Tikanga),内核版本号2.6.18-92.el5;两台客户端主机。
三、实施步骤
1、安装bind软件包
放入安装光盘,并切换到软件包所在目录,执行下列命令安装相应软件包:
rpm -ivh bind-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-chroot-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-devel-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-libs-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-sdb-9.3.4-6.P1.el5.i386.rpm
rpm -ihv bind-utils-9.3.4-6.P1.el5.i386.rpm
rpm -ivh caching-nameserver-9.3.4-6.P1.el5.i386.rpm
2、创建、修改配置文件
1)创建第二个DNS服务的相关配置文件
[root@server ~]#cp -a /var/named /var/dns注:-a参数保留目录及其以下文件属性
对链接文件重新链接到正确的目标文件。把/var/dns/chroot/var/named目录更名为/var/dns/chroot/var/dns
2)第一个DNS服务修改后的内容如下:
[root@server ~]# cat /var/named/chroot/etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 192.168.13.11; };
listen-on-v6 port 53 { ::1; };
directory"/var/named";
dump-file"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-sourceport 53;
query-source-v6 port 53;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@server ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "china.test" IN {
type master;
file "china.test.zone";
allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "china.test.arpa";
allow-update { none; };
};
3)第二个DNS服务的主配置文件内容如下:
[root@server ~]# cat /var/dns/chroot/etc/dns.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 54 { 192.168.13.11; };
listen-on-v6 port 54 { ::1; };
directory"/var/dns";
dump-file"/var/dns/data/cache_dump.db";
statistics-file "/var/dns/data/named_stats.txt";
memstatistics-file "/var/dns/data/named_mem_stats.txt";
query-sourceport 54;
query-source-v6 port 54;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "china.test" IN {
type master;
file "china.test.zone";
allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "china.test.arpa";
allow-update { none; };
};
4)第一个DNS服务的域文件内容如下:
[root@server ~]# cat /var/named/chroot/var/named/china.test.zone
$TTL86400
@INSOAserver.china.test.admin.china.test. (
2009062100
28800
14400
360000
86400
)
NSserver.china.test.
serverIN A192.168.13.11
clientIN A192.168.13.24
HT08126IN A192.168.13.23
[root@server ~]# cat /var/named/chroot/var/named/china.test.arpa
$TTL86400
@INSOAserver.china.test.admin.china.test. (
2009062100
28800
14400
360000
86400
)
@NSserver.china.test.
11INPTRserver.china.test.
23INPTRHT08126.china.test.
24INPTRclient.china.test.
5)第二个DNS服务的域名文件内容如下:
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.zone
$TTL86400
@INSOAserver.china.test.admin.china.test. (
2009062100
28800
14400
360000
86400
)
NSserver.china.test.
serverIN A192.168.13.11
clientIN A192.168.13.14
HT08126IN A192.168.13.13
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.arpa
$TTL86400
@INSOAserver.china.test.admin.china.test. (
2009062100
28800
14400
360000
86400
)
@NSserver.china.test.
11INPTRserver.china.test.
13INPTRHT08126.china.test.
14INPTRclient.china.test.
3、开启DNS服务
/usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot/
/usr/sbin/named -u named -c /etc/dns.conf -t /var/dns/chroot/
4、配置防火墙,使不同的客户端得到不同的解析结果。
iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
5、制作启动脚本,内容如下:
[root@server init.d]# cat dns
#!/bin/bash
NAMED_CONF="/etc/named.conf"
NAMED_CHROOT="/var/named/chroot/"
DNS_CONF="/etc/dns.conf"
DNS_CHROOT="/var/dns/chroot/"
start()
{
echo -n $"Starting named:"
if [ -r ${NAMED_CHROOT}${NAMED_CONF} ]; then
/usr/sbin/named -u named -c ${NAMED_CONF} -t ${NAMED_CHROOT}
if [ "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${NAMED_CHROOT}/var/run/named/named.pid`" ]
then
echo -e "[ \033[;32m OK\033[;37m ]"
else
echo -e "[ \033[;31mFiled\033[;37m ]"
fi
else
echo "${NAMED_CHROOT}${NAMED_CONF} cound not open! please check...."
fi
echo -n $"Starting dns:"
if [ -r ${DNS_CHROOT}${DNS_CONF} ]; then
/usr/sbin/named -u named -c ${DNS_CONF} -t ${DNS_CHROOT}
if [ "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${DNS_CHROOT}/var/run/named/named.pid`" ]
then
iptables -t nat -N PREDNS
iptables -t nat -F PREDNS
iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
do
iptables -t nat -D PREROUTING -j PREDNS
done
iptables -t nat -I PREROUTING -j PREDNS
echo -e "[ \033[;32m OK\033[;37m ]"
else
echo -e "[ \033[;31mFiled\033[;37m ]"
fi
else
echo "${DNS_CHROOT}${DNS_CONF} cound cont open! please check...."
fi
}
stop()
{
if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "Stopping named:[ \033[;31mFiled\033[;37m ]"
else
kill -9 `ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping named:[ \033[;32m OK\033[;37m ]"
fi
if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "Stopping dns:[ \033[;31mFiled\033[;37m ]"
else
until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
do
iptables -t nat -D PREROUTING -j PREDNS
done
iptables -t nat -F PREDNS
iptables -t nat -X PREDNS
kill -9 `ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping dns:[ \033[;32m OK\033[;37m ]"
fi
}
restart()
{
stop
sleep 2
start
}
status()
{
if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "\033[;31m named stopping... \033[;37m"
else
echo -e "\033[;32m named running... \033[;37m"
fi
if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "\033[;31m dns stopping... \033[;37m"
else
echo -e "\033[;32m dns running... \033[;37m"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 2
esac
6、设置脚本可执行,并添加到/usr/sbin目录
[root@server ~]# chmod +x /etc/init.d/dns
[root@server ~]# cp /etc/init.d/dns /usr/sbin/dns
7、设置自启动
[root@server ~]# echo "/usr/sbin/dns start" >> /etc/rc.d/rc.local
四、测试与结论
主机A的测试结果如下:
C:\>ipconfig/all
Ethernet adapter lonet1:
Connection-specific DNS Suffix. :
Description . . . . . . . . . . . : Microsoft Loopback Adapter #2
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.13.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.13.11
C:\>nslookup client.china.test
Server:server.china.test
Address:192.168.13.11
Name:client.china.test
Address:192.168.13.24
主机B的测试结果如下:
[root@client ~]# ifconfig eth0
eth0Link encap:EthernetHWaddr 00:0C:29:71:C6:09
inet addr:192.168.13.24Bcast:192.168.13.255Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe71:c609/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
TX packets:779 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:219817 (214.6 KiB)TX bytes:105427 (102.9 KiB)
Interrupt:169 Base address:0x2000
[root@client ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search china.test
nameserver 192.168.13.11
[root@client init.d]# ping client.china.test
PING client.china.test (192.168.13.14) 56(84) bytes of data.
结论:实现了实验目标。