此实验,主DNS:192.168.0.114 域: ding
Linux中搭建DNS的必备软件
[root@ding ~]# rpm -qa | grep bind
bind-utils-9.3.6-20.P1.el5_8.6
bind-9.3.6-20.P1.el5_8.6
bind-libs-9.3.6-20.P1.el5_8.6
[root@ding ~]# rpm -qa | grep caching
caching-nameserver-9.3.6-20.P1.el5_8.6主服务器:
利用caching-nameserver提供的配置文件作样本cp /usr/share/doc/bind-9.3.6/sample/etc/named.conf /etc/named.conf
cp /usr/share/doc/bind-9.3.6/sample/var/named/localdomain.zone /var/named/ding.zone
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/ding.rev主配置文件:
[root@ding ~]# vi /etc/named.conf
1 options
2 {
3 directory "/var/named"; // the default 工作目录
4 dump-file "data/cache_dump.db";
5 statistics-file "data/named_stats.txt";
6 memstatistics-file "data/named_mem_stats.txt";
7
8 };
9 logging
10 {
11 channel default_debug {
12 file "data/named.run"; log保存文件
13 severity dynamic;
14 };
15 };
16
17 zone "ding" {
18 type master; 主服务器
19 file "ding.zone"; 区数据文件
20 };
21
22 zone "0.168.192.in-addr.arpa" {
23 type master;
24 file "ding.rev"; 反向区数据文件
25 };建立相应的区数据文件
[root@ding ~]# vi /var/named/ding.zone
1 $TTL 86400
2 @ IN SOA ding root (
3 42 ; serial (d. adams) 序列号,序列号,为辅助DNS更新的依据
4 3H ; refresh 告诉辅助DNS,3小时刷新
5 15M ; retry 辅助DNS每隔15分钟问一次
6 1W ; expiry 辅助DNS一周都没问到,主DNS坏掉
7 1D ) ; minimum 最小在缓存里的时间
8 IN NS ding. 这个区域里面存在一个权威服务器ding.
9 ding. IN A 192.168.0.114 ding.这个服务器的IP地址是192.168.0.114
10 www IN A 192.168.0.114 www是www.ding.的缩写,即www.ding.的IP地址192.168.0.114
11 @ IN MX 5 mail.ding. 该区域内存在一个mail.ding.的邮件服务器
12 mail IN A 192.168.0.114 mail.ding.这个邮件服务器的地址A记录192.168.0.114[root@ding ~]# vi /var/named/ding.rev
1 $TTL 86400
2 @ IN SOA ding. root.ding. (
3 1997022700 ; Serial
4 28800 ; Refresh
5 14400 ; Retry
6 3600000 ; Expire
7 86400 ) ; Minimum
8 IN NS ding.
9 114 IN PTR ding. 192.168.0.114的PTR记录是ding.
10 114 IN PTR mail.ding.
11 114 IN PTR www.ding.启动NDS服务器,查看日志
[root@ding ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ][root@ding ~]# tail -F /var/log/messages
Dec 26 17:16:03 ding named[26285]: shutting down: flushing changes
Dec 26 17:16:03 ding named[26285]: stopping command channel on 127.0.0.1#953
Dec 26 17:16:03 ding named[26285]: stopping command channel on ::1#953
Dec 26 17:16:03 ding named[26285]: no longer listening on 127.0.0.1#53
Dec 26 17:16:03 ding named[26285]: no longer listening on 192.168.0.114#53
Dec 26 17:16:03 ding named[26285]: no longer listening on 1.1.1.1#53
Dec 26 17:16:03 ding named[26285]: exiting
Dec 26 17:16:05 ding named[1717]: starting BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.2 -u named
Dec 26 17:16:05 ding named[1717]: adjusted limit on open files from 1024 to 1048576
Dec 26 17:16:05 ding named[1717]: found 1 CPU, using 1 worker thread
Dec 26 17:16:05 ding named[1717]: using up to 4096 sockets
Dec 26 17:16:05 ding named[1717]: loading configuration from '/etc/named.conf' 配置文件载入
Dec 26 17:16:05 ding named[1717]: using default UDP/IPv4 port range: [1024, 65535]
Dec 26 17:16:05 ding named[1717]: using default UDP/IPv6 port range: [1024, 65535]
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface eth0, 192.168.0.114#53 监听端口监听成功
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface eth1, 1.1.1.1#53
Dec 26 17:16:05 ding named[1717]: command channel listening on 127.0.0.1#953
Dec 26 17:16:05 ding named[1717]: command channel listening on ::1#953
Dec 26 17:16:05 ding named[1717]: zone 0.168.192.in-addr.arpa/IN: loaded serial 1997022700 反向区数据读取成功
Dec 26 17:16:05 ding named[1717]: zone ding/IN: loaded serial 42
Dec 26 17:16:05 ding named[1717]: running
Dec 26 17:16:05 ding named[1717]: zone ding/IN: sending notifies (serial 42) 正向区数据读取成功
Dec 26 17:16:05 ding named[1717]: client 192.168.0.114#37727: received notify for zone 'ding'测试主服务器成功
[root@ding ~]# nslookup
> server 192.168.0.114
Default server: 192.168.0.114
Address: 192.168.0.114#53
> mail.ding
Server: 192.168.0.114
Address: 192.168.0.114#53
Name: mail.ding
Address: 192.168.0.114
> ding
Server: 192.168.0.114
Address: 192.168.0.114#53
Name: ding
Address: 192.168.0.114
> 192.168.0.114
Server: 192.168.0.114
Address: 192.168.0.114#53
114.0.168.192.in-addr.arpa name = mail.ding.
114.0.168.192.in-addr.arpa name = www.ding.
114.0.168.192.in-addr.arpa name = ding.
> set type=MX
> ding
Server: 192.168.0.114
Address: 192.168.0.114#53辅助DNS: 辅助DNS是主DNS的备份,当主DNS不能提供查询时,辅助DNS可以提供,因为辅助DNS上的区数据文件是主DNS区数据的拷贝,查询结果应当与主DNS一样,在配置上,只需要修改主配置文件
该辅助DNS : 192.168.0.111 作为主DNS: 192.168.0.114的辅助[root@hding ~]# vi /etc/named.conf
1 options {
2 listen-on port 53 { 192.168.0.111; };
3 // listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 };
9 logging {
10 channel default_debug {
11 file "data/named.run";
12 severity dynamic;
13 };
14 };
15
16 zone "ding" {
17 type slave;
18 file "slaves/ding.zone"; 文件必需与主一样,否则找不到
19 masters {192.168.0.114;}; 定义向哪个主DNS去取区数据文件
20 };启动辅助DNS
service named restart
Stopping named: [ OK ]
Starting named: [ OK ]查看主DNS日志
client 192.168.0.111#34043: transfer of 'ding/IN': AXFR started
client 192.168.0.111#34043: transfer of 'ding/IN': AXFR ended
network unreachable resolving 'quit.localdomain/A/IN': 2001:7fe::53#53
client 192.168.0.111#41509: transfer of 'ding/IN': AXFR started
client 192.168.0.111#41509: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#38886: transfer of 'ding/IN': AXFR started
client 192.168.0.111#38886: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#46908: transfer of 'ding/IN': AXFR started
client 192.168.0.111#46908: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#20443: received notify for zone 'ding'查看辅助DNS日志
Jan 3 15:48:47 localhost named[1007]: running
Jan 3 15:48:47 localhost named[1007]: zone ding/IN: Transfer started.
Jan 3 15:48:47 localhost named[1007]: transfer of 'ding/IN' from 192.168.0.114#53: connected using 192.168.0.111#46908
Jan 3 15:48:47 localhost named[1007]: zone ding/IN: transferred serial 42
Jan 3 15:48:47 localhost named[1007]: transfer of 'ding/IN' from 192.168.0.114#53: end of transfer
Jan 3 15:48:47 localhost named[1007]: zone ding/IN: sending notifies (serial 42)查看是否收到此文件并进行测试
[root@hding ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 343 Jan 3 15:48 ding.zone
[root@hding ~]# nslookup ding
Server: 192.168.0.111
Address: 192.168.0.111#53
Name: ding
Address: 192.168.0.114转发DNS, 该DNS对某区没有解析条件,此时他需要转发给拥有解析记录的DNS对域名进行解析,最常用的是局域网内两台server进行mail转发,此时DNS A不能解析B, DNS B不能解析,那么他们互相转发,互相解析
实验中把辅助DNS改成转发DNS进行测试,转发DNS同样只需要修改主配置文件就能实现[root@hding ~]# vi /etc/named.conf
1 options {
2 listen-on port 53 { 192.168.0.111; };
3 // listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 };
9 logging {
10 channel default_debug {
11 file "data/named.run";
12 severity dynamic;
13 };
14 };
15
16 zone "ding" {
17 type forward; ding区转发给192.168.0.114进行解析
18 forwarders {192.168.0.114;};
19 };测试转发DNS
service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@hding ~]# nslookup ding
Server: 192.168.0.111
Address: 192.168.0.111#53
Non-authoritative answer: 由别人解析,所以不权威
Name: ding
Address: 192.168.0.114此实验 192.168.0.111和为子域, 它能解析terry.ding这个域
父域: 192.168.0.114 解析域:ding
首先使得子域为terry.ding的主服务器
[root@hding ~]# vi /etc/named.conf
1 options {
2 listen-on port 53 { 192.168.0.111; };
3 // listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 };
9 logging {
10 channel default_debug {
11 file "data/named.run";
12 severity dynamic;
13 };
14 };
15
[root@hding ~]# cp /var/named/localdomain.zone /var/named/terry.ding.zone
[root@hding ~]# cp /var/named/named.local /var/named/terry.ding.rev
16 zone "terry.ding" {
17 type master;
18 file "terry.ding.zone";
19 };
20
21 zone "0.168.192.in-addr.arpa"{
22 type master;
23 file "terry.ding.rev";
24 };
[root@hding ~]# vi /var/named/terry.ding.zone
1 $TTL 86400
2 @ IN SOA terry.ding. root (
3 42 ; serial (d. adams)
4 3H ; refresh
5 15M ; retry
6 1W ; expiry
7 1D ) ; minimum
8 IN NS terry.ding.
9 terry.ding. IN A 192.168.0.111
10 www IN A 192.168.0.111
11 @ IN MX 5 mail.terry.ding.
12 mail IN A 192.168.0.111
13 ftp IN CNAME www
[root@hding ~]# vi /var/named/terry.ding.rev
1 $TTL 86400
2 @ IN SOA terry.ding. root.localhost. (
3 1997022700 ; Serial
4 28800 ; Refresh
5 14400 ; Retry
6 3600000 ; Expire
7 86400 ) ; Minimum
8 IN NS terry.ding.
9 111 IN PTR terry.ding.
10 111 IN PTR mail.terry.ding.
11 111 IN PTR www.terry.ding.
12 111 IN PTR ftp.terry.ding.
[root@hding ~]# nslookup terry.ding 查找失败,寻找原因
Server: 192.168.0.111
Address: 192.168.0.111#53
** server can't find terry.ding: NXDOMAIN
[root@hding ~]# tail /var/log/messages 区数据文件被deny
Jan 3 16:46:21 localhost named[1369]: using up to 4096 sockets
Jan 3 16:46:21 localhost named[1369]: loading configuration from '/etc/named.conf'
Jan 3 16:46:21 localhost named[1369]: using default UDP/IPv4 port range: [1024, 65535]
Jan 3 16:46:21 localhost named[1369]: using default UDP/IPv6 port range: [1024, 65535]
Jan 3 16:46:21 localhost named[1369]: listening on IPv4 interface eth0, 192.168.0.111#53
Jan 3 16:46:21 localhost named[1369]: command channel listening on 127.0.0.1#953
Jan 3 16:46:21 localhost named[1369]: command channel listening on ::1#953
Jan 3 16:46:21 localhost named[1369]: zone 0.168.192.in-addr.arpa/IN: loading master file terry.ding.rev: permission denied
Jan 3 16:46:21 localhost named[1369]: zone terry.ding/IN: loading master file terry.ding.zone: permission denied
Jan 3 16:46:21 localhost named[1369]: running
[root@hding ~]# ll /var/named/ 查看区数据权限
total 64
drwxr-x--- 5 root named 4096 Dec 3 10:31 chroot
drwxrwx--- 2 named named 4096 Dec 5 02:10 data
-rw-r--r-- 1 root root 602 Dec 5 04:41 forward.com.rev
-rwxrwxrwx 1 root root 334 Dec 5 05:07 forward.com.zone
-rw-r--r-- 1 root root 602 Dec 5 04:36 hding.com.rev
-rw-r--r-- 1 root root 452 Dec 5 05:40 hding.com.zone
-rw-r----- 1 root named 198 Jan 7 2013 localdomain.zone
-rw-r----- 1 root named 195 Jan 7 2013 localhost.zone
-rw-r----- 1 root named 427 Jan 7 2013 named.broadcast
-rw-r----- 1 root named 1892 Jan 7 2013 named.ca
-rw-r----- 1 root named 424 Jan 7 2013 named.ip6.local
-rw-r----- 1 root named 426 Jan 7 2013 named.local
-rw-r----- 1 root named 427 Jan 7 2013 named.zero
drwxrwx--- 2 named named 4096 Jan 3 15:48 slaves
-rw-r----- 1 root root 521 Jan 3 16:46 terry.ding.rev
-rw-r----- 1 root root 319 Jan 3 16:49 terry.ding.zone
[root@hding ~]# chown root:named /var/named/terry.ding.zone
[root@hding ~]# chown root:named /var/named/terry.ding.rev
[root@hding ~]# !ser
service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@hding ~]# nslookup terry.ding
Server: 192.168.0.111
Address: 192.168.0.111#53
Name: terry.ding
Address: 192.168.0.111
[root@hding ~]# nslookup 192.168.0.111
Server: 192.168.0.111
Address: 192.168.0.111#53
111.0.168.192.in-addr.arpa name = mail.terry.ding.
111.0.168.192.in-addr.arpa name = terry.ding.
111.0.168.192.in-addr.arpa name = ftp.terry.ding.
111.0.168.192.in-addr.arpa name = www.terry.ding.配置父域: 192.168.0.114 解析域:ding
修改区数据文件[root@ding ~]#vi /var/named/ding.zone
1 $TTL 86400
2 @ IN SOA ding root (
3 42 ; serial (d. adams)
4 3H ; refresh
5 15M ; retry
6 1W ; expiry
7 1D ) ; minimum
8 IN NS ding.
9 terry IN NS terry.ding. 增加子域terry,该子域由terry.ding.服务器解析
10 terry IN A 192.168.0.111 terry.ding.服务器的A记录为192.168.0.111
11 ding. IN A 192.168.0.114
12 www IN A 192.168.0.114
13 @ IN MX 5 mail.ding.
14 mail IN A 192.168.0.114主域现在可以解析子域了,但子域是交给子域服务器来解析,测试
[root@ding ~]# !ser
service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@ding ~]# nslookup terry.ding
Server: 192.168.0.114
Address: 192.168.0.114#53
Non-authoritative answer:
Name: terry.ding
Address: 192.168.0.111至此子域服务器建好,以后再灵活运用DNS各种类型对实际场景进行解析
5164
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
