DNS配置综合实例。

配置DNS服务器,要求如下

一台主DNS服务器:ip192.168.100.20,主机名为:dns1.redhat.cn

一台辅助DNS服务器:ip192.168.100.21,主机名为:dns2.redhat.cn

一台子域服务器:ip192.168.100.22,主机名为:dns3.redhat.cn

 

DNS服务器为redhat.cn域进行解析,同时为redhat.net进行解析,并提供为192.168.100.0网段提供反向解析

当其他域DNS服务器不能解析时,将交给互联网域中DNS服务器来处理,IP为:219.146.0.130

www.redhat.cn            192.168.100.200

ftp.redhat.cn               192.168.100.201

mail.redhat.cn             192.168.100.202

nfs.redhat.cn                     192.168.100.203

samba.redhat.cn         192.168.100.204

并且为redhat.cn区域添加交换记录,邮件服务器为mail.redhat.cn

 

子域DNS服务器为bj.redhat.cnah.redhat.cnbj.redhat.netah.redhat.net域进行解析

并解析以下名称

www.bj.redhat.cn      192.168.100.205

www.ah.redhat.cn              192.168.100.206

www.bj.redhat.net      192.168.100.207

www.ah.redhat.net     192.168.100.208

 

辅助DNS为以上所有区域提供备份功能

 

 

操作步骤:

主服务器配置:

配置主机名:

[root@localhost ~]# vi /etc/sysconfig/network

HOSTNAME=dns1.redhat.cn

也可使用更改,重启后失效。

[root@localhost ~]# hostname dns1.redhat.cn

[root@localhost ~]# hostname

dns1.redhat.cn

 

配置ip地址:

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

IPADDR=192.168.100.20

NETMASK=255.255.255.0

[root@localhost ~]# service network restart

 

安装DNS软件:

[root@localhost ~]# cd /misc/cd/Server/

[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm

 

编辑配置文件:

[root@localhost Server]# vi /var/named/chroot/etc/named.caching-nameserver.conf    //也可直接编辑/etc/named.caching-nameserver.conf,这是一个链接文件。

        listen-on port 53 { 192.168.100.20; };

        forwarders {219.146.0.130;};   //提供转发功能。

        allow-query     { any; };

        match-clients      { any; };

        match-destinations { any; };

 

新建区域:

 [root@localhost Server]# vi /var/named/chroot/etc/named.rfc1912.zones

同上,也可以编辑链接文件/etc/named.caching-nameserver.conf

zone "redhat.cn" IN {

        type master;

        file "redhat.cn.zone";

};

zone "redhat.net" IN {

        type master;

        file "redhat.net.zone";

};

zone "100.168.192.in-addr.arpa" IN {

        type master;

        file "in-addr.redhat.cn.zone";

};

 

编辑区域配置文件:

[root@localhost Server]# cd /var/named/chroot/var/named/

[root@localhost named]# cp -p localhost.zone redhat.cn.zone     //别忘了加-p,要真忘了那手工更改named文件夹的属性,named文件夹必须让named用户有写的权限,笔者曾经因为这个问题搞得一头雾水,而且不止一次,教训!

[root@localhost named]# cp -p localhost.zone redhat.net.zone

[root@localhost named]# cp -p named.local in-addr.redhat.cn.zone

[root@localhost named]# vi redhat.cn.zone

添加内容如下:

www             IN A            192.168.100.200

ftp               IN A            192.168.100.201

nfs              IN A            192.168.100.203

samba           IN A            192.168.100.204

mail             IN MX           192.168.100.202

 

[root@localhost named]# vi redhat.net.zone

www             IN A            192.168.100.210

ftp               IN A            192.168.100.211

 

反向解析文件:

[root@localhost named]# vi in-addr.redhat.cn.zone

200     IN      PTR     www.redhat.cn.         //注意后面还有一个点。

201     IN      PTR     ftp.redhat.cn.

202     IN      PTR     mail.redhat.cn.

203     IN      PTR     nfs.redhat.cn.

204     IN      PTR     samba.redhat.cn.

 

现在要重启服务了,但这时出现了错误。经过排查原因如下:

第一,在添加MX记录时在MX后面要添加一个优先级值。如:

mail            IN MX   10      192.168.100.202

第二,可能是刚才修改计算机名没有重启的原因,要在区域配置文件里手工指定一个默认区域。如在redhat.cn下添加:

$ORIGIN redhat.cn.

redhat.net也同样,但反向查找区域配置文件不用加。

好了,终于成功重启DNS服务了。

[root@localhost named]# service named restart

 

子域DNS服务器的配置:

同样,先配IP地址和计算机名。

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

IPADDR=192.168.100.22

NETMASK=255.255.255.0

 

[root@localhost ~]# vi /etc/sysconfig/network

HOSTNAME=dns3.redhat.cn

[root@localhost ~]# hostname dns3.redhat.cn    //用上面改后不重启不生效,所以这样改。(谁能告诉我呢?)

[root@localhost ~]# service network restart

 

安装软件:

[root@localhost ~]# cd /misc/cd/Server/

[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm

 

编辑配置文件:

[root@localhost Server]# cd

[root@localhost ~]# vi /var/named/chroot/etc/named.caching-nameserver.conf

        listen-on port 53 { 192.168.100.22; };

        allow-query     { any; };

        match-clients      { any; };

        match-destinations { any; };

 

新建区域:

[root@localhost ~]# vi /var/named/chroot/etc/named.rfc1912.zones

zone "bj.redhat.cn" IN {

        type master;

        file "bj.redhat.cn.zone ";

};

zone "ah.redhat.cn" IN {

        type master;

        file "ah.redhat.cn.zone ";

};

zone "bj.redhat.net" IN {

        type master;

        file "bj.redhat.net.zone ";

};

zone "ah.redhat.net" IN {

        type master;

        file "ah.redhat.net.zone ";

};

 

编辑区域配置文件:

[root@localhost ~]# cd /var/named/chroot/var/named/

[root@localhost named]# cp -p localhost.zone bj.redhat.cn.zone

[root@localhost named]# cp -p localhost.zone ah.redhat.cn.zone

[root@localhost named]# cp -p localhost.zone bj.redhat.net.zone

[root@localhost named]# cp -p localhost.zone ah.redhat.net.zone

[root@localhost named]# vi bj.redhat.cn.zone

www             IN A            192.168.100.205

[root@localhost named]# vi ah.redhat.cn.zone

www             IN A            192.168.100.206

[root@localhost named]# vi bj.redhat.net.zone

www             IN A            192.168.100.207

[root@localhost named]# vi ah.redhat.net.zone

www             IN A            192.168.100.208

 

[root@localhost named]# service named restart

这里重启服务就没问题了,不知道为什么。以后再研究。

 

接下来要想成为redhat.cn子域,只需在父域上进行授权即可。添加内容如下:

[root@localhost named]# vi redhat.cn.zone

bj              IN NS           bj.redhat.cn.

bj              IN A            192.168.100.22

ah              IN NS           ah.redhat.cn.

ah              IN A            192.168.100.22

 

[root@localhost named]# vi redhat.net.zone

bj              IN NS           bj.redhat.net.

bj              IN A            192.168.100.22

ah              IN NS           ah.redhat.net.

ah              IN A            192.168.100.22

[root@localhost named]# service named restart

 

win7下测试:

 

D:\Users\chenbin>nslookup

> server 192.168.100.20

DNS request timed out.

    timeout was 2 seconds.

默认服务器:  [192.168.100.20]

Address:  192.168.100.20

 

> www.redhat.cn

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

名称:    www.redhat.cn

Address:  192.168.100.200

 

> www.redhat.net

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

名称:    www.redhat.net

Address:  192.168.100.210

 

> www.bj.redhat.cn

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

非权威应答:

名称:    www.bj.redhat.cn

Address:  192.168.100.205

 

> www.bj.redhat.net

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

非权威应答:

名称:    www.bj.redhat.net

Address:  192.168.100.207

 

> www.ah.redhat.cn

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

非权威应答:

名称:    www.ah.redhat.cn

Address:  192.168.100.206

 

> www.ah.redhat.net

服务器:  [192.168.100.20]

Address:  192.168.100.20

 

非权威应答:

名称:    www.ah.redhat.net

Address:  192.168.100.208

 

子域配置完成。但在子域下却不能解析父域的地址。如:

> server 192.168.100.22

默认服务器:  [192.168.100.22]

Address:  192.168.100.22

 

> www.redhat.cn

服务器:  [192.168.100.22]

Address:  192.168.100.22

 

*** [192.168.100.22] 找不到 www.redhat.cn: Server failed

 

解决的办法可以添加两转发区域。如:

[root@localhost named]# vi /var/named/chroot/etc/named.rfc1912.zones

zone "redhat.cn" IN {

        type forward;

        forwarders {192.168.100.20;};

};

zone "redhat.net" IN {

        type forward;

        forwarders {192.168.100.20;};

};

[root@localhost named]# service named restart

 

> www.redhat.cn

服务器:  [192.168.100.22]

Address:  192.168.100.22

 

非权威应答:

名称:    www.redhat.cn

Address:  192.168.100.200

 

接下来配置辅助DNS服务器。

 

因为辅助区域要备份所有区域的数据,所以让这个辅助区域同时成为两个区域的辅助区域即可。配置如下:

 

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

IPADDR=192.168.100.21

NETMASK=255.255.255.0

[root@localhost ~]# hostname dns2.redhat.cn

[root@localhost ~]# service network restart

 

[root@localhost ~]# cd /misc/cd/Server/

[root@localhost Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh bind-chroot-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm

[root@localhost Server]# cd

[root@localhost ~]# vi /var/named/chroot/etc/named.caching-nameserver.conf

        listen-on port 53 { 192.168.100.21; };

        allow-query     { any; };

        match-clients      { any; };

        match-destinations { any; };

 

[root@localhost ~]# vi /var/named/chroot/etc/named.rfc1912.zones

zone "redhat.cn" IN {

        type slave;

        masters {192.168.100.20;};

        file "slaves/redhat.cn.zone";

};

zone "redhat.net" IN {

        type slave;

        masters {192.168.100.20;};

        file "slaves/redhat.net.zone";

};

zone "bj.redhat.cn" IN {

        type slave;

        masters {192.168.100.22;};

        file "slaves/bj.redhat.cn.zone";

};

zone "bj.redhat.net" IN {

        type slave;

        masters {192.168.100.22;};

        file "slaves/bj.redhat.net.zone";

};

zone "ah.redhat.cn" IN {

        type slave;

        masters {192.168.100.22;};

        file "slaves/ah.redhat.cn.zone";

};

zone "ah.redhat.net" IN {

        type slave;

        masters {192.168.100.22;};

        file "slaves/ah.redhat.net.zone";

};

zone "100.168.192.in-addr.arpa" IN {

        type slave;

        masters {192.168.100.20;};

        file "slaves/in-addr.redhat.cn.zone";

};

[root@localhost ~]# service named restart

 

[root@localhost ~]# cd /var/named/chroot/var/named/

[root@localhost named]# ls slaves/

ah.redhat.cn.zone   bj.redhat.cn.zone   in-addr.redhat.cn.zone  redhat.net.zone

ah.redhat.net.zone  bj.redhat.net.zone  redhat.cn.zone

所有区域配置文件都已经复制过来了,实现了备份功能。

测试一下:

> server 192.168.100.21

DNS request timed out.

    timeout was 2 seconds.

默认服务器:  [192.168.100.21]

Address:  192.168.100.21

 

> www.redhat.cn

服务器:  [192.168.100.21]

Address:  192.168.100.21

 

名称:    www.redhat.cn

Address:  192.168.100.200

 

> www.ah.redhat.cn

服务器:  [192.168.100.21]

Address:  192.168.100.21

 

名称:    www.ah.redhat.cn

Address:  192.168.100.206

 

> 192.168.100.204

服务器:  [192.168.100.21]

Address:  192.168.100.21

 

名称:    samba.redhat.cn

Address:  192.168.100.204

 

到此,本实例所有要求完成。