DNS服务器
实验环境虚拟机CentoS 6.5
IPADDR=192.168.1.223
安装:
两个包
bind 和bind-chroot
yum -y install bind bind-chroot
家目录chroot后位置是:
/var/name/chroot/
ls 结果:
dev etc usr var
把原家目录里的文件复制到chroot下
cp -a /etc/named* /var/named/chroot/etc/
cd /var/named
cp -a data/ dynamic/ named.* slaves/ /var/namd/chroot/var/named/
配置文件位置:
vim /var/named/chroot/etc/named.conf
listen-on port 53 { any; }; #改为any
directory "/var/named"; #指定目录
allow-query { any; }; #改为any
增加正向域:
zone "ltiaw.com" IN {
type master;
file "ltiaw.zone";
};
增加反向域:
zone "1.168.192.in-addr.arpa" IN {
type master;
file "ltiaw.arpa";
};
然后创建文件ltiaw.zone,ltiaw.arpa
cd var/named/chroot/var/named/
cp named.localhost ltiaw.zone
vim ltiaw.zone
修改内容如下:
$TTL 86400
@ IN SOA dns.ltiaw.com. root ( #固定格式
20160319 #序列号,用于对比更新
1D #刷新时间
1H #重试时间
1W #过期时间
1H ) #缓存时间
@ IN NS dns.ltiaw.com.
dns IN A 192.168.1.223
www IN A 192.168.1.223
#注意dns.ltiaw.com. 最后一定要有“.”
cp ltiaw.zone ltiaw.arpa
vim ltiaw.arpa
$TTL 86400
@ IN SOA dns.ltiaw.com. root(
20160319
1D
1H
1W
1H )
IN NS dns.ltiaw.com.
223 IN PTR dns
223 IN PTR www
保存重启服务
/etc/init.d/named restart
开放端口
主从服务同步用TCP 53
客户端请求用UDP 53
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -j ACCEPT
/etc/init.d/iptables save
编辑本机DNS为本服务器
vim /etc/resolv.conf
nameserver 127.0.0.1
保存
增加hosts
echo "127.0.0.1 ltiaw.com" >>/etc/hosts/
#永久保存可以改写ifcfg-eth0文件里的DNS
解释域:
host -l ltiaw.com
如下结果:
[root@ltiaw named]# host -l ltiaw.com
ltiaw.com name server dns.ltiaw.com.
dns.ltiaw.com has address 192.168.1.223
www.ltiaw.com has address 192.168.1.223
查询反向域
host -l 1.168.192.IN-addr.arpa
如下结果:
host -l 1.168.192.IN-addr.arpa
1.168.192.in-addr.arpa name server dns.ltiaw.com.
223.1.168.192.in-addr.arpa domain name pointer www.1.168.192.in-addr.arpa.
223.1.168.192.in-addr.arpa domain name pointer dns.1.168.192.in-addr.arpa.
#以上就是最基本的DNS服务器搭建好了,下面继续DNS的主从同步
搭建另一个虚拟机作为从服务器
CentOS 6.5
IPADDR=192.168.1.224
按以上步骤安装好DNS。下面进行配置
vim /var/named/chroot/etc/named.conf
listen-on port 53 { any; }; #改为any
directory "/var/named"; #指定目录
allow-query { any; }; #改为any
增加zone
zone "ltiaw.com" IN {
type slave;
file "slave/ltiaw.zone";
masters { 192.168.1.223; };
};
zone "1.168.192.IN-addr.arpa" IN {
type slave;
file "slaves/ltiwa.arpa"; #注意结尾要有";"
masters { 192.168.1.223; };
};
保存
/etc/init.d/named restart
#查看有更新到zone下来
ls /var/named/chroot/var/named/slaves
#改本机DNS
vim /etc/resolv.conf
nameserver=127.0.0.1
解释看看
host -l ltiaw.com
[root@localhost var]# host -l ltiaw.com
ltiaw.com name server dns.ltiaw.com.
dns.ltiaw.com has address 192.168.1.223
www.ltiaw.com has address 192.168.1.223
OK成功
#然后只要主服务器更新zone时,把序列号也改大。从服务器就会跟着更新!
如果想控制只给某个IP能作为从服务器,可以在主服务器named.conf 里options里加入
allow-transfer { 192.168.1.224; };
如果想更高安全性,可以用加密方式!
主服务器上:
生成密钥
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST xx
cat Kxx.+157+40357.private
结果。(这个是我11号时生成的,我就不再生成了)
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 1mi7zBg4m0Lc1rOZryoSvQ==
Bits: AAA=
Created: 20160311090952
Publish: 20160311090952
Activate: 20160311090952
然后更改named.conf
options里加入:allow-transfer { key xx; };
#然后新建的一行肉容如下不要包括进别的{}里
server 192.168.1.224 {
keys { xx; };
};
key xx {
algorithm hmac-md5;
secret "1mi7zBg4m0Lc1rOZryoSvQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "xx"; };
};
保存重启
/etc/init.d/named restart
从服务器更改named.conf
加入以下
server 192.168.1.223 {
keys { xx; };
};
key xx {
algorithm hmac-md5;
secret "1mi7zBg4m0Lc1rOZryoSvQ==";
};
保存
删掉刚才更新下来的两个zone
rm -rf /var/named/chroot/var/named/slaves/ltiaw.*
/etc/init.d/named restart
ls /var/named/chroot/var/named/slaves/
看到ltiaw.zone和ltiaw.arpa。成功
#如果想控制不同客户IP解析到不到的地址,可以用视图来设置!
首先编辑named.conf定义IP,把zone放入视图里.
acl aa { 192.168.1.224; };
acl bb { 192.168.1.5; };
view xx { #xx视图控制aa
match-clients { "aa"; };
zone "." IN {
type hint;
file "named.ca";
};
zone "ltiaw.com" IN {
type master;
file "ltiaw.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "ltiaw.arpa";
};
};
view yy { #视图yy控制bb
match-clients { "bb"; };
zone "." IN {
type hint;
file "named.ca";
};
zone "ltiaw.com" IN {
type master;
file "ltiawyy.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "ltiawyy.arpa";
};
};
保存
创建ltiawyy.zone和ltiawyy.arpa两个文件
cd /var/named/chroot/var/named
cp ltiaw.zone ltiawyy.zone
cp ltiaw.arpa ltiawyy.arpa
然把ltiawyy.zone和ltiawyy.arpa 对应的IP改为200=www.ltiaw.com
/etc/init.d/named restart
bb对应的是我电脑windows IP192.168.1.5
cmd
nslookup
>server 192.168.1.223
>ltiaw.com
Server: [192.168.1.200]
Address: 192.168.1.200
Name: ltiaw.com
aa对应的是linux
/etc/init.d/named restart
host -l ltiaw.com
ltiaw.com name server dns.ltiaw.com.
dns.ltiaw.com has address 192.168.1.223
www.ltiaw.com has address 192.168.1.223
父子域。
父服务器IPADDR=192.168.1.223 主域:ltiaw.com
子服务器IPADDR=192.168.1.224 子域:aa.ltiaw.com
第一步:
编辑子服务器named.conf
增加zone aa.ltiaw.com
zone "aa.ltiaw.com" IN {
type master;
file aa.ltiaw.zone;
};
#查询不到的域名转发到父服务器里
options里加入
forward first;
forwarders { 192.168.1.223; };
保存
下面在新建aa.ltiaw.zone文件
vim /var/named/chroot/var/named/aa.ltiaw.zone
肉容如下:
$TTL 86400
@ IN SOA dns.aa.ltiaw.com. root (
20160309 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
@ NS dns.aa.ltiaw.com.
dns A 192.168.1.224
www A 192.168.1.224
保存。
/etc/init.d/named restart
host -l aa.ltiaw.com
结果如下:
[root@localhost named]# host -l aa.ltiaw.com
aa.ltiaw.com name server dns.aa.ltiaw.com.
dns.aa.ltiaw.com has address 192.168.1.224
www.aa.ltiaw.com has address 192.168.1.224
开放端口
[root@localhost named]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT
[root@localhost named]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
父服务器操作:
vim /var/named/chroot/var/named/ltiaw.zone
增加以下:
aa.ltiaw.com. IN NS dns.aa.ltiaw.com.
dns.aa.ltiaw.com. IN A 192.168.1.224
/etc/init.d/named restart
解释成功:
[root@ltiaw chroot]# host dns.aa.ltiaw.com
dns.aa.ltiaw.com has address 192.168.1.224
子域上
dig -t A www.ltiaw.com @192.168.1.224
查询成功
父子域上都互访问成功 !