案例 1
有一个域abc.com,dns 服务器为192.168.10.10,有主机www1.1.1.1,
ftp主机,地址为2.2.2.2,mail3.3.3.3,mail的别名为pop3,smtp。
邮件交换器是MX。
拓补图
1.挂载光驱,安装软件包
[root@host2 ~]# mount /dev/cdrom/media/cdrom
mount: block device /dev/sr0 iswrite-protected, mounting read-only
[root@host2 ~]# cd /media/cdrom/Packages/
[root@host2 Packages]# ll |grep bind
[root@host2 Packages]# yum --disablerepo=\*--enablerepo=c6-media install bind-9.8.2-0.17.rc1.el6_4.6.i686.rpmbind-chroot-9.8.2-0.17.rc1.el6_4.6.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.6.i686.rpm
2.产生钥匙文件,在本地终端执行。
[root@host2 ~]#rndc confgen -a
[root@host2 ~]# service named start
3查看产生钥匙文件
[root@host2 Packages]# cd
[root@host2 ~]# cd /var/named/chroot/etc
[root@host2 etc]# ll
total 32
-rw-r--r--. 1 root root405 Apr 19 23:24 localtime
drwxr-x---. 2 root named 4096 Aug 272013 named
-rw-r-----. 1 root named 1008 Jul 192010 named.conf
-rw-r--r--. 1 root named 2389 Aug 272013 named.iscdlv.key
-rw-r-----. 1 root named931 Jun 212007 named.rfc1912.zones
-rw-r--r--. 1 root named487 Jul 192010 named.root.key
drwxr-x---. 3 root named 4096 May6 23:54 pki
-rw-r-----. 1 root named77 May7 00:20 rndc.key
4.查看端口
[root@host2 etc]# netstat -tupln |grep 53
5.修改为主配置文档
[root@host2 etc]# cd /var/named/chroot/etc
[root@host2 etc]# vim named.conf
1//
2// named.conf
3//
6//
8//
9
10options {
11listen-on port 53 { any; };//修改为any
12 listen-on-v6 port 53 { ::1; };
13directory"/var/named";
14dump-file"/var/named/data/cache_dump.db";
15statistics-file "/var/named/data/named_stats.txt";
17allow-query{ any; };//修改为any
18recursion yes;
19
20dnssec-enable yes;
21dnssec-validation yes;
22dnssec-lookaside auto;
23
24/* Path to ISC DLV key */
25bindkeys-file "/etc/named.iscdlv.key";
26
27managed-keys-directory "/var/named/dynamic";
28};
29
30logging {
31channel default_debug {
32file"data/named.run";
33severity dynamic;
34};
35};
36
37zone "." IN {
38type hint;
39file "named.ca";
40};
41
42include "/etc/named.rfc1912.zones";
43include "/etc/named.root.key";
6.编辑区域声明文件
[root@host2 etc]# vim named.rfc1912.zones
25 zone "abc.com" IN {
26type master;
27file "abc.com.zone";
28allow-update { none; };
29};
7编辑配置文件
[root@host2 ~]# cd/var/named/chroot/var/named/
[root@host2 named]# ll
total 32
drwxr-x---. 6 rootnamed 4096 May6 23:54 chroot
drwxrwx---. 2 named named 4096 May7 00:20 data
drwxrwx---. 2 named named 4096 May7 00:21 dynamic
-rw-r-----. 1 rootnamed 1892 Feb 182008 named.ca
-rw-r-----. 1 rootnamed152 Dec 152009 named.empty
-rw-r-----. 1 rootnamed152 Jun 212007 named.localhost
-rw-r-----. 1 rootnamed168 Dec 152009 named.loopback
drwxrwx---. 2 named named 4096 Aug 272013 slaves
拷贝文件
[root@host2 named]# cp -p named.localhostabc.com.zone
[root@host2 named]# vim abc.com.zone
编辑
1 $TTL 1D
2@IN SOAns.abc.com. rname.invalid. (
31; serial
41D; refresh
51H; retry
61W; expire
73H ); minimum
9ns INA192.168.10.10
10wwwINA1.1.1.1
11ftpINA2.2.2.2
12mailINA3.3.3.3
13pop3INCNAMEmail
14smtpINCNAMEmail
15@INMX10mail
[root@host2 named]# vim /etc/resolv.conf
# DNS1=192.168.10.10
测试
8. windows server 2003测试(DNS服务器虚拟机和2003虚拟机都选择仅主机模式)
ip 配置: 192.168.10.50 2555.255.255.0 网关 192.168.10.1DNS192.168.10.10
用nslookup 解析:
用本地主机解析
[root@host2 named]# dig www.abc.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6<<>> www.abc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 23294
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.abc.com.INA
;; ANSWER SECTION:
www.abc.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
abc.com.86400INNSns.abc.com.
;; ADDITIONAL SECTION:
ns.abc.com.86400INA192.168.10.10
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May7 02:02:26 2014
;; MSG SIZErcvd: 78
案例5
DNS轮询
[root@host2named]# cd /var/named/chroot/etc
[root@host2etc]# vim named.rfc1912.zones
25 zone "sina.com.cn" IN {
26type master;
27file "sina.com.cn.zone";
28allow-update { none; };
29};
30
31zone "1.0.0.127.in-addr.arpa" IN{
32type master;
[root@host2 ~]# cd /var/named/chroot/etc
[root@host2 etc]# cd /var/named/chroot
[root@host2 chroot]# cd var/named/
[root@host2 named]# cp -p named.localhostsina.com.cn.zone
[root@host2 named]# vim sina.com.cn.zone
[root@host2 named]# service named restart
Stopping named: .umount:/var/named/chroot/var/named: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[OK]
Starting named:[OK]
测试
Widow2003server测试得出下图
