搭建DNS服务器

试验环境redhat6.1 64bit

试验过程只做了正向的域名解析。

本机的ip地址是192.169.1.100

需要安装的软件包：bind，bind-chroot

服务启动脚本：/etc/init.d/named

配置文件：/etc/named.conf    /etc/named.rfc1912.zones

服务器启动后这两个配置文件会被挂载到/var/named/chroot/etc/下面，可以在服务启动的情况下在这个目录下修改，也可以直接在/etc/下修改

实验过程如下：

[root@localhost ~]# yum -y install bind bind-chroot	#安装需要的包
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
rhel-source                                                | 4.0 kB     00:00 ... 
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.7.3-2.el6 will be installed
---> Package bind-chroot.x86_64 32:9.7.3-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================
 Package            Arch          Version                Repository          Size
==================================================================================
Installing:
 bind               x86_64        32:9.7.3-2.el6         rhel-source        3.9 M
 bind-chroot        x86_64        32:9.7.3-2.el6         rhel-source         67 k

Transaction Summary
==================================================================================
Install       2 Package(s)

Total download size: 4.0 M
Installed size: 7.0 M
Downloading Packages:
----------------------------------------------------------------------------------
Total                                              26 MB/s | 4.0 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : 32:bind-9.7.3-2.el6.x86_64                                     1/2 
  Installing : 32:bind-chroot-9.7.3-2.el6.x86_64                              2/2 
duration: 296(ms)
Installed products updated.

Installed:
  bind.x86_64 32:9.7.3-2.el6           bind-chroot.x86_64 32:9.7.3-2.el6          

Complete!

#DNS服务器有两个配置文件，/etc/named.conf和/etc/named.rfc1912.zones，这两个文件在DNS服务器运行的时候会被挂载（有点像软连接）
#到/var/named/chroot/etc/下面。
[root@localhost ~]# cd /var/named/chroot/
[root@localhost chroot]# ls
dev  etc  usr  var
[root@localhost chroot]# service named status	#当前服务没有开启
rndc: connect failed: 127.0.0.1#953: connection refused
named 已停
[root@localhost chroot]# cd etc/	
[root@localhost etc]# ls	#注意/var/named/chroot/etc/下面没有那两个配置文件
localtime  named  pki
[root@localhost etc]# service named start	#开启服务
启动 named：named：正在运行                                [确定]
[root@localhost etc]# ls	#/var/named/chroot/etc/下面多了几个文件，其中有那两个配置文件
localtime  named.conf        named.rfc1912.zones  pki
named      named.iscdlv.key  named.root.key
[root@localhost etc]# vim named.conf 


#只要改option中的就可以了，只改注释的几行，其他默认就可以了。
options {
        listen-on port 53 { 192.169.1.100; };	#这里我的理解是写DNS监听的网络ipV4，写本机的就可以了，也可以写any
        listen-on-v6 port 53 { any; };		#这里是本机对应的ipV6，懒得写，直接any
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };		#这里是允许谁可以到我这里查询，any任意
        recursion yes;				

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

[root@localhost etc]# vim named.rfc1912.zones 

#在这个配置文件中加上下面几行，其他不改，这里的意思是，若有查询example.com域名下的主机名的ip地址，
#就到1.zone这个文件中去找对应主机名的ip。这里只做了正解
zone "example.com" IN {
      type master;	#本dns为主
      file "1.zone";	#查找的主机名对应的ip地址的查找文件
      allow-update { none; };	#这行删掉也可以
};


[root@localhost etc]# cd ../var/named/
[root@localhost named]# pwd
/var/named/chroot/var/named	#上面1.zone文件应该位于这个目录下
[root@localhost named]# ls
chroot  data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp -p named.localhost 1.zone	#拷贝named.localhost作为模板，注意不要改变1.zone的拥有组（named）加-p参数
[root@localhost named]# ll -l 1.zone 
-rw-r-----. 1 root named 152  6月 21 2007 1.zone
[root@localhost named]# vim 1.zone 

$TTL 1D
@       IN SOA  chen chen (	#chen是DNS服务器的主机名，后面的chen这里是邮箱，都随便写
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      chen	#Name Server，一定和上面一致
chen    A       192.169.1.100	#chen主机名的正解ip地址为192.169.1.100，DNS服务器的ip，这里就是本机了，这条一定要写，不然服务重启不了
www     A       192.169.1.100	#www主机名的正解ip地址为192.169.1.100
ftp     CNAME   www		#ftp主机名是www的别名
station1        A       192.169.1.100
zhidao  A       192.100.100.100
        AAAA    ::1		#ipV6地址解析，这里可以不写


[root@localhost named]# service named restart	#重启服务，启动不了，杀掉对应进程，再起
停止 named：....^C
[root@localhost named]# ps aux|grep named
root      6496  0.0  0.0 103244   860 pts/13   S+   14:28   0:00 grep named
named    30927  0.0  2.9 235964 30508 ?        Ssl  04:50   0:04 /usr/sbin/named -u named -t /var/named/chroot
[root@localhost named]# kill -9 30927
[root@localhost named]# service named restart
停止 named：umount: /var/named/chroot/var/named: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))
                                                           [确定]
启动 named：                                               [确定]
[root@localhost named]# cd /etc/sysconfig/network-scripts/	
[root@localhost network-scripts]# ls
ifcfg-Auto_eth0  ifdown-post    ifup-eth    ifup-routes
ifcfg-lo         ifdown-ppp     ifup-ippp   ifup-sit
ifdown           ifdown-routes  ifup-ipv6   ifup-tunnel
ifdown-bnep      ifdown-sit     ifup-isdn   ifup-wireless
ifdown-eth       ifdown-tunnel  ifup-plip   init.ipv6-global
ifdown-ippp      ifup           ifup-plusb  net.hotplug
ifdown-ipv6      ifup-aliases   ifup-post   network-functions
ifdown-isdn      ifup-bnep      ifup-ppp    network-functions-ipv6
[root@localhost network-scripts]# vim ifcfg-Auto_eth0		#配置本机DNS

TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.169.1.100
PREFIX=24
GATEWAY=192.168.1.111
DNS1=192.169.1.100		#这行一定要加，写本地的ip地址
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="Auto eth0"
UUID=a6cb874f-c373-4c93-91b1-cf78558a5494
ONBOOT=yes
HWADDR=00:0C:29:BB:01:3F

[root@localhost network-scripts]# service network restart
关闭环回接口：                                             [确定]
弹出环回接口：                                             [确定]
弹出界面 Auto_eth0： 活跃连接状态：激活的
活跃连接路径：/org/freedesktop/NetworkManager/ActiveConnection/25
                                                           [确定]
[root@localhost network-scripts]# cat /etc/resolv.conf		#查看DNS是否生效
# Generated by NetworkManager
nameserver 192.169.1.100
[root@localhost network-scripts]# nslookup www.example.com	#可以看到正常解析了
Server:		192.169.1.100
Address:	192.169.1.100#53

Name:	www.example.com
Address: 192.169.1.100

[root@localhost network-scripts]# nslookup ftp.example.com
Server:		192.169.1.100
Address:	192.169.1.100#53

ftp.example.com	canonical name = www.example.com.
Name:	www.example.com
Address: 192.169.1.100

[root@localhost network-scripts]# nslookup zhidao.example.com
Server:		192.169.1.100
Address:	192.169.1.100#53

Name:	zhidao.example.com
Address: 192.100.100.100

[root@localhost network-scripts]# ping www.example.com		#也能正常ping通
PING www.example.com (192.169.1.100) 56(84) bytes of data.
64 bytes from 192.169.1.100: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 192.169.1.100: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 192.169.1.100: icmp_seq=3 ttl=64 time=0.071 ms
^C
--- www.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 11478ms
rtt min/avg/max/mdev = 0.042/0.055/0.071/0.014 ms
[root@localhost network-scripts]#