平台RHEL6.3
虚拟接3台:ACE1.example.com 192.168.0.3
ACE2.example.com 192.168.0.4
ACE3.example.com 192.168.0.5
DNS服务器为ACE3
一:配置DNS服务器
安装所需要的包:
[root@ACE3 etc]# yum search dns bind.x86_64 bind-chroot.x86_64 [root@ACE3 etc]# yum install -y bind.x86_64 bind-chroot.x86_64
主配置文件:
/etc/named.conf
存储文件:
/var/named
启动服务&查看端口:
[root@ACE3 ~]# /etc/init.d/named start [root@ACE3 ~]# netstat -anltp | grep named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6053/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6053/named tcp 0 0 ::1:953 :::* LISTEN 6053/named
修改配置文件:(让其监听任意)
[root@ACE3 ~]# vi /var/named/chroot/etc/named.conf options { listen-on port 53 { any; }; 监听任意主机 // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; 允许任意 recursion yes; dnssec-enable yes; dnssec-validation no; 须经官方许可 dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; ...
重启服务并查看端口信息:
[root@ACE3 ~]# /etc/init.d/named restart root@ACE3 ~]# netstat -anltp | grep named tcp 0 0 192.168.0.5:53 0.0.0.0:* LISTEN 6053/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6053/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6053/named tcp 0 0 ::1:953 :::* LISTEN 6053/named
修改各个主机的dns:
vim /etc/resolv.conf nameserver 192.168.0.5
ok!!!
二:正向解析
[root@ACE3 ~]# vim /etc/named.rfc1912.zones 添加 zone "example.com" IN { type master; file "example.com.zone"; allow-update { none; }; };
写zone文件
[root@ACE3 ~]# cd /var/named/chroot/var/named/ [root@ACE3 named]# cp named.localhost example.com.zone
先修改权限
[root@ACE3 named]# chmod 640 example.com.zone [root@ACE3 named]# chown root:named example.com.zone
修改文件:
[root@ACE3 named]# vim example.com.zone $TTL 1D @ IN SOA ACE3.example.com. root.example.com ( 0 1D 1H 1W 3H ) NS ACE3.example.com. ACE3.example.com. A 192.168.0.5 www A 192.168.0.6 bbs A 192.168.0.7 a.example.com. A 192.168.0.8 qq.example.com. A 192.168.0.9
注释:@代表你所创建的域“example.com” SOA之后为提供DNS服务的主机 之后为管理员
NS 指定DNS主机名
DNS主机的主机名 A IP(对应的A记录)
解析列表:
每串字符必须以“.”结尾,不以“.”结尾的话,
自动补齐“example.com”
不以“example.com”结尾的必须加“.”
IP后面不加“.”
ok!!!
测试:
[root@ACE1 ~]# dig ACE3.example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> ACE3.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23320 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ACE3.example.com. IN A ;; ANSWER SECTION: ACE3.example.com. 86400 IN A 192.168.0.5 ;; AUTHORITY SECTION: example.com. 86400 IN NS ACE3.example.com. ;; Query time: 49 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Aug 12 17:13:14 2014 ;; MSG SIZE rcvd: 64
添加别名:
[root@ACE3 named]# vim example.com.zone TTL 1D @ IN SOA ACE3.example.com. root.example.com ( 0 1D 1H 1W 3H ) NS ACE3.example.com. ACE3.example.com. A 192.168.0.5 zhangxc CNAME www www A 192.168.0.7 重启服务:/etc/init.d/named restart 测试: [root@ACE2 ~]# dig zhangxc.example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> zhangxc.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63558 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;zhangxc.example.com. IN A ;; ANSWER SECTION: zhangxc.example.com. 86400 IN CNAME www.example.com. www.example.com. 86400 IN A 192.168.0.7 ;; AUTHORITY SECTION: example.com. 86400 IN NS ACE3.example.com. ;; ADDITIONAL SECTION: ACE3.example.com. 86400 IN A 192.168.0.5 ;; Query time: 46 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Aug 12 17:17:47 2014 ;; MSG SIZE rcvd: 106
三:反向解析
[root@ACE3 named]# vi /etc/named.rfc1912.zones 添加 zone "0.168.192.in-addr.arpa" IN { type master; file "example.com.ptr"; allow-update { none; }; }; ...
添加文件example.com.ptr
[root@ACE3 named]# cd /var/named/chroot/var/named [root@ACE3 named]# cp named.empty example.com.ptr
修改其权限:
[root@ACE3 named]# chmod 640 example.com.ptr [root@ACE3 named]# chown root:named example.com.ptr
编辑example.com.ptr
[root@ACE3 named]# vim example.com.ptr $TTL 3H @ IN SOA ACE3.example.com. root ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ACE3.example.com ACE3.example.com A 127.0.0.1 123 PTR zhangxc.exampl.ecom. 192 PTR zhangxc1.exampl.com. AAAA ::1
注释:@代表“1.168.192” 注意每串字符结尾的“.” IP后面不加“.”
重启服务测试:
[root@ACE2 ~]# dig -x 192.168.0.192 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> -x 192.168.0.192 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7790 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;192.0.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 192.0.168.192.in-addr.arpa. 10800 IN PTR zhangxc1.exampl.com. ;; AUTHORITY SECTION: 0.168.192.in-addr.arpa. 10800 IN NS ACE3.example.com.0.168.192.in-addr.arpa. ;; ADDITIONAL SECTION: ACE3.example.com.0.168.192.in-addr.arpa. 10800 IN A 127.0.0.1 ;; Query time: 39 msec ;; SERVER: 192.168.0.5#53(192.168.0.5) ;; WHEN: Tue Aug 12 17:25:03 2014 ;; MSG SIZE rcvd: 124
ok!!!!!!!