DNS服务器架设
这篇文档,是我根据一个视频教程作出来的笔记,上传的PDF则为这个视频的课件,想看看见不想看我这个的,可以下载就是了,但下面所写,均为我个人测试所得,有什么问题,尽管可以回帖
DNS概述
DNS安装
DNS常见名词
DNS配置文件详解
配置主要DNS服务
DNS案例详解
DNS域名系统简介
四部分组成
DNS域名空间
资源记录
DNS服务器
DNS客户端
DNS域名空间
根域-->顶极域-->子域-->主机
分成三个类型
组织域--地址域--反向域
DNS查询工作的原理
两部分组成
本地解析
查询DNS服务器
递归查询 (服务器与服务器交流)
迭代查询(流量会增大,服务器与客户端的交流)
hosts文件
/etc/hosts解析网络中的IP地址跟域名
DNS服务器bind及chroot的安装
比较注意的一个caching-nameserver很多文件已经配置好,比较方便,故此,需要装上
rpm -q bind查询是否安装
yum -y install bind-*
yum -y install caching-nameserver-*
rpm -ql caching-nameserver
/var/name/named.ca根服务器的配置文件
安装chroot软件包
原因
优点
危害减少
启动/停止/重启 DNS
DNS常见名词
区
资源记录
区文件
DNS缓存
正向解析
反向解析
DNS配置文件详解
/etc/named.conf
/var/named/named.ca
/var/named/localhost.zone
/var/named/name.local
/var/named/
资源记录
SOA资源记录
主配置文件named.conf
options{
directory "/var/named"; 指定工作目录
forwards {192.168.31.2} 指定查询的目标DNS服务器
allow-transfer -->辅助DNS的时候用到
};
type字段指定的区域类型
master:定义的是主域名服务器
slave:辅助域名服务器
hint:互联网中根域服务器
forward:
stub:
delegation-only
DNS服务器架设流程
建立named.conf
建立区域文件
重新加载配置文件使配置生效
配置主要名称服务器的概述
主配置文件
主配置文件
/etc/named.conf
设置根区域
zone "."{
type hint;
};
设置主区域
zone "example.com"{
type master;
};
设置反向解析区域
zone "16.168.192.in-addr.arpa"{
type master;
file "192.168.16.arpa";
};
根服务器信息文件named.ca
ftp下载复制到/var/named/chroot/var/named/目录下
正向区域文件
反向解析区域文件
/var/named/chroot/var/named/192.168.16.arpa
实现负载均衡功能
主要名称服务器的测试
1 测试前的准备
启动DNS服务
配置/etc/resolv.conf
2 使用nslookup程序测试
3 host [-t type] hostname [server][ip]
4 dig [-t type] hostname [server][ip]
最简单的服务器配置
host 51CTO提醒您,请勿滥发广告!
发现,超时
cd /var/named/chroot/
cd etc;ls
建立named.conf文件
options {
directory "/var/named";
};
zone "."{
type hint;
file "named.ca"
};
ls -l named.conf
默认是root用户组
host 51CTO提醒您,请勿滥发广告!
如果没有安装chroot的包的话,比需要把文件的权限更改掉
host ip
dig 51CTO提醒您,请勿滥发广告!
nslookup 51CTO提醒您,请勿滥发广告!
named-checkconf 检查区域文件
named-checkconf named.conf检查
named-checkconf named.ca /var/named/chroot/var/named/named.ca
配置辅助名称服务器
优点
提供容错能力
分担主服务器的负担
加快查询的速度
/etc/named.conf
配置缓存cache-only服务器
类似于代理服务器
options{
dirc
forward only;
forwarders{
ip;
};
};
案例
实例1】技术部所在域为“tech.org”,部门内有三台主机,主机名分别是 client1.tech.org,client2.tech.org,client3.tech.org。现要求DNS服务器dns.tech.org 可以解析3台主机名和IP地址的对应关系。
[root@localhost etc]# yum -y install bind-*
[root@localhost etc]# yum -y install caching-nameserver-*
[root@localhost /]# cd /var/named/chroot/etc/
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# vim named.conf
options{
directory "/var/named";
};
zone "."{
type hint;
file "named.ca"
};
zone "tech.org"{
type master;
file "tech.org.zone";
};
zone "141.16.172.in-addr.arpa"{
type master;
file "172.16.141.zone";
};
~
建立区域文件
[root@localhost etc]# cd ..
[root@localhost chroot]# ls
dev etc var
[root@localhost chroot]# cd var/named/
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# vim tech.org.zone
$TTL 86400
@ IN SOA dns.tech.org. root(
2011071300
3H
1H
0)
@ IN NS dns.tech.org.
dns IN A 172.16.141.132
client1 IN A 172.16.141.133
client2 IN A 172.16.141.134
client3 IN A 172.16.141.135
建立反向区域
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.tech.org. root.tech.org. (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.org.
132.141.16.172.in-addr.arpa. IN PTR dns.tech.org.
133 IN PTR client1.tech.org.
134 IN PTR client2.tech.org.
135 IN PTR client3.tech.org.
~
检查区域文件
[root@localhost named]# named-checkzone tech.org.zone /var/named/chroot/var/named/tech.org.zone
zone tech.org.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.141.zone /var/named/chroot/var/named/172.16.141.zone
/var/named/chroot/var/named/172.16.141.zone:9: ignoring out-of-zone data (132.141.16.172.in-addr.arpa)
zone 172.16.141.zone/IN: loaded serial 2011071300
OK
[root@localhost named]#
[root@localhost named]# service named start
Starting named: [ OK ]
[root@localhost named]# dig -t PTR 133.141.16.172.in-addr.arpa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -t PTR 133.141.16.172.in-addr.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;133.141.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
133.141.16.172.in-addr.arpa. 86400 IN PTR client1.tech.org.
;; AUTHORITY SECTION:
141.16.172.in-addr.arpa. 86400 IN NS dns.tech.org.
;; ADDITIONAL SECTION:
dns.tech.org. 86400 IN A 172.16.141.132
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 13 16:21:15 2011
;; MSG SIZE rcvd: 109
[root@localhost named]#
实例2】企业采用多个区域管理各部门网络,技术部属于“tech.boobooke”域,市场部属于“mart.boobooke”域,其他人员属于“freedom.boobooke”域。
技术部门共有100人,采用的IP地址为192.168.31.1-192.168.31.100。
市场部门共有100人,采用IP地址为192.168.32.1-192.168.32.100。
其他人员只有50人,采用IP地址为192.168.33.1-192.168.33.50。
现采用一台主机搭建DNS服务器,其IP地址为192.168.31.134,要求这台DNS服务器可以完成内网所有区域的正/反向解析,
并且所有员工均可以访问外网地址。
配置named.conf
options{
directory "/var/named";
};
zone "."{
type hint;
file "named.ca";
};
zone "tech.boobooke"{
type master;
file "tech.boobooke.zone";
};
zone "141.16.172.in-addr.arpa"{
type master;
file "172.16.141.zone";
};
zone "mark.boobooke"{
type master;
file "mark.boobooke.zone";
};
zone "142.16.172.in-addr.arpa"{
type master;
file "172.16.142.zone";
};
zone "freedom.boobooke"{
type master;
file "freedom.boobooke.zone";
};
zone "143.16.172.in-addr.arpa"{
type master;
file "172.16.143.zone";
};
[root@localhost named]# mv tech.org.zone tech.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone mark.boobooke.zone
[root@localhost named]# cp tech.boobooke.zone freedom.boobooke.zone
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
[root@localhost named]# cp 172.16.141.zone 172.16.143.zone
[root@localhost named]# vim tech.boobooke.zone
$TTL 86400
@ IN SOA dns.tech.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.141.1
client2 IN A 172.16.141.2
client3 IN A 172.16.141.3
client100 IN A 172.16.141.100
[root@localhost named]# vim mark.boobooke.zone
$TTL 86400
@ IN SOA dns.mark.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.mark.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.142.1
client2 IN A 172.16.142.2
client3 IN A 172.16.142.3
client100 IN A 172.16.142.100
[root@localhost named]# vim freedom.boobooke.zone
$TTL 86400
@ IN SOA dns.freedom.boobooke. root (
2011071300
3H
1H
1W
0)
@ IN NS dns.freedom.boobooke.
dns IN A 172.16.141.132
client1 IN A 172.16.143.1
client2 IN A 172.16.143.2
client3 IN A 172.16.143.3
client50 IN A 172.16.143.50
然后编辑反向区域
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.tech.boobooke. root.tech.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.tech.boobooke.
132 IN PTR dns.tech.boobooke.
1 IN PTR client1.tech.boobooke.
2 IN PTR client2.tech.boobooke.
3 IN PTR client3.tech.boobooke.
100 IN PTR client100.tech.boobooke.
[root@localhost named]# cp 172.16.141.zone 172.16.142.zone
cp: overwrite `172.16.142.zone'? y
[root@localhost named]# cp 172.16.141.zone 172.16.143.zone
cp: overwrite `172.16.143.zone'? y
[root@localhost named]# vim 172.16.142.zone
$TTL 86400
@ IN SOA dns.mark.boobooke. root.mark.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.mark.boobooke.
132 IN PTR dns.mark.boobooke.
1 IN PTR client1.mark.boobooke.
2 IN PTR client2.mark.boobooke.
3 IN PTR client3.mark.boobooke.
100 IN PTR client100.mark.boobooke.
[root@localhost named]# vim 172.16.143.zone
$TTL 86400
@ IN SOA dns.freedom.boobooke. root.freedom.boobooke. (
2011071300
3H
1H
1W
0)
@ IN NS dns.freedom.boobooke.
132 IN PTR dns.freedom.boobooke.
1 IN PTR client1.freedom.boobooke.
2 IN PTR client2.freedom.boobooke.
3 IN PTR client3.freedom.boobooke.
50 IN PTR client50.freedom.boobooke.
[root@localhost named]# named-checkconf /var/named/chroot/etc/named.conf
[root@localhost named]# named-checkzone 172.16.141.zone /var/named/chroot/var/named/172.16.141.zone
zone 172.16.141.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.142.zone /var/named/chroot/var/named/172.16.142.zone
zone 172.16.142.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone 172.16.143.zone /var/named/chroot/var/named/172.16.143.zone
zone 172.16.143.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone tech.boobooke.zone /var/named/chroot/var/named/tech.boobooke.zone
zone tech.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone mark.boobooke.zone /var/named/chroot/var/named/mart.boobooke.zone
zone mart.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# named-checkzone freedom.boobooke.zone /var/named/chroot/var/named/freedom.boobooke.zone
zone freedom.boobooke.zone/IN: loaded serial 2011071300
OK
[root@localhost named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@localhost named]#
[root@localhost named]# host client1.tech.boobooke
client1.tech.boobooke has address 172.16.141.1
[root@localhost named]# host client1.mark.boobooke
client1.mark.boobooke has address 172.16.142.1
[root@localhost named]# host client1.freedom.boobooke
client1.freedom.boobooke has address 172.16.143.1
[root@localhost named]#
[root@localhost named]# host 172.16.141.100
100.141.16.172.in-addr.arpa domain name pointer client100.tech.boobooke.
[root@localhost named]# host 172.16.142.100
100.142.16.172.in-addr.arpa domain name pointer client100.mark.boobooke.
[root@localhost named]# host 172.16.143.100
Host 100.143.16.172.in-addr.arpa. not found: 3(NXDOMAIN)
[root@localhost named]# host 172.16.143.50
50.143.16.172.in-addr.arpa domain name pointer client50.freedom.boobooke.
[root@localhost named]#
【实例3】安装基于chroot的DNS服务器,并将其配置成缓存Cache-only服务器,然后将客户机的查询转发到202.100.138.68和202.100.128.68的DNS服务器上。
配置named.conf文件
删除所有文件的内容,建立缓存服务器
options{
directory "/var/named";
forwarders {
202.100.138.68;
202.100.128.68;};
forward only;
};
重启服务
[root@localhost etc]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 220.181.111.148
www.a.shifen.com has address 220.181.112.143
【实例4】安装基于chroot的DNS服务器,并根据以下要求配置主要名称服务器。
(1)定义服务器的版本信息为“9.3.4”。
(2)设置根区域,以便DNS服务器在本地区域文件不能进行查询的解析时,能转到根DNS服务器查询。
(3)建立xyz.org主区域,设置允许区域复制的辅域名服务器的地址为192.168.31.134。
(4)建立以下A资源记录。
dns.xyz.org. IN A 192.168.31.1
www.xyz.org. IN A 192.168.31.2
mail.xyz.org. IN A 192.168.31.3
(5)建立以下别名CNAME资源记录。
bbs IN CNAME www
(6)建立以下邮件交换器MX资源记录
Xyz.org. IN MX 10 mail.xyz.org.
(7)建立反向解析区域31.168.192.in-addr.arpa,并为以上A资源记录建立对应的指针PTR资源记录。
[root@localhost etc]# vim named.conf
options{
directory "/var/named";
version "9.3.4";
allow-transfer {172.16.141.139;};
};
zone "." {
type hint;
file "named.ca";
};
zone "xyz.org" {
type master;
file "xyz.org.zone";
};
zone "141.16.172.in-addr.arpa" {
type master;
file "172.16.141.zone";
};
[root@localhost named]# vim xyz.org.zone
$TTL 86400
@ IN SOA dns.xyz.org. root (
2011071400;
3H;
1H;
1W
1D)
@ IN NS dns
dns IN A 172.16.141.1
www IN A 172.16.141.2
mail IN A 172.16.141.3
bbs IN CNAME www
xyz.org. IN MX 10 mail.xyz.org.
[root@localhost named]# vim 172.16.141.zone
$TTL 86400
@ IN SOA dns.xyz.org. root (
2011071400
3H
1H
1W
1D)
@ IN NS dns.xyz.org.
1 IN PTR dns.xyz.org.
2 IN PTR www.xyz.org.
3 IN PTR mail.xyz.org.
配置好之后,一定要留意/etc/resolve.conf中,
; generated by /sbin/dhclient-script
search localdomain
nameserver 127.0.0.1
nameserver一定要是本地的回环地址,不然会错误
实例5】安装基于chroot的DNS服务器,并根据以下要求配置辅助名称服务器。
(1)建立xyz.org从区域,设置主要名称服务器的地址为192.168.31.132。
(2)建立反向解析从区域31.168.192.in-addr.arpa,设置主要名称服务器的地址为192.168.31.132。
辅助域名服务器的配置
[root@localhost yum.repos.d]# yum -y install bind-*
[root@localhost yum.repos.d]# yum -y install caching-nameserver-*
设置主配置文件
options {
directory "/var/named";
};
zone "xyz.org" {
type slave;
masters { 172.16.141.132; };
file "slaves/xyz.org.zone";
};
zone "141.16.172.in-addr.arpa" {
type slave;
masters { 172.16.141.132; };
file "slaves/172.16.141.zone";
};
去到/var/named/slaves 中,此时
[root@localhost slaves]# ls
没有文件
[root@localhost slaves]# service named start
Starting named: [ OK ]
[root@localhost slaves]# ls
172.16.141.zone xyz.org.zone
[root@localhost slaves]#
重启服务即可看到
[root@localhost slaves]# host dns.xyz.org
;; connection timed out; no servers could be reached
发现,解析不了,因为我们需要修改DNS
[root@localhost slaves]# vim /etc/resolv.conf
nameserver 127.0.0.1
[root@localhost slaves]# host dns.xyz.org
dns.xyz.org has address 172.16.141.1
即可实现