rehhat5.5搭建各种dns服务器（3）

配置slave从服务器：

 

1.配置主配置文件

 

[root@Dns_slave etc]# cd  /var/named/chroot/etc

[root@Dns_slave etc]# ls

localtime  named.caching-nameserver.conf  named.rfc1912.zones  rndc.key

[root@Dns_slave etc]# vi  named.caching-nameserver.conf

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

 

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

 

        allow-query     { any; };

        allow-query-cache { any; };

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

 

acl cnc {192.168.1.0/24;};

acl tel {192.168.0.0/24;};

 

 

key "tel" {

        algorithm hmac-md5;

        secret " AO/jVw8Moo1USyH6dnyoFw==";

};

 

key "cnc" {

        algorithm hmac-md5;

        secret " GMhJe7tTV14A1LUyIHtErg==";

};

 

 

view "tel" {

        match-clients { key "tel";tel; };

        server 192.168.1.100 { keys "tel"; };

 

        zone "Skylinux.com" {

                type slave;

                file "slaves/tel.Skylinux.com.zone";

                masters {192.168.1.100;};

        };

 

};

 

view "cnc" {

        match-clients { key "cnc"; cnc;};

        server 192.168.1.100 { keys "cnc"; };

 

        zone "Skylinux.com" {

                type slave;

                file "slaves/cnc.Skylinux.com.zone";

                masters {192.168.1.100;};

        };

 

 

};

[root@Dns_slave etc]#

 

 

重启主从两台服务器

 

 

主重启

[root@Dns_master named]# service named restart

停止 named：                                               [确定]

启动 named：                                               [确定]

[root@Dns_master named]#

 

从重启

[root@Dns_slave etc]# cd ../var/named/slaves/

[root@Dns_slave slaves]# ls

cnc.Skylinux.com.zone  tel.Skylinux.com.zone

[root@Dns_slave slaves]# rm -rf *

[root@Dns_slave slaves]# ls

[root@Dns_slave slaves]# service named restart

停止 named：                                               [确定]

启动 named：                                               [确定]

[root@Dns_slave slaves]# ls

cnc.Skylinux.com.zone  tel.Skylinux.com.zone

[root@Dns_slave slaves]# pwd

/var/named/chroot/var/named/slaves

[root@Dns_slave slaves]#

 

简单测试：

 

在Master上设置nameserver 是192.168.1.100

 

[root@Dns_master named]# dig [email protected]

 

; <<>> dig 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> [email protected]

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21649

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www.Skylinux.com.          IN      A

 

;; ANSWER SECTION:

www.Skylinux.com.   86400   IN      A       192.168.1.100

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.1.100#53(192.168.1.100)

;; WHEN: Wed Sep  7 09:15:37 2011

;; MSG SIZE  rcvd: 72

====================

[root@Dns_master named]# dig [email protected]

 

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> ftp.Skylinux.com @192.168.1.100

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19894

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;ftp.Skylinux.com.          IN      A

 

;; ANSWER SECTION:

ftp.Skylinux.com.   86400   IN      A       192.168.1.102

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.1.100#53(192.168.1.100)

;; WHEN: Wed Sep  7 09:15:49 2011

;; MSG SIZE  rcvd: 72

==========================

[root@Dns_master named]# dig [email protected]

 

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www2.Skylinux.com @192.168.0.100

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29504

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www2.Skylinux.com.         IN      A

 

;; ANSWER SECTION:

www2.Skylinux.com.  86400   IN      A       192.168.0.103

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.0.100#53(192.168.0.100)

;; WHEN: Wed Sep  7 09:17:57 2011

;; MSG SIZE  rcvd: 73

 

到这里我们完成了view+TSIG+主从DNS服务器

============================================================================

第五阶段

项目内容：搭建cache缓冲服务器，当客户端发出请求时将请求发给指定的Dns服务器上做解析，并返回给客户端

 

项目目的：模拟Internet中的缓冲服务器的原理。Internet上的客户端并不知道真正的Dns服务器在哪，那么就又整个缓冲服务器去帮我们查询，并返回结果。

下面的实验：

我们假定1.102是北京的服务器，202.106.0.20，当北京的用户将nameserver，设置成它的时候，就会去给这台服务器发请求，从而得到解析

 

我们假定0.102是长沙的服务器，202.103.96.112，当长沙的用户将nameserver，设置成他的时候，就会去给这台服务器发请求，从而得到解析

 

项目环境：

第四阶段的整个环境

DNS Cache服务器：192.168.1.102/24  和  192.168.0.102/24 两个IP地址互相切换

 

 

步骤：

 

1、以缓冲服务器IP是192.168.1.102

 

1）在缓冲服务器上安装必要软件

[root@Dns_cache ~]# yum install bind bind-chroot caching-nameserver

1）  配置

[root@Dns_cache etc]# vi named.caching-nameserver.conf

#在主配置文件中修改options字段中的内容

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

        allow-query     { any; };

        allow-query-cache { any; };

        forward only;

        forwarders {

                192.168.1.100;

        };

};

 

 

测试：

 

192.168.1.0/24网段的客户端测试

 

将nameserver修改成缓冲服务器的IP地址

[root@Dns_cache etc]# vi /etc/resolv.conf

[root@Dns_cache etc]# cat /etc/resolv.conf

nameserver 192.168.1.102

[root@Dns_cache etc]#

 

Host命令测试解析结果

[root@Dns_cache etc]# host www.Skylinux.com

www.Skylinux.com has address 192.168.1.100

[root@Dns_cache etc]# host ftp.Skylinux.com

ftp.Skylinux.com has address 192.168.1.102

[root@Dns_cache etc]#

 

 

 

切换缓冲服务器的地址是192.168.0.102

 

修改主配置文件

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

        allow-query     { any; };

        allow-query-cache { any; };

        forward only;

        forwarders {

                192.168.0.100;

        };

};

 

缓冲服务器 重启服务

[root@Dns_cache etc]# service named restart

停止 named：                                               [确定]

启动 named：                                               [确定]

[root@Dns_cache etc]#

测试：

 

192.168.0.0/24网段的客户机测试

 

将nameserver修改成缓冲服务器的IP地址

[root@Dns_cache etc]# vi /etc/resolv.conf

[root@Dns_cache etc]# cat /etc/resolv.conf

nameserver 192.168.0.102

[root@Dns_cache etc]#

 

Host命令测试解析结果

[root@Dns_cache etc]# host www.Skylinux.com

www.Skylinux.com has address 192.168.0.100

 

[root@Dns_cache etc]# host www2.Skylinux.com

www2.Skylinux.com has address 192.168.0.103