DNS服务器配置小结(参考私房菜,马哥视频)
-
DNS原理方面的东西就不介绍了,具体的可以看私房菜的DNS服务器部分,讲的很好。主要跟着私房菜的思路在虚拟机中重新实践下了吧
a)需要注意一下几个重要的文件
- /etc/named.conf主配置文件,有区域的定义,一定要记住
- /var/named/这个文件夹下存放区域数据文件
- /etc/rc.d/init.d/named命令可以使用reload,start,restart,stop
- /var/log/messages登录日志信息
b)几个检查是否有语法错误的命令named-checkconf;named-checkzone;
c)区域的定义
zone "ZONE NAME" IN {
type {master|slave|hint|forward};
}
如果是主、从区域需要添加file " ,从区域还需要些masters{ip;};"
eg:定义根
zone "." IN {
type hint;
file "named.ca";
};
-
配置缓存DNS服务器(带转发功能)
思路:通常安装完bind(centos6.4自带bind),所以如果只是配置缓存DNS服务器,那么已经具备基本条件了。需要修改/etc/named.conf主配置文件。
第一步:编辑主配置文件/etc/named.conf
[root@www ~]# cp /etc/named.conf /etc/named.conf.bak
[root@www etc]# vim /etc/named.conf
options {
directory "/var/named/";//指明区域文件放置的位置
//其他不写
};//分号结尾
//下面进行区域定义
//根域定义
zone "." IN {
type hint;//根域类型为hint
file "named.ca";
};
//定义本地正向解析
zone "localhost" IN{
type master;
file "named.localhost";
};
//定义本地反向解析
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
[root@www etc]# named-checkconf 检查是否有语法错误
[root@www etc]# service named start
启动服务并尝试解析
[root@www etc]# dig www.baidu.com @127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> www.baidu.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50070
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com.INA
;; ANSWER SECTION:
www.baidu.com.120INA111.13.100.91
//第一次啥也不知道,所以会向根服务器请求查询,这里是递归
;; AUTHORITY SECTION:
.401183INNSk.root-servers.net.
.401183INNSc.root-servers.net.
.401183INNSb.root-servers.net.
.401183INNSe.root-servers.net.
.401183INNSf.root-servers.net.
.401183INNSm.root-servers.net.
.401183INNSa.root-servers.net.
.401183INNSi.root-servers.net.
.401183INNSd.root-servers.net.
.401183INNSj.root-servers.net.
.401183INNSh.root-servers.net.
.401183INNSl.root-servers.net.
.401183INNSg.root-servers.net.
;; Query time: 19 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 24 05:45:54 2015
;; MSG SIZE rcvd: 258
-
设置正向解析区域liuliancao.com
在/etc/named.conf后面添加
//添加liuliancao.com这个正向域的说明
zone "liuliancao.com" IN {
type master;
file"named.liuliancao.com";
};
在/var/named/目录下编辑named.liuliancao.com区域数据文件
[root@www etc]# vim /var/named/named.liuliancao.com注释用;;双分号
检查是否有错误
named-checkzone "域名" 区域文件
[root@www etc]# named-checkzone "liuliancao.com" /var/named/named.liuliancao.com
zone liuliancao.com/IN: loaded serial 2015052601
OK
[root@www etc]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
使用dig t NS|A|MX 域名测试是否成功设置
[root@www etc]# dig -t A www.liuliancao.com查询某个主机的ip,注意对应的关系
解析正常,此处省略
[root@www etc]# dig -t MX liuliancao.com查询liuliancao.com这个区域内的MX记录
解析正常,此处省略
其他不再演示,主要可以熟悉下dig命令吧
-
配置反向域解析
在/etc/named.conf后面添加
zone "177.168.192.in-addr.arpa" IN {
type master;
file "named.177.168.192.in-addr-arpa"; &&
|;
[root@www ~]# vim /var/named/named.177.168.192.in-addr.arpa
检查一下是否有问题
[root@www etc]# named-checkzone "named.177.168.192.in-addr.arpa" /var/named/named.177.168.192.in-addr.arpa
zone named.177.168.192.in-addr.arpa/IN: loaded serial 2015052601
OK
[root@www etc]# service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone localhost/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone liuliancao.com/IN: loaded serial 2015052601
zone 177.168.192.in-addr.arpa/IN: loading from master file named.177.168.192.in-addr-arpa failed: file not found
zone 177.168.192.in-addr.arpa/IN: not loaded due to errors.
_default/177.168.192.in-addr.arpa/IN: file not found
[FAILED]
发现文件名写错了&&标记处,抱歉
[root@www etc]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
使用dig x ip反向解析
[root@www etc]# dig -x 192.168.177.135
解析正常,此处省略
而此时在client端
[root@localhost ~]# dig -x 192.168.177.130
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -x 192.168.177.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1942
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;130.177.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
130.177.168.192.in-addr.arpa. 600 INPTRns1.liuliancao.com.
130.177.168.192.in-addr.arpa. 600 INPTRwww.liuliancao.com.
;; AUTHORITY SECTION:
177.168.192.in-addr.arpa. 600INNSns1.liuliancao.com.
;; ADDITIONAL SECTION:
ns1.liuliancao.com.600INA192.168.177.130
;; Query time: 3 msec
;; SERVER: 192.168.177.130#53(192.168.177.130)
;; WHEN: Wed May 13 18:23:18 2015
;; MSG SIZE rcvd: 126
泛域名解析
在ZONE记录文件中增加A记录
;;定义泛域名
* IN A 192.168.177.130
而且要注意修改一下序列号,这样从服务器才会更新
指定递归的服务范围,注意修改一下序列号,这样从服务器才会更新,修改不再截图
修改/etc/named.conf中的option中allow-recursion{};
options {
directory "/var/named";//指明区域文件放置的位置
allow-recursion{192.168.177.0/24;127.0.0.1;};//只给本局域网的用户递归
};//分号结尾
指定传送请求
修改/etc/named.conf中的zone中的allow-transfer{};
0人了这篇文章 类别:未分类┆阅读( 0)┆评论( 0) ┆ 返回博主首页┆ 返回博客首页上一篇 DNS相关原理 下一篇 shell学习之select循环