Linux下的DNS服务
操作系统:Redhat5.8
软件安装:
#yum install bind bind-utils bind-chroot caching-nameserver
软件启动:
#/etc/init.d/named start
#chkconfig named on
软件配置:
1)ex:
#vim /var/named/chroot/etc/named.conf --> dns服务器主配置文件
options {
directory "/var/named";
};
zone "uplooking.com" {
type master;
file "uplooking.com.zone";
}; --> 正向解析
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.arpa";
}; --> 反向解析
zone "." IN {
type hint;
file "named.ca";
}; --> 根域
#vim /var/named/chroot/var/named/uplooking.com.zone
--> dns服务器正向解析区域配置文件
$TTL 86400
@IN SOA dns.uplooking.com. root.uplooking.com. (
201372301
3H
15M
1W
1D )
IN NS dns.uplooking.com.
dns.uplooking.com. IN A 192.168.1.100
server1.uplooking.com. IN A 192.168.1.101
ftp IN CNAME server1
mail IN CNAME server1
uplooking.com. IN MX 10 mail.uplooking.com
uplooking.com. IN MX 11 mail1.uplooking.com
server2.uplooking.com. IN A 192.168.1.102
server2.uplooking.com. IN A 192.168.1.103
server2.uplooking.com. IN A 192.168.1.104
*.uplooking.com. IN A 192.168.1.105
#vim /var/named/chroot/var/named/1.168.192.arpa
--> dns服务器反向解析区域配置文件
$TTL 86400
@IN SOAdns.uplooking.com. root.uplooking.com. (
201372301
3H
15M
1W
1D )
IN NS dns.uplooking.com.
111 IN PTR server11.uplooking.com.
112 IN PTR server12.uplooking.com.
1-1) 只缓存DNS服务器--> 完全转发
ex:
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
forward only;
--> 只使用forwarders DNS服务器做域名解析,查询不到则返回DNS客户端查询失败
forwarders { 192.168.1.110;192.168.1.112; };
--> 设置将DNS请求转发到哪个服务器,可以指定多个服务器IP地址
};
1-2)转发DNS服务器--> 完全转发
ex:
#vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
recursion yes;
--> 允许递归,转发服务器查询模式必须允许递归,否则无法正确完成转发
forward first;
--> 优先使用forwarders DNS服务器做域名解析,查询不到使用本地DNS服务器做域名解析
forwarders { 192.168.1.110;192.168.1.112; };
};
1-3) 访问未经授权的DNS域--> 部分转发
ex:
#vim /var/named/chroot/etc/named.conf
zone "b.com" IN {
type forward;
forward { IP; };--> IP为b.com域的DNS主机IP地址
}
2) 主从DNS服务器/主辅DNS服务器
ex:
主dns服务器
#vim /var/named/chroot/etc/named.conf --> 主dns服务器主配置文件
options {
directory "/var/named";
};
zone "uplooking.com" {
type master;
file "uplooking.com.zone";
--> 配置从DNS时需下面两行
notify yes;
allow-transfer { 192.168.1.104; };
}; --> 正向解析
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.arpa";
notify yes;
allow-transfer { 192.168.1.104; };
}; --> 反向解析
zone "." IN {
type hint;
file "named.ca";
}; --> 根域
#vim /var/named/chroot/var/named/uplooking.com.zone
--> 主dns服务器正向解析区域配置文件
$TTL 86400
@IN SOA dns.uplooking.com. root.uplooking.com. (
201372301
3H
15M
1W
1D )
IN NS dns.uplooking.com.
dns.uplooking.com. IN A 192.168.1.100
server1.uplooking.com. IN A 192.168.1.101
ftp IN CNAME server1
mail IN CNAME server1
uplooking.com. IN MX 10 mail.uplooking.com
uplooking.com. IN MX 11 mail1.uplooking.com
server2.uplooking.com. IN A 192.168.1.102
server2.uplooking.com. IN A 192.168.1.103
server2.uplooking.com. IN A 192.168.1.104
*.uplooking.com. IN A 192.168.1.105
#vim /var/named/chroot/var/named/1.168.192.arpa
--> 主dns服务器反向解析区域配置文件
$TTL 86400
@IN SOAdns.uplooking.com. root.uplooking.com. (
201372301
3H
15M
1W
1D )
IN NS dns.uplooking.com.
111 IN PTR server11.uplooking.com.
112 IN PTR server12.uplooking.com.
辅/从dns服务器
#vim /var/named/chroot/etc/named.conf
--> 辅/从dns服务器主配置文件(辅/从dns不需要区域配置文件)
options {
directory "/var/named";
};
zone "uplooking.com" {
type slave;
file "slave.uplooking.zone";
masters { 192.168.1.100; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "1.168.192.arpa";
masters { 192.168.1.100; };
};
zone "." IN {
type hint;
file "named.ca";
};