DNS服务器之主从服务搭建

问题描述：

公司注册了DNS区域sankel.com，准备使用两台RHEL5服务器构建主、从域名系统，其中任何一台都能够解析sankel.com域内的主机地址。

1．主DNS服务器：svr5.sankel.com，192.168.4.5

2．从DNS服务器：svr6.sankel.com，192.168.4.6

3．负责解析以下站点：

网站：www.sankel.com  192.168.4.100

邮件：mail.sankel.com  192.168.4.25

FTP：是www的别名

4．为*.sankel.com提供泛域名解析：192.168.4.100

搭建过程

[一]主DNS服务器

1，配置主DNS服务器ip地址，查看有关软件是否安装

[root@localhost ~]# vim/etc/sysconfig/network-scripts/ifcfg-eth0

# Intel Corporation 82545EM Gigabit EthernetController (Copper)

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29:AE:8A:FF

ONBOOT=yes

IPADDR=192.168.4.5

NETMASK=255.255.255.0

~                        

[root@localhost ~]# servicenetwork restart

Shutting down interface eth0:                              [  OK  ]

Shutting down loopback interface:                          [  OK  ]

Bringing up loopback interface:                            [  OK  ]

Bringing up interface eth0:                                [ OK  ]

[root@localhost ~]# rpm -qibind bind-chroot caching-nameserve

package bind is not installed

package bind-chroot is not installed

package caching-nameserve is not installed

2，挂载光盘安装相关软件

[root@localhost~]# cd /misc/cd/Server/

[root@localhostServer]# rpm -ivh

bind-9.3.6-20.P1.el5_8.5.x86_64.rpmbind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm

3，编辑主DNS服务器的主配置文件

编辑named.conf

[root@localhost ~]# cd /var/named/chroot/etc/……主配置文件路径

[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf……cp -p 保证文件属                          性不变

[root@localhost etc]# vim named.conf

options {

      listen-on port 53 { 192.168.4.5; };

……………

allow-query    { any; };

      allow-query-cache { any; };

};

logging {

       channeldefault_debug {

              file "data/named.run";

              severity dynamic;

       };

};

view localhost_resolver {

      match-clients      { any; };

      match-destinations { any; };

      recursion yes;

编辑named.rfc1912.zones

zone "sankel.com" IN {

       typemaster;

       file"sankel.com.zone";

};

zone "4.168.192.in-addr.arpa" IN {

       typemaster;

       file"192.168.4.arpa";

};

-- INSERT --                                                 58,22-29      Bot

4，检查以上配置语法的正确性

[root@localhost etc]# named-checkconf named.conf

[root@localhost etc]# named-checkconfnamed.rfc1912.zones

5，配置区域文件

[root@localhost ~]# cd /var/named/chroot/var/named……区域配置文件路径

[root@localhostnamed]# cp -p named.local sankel.com.zone……cp �Cp 保证文件属性不变

[root@localhostnamed]# vim sankel.com.zone

$TTL    86400

@       IN      SOA    sankel.com. root.sankel.com.  (

                                    2014030301 ; Serial

                                    28800      ; Refresh

                                    14400      ; Retry

                                    3600000    ; Expire

                                     86400)    ; Minimum

IN      NS      svr5.sankel.com.

          IN      NS     svr6.sankel.com.

svr5         IN     A     192.168.4.5……主服务器正向解析

svr6         IN     A     192.168.4.6…….从服务器正向解析

www          IN     A     192.168.4.100

mail         IN     A     192.168.4.25

ftp          IN   CNAME   www

*            IN     A     192.168.4.100  

[root@localhost named]# cp -p named.local192.168.4.arpa

[root@localhost named]# vim 192.168.4.arpa

$TTL    86400

@       IN      SOA    sankel.com. root.sankel.com.  (

                                    2014030301 ; Serial

                                    28800      ; Refresh

                                    14400      ; Retry

                                    3600000    ; Expire

                                     86400)    ; Minimum

IN      NS     svr5.sankel.com.

      IN     NS      svr6.sankel.com.

5       IN     PTR     svr5.sankel.com…….主服务器反向解析

6       IN     PTR     svr5.sankel.com…….从服务器反向解析

100     IN     PTR     www.sankel.com.

25      IN     PTR     mail.sankel.com.

100     IN     PTR     ftp.sankel.com.

6，检查区域文件配置语法的正确性

[root@localhost named]# named-checkzone sankel.comsankel.com.zone

zone sankel.com/IN: loaded serial 2014030301

OK

[root@localhost named]# named-checkzone sankel.com192.168.4.arpa

zone sankel.com/IN: loaded serial 2014030301

OK

7，启动服务并设置开机自动开启

[root@localhost ~]# service named restart

Stopping named:                                           [  OK  ]

Starting named:                                             [  OK  ]

[root@localhost ~]# chkconfig named on

8，验证

[root@localhost ~]# vim/etc/resolv.conf

search sankel.com

nameserver192.168.4.5

[root@localhost ~]# host 192.168.4.5

5.4.168.192.in-addr.arpa domain name pointersvr5.sankel.com.

[root@localhost ~]# host www.sankel.com

www.sankel.com has address 192.168.4.100

[root@localhost ~]# host mail.sankel.com

mail.sankel.com has address 192.168.4.25

[root@localhost ~]# host aer.sankel.com

aer.sankel.com has address 192.168.4.100

[二]从DNS服务器

1，在从DNS服务器上安装相应软件

[root@localhost~]# cd /misc/cd/Server/

[root@localhostServer]# rpm -ivh

bind-9.3.6-20.P1.el5_8.5.x86_64.rpmbind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm

2，编辑主配置文件

编辑named.conf

[root@localhost ~]# cd /var/named/chroot/etc/……主配置文件路径

[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf……cp -p 保证文件属性不变

[root@localhost etc]# vim named.conf

options {

      listen-on port 53 { 192.168.4.6; };

……………

allow-query    { any; };

      allow-query-cache { any; };

};

logging {

       channeldefault_debug {

              file "data/named.run";

              severity dynamic;

       };

};

view localhost_resolver {

      match-clients      { any; };

      match-destinations { any; };

      recursion yes;

编辑named.rfc1912.zones

[root@localhostetc]# vim named.rfc1912.zones

zone"sankel.com" IN {

type slave;

       file"slaves/sankel.com.zone";

       masters { 192.168.4.5; };

};

zone"4.168.192.in-addr.arpa" IN {

type slave;

        file "slaves/192.168.4.arpa";

        masters { 192.168.4.5; };

};

3，检查配置语法的正确性

[root@localhost etc]# named-checkconf named.conf

[root@localhost etc]# named-checkconfnamed.rfc1912.zones

4，在主DNS服务器上授权可以下载区域文件的主机，并重启服务

[root@localhost etc]# vimnamed.conf

options {

      listen-on port 53 { 192.168.4.5; };

      listen-on-v6 port 53 { ::1; };

      directory      "/var/named";

      dump-file      "/var/named/data/cache_dump.db";

      statistics-file "/var/named/data/named_stats.txt";

      memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-transfer {192.168.4.6; };……追加一条授权指令

[root@localhost ~]# service named restart

Stopping named:                                           [  OK  ]

Starting named:                                             [ OK  ]

4，验证：在从服务器上启动DNS服务

[root@localhost named]# cd slaves/

[root@localhost slaves]# ls

[root@localhost slaves]# ……没有文件

[root@localhost etc]# servicenamed restart

Stopping named:                                           [  OK  ]

Starting named:                                             [ OK  ]

[root@localhost slaves]# ls

192.168.4.arpa  sankel.com.zone……下载到区域文件

5，在主DNS服务器上查看下载日志

[root@localhost etc]# tail -f/var/log/messages

Mar  3 20:35:07localhost named[13147]: client 192.168.4.6#49561: view localhost_resolver:transfer of '4.168.192.in-addr.arpa/IN': AXFR started

Mar  3 20:35:07localhost named[13147]: client 192.168.4.6#49561: view localhost_resolver:transfer of '4.168.192.in-addr.arpa/IN': AXFR ended

Mar  3 20:35:07localhost named[13147]: client 192.168.4.6#17228: view localhost_resolver:received notify for zone '4.168.192.in-addr.arpa'

Mar  3 20:37:36localhost named[13147]: client 192.168.4.6#53969: view localhost_resolver:received notify for zone 'sankel.com'

Mar  3 20:37:36localhost named[13147]: client 192.168.4.6#2572:view localhost_resolver: received notify for zone '4.168.192.in-addr.arpa'