dns服务器CentOS6.4搭建
dns原理
DNS 是域名系统 (Domain Name System) 的缩写,该系统用于命名组织到域层次结构中的计算机和网络服务。在Internet上域名与IP地址之间是一一对应的,域名虽然便于人们记忆,但机器之间只能互相认识IP地址,它们之间的转换工作称为域名解析,域名解析需要由专门的域名解析服务器来完成,DNS就是进行域名解析的服务器。 DNS 命名用于 Internet 等 TCP/IP 网络中,通过用户友好的名称查找计算机和服务。当用户在应用程序中输入 DNS 名称时,DNS 服务可以将此名称解析为与之相关的其他信息,如 IP 地址。因为,你在上网时输入的网址,是通过域名解析系统解析找到了相对应的IP地址,这样才能上网。其实,域名的最终指向是IP
例1、单台dns服务器搭建
1】在CentOS 6.4 环境下安装dns服务器需要安装bind 和bind-chroot
[root@localhost ~]# yum install bind bind-utils bind-chroot
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
* c6-media:
file:///media/CentOS/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/CentOS/repodata/repomd.xml
Trying other mirror.
file:///media/cdrecorder/repodata/repomd.xml: [Errno 14] Could not open/read file:///media/cdrecorder/repodata/repomd.xml
Trying other mirror.
c6-media | 4.0 kB 00:00 ...
Setting up Install Process
Package 32:bind-utils-9.8.2-0.17.rc1.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
---> Package bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================
Package Arch Version Repository Size
======================================================================
Installing:
bind x86_64 32:9.8.2-0.17.rc1.el6 c6-media 4.0 M
bind-chroot x86_64 32:9.8.2-0.17.rc1.el6 c6-media 70 k
Transaction Summary
======================================================================
Install 2 Package(s)
Total download size: 4.0 M
Installed size: 7.2 M
Is this ok [y/N]: y
Downloading Packages:
----------------------------------------------------------------------
Total 83 MB/s | 4.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 32:bind-9.8.2-0.17.rc1.el6.x86_64 1/2
Installing : 32:bind-chroot-9.8.2-0.17.rc1.el6.x86_64 2/2
Verifying : 32:bind-chroot-9.8.2-0.17.rc1.el6.x86_64 1/2
Verifying : 32:bind-9.8.2-0.17.rc1.el6.x86_64 2/2
Installed:
bind.x86_64 32:9.8.2-0.17.rc1.el6
bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6
Complete!
2】进入终端生成nadc.key文件并重启named服务
这一步会生成dns需要的各种文件
进入/var/named/chroot/etc修改rndc.key所属组和权限
[root@localhost chroot]#cd etc
[root@localhost etc]# chgrp named rndc.key
[root@localhost etc]# chmod g+r rndc.key
查看53端口信息
[root@localhost chroot]# netstat -tupln |grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3171/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3171/named
tcp 0 0 ::1:53 :::* LISTEN 3171/named
tcp 0 0 ::1:953 :::* LISTEN 3171/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 3171/named
udp 0 0 ::1:53 :::* 3171/named
3】修改dns服务器配置文件
1、进入/var/named/chroot/etc目录这是dns服务器的配置文件
[root@localhost ~]# cd /var/named/chroot/etc
修改猪配置文件named.conf
[root@localhost etc]# vim named.conf
10 options {
11 listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
18 recursion yes;
19
20 dnssec-enable yes;
21 dnssec-validation yes;
22 dnssec-lookaside auto;
23
24 /* Path to ISC DLV key */
25 bindkeys-file "/etc/named.iscdlv.key";
26
27 managed-keys-directory "/var/named/dynamic";
28 };
2、修改区域声明文件named.rfc1912.zones
[root@localhost etc]# vim named.rfc1912.zones
拷贝19-23行修改为
25 zone "a.com" IN { 26 type master;
27 file "a.com.zone";
28 allow-update { none; };
29 };
3、进入/var/named/chroot/var/named/目录创建a.com.zone
[root@localhost etc]# cd ../var/named
[root@localhost named]# cp -p named.localhost a.com.zone
修改a.com.zone
[root@localhost named]# vim a.com.zone
1 $TTL 1D
2 @ IN SOA ns.a.com. rname.invalid. (
3 1 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 @ IN NS ns.a.com.
9 ns IN A 192.168.3.122
10 www IN A 1.1.1.1
4、为了便于测试把自己看作客户端,修改/etc/resolv.conf
[root@localhost named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.122
[root@localhost named]# rndc reload
server reload successful
5、进行域名解析
[root@localhost named]# dig www.a.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> www.a.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29186
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.a.com.INA
;; ANSWER SECTION:
www.a.com.86400INA1.1.1.1
;; AUTHORITY SECTION:
a.com.86400INNSns.a.com.
;; ADDITIONAL SECTION:
ns.a.com.86400INA192.168.3.122
;; Query time: 1 msec
;; SERVER: 192.168.3.122#53(192.168.3.122)
;; WHEN: Tue May 6 10:03:33 2014
;; MSG SIZE rcvd: 78
好了dns服务器搭建好了
例2、dns服务器主辅同步
主服务器配置同例1
辅助dns服务器配置只需将例1的第3】步中的
2修改为
25 zone "a.com" IN {
26 type slave;
27 masters { 192.168.3.120; };
28 file "slave/a.com.zone";
29 };
3、进入/var/named/chroot/var/named/目录创建a.com.zone
[root@localhost etc]# cd ../var/named
[root@localhost named]# cp -p named.localhost slaves/a.com.zone
修改a.com.zone
[root@localhost slaves]# vim a.com.zone
1 $TTL 1D
2 @ IN SOA ns.a.com. rname.invalid. (
3 1 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 @ IN NS ns.a.com.
9 ns IN A 192.168.3.122
10 www IN A 1.1.1.1
4、为了便于测试把自己看作客户端,修改/etc/resolv.conf
[root@localhost named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.3.122
[root@localhost named]# rndc reload
server reload successful
在dns主服务器上添加mail 3.3.3.3
[root@localhost chroot]# vim var/named/a.com.zone
$TTL 1D
@ IN SOA ns.a.com. name.invalid. (
9 ; serial
1M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.a.com.
ns IN A 192.168.3.122
www IN A 1.1.1.1
ftp IN A 2.2.2.2
mail IN A 3.3.3.3
[root@localhost chroot]# rndc reload
5、进行域名解析
[root@localhost chroot]# dig mail.a.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> mail.a.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.a.com.INA
;; ANSWER SECTION:
mail.a.com.86400INA3.3.3.3
;; AUTHORITY SECTION:
a.com.86400INNSns.a.com.
;; ADDITIONAL SECTION:
ns.a.com.86400INA192.168.3.120
;; Query time: 1 msec
;; SERVER: 192.168.3.122#53(192.168.3.122)
;; WHEN: Tue May 6 21:59:51 2014
;; MSG SIZE rcvd: 77
好了主辅同步完成了