主
DNS
服务器配置
(RHEL5)
说明:系统使用镜像:Redhat.Enterprise.Linux.AS.V5.3-i386-dvd.iso
防火墙配置:
[root@ dns01 var]# setup
弹出一个对话框。我们要进行的是防火墙配置,步骤如下:
选择“Firewall Configuration”---按 “Tab”键切换到“Run Tool”―回车―“Security Level”选项要在“Enabled”前面按一下“Tab”键---“SelLinux”选项要选“Disabled”―按一下“Tab”键---选中“Customize”---弹出新对话框---在“Other Port”栏目里输入“53:tcp 53:udp”―“OK”―返回上一个对话框―“OK”―对话框自动关闭。配置完成。
1.实验环境:
[root@dns01 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 dns01 benet.com localhost # 主机名 域名 主机别名
::1 localhost6.localdomain6 localhost6
[root@dns01 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=dns01
GATEWAY=192.168.7.1
[root@dns01 ~]#
[root@dns01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.7.255
HWADDR=00:0C:29:4A:45:6B
IPADDR=192.168.7.8 # dns服务器(本机)的ip
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.0
NETWORK=192.168.7.0
ONBOOT=yes
[root@dns01 ~]#
[root@dns01 ~]# cat /etc/resolv.conf
nameserver 192.168.7.8 # 主dns服务器ip为本机ip
nameserver 192.168.7.8 # 主dns服务器ip为本机ip
[root@dns01 ~]#
2.安装软件包
主要检查以下六个包是否有安装:
bind-9.3.4-6.P1.el5.i386.rpm
bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm
bind-sdb-9.3.4-6.P1.el5.i386.rpm
bind-devel-9.3.4-6.P1.el5.i386.rpm
caching-nameserver-9.3.4-6.P1.el5.i386.rpm
bind-chroot-9.3.4-6.P1.el5.i386.rpm # 注意:
bind-chroot软件包最好最后一个安装,否则可能报错哈
安装方式
[root@nis01 Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm
warning: bind-9.3.4-10.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind ########################################### [100%]
[root@nis01 Server]#
[root@dns01 ~]# rpm -qa | grep bind # 安装后的查询情况
bind-utils-9.3.4-10.P1.el5
bind-libbind-devel-9.3.4-10.P1.el5
bind-libs-9.3.4-10.P1.el5
bind-9.3.4-10.P1.el5
bind-sdb-9.3.4-10.P1.el5
bind-devel-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
ypbind-1.19-11.el5
[root@dns01 ~]#
3.修改配置文件
首先要进入目录,由于安装了chroot包(主要功能就不多介绍),所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。命令如下:
[root@dns01 ~]# cd /var/named/chroot/etc/
[root@dns01 etc]# cp -p named.caching-nameserver.conf named.conf # -p要用哦
root@dns01 etc]# vi named.conf # 配置主配置文件,部分注释已经去除
options {
listen-on port 53 { any; }; # 修改的地方
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; # 修改的地方
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; }; # 修改的地方
match-destinations { any; }; # 修改的地方
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@dns01 etc]# vi named.rfc1912.zones # 添加区域
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
}; # 以上为默认配置
zone "benet.com" IN { # 添加的正向解析区
type master;
file "benet.com.zone";
allow-update {none;};
};
zone "7.168.192.in-addr.arpa" IN { # 添加的方向解析区
type master;
file "7.168.192.rev";
allow-update {none;};
};
[root@nis01 etc]# named-checkconf named.conf # 检查配置文件
[root@nis01 etc]# named-checkconf named.rfc1912.zones # 检查配置文件
[root@nis01 etc]# # 没有任何提示才是正确的配置
4.配置正、反解文件
[root@dns01 etc]# cd /var/named/chroot/var/named/
[root@dns01 named]# cp -p localdomain.zone benet.com.zone # -p要加哦
[root@dns01 named]# cp -p named.local 7.168.192.rev # -p要加哦
[root@dns01 named]# vi benet.com.zone # 编辑正向文件
$TTL 86400
@ IN SOA dns01.benet.com. root.benet.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns01.benet.com . # dns服务器
@ IN NS dns02.benet.com.
dns01 IN A 192.168.7.8
dns02 IN A 192.168.7.7
apache IN A 192.168.7.2
vsftpd IN A 192.168.7.3
samba IN A 192.168.7.4
mail IN A 192.168.7.5
dhcp IN A 192.168.7.6
www IN CNAME apache
sendmail IN CNAME mail
@ IN MX 5 sendmai.benet.com.
~
"benet.com.zone" 13L, 271C
[root@dns01 named]# vi 7.168.192.rev # 配置反向文件
$TTL 86400
@ IN SOA dns01.benet.com. root.benet.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS dns01.benet.com.
@ IN NS dns02.benet.com.
2 IN PTR apache.benet.com.
3 IN PTR vsftpd.benet.com.
4 IN PTR samba.benet.com.
5 IN PTR sendmail.benet.com.
6 IN PTR dncp.benet.com.
7 IN PTR dns02.benet.com.
8 IN PTR dns01.benet.com.
~
"7.168.192.rev" 12L, 475C
5.收尾工作
[root@dns01 named]# cat /etc/resolv.conf # 确保dns解析的ip为本机dns服务器ip
nameserver 192.168.7.8
[root@dns01 named]#
[root@dns01 named]# named-checkconf /var/named/chroot/etc/named.conf # 检查配置文件
[root@dns01 named]#
[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/benet.com.zone # 检查正向配置
zone benet.com/IN: loaded serial 42
OK
[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/7.168.192.rev # 检查方向配置
zone benet.com/IN: loaded serial 1997022700
OK
[root@dns01 named]# chmod 644 /var/named/chroot/etc/named.conf # 设置权限
[root@dns01 named]# chmod 644 /var/named/chroot/var/named/benet.com.zone # 设置权限
[root@dns01 named]# chmod 644 /var/named/chroot/var/named/7.168.192.rev # 设置权限
[root@killgoogle ~]# /etc/rc.d/init.d/named restart # 重启服务
[root@dns01 named]# service named restart # 另一种重启服务方式
Stopping named: [ OK ]
Starting named: [ OK ]
[root@dns01 named]#
[root@dns01 named]# tail -f /var/log/messages # 如果启动失败,可以使用命令查看原因
[root@nis01 named]# chkconfig --level 35 named on # 设置随机启动named服务
[root@nis01 named]# chkconfig --list named
named 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@nis01 named]#
6.测试
[root@dns01 ~]# dig -t soa benet.com
; <<>> DiG 9.3.4-P1 <<>> -t soa benet.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50784
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;benet.com. IN SOA
;; ANSWER SECTION:
benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400
;; AUTHORITY SECTION:
benet.com. 86400 IN NS dns01.benet.com.
;; ADDITIONAL SECTION:
dns01.benet.com. 86400 IN A 192.168.7.8
;; Query time: 63 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:21:43 2009
;; MSG SIZE rcvd: 104
[root@dns01 ~]#
[root@dns01 ~]# dig -t mx benet.com
; <<>> DiG 9.3.4-P1 <<>> -t mx benet.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21559
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;benet.com. IN MX
;; AUTHORITY SECTION:
benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400
;; Query time: 6 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:22:16 2009
;; MSG SIZE rcvd: 74
[root@dns01 ~]#
[root@dns01 ~]# dig www.benet.com
; <<>> DiG 9.3.4-P1 <<>> www.benet.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.benet.com. IN A
;; ANSWER SECTION:
www.benet.com. 86400 IN CNAME apache.benet.com.
apache.benet.com. 86400 IN A 192.168.7.2
;; AUTHORITY SECTION:
benet.com. 86400 IN NS dns01.benet.com.
;; ADDITIONAL SECTION:
dns01.benet.com. 86400 IN A 192.168.7.8
;; Query time: 3 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:22:51 2009
;; MSG SIZE rcvd: 104
[root@dns01 ~]#
root@dns01 ~]# dig -x 192.168.7.8 # 方向解析
; <<>> DiG 9.3.4-P1 <<>> -x 192.168.7.8
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15896
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;8.7.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
8.7.168.192.in-addr.arpa. 86400 IN PTR dns01.benet.com.
;; AUTHORITY SECTION:
7.168.192.in-addr.arpa. 86400 IN NS dins01.benet.com.
;; Query time: 3 msec
;; SERVER: 192.168.7.8#53(192.168.7.8)
;; WHEN: Tue Jun 9 18:23:46 2009
;; MSG SIZE rcvd: 92
[root@dns01 ~]#
[root@dns01 ~]# nslookup # nslookup 检查
> www.benet.com # 正向解析
Server: 192.168.7.8
Address: 192.168.7.8#53
www.benet.com canonical name = apache.benet.com.
Name: apache.benet.com
Address: 192.168.7.2
> 192.168.7.8 # 反向解析
Server: 192.168.7.8
Address: 192.168.7.8#53
8.7.168.192.in-addr.arpa name = dns01.benet.com.
>
完成主DNS服务器配置
从
DNS
服务器配置
(RHEL4)
说明:系统使用镜像:Redhat.Enterprise.Linux.AS.V4.0.UPDATE.7.DVD-HOTiSO.iso
防火墙配置:
[root@ dns02 var]# setup
弹出一个对话框。我们要进行的是防火墙配置,步骤如下:
选择“Firewall Configuration”---按 “Tab”键切换到“Run Tool”―回车―“Security Level”选项要在“Enabled”前面按一下“Tab”键---按一下“Tab”键---选中“Customize”---弹出新对话框―如图配置 “OK”―返回上一个对话框―“OK”―对话框自动关闭。配置完成。
1.实验环境:
[root@dns02 named]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 dns02 dns02.benet.com localhost
[root@dns02 named]# cat /etc/resolv.conf
nameserver 192.168.7.8
nameserver 192.168.7.7
[root@dns02 named]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.7.255
HWADDR=00:0C:29:38:47:04
IPADDR=192.168.7.7
NETMASK=255.255.255.0
NETWORK=192.168.7.0
ONBOOT=yes
TYPE=Ethernet
[root@dns02 named]#
2、安装软件包
[root@dns02 RPMS]# rpm -ivh bind-9.2.4-30.el4.i386.rpm
warning: bind-9.2.4-30.el4.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ########################################### [100%]
1:bind ########################################### [100%]
[root@dns02 RPMS]# rpm -ivh caching-nameserver-7.3-3.0.1.el4_6.noarch.rpm
warning: caching-nameserver-7.3-3.0.1.el4_6.noarch.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ########################################### [100%]
1:caching-nameserver warning: /etc/named.conf saved as /etc/named.conf.rpmorig
########################################### [100%]
[root@dns02 RPMS]# cd
[root@dns02 ~]# rpm -qa | grep bind
bind-libs-9.2.4-30.el4
bind-9.2.4-30.el4
bind-utils-9.2.4-30.el4
ypbind-1.17.2-13
[root@dns02 ~]#
3、设置/etc/named.conf配置文件
[root@dns02 etc]# vi named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
}; # 以上为默认配置
zone "benet.com" IN { # 添加正向区
type slave;
file "slaves/benet.com.zone";
masters {192.168.7.8;}; # 添加主dns服务器ip
};
zone "7.168.192.in-addr.arpa" IN { # 添加反向区
type slave;
file "slaves/7.168.192.rev";
masters {192.168.7.8;}; # 添加主dns服务器ip
};
include "/etc/rndc.key";
"named.conf" 77L, 1523C written
[root@dns02 etc]# named-checkconf named.conf # 检查配置
[root@dns02 etc]# ls /var/named/slaves # 还没有启动named服务,当然没有文件了
4、启动服务
[root@dns02 etc]# service named start
Starting named: [ OK ]
[root@dns02 etc]# chkconfig --level 35 named on
[root@dns02 etc]# chkconfig --list named
named 0:off 1:off 2:off 3:on 4:off 5:on 6:off
[root@dns02 etc]# ls /var/named/slaves # 看,拷贝过来了^_^
7.168.192.rev benet.com.zone
[root@dns02 etc]#
5、验证
[root@dns02 etc]# nslookup
> server 192.168.7.8 # 设置从主DNS服务器查询
Default server: 192.168.7.8
Address: 192.168.7.8#53
> www.benet.com
Server: 192.168.7.8
Address: 192.168.7.8#53
www.benet.com canonical name = apache.benet.com.
Name: apache.benet.com
Address: 192.168.7.2
>exit
[root@dns02 etc]#
[root@dns02 etc]# nslookup
> server 192.168.7.7 # 设置从主DNS服务器查询
Default server: 192.168.7.7
Address: 192.168.7.7#53
> www.benet.com
Server: 192.168.7.7
Address: 192.168.7.7#53
www.benet.com canonical name = apache.benet.com.
Name: apache.benet.com
Address: 192.168.7.2
> exit
[root@dns02 etc]#
实验完成
|