DNS
DNS
DOMAIN
(域)
*zone
(正向)
*zone
(反向)
级域
*
反向域
*
组域:.com,.org,.net,.gov,.edu,.mil,
*
国家域:.cn,.jp,.tw,.hk,.vk,.iq,.vs
从此图我们可以清楚的看到DNS的递归查询和迭代查询。
DNS
服务器有三种:主DNS,从DNS和仅缓存的。
配置本地DNS:
#dig �Ct NS . > /var/named/named.ca (
这步需在连接互联网时才会有内容)
#cd /var/named
#vim localhost.zone
$TTL 1D
@ 1D IN SOA localhost. root.localhost. (
2010080301
3M
1M
7D
1D )
@ IN NS localhost.
localhost. IN A 127.0.0.1
#vi named.local
$TTL 1D
@ 1D IN SOA localhost. root.localhost. (
2010080301
3M
1M
7D
1D )
@ IN NS localhost.
1.0.0.127.in-addr.arpa. IN PTR localhost.
#vi /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
这时还需改权限:
#chgrp named /etc/named.conf
#chgrp named local.zone named.ca named.local
#service named start
下面来创建个主DNS:
首先创建的和本地DNS一样,但还需在/etc/named.conf中加入:
zone "example.com" IN {
type master;
file "example.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
然后创建区域文件:
#cd /var/named
#vim example.com.zone
$TTL 1D
$ORIGIN example.com.
@ 86400 IN SOA ns.example.com. root.example.com. (
2010080301
3M
1M
7D
1D )
IN NS ns
IN MX 10 mail1
IN MX 20 mail2
ns IN A 192.168.0.54
mail1 IN A 192.168.0.55
mail2 IN A 192.168.0.56
www IN A 192.168.0.57
web IN CNAME www
#vi 192.168.0.zone
$TTL 1D
$ORIGIN 0.168.192.in-addr.arpa.
@ 86400 IN SOA ns.example.com. root.example.com. (
2010080301
3M
1M
7D
1D )
IN NS ns
54 IN PTR ns
55 IN PTR mail1
56 IN PTR mail2
57 IN PTR www
#chown :named example.zone 192.168.0.zone
#service named configtest(
测试语法的)
#service named restart
下面来测试下:
#netstat �Ctunlp | grep 53
#host �Ct SOA example.com
#dig �Ct axfr example.com
从DNS的配置:
修改/etc/named.conf中的
zone "example.com" IN {
type master;
file "example.com.zone";
master { 192.168.0.54; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
master { 192.168.0.54; };
};
还需在example.zone中添加:
IN NS ns2
ns2 IN A 192.168.0.78
还要在反向文件192.168.0.zone中添加:
IN NS ns2
78 IN NS ns2
现在可以重启服务器了
#service named restart
这样就把从服务器完成了。
可以通过查看日志的方法来检测主DNS和从DNS数据是否同步了
#tail �Cf /var/log/messages
在区域中定义:
allow-transfer { 192.168.0.54 };
allow-query { }
allow-notify { }
地址匹配列表:
192.168.1.0
可写成:
192.168.1
.
192.168.1/24
由于
allow-query { 192.168.0/24; 192.168.1/24; };
这样写须在每个
zone
中写太麻烦,简单方法:
acl “innet” { 192.168.0/24; 192.168.1/24; };
acl “trust” { 192.168.3/24; innet; };
这些
acl
须在
options
前面定义,这样你就可以在
zone
中使用
allow-query { innet; }
;