一、前提
互联网中的主机是基于ip地址来联系通信的,而ip地址不太容易记住,所以为了方便访问网络中的主机,人们为主机分配一个名称。通过将每台主机的名称与
它的ip地址建立一个一对一的映射,在访问网络中的主机时,可以直接使用主机的名称。而提供这种映射与查询的系统就叫名称解析系统,现在常用的为DNS(Domin Name System)系统。
二、使用Bind9搭建DNS主从服务器 在实际的工作中,可能需要我们自己配置的就是本地DNS服务器。 一套完整的DNS需要提供正向解析与反向解析的功能。 1、准备工作: 1.1服务器2台。 OS: CentOS release 6.7 (Final) 1.2 Master:192.168.0.105 Slave: 192.168.0.106 1.3修改两台主机的hostname,分别命名为ns2.luxing.com ns2.luxing.com 。 # vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=ns1.lu.com #vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4localhost4.localdomain4 127.0.0.1 ns2.lu.com 192.168.0.105 localhost 192.168.0.106 localhost ::1 localhost localhost.localdomainlocalhost6 localhost6.localdomain6 2、安装配置DNS主服务器: [root@ns1~]# hostname ns1.luxing.com 2.1安装Bind9所需软件包 [root@ns1~]#yum-y install bind bind-libs bind-utils Loadedplugins: fastestmirror, security Setting upInstall Process Loadingmirror speeds from cached hostfile * base: ftp.sjtu.edu.cn * extras: ftp.sjtu.edu.cn * updates: mirror.bit.edu.cn ResolvingDependencies -->Running transaction check --->Package bind.x86_64 32:9.8.2-0.37.rc1.el6_7.6 will be installed --->Package bind-libs.x86_64 32:9.8.2-0.37.rc1.el6_7.6 will be installed --->Package bind-utils.x86_64 32:9.8.2-0.37.rc1.el6_7.6 will be installed -->Finished Dependency Resolution DependenciesResolved ==================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================== Installing: bind x86_64 32:9.8.2-0.37.rc1.el6_7.6 updates 4.0 M bind-libs x86_64 32:9.8.2-0.37.rc1.el6_7.6 updates 886 k bind-utils x86_64 32:9.8.2-0.37.rc1.el6_7.6 updates 186 k TransactionSummary ==================================================================================================================================== Install 3 Package(s) Totaldownload size: 5.0 M Installedsize: 9.9 M DownloadingPackages: (1/3):bind-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm | 4.0 MB 00:06 (2/3):bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm | 886 kB 00:02 (3/3):bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64.rpm | 186 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------ Total 531 kB/s | 5.0 MB 00:09 Runningrpm_check_debug RunningTransaction Test TransactionTest Succeeded RunningTransaction Installing :32:bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64 1/3 Installing :32:bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64 2/3 Installing :32:bind-9.8.2-0.37.rc1.el6_7.6.x86_64 3/3 Verifying : 32:bind-utils-9.8.2-0.37.rc1.el6_7.6.x86_64 1/3 Verifying : 32:bind-9.8.2-0.37.rc1.el6_7.6.x86_64 2/3 Verifying : 32:bind-libs-9.8.2-0.37.rc1.el6_7.6.x86_64 3/3 Installed: bind.x86_64 32:9.8.2-0.37.rc1.el6_7.6 bind-libs.x86_64 32:9.8.2-0.37.rc1.el6_7.6 bind-utils.x86_6432:9.8.2-0.37.rc1.el6_7.6 Complete! 2.2对/etc/named.conf主配置文件进行配置: 2.21修改前先备份!! [root@ns1 ~]# cp -v /etc/named.conf{,.bak} 2.22修改 named.conf [root@ns1 ~]# vim /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure theISC BIND named(8) DNS // server as a caching only nameserver (as a localhostDNS resolver only). // // See /usr/share/doc/bind*/sample/ for example namedconfiguration files. // options { listen-on port 53 { 192.168.0.105; 127.0.0.1; }; //添加本机ip地址,注意前后空格!! listen-on-v6 port 53 { ::1; }; directory "/var/named"; //这是options最主要的选项,其它的可以删除! dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query { any; }; //改成any,运行任何主机可以访问,或者注释掉!! recursion yes; //递归查询 //建议测试时关闭dnssec,干脆注释掉! //dnssec-enable yes; //dnssec-validation yes; //dnssec-lookaside auto; /* Pathto ISC DLV key */ /*bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";*/ }; logging { channel default_debug { file"data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include"/etc/named.rfc1912.zones"; include"/etc/named.root.key"; 44,0-1 Bot 2.3重启服务: [root@ns1~]# servicenamed restart Stoppingnamed: [ OK ] Startingnamed: [ OK ] [root@ns1~]# ss -tunlp|grep :53 udp UNCONN 0 0 192.168.0.105:53 *:* users:(("named",2971,513)) udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2971,512)) udp UNCONN 0 0 ::1:53 :::* users:(("named",2971,514)) tcp LISTEN 0 3 ::1:53 :::* users:(("named",2971,22)) tcp LISTEN 0 3 192.168.0.105:53 *:* users:(("named",2971,21)) tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",2971,20)) 2.4配置/etc/named.rfc1912.zones区域文件 [root@ns1~]# vim/etc/named.rfc1912.zones zone"localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.loopback"; allow-update { none; }; }; zone"1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone"0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone"luxing.com" IN { type master; file "luxing.com.zone"; allow-update { none; }; }; //正向解析用 zone"0.168.192.in-addr.apra" IN { type master; file "192.168.0.zone"; }; //反向解析用 Type :quit<Enter> to exit Vim 47,2 Bot [root@ns1named]# pwd /var/named 2.5修改正向区域文件 [root@ns1 named]# vim luxing.com.zone $TTL 86400 $ORIGINluxing.com. @ IN SOA ns1.luxing.com. admin.luxing.com. ( 16021101 1H 5M 7D 1D ) IN NS ns1.luxing.com. IN NS ns2.luxing.com. IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 192.168.0.105 ns2 IN A 192.168.0.106 mx1 IN A 192.168.0.107 mx2 IN A 192.168.0.108 www IN CNAME luxing.com. www IN CNAME luxing.com. 2.6 检查配置文件: [root@ns1 ~]# named-checkconf [root@ns1 ~]# named-checkzone luxing.com/var/named/luxing.com.zone zone luxing.com/IN: loaded serial 16021101 OK 2.7配置正向解析: [root@ns1 named]# pwd /var/named1.4 [root@ns1named]# ll /etc/named.conf //先查看主配置文件属性 -rw-r----- 1 root named 1030Feb 24 00:01 /etc/named.conf [root@ns1 named]# id named uid=25(named) gid=25(named)groups=25(named) [root@ns1 named]# ll total 40 drwxrwx--- 2 named named 4096Feb 24 20:12 data drwxrwx--- 2 named named 4096Feb 24 00:00 dynamic -rw-r--r-- 1root root 301 Feb 24 22:34 luxing.com.zone //更改前的文件属性 -rw-r----- 1 root named 2075 Apr 23 2014 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 4096Jan 27 19:54 slaves [root@ns1named]# chmod 640 lu.com.zone //修改文件权限 [root@ns1named]# chown :named lu.com.zone //修改文件属性 root@ns1named]# ll total40 drwxrwx---2 named named 4096 Feb 24 20:12 data drwxrwx---2 named named 4096 Feb 24 00:00 dynamic -rw-r----- 1 root named 301 Feb 24 22:34 luxing.com.zone //修改后的文件属性已经属组 -rw-r-----1 root named 2075 Apr 23 2014 named.ca -rw-r-----1 root named 152 Dec 15 2009 named.empty -rw-r-----1 root named 152 Jun 21 2007 named.localhost -rw-r-----1 root named 168 Dec 15 2009 named.loopback drwxrwx---2 named named 4096 Jan 27 19:54 slaves 2.8修改/etc/resolv.conf配置文件: [root@ns2 ~]# vim/etc/resolv.conf ; generated by/sbin/dhclient-script search localdomainluxing.com nameserver 192.168.0.105 2.9重载服务: [root@www named]# servicenamed reload Reloading named: [ OK ] 2.9 dig命令测试: [root@ns1 named]# dig -t Awww.luxing.com @192.168.0.105 ; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t A [email protected] ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<-opcode: QUERY, status: NOERROR, id: 54438 ;; flags: qr aa rd ra; QUERY:1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.luxing.com. IN A ;; ANSWER SECTION: www.luxing.com. 86400 IN CNAME luxing.com. ;; AUTHORITY SECTION: luxing.com. 86400 IN SOA ns1.luxing.com.admin.luxing.com. 16021101 3600 300 604800 86400 ;; Query time: 0 msec ;; SERVER:192.168.0.105#53(192.168.0.105) ;; WHEN: Fri Feb 26 17:17:442016 ;; MSG SIZE rcvd: 92 3、配置反向解析: 在应用中,DNS的反向解析可以不配置,当服务器中有域名作为邮件服务器时,此时可以配置反向解析,用来拦截垃圾邮件。。 3.1修改/etc/named.rfc1912.zones文件,添加反向区域记录(可以在添加正向区域记录的时候一起添加进来) [root@ns1~]# vim/etc/named.rfc1912.zones zone"localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.loopback"; allow-update { none; }; }; zone"1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone"0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "luxing.com" IN { typemaster; file"luxing.com.zone"; allow-update { none; }; }; //正向解析用 zone"0.168.192.in-addr.apra" IN { type master; file "192.168.0.zone"; }; //反向解析用 Type :quit<Enter> to exit Vim 47,2 Bot 3.2 配置方向区域: [root@ns1named]# vim 192.168.0. zone $TTL 86400 $ORIGIN 0.168.192.in-addr.arpa. @ IN SOA ns1.luxing.com. admin.luxing.com. ( 16021101 1H 5M 7D 1D ) IN NS ns1.luxing.com. IN NS ns2.luxing.com. 105 IN PTR ns1.luxing.com. 105 IN PTR www.luxing.com. 106 IN PTR ns2.luxing.com. 106 IN PTR www.luxing.com. 107 IN PTR mx1.luxing.com. 3.3检查配置文件: [root@ns1 ~]# named-checkconf [root@ns1 ~]# named-checkzone192.168.0.zone /var/named/192.168.0.zone zone 192.168.0.zone/IN: loadedserial 16021101 OK 3.4更改文件属性: [root@ns1 named]# chmod 640192.168.0. zone [root@ns1 named]# chown:named 192.168.0.zone [root@ns1 named]# ll192.168.0. zone -rw-r----- 1 root named 262Feb 25 00:52 192.168.0. zone 3.5重新启动服务: [root@ns1 named]# servicenamed restart Reloading named: [ OK ] 3.6测试: [root@ns1 named]# dig -x192.168.0.100 @192.168.0.105 ; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x [email protected] ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<-opcode: QUERY, status: NXDOMAIN, id: 58611 ;; flags: qr aa rd ra; QUERY:1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;100.0.168.192.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 0.168.192.in-addr.arpa. 86400 IN SOA ns1.luxing.com.admin.luxing.com. 16021101 3600 300 604800 86400 ;; Query time: 0 msec ;; SERVER:192.168.0.105#53(192.168.0.105) ;; WHEN: Mon Feb 29 15:21:492016 ;; MSG SIZE rcvd: 100 三、配置从dns服务器(ns2) 从DNS服务器也叫辅服DNS服务器,主要是给主DNS服务器容灾备份用。 从DNS服务器的架设就相对简单多了。架设主从DNS服务器有两个前提条件,一是两台主机可以不一定处在同一网段,但是两台主机之间必须要实现网络通信; [root@ns2 ~]#hostname ns2.luxing.com 1.修改resolv.conf 文件: [root@ns2 ~]# vim/etc/resolv.conf ; generated by/sbin/dhclient-script search localdomainluxing.com nameserver 192.168.0.106 2.修改主配置 文件: [root@ns2 ~]#vim /etc/named.conf dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; //dnssec-enable yes; //dnssec-validation yes; //dnssec-lookaside auto; /* Path to ISC DLV key */ //bindkeys-file"/etc/named.iscdlv.key"; //managed-keys-directory"/var/named/dynamic"; }; logging { channel default_debug { file"data/named.run"; severity dynamic; }; }; zone"." IN { type hint; file "named.ca"; }; include"/etc/named.rfc1912.zones"; include"/etc/named.root.key"; Type :quit<Enter> to exit Vim 3.添加两个区域记录 [root@ns2 ~]#vim /etc/named.rfc1912.zones zone"localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.loopback"; allow-update { none; }; }; zone"1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone"0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone"luxing.com" IN { type slave; masters {192.168.0.105; }; file "slaves/luxing.com.zone"; }; //从服务器正向解析用 zone"0.168.192.in-addr.apra" IN { type slave; masters {192.168.0.105; }; file "slaves/192.168.0.zone"; }; //反向解析用 Type :quit<Enter> to exit Vim 47,2 Bot 3.检查配置文件: [root@ns2 ~]#named-checkconf 4.重载服务: [root@ns1 ~]#rndc reload 5.测试主从服务器 3.1修改ns1.luxing.com [root@ns1 named]# vim luxing.com.zone $TTL 86400 @ IN SOA ns1.luxing.com. admin.luxing.com. ( 16021101 1H 5M 7D 1D ) IN NS ns1.luxing.com. IN NS ns2.luxing.com. IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 192.168.0.105 ns2 IN A 192.168.0.106 mx1 IN A 192.168.0.107 mx2 IN A 192.168.0.108 www IN CNAME luxing.com. www IN CNAME luxing.com. mail IN CNAME POP3 //添加一行保存,然后观察从服务器的配置文件