DNS服务器的设置

原创
2015/01/11 14:29
阅读数 240
DNS (domain name server)域名服务器,主要是用来解析域名与IP地址的对应关系,在互联网中,一般访问网址都是以域名的形式出现,因为它比IP地址更易于记忆和书写,但是在网络传输中,只认识IP,不认识域名,于是就有了把域名转换成IP地址的技术,这个服务由DNS服务器提供。
此实验,主DNS:192.168.0.114            域: ding
Linux中搭建DNS的必备软件
[root@ding ~]# rpm -qa | grep bind
bind-utils-9.3.6-20.P1.el5_8.6
bind-9.3.6-20.P1.el5_8.6
bind-libs-9.3.6-20.P1.el5_8.6
[root@ding ~]# rpm -qa | grep caching
caching-nameserver-9.3.6-20.P1.el5_8.6

主服务器:

利用caching-nameserver提供的配置文件作样本
cp /usr/share/doc/bind-9.3.6/sample/etc/named.conf /etc/named.conf
cp /usr/share/doc/bind-9.3.6/sample/var/named/localdomain.zone /var/named/ding.zone
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/ding.rev

主配置文件:

[root@ding ~]# vi /etc/named.conf 

  1 options
  2 {
  3     directory "/var/named"; // the default               工作目录
  4     dump-file       "data/cache_dump.db";
  5         statistics-file     "data/named_stats.txt";
  6         memstatistics-file  "data/named_mem_stats.txt";
  7 
  8 };
  9 logging
 10 {
 11        channel default_debug {
 12                 file "data/named.run";                 log保存文件
 13                 severity dynamic;
 14         };  
 15 };
 16 
 17 zone "ding" {
 18     type master;                                       主服务器
 19     file "ding.zone";                                  区数据文件
 20 };
 21 
 22 zone "0.168.192.in-addr.arpa" {
 23     type master;
 24     file "ding.rev";                                 反向区数据文件
 25 };

建立相应的区数据文件

[root@ding ~]# vi /var/named/ding.zone 

  1 $TTL    86400
  2 @       IN SOA  ding root (
  3                     42      ; serial (d. adams)      序列号,序列号,为辅助DNS更新的依据
  4                     3H      ; refresh                告诉辅助DNS,3小时刷新
  5                     15M     ; retry                  辅助DNS每隔15分钟问一次
  6                     1W      ; expiry                 辅助DNS一周都没问到,主DNS坏掉
  7                     1D )        ; minimum            最小在缓存里的时间
  8             IN NS       ding.                        这个区域里面存在一个权威服务器ding.
  9 ding.       IN A        192.168.0.114                ding.这个服务器的IP地址是192.168.0.114
 10 www         IN A        192.168.0.114                www是www.ding.的缩写,即www.ding.的IP地址192.168.0.114
 11 @           IN MX  5    mail.ding.                   该区域内存在一个mail.ding.的邮件服务器
 12 mail        IN A        192.168.0.114                mail.ding.这个邮件服务器的地址A记录192.168.0.114
[root@ding ~]# vi /var/named/ding.rev 

  1 $TTL    86400
  2 @       IN      SOA     ding. root.ding.  (
  3                                       1997022700 ; Serial
  4                                       28800      ; Refresh
  5                                       14400      ; Retry
  6                                       3600000    ; Expire
  7                                       86400 )    ; Minimum
  8         IN      NS      ding.
  9 114     IN      PTR     ding.           192.168.0.114的PTR记录是ding.
 10 114     IN      PTR     mail.ding.
 11 114     IN      PTR     www.ding.

启动NDS服务器,查看日志

[root@ding ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@ding ~]# tail -F /var/log/messages
Dec 26 17:16:03 ding named[26285]: shutting down: flushing changes
Dec 26 17:16:03 ding named[26285]: stopping command channel on 127.0.0.1#953
Dec 26 17:16:03 ding named[26285]: stopping command channel on ::1#953
Dec 26 17:16:03 ding named[26285]: no longer listening on 127.0.0.1#53
Dec 26 17:16:03 ding named[26285]: no longer listening on 192.168.0.114#53
Dec 26 17:16:03 ding named[26285]: no longer listening on 1.1.1.1#53
Dec 26 17:16:03 ding named[26285]: exiting
Dec 26 17:16:05 ding named[1717]: starting BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.2 -u named
Dec 26 17:16:05 ding named[1717]: adjusted limit on open files from 1024 to 1048576
Dec 26 17:16:05 ding named[1717]: found 1 CPU, using 1 worker thread
Dec 26 17:16:05 ding named[1717]: using up to 4096 sockets
Dec 26 17:16:05 ding named[1717]: loading configuration from '/etc/named.conf'        配置文件载入
Dec 26 17:16:05 ding named[1717]: using default UDP/IPv4 port range: [1024, 65535]
Dec 26 17:16:05 ding named[1717]: using default UDP/IPv6 port range: [1024, 65535]
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface eth0, 192.168.0.114#53        监听端口监听成功
Dec 26 17:16:05 ding named[1717]: listening on IPv4 interface eth1, 1.1.1.1#53
Dec 26 17:16:05 ding named[1717]: command channel listening on 127.0.0.1#953
Dec 26 17:16:05 ding named[1717]: command channel listening on ::1#953
Dec 26 17:16:05 ding named[1717]: zone 0.168.192.in-addr.arpa/IN: loaded serial 1997022700          反向区数据读取成功
Dec 26 17:16:05 ding named[1717]: zone ding/IN: loaded serial 42
Dec 26 17:16:05 ding named[1717]: running
Dec 26 17:16:05 ding named[1717]: zone ding/IN: sending notifies (serial 42)                 正向区数据读取成功
Dec 26 17:16:05 ding named[1717]: client 192.168.0.114#37727: received notify for zone 'ding'

测试主服务器成功

[root@ding ~]# nslookup 
> server 192.168.0.114
Default server: 192.168.0.114
Address: 192.168.0.114#53
> mail.ding
Server:         192.168.0.114
Address:        192.168.0.114#53

Name:   mail.ding
Address: 192.168.0.114
> ding
Server:         192.168.0.114
Address:        192.168.0.114#53

Name:   ding
Address: 192.168.0.114
> 192.168.0.114
Server:         192.168.0.114
Address:        192.168.0.114#53

114.0.168.192.in-addr.arpa      name = mail.ding.
114.0.168.192.in-addr.arpa      name = www.ding.
114.0.168.192.in-addr.arpa      name = ding.
> set type=MX
> ding
Server:         192.168.0.114
Address:        192.168.0.114#53

辅助DNS: 辅助DNS是主DNS的备份,当主DNS不能提供查询时,辅助DNS可以提供,因为辅助DNS上的区数据文件是主DNS区数据的拷贝,查询结果应当与主DNS一样,在配置上,只需要修改主配置文件

该辅助DNS   :   192.168.0.111    作为主DNS: 192.168.0.114的辅助
[root@hding ~]# vi /etc/named.conf    

  1 options {
  2     listen-on port 53 { 192.168.0.111; };
  3 //  listen-on-v6 port 53 { ::1; };
  4     directory   "/var/named";
  5     dump-file   "/var/named/data/cache_dump.db";
  6         statistics-file "/var/named/data/named_stats.txt";
  7         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8 };
  9 logging {
 10         channel default_debug {
 11                 file "data/named.run";
 12                 severity dynamic;
 13         };
 14 };
 15 
 16 zone "ding" {
 17     type slave;
 18     file "slaves/ding.zone";             文件必需与主一样,否则找不到
 19     masters {192.168.0.114;};            定义向哪个主DNS去取区数据文件
 20 };

启动辅助DNS

service named restart
Stopping named: [  OK  ]
Starting named: [  OK  ]

查看主DNS日志

client 192.168.0.111#34043: transfer of 'ding/IN': AXFR started
client 192.168.0.111#34043: transfer of 'ding/IN': AXFR ended
network unreachable resolving 'quit.localdomain/A/IN': 2001:7fe::53#53
client 192.168.0.111#41509: transfer of 'ding/IN': AXFR started
client 192.168.0.111#41509: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#38886: transfer of 'ding/IN': AXFR started
client 192.168.0.111#38886: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#46908: transfer of 'ding/IN': AXFR started
client 192.168.0.111#46908: transfer of 'ding/IN': AXFR ended
client 192.168.0.111#20443: received notify for zone 'ding'

查看辅助DNS日志

Jan  3 15:48:47 localhost named[1007]: running
Jan  3 15:48:47 localhost named[1007]: zone ding/IN: Transfer started.
Jan  3 15:48:47 localhost named[1007]: transfer of 'ding/IN' from 192.168.0.114#53: connected using 192.168.0.111#46908
Jan  3 15:48:47 localhost named[1007]: zone ding/IN: transferred serial 42
Jan  3 15:48:47 localhost named[1007]: transfer of 'ding/IN' from 192.168.0.114#53: end of transfer
Jan  3 15:48:47 localhost named[1007]: zone ding/IN: sending notifies (serial 42)

查看是否收到此文件并进行测试

[root@hding ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 343 Jan  3 15:48 ding.zone
[root@hding ~]# nslookup ding
Server:         192.168.0.111
Address:        192.168.0.111#53

Name:   ding
Address: 192.168.0.114

转发DNS, 该DNS对某区没有解析条件,此时他需要转发给拥有解析记录的DNS对域名进行解析,最常用的是局域网内两台server进行mail转发,此时DNS A不能解析B, DNS B不能解析,那么他们互相转发,互相解析

实验中把辅助DNS改成转发DNS进行测试,转发DNS同样只需要修改主配置文件就能实现
[root@hding ~]# vi /etc/named.conf 

  1 options {
  2     listen-on port 53 { 192.168.0.111; };
  3 //  listen-on-v6 port 53 { ::1; };
  4     directory   "/var/named";
  5     dump-file   "/var/named/data/cache_dump.db";
  6         statistics-file "/var/named/data/named_stats.txt";
  7         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8 };
  9 logging {
 10         channel default_debug {
 11                 file "data/named.run";
 12                 severity dynamic;
 13         };
 14 };
 15 
 16 zone "ding" {
 17     type forward;                               ding区转发给192.168.0.114进行解析
 18     forwarders {192.168.0.114;};
 19 };

测试转发DNS

service named restart
Stopping named: [  OK  ]
Starting named: [  OK  ]
[root@hding ~]# nslookup ding
Server:         192.168.0.111
Address:        192.168.0.111#53

Non-authoritative answer:               由别人解析,所以不权威
Name:   ding
Address: 192.168.0.114
子域服务器, 如果一个服务器能解析的域是某一个服务器的子域,那么其父域对该子域的解析可以由子域服务器进行解析,这样就减轻了父域的负担
此实验 192.168.0.111和为子域, 它能解析terry.ding这个域
父域: 192.168.0.114 解析域:ding
首先使得子域为terry.ding的主服务器
[root@hding ~]# vi /etc/named.conf 

  1 options {
  2     listen-on port 53 { 192.168.0.111; };
  3 //  listen-on-v6 port 53 { ::1; };
  4     directory   "/var/named";
  5     dump-file   "/var/named/data/cache_dump.db";
  6         statistics-file "/var/named/data/named_stats.txt";
  7         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8 };
  9 logging {
 10         channel default_debug {
 11                 file "data/named.run";
 12                 severity dynamic;
 13         };
 14 };
 15 
[root@hding ~]# cp /var/named/localdomain.zone /var/named/terry.ding.zone
[root@hding ~]# cp /var/named/named.local /var/named/terry.ding.rev
 16 zone "terry.ding" {
 17     type master;
 18     file "terry.ding.zone";
 19 };
 20 
 21 zone "0.168.192.in-addr.arpa"{
 22     type master;
 23     file "terry.ding.rev";
 24 };
[root@hding ~]# vi /var/named/terry.ding.zone 

  1 $TTL    86400
  2 @       IN SOA  terry.ding. root (
  3                     42      ; serial (d. adams)
  4                     3H      ; refresh
  5                     15M     ; retry
  6                     1W      ; expiry
  7                     1D )        ; minimum
  8             IN NS       terry.ding.
  9 terry.ding. IN A        192.168.0.111
 10 www         IN A        192.168.0.111
 11 @           IN MX   5   mail.terry.ding.
 12 mail        IN A        192.168.0.111
 13 ftp         IN CNAME    www
[root@hding ~]# vi /var/named/terry.ding.rev 

  1 $TTL    86400
  2 @       IN      SOA     terry.ding. root.localhost.  (
  3                                       1997022700 ; Serial
  4                                       28800      ; Refresh
  5                                       14400      ; Retry
  6                                       3600000    ; Expire
  7                                       86400 )    ; Minimum
  8         IN      NS      terry.ding.
  9 111     IN      PTR     terry.ding.
 10 111     IN      PTR     mail.terry.ding.
 11 111     IN      PTR     www.terry.ding.
 12 111     IN      PTR     ftp.terry.ding.
[root@hding ~]# nslookup terry.ding                  查找失败,寻找原因
Server:         192.168.0.111
Address:        192.168.0.111#53

** server can't find terry.ding: NXDOMAIN
[root@hding ~]# tail /var/log/messages         区数据文件被deny
Jan  3 16:46:21 localhost named[1369]: using up to 4096 sockets
Jan  3 16:46:21 localhost named[1369]: loading configuration from '/etc/named.conf'
Jan  3 16:46:21 localhost named[1369]: using default UDP/IPv4 port range: [1024, 65535]
Jan  3 16:46:21 localhost named[1369]: using default UDP/IPv6 port range: [1024, 65535]
Jan  3 16:46:21 localhost named[1369]: listening on IPv4 interface eth0, 192.168.0.111#53
Jan  3 16:46:21 localhost named[1369]: command channel listening on 127.0.0.1#953
Jan  3 16:46:21 localhost named[1369]: command channel listening on ::1#953
Jan  3 16:46:21 localhost named[1369]: zone 0.168.192.in-addr.arpa/IN: loading master file terry.ding.rev: permission denied
Jan  3 16:46:21 localhost named[1369]: zone terry.ding/IN: loading master file terry.ding.zone: permission denied
Jan  3 16:46:21 localhost named[1369]: running
[root@hding ~]# ll /var/named/                   查看区数据权限
total 64
drwxr-x--- 5 root  named 4096 Dec  3 10:31 chroot
drwxrwx--- 2 named named 4096 Dec  5 02:10 data
-rw-r--r-- 1 root  root   602 Dec  5 04:41 forward.com.rev
-rwxrwxrwx 1 root  root   334 Dec  5 05:07 forward.com.zone
-rw-r--r-- 1 root  root   602 Dec  5 04:36 hding.com.rev
-rw-r--r-- 1 root  root   452 Dec  5 05:40 hding.com.zone
-rw-r----- 1 root  named  198 Jan  7  2013 localdomain.zone
-rw-r----- 1 root  named  195 Jan  7  2013 localhost.zone
-rw-r----- 1 root  named  427 Jan  7  2013 named.broadcast
-rw-r----- 1 root  named 1892 Jan  7  2013 named.ca
-rw-r----- 1 root  named  424 Jan  7  2013 named.ip6.local
-rw-r----- 1 root  named  426 Jan  7  2013 named.local
-rw-r----- 1 root  named  427 Jan  7  2013 named.zero
drwxrwx--- 2 named named 4096 Jan  3 15:48 slaves
-rw-r----- 1 root  root   521 Jan  3 16:46 terry.ding.rev
-rw-r----- 1 root  root   319 Jan  3 16:49 terry.ding.zone
[root@hding ~]# chown root:named /var/named/terry.ding.zone 
[root@hding ~]# chown root:named /var/named/terry.ding.rev 
[root@hding ~]# !ser
service named restart
Stopping named: [  OK  ]
Starting named: [  OK  ]
[root@hding ~]# nslookup terry.ding
Server:         192.168.0.111
Address:        192.168.0.111#53

Name:   terry.ding
Address: 192.168.0.111
[root@hding ~]# nslookup 192.168.0.111
Server:         192.168.0.111
Address:        192.168.0.111#53

111.0.168.192.in-addr.arpa      name = mail.terry.ding.
111.0.168.192.in-addr.arpa      name = terry.ding.
111.0.168.192.in-addr.arpa      name = ftp.terry.ding.
111.0.168.192.in-addr.arpa      name = www.terry.ding.

配置父域: 192.168.0.114 解析域:ding

修改区数据文件
[root@ding ~]#vi /var/named/ding.zone

  1 $TTL    86400
  2 @       IN SOA  ding root (
  3                     42      ; serial (d. adams)
  4                     3H      ; refresh
  5                     15M     ; retry
  6                     1W      ; expiry
  7                     1D )        ; minimum
  8             IN NS       ding.
  9 terry       IN NS       terry.ding.                    增加子域terry,该子域由terry.ding.服务器解析
 10 terry       IN A        192.168.0.111                  terry.ding.服务器的A记录为192.168.0.111
 11 ding.       IN A        192.168.0.114
 12 www         IN A        192.168.0.114
 13 @           IN MX  5    mail.ding.
 14 mail        IN A        192.168.0.114

主域现在可以解析子域了,但子域是交给子域服务器来解析,测试

[root@ding ~]# !ser
service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@ding ~]# nslookup terry.ding
Server:         192.168.0.114
Address:        192.168.0.114#53

Non-authoritative answer:
Name:   terry.ding
Address: 192.168.0.111

至此子域服务器建好,以后再灵活运用DNS各种类型对实际场景进行解析




展开阅读全文
打赏
0
1 收藏
分享
加载中
更多评论
打赏
0 评论
1 收藏
0
分享
返回顶部
顶部