centos5.8 DNS服务地址解析

 

 

目录

centos5.8 DNS服务地址解析... 1

一、         DNS服务地址解析... 2

1.      安装bind. 2

2.      配置named. 3

3.      配置named.rfc1912.zones. 4

4.      配置正反向文件... 7

1.      配置正向解析... 7

2.      配置反向解析:... 8

      如果有多个IP段的话可以参考如下设置配置反向解析:... 8

5 检查文件是否有语法错误... 9

6 验证试验是否成功... 9

二、         centos  NDS 从配置... 10

1.      安装从服务器,请按照方案一进行安装。... 10

2.      配置named.conf10

3.      配置

4.      重启服务,看解析文件是否同步:... 13

5.      测试从DNS 是否正常工作... 14

1)      测试从dns服务器功能... 14

2)      测试主dns 关闭后,从是否能正常接管:... 14

三、         centos5.8 智能DNS地址解析... 15

1.      添加 named.conf配置... 15

2.      添加智能正向解析:... 18

 

 

 

 

版本历史

时间

版本

说明

编写者

2016-03-4

1.0

centos5.8 DNS服务地址解析

崔四超









 

 

 

 

 

 

 

系统环境:

         centos 5.8 64 bit 

软件环境

         bind-utils-9.3.6-25.P1.el5_11.6

         bind-libs-9.3.6-25.P1.el5_11.6

         bind-9.3.6-25.P1.el5_11.6

         bind-chroot-9.3.6-25.P1.el5_11.6

         ypbind-1.19-12.el5_6.1

 

主dns服务器:192.168.10.100

从dns服务器:192.168.10.101

www 门户   :192.168.36.4

 

 

一、DNS服务地址解析配置

 

1.        安装bind

  #yum install bind*                                   //安装DNS软件bind

 

centos 5.8 系统里面还需要安装:

 yum -y install caching-nameserver

由于安装了chroot包,所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。( 不是在/etc/named.conf)

由于安装了上面六个包后,这个目录下就默认会生成一个named.conf文件,但这个named.conf文件只是个解释文档,所以我们要通过以下命令来把named.conf文件的模板拷贝一份。

备注:安装好之后,我的/etc/named.* 的文件都是软连接

2.        配置named

cd  /var/named/chroot/etc
cp  -p   named.caching-nameserver.conf  named.conf
chown -R root:namednamed.conf
ln -s /var/named/chroot/etc/named.conf  /etc/named.conf
[root@server-10-100 etc]#cat named.conf 
//
//named.caching-nameserver.conf
//
// Provided by Red Hatcaching-nameserver package to configure the
// ISC BIND named(8) DNSserver as a caching only nameserver 
// (as a localhost DNSresolver only). 
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE -use system-config-bind or an editor
// to create named.conf -edits to this file will be lost on 
// caching-nameserverpackage upgrade.
//
options {
any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file"/var/named/data/named_stats.txt";
        memstatistics-file"/var/named/data/named_mem_stats.txt";
 
        // Those options should be usedcarefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;
 
any; };
 any; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
any; };
any;
        recursion yes;
        include"/etc/named.rfc1912.zones";
};

 

由于安装了chroot包(主要功能就不多介绍),所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。命令如下:

3.        配置named.rfc1912.zones

[root@server-10-100 etc]#cat named.rfc1912.zones 
// named.rfc1912.zones:
//
// Provided by Red Hatcaching-nameserver package 
//
// ISC BIND named zone configurationfor zones recommended by
// RFC 1912 section 4.1 :localhost TLDs and address zones
// 
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//

//声明一个根域".",用来解析外网域名,

zone "." IN {
        type hint;
        file "named.ca";
};
 
zone"localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};
 
zone "localhost"IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};
 
zone"0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};
 
zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};
 
zone"255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};
 
zone"0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};
 
 
 
zone "wuhaneduyun.cn"IN { //定义一个正向域 wuhaneduyun.cn
       type master;
        file "wuhaneduyun.cn.zone";//定义正向解析文件名wuhaneduyun.cn.zone
        allow-update { none ;};
};
 
zone "36.168.192.in-addr.arpa"IN {//定义一个方向域  
        type master;
        file "zone.wuhaneduyun.cn";//定义反向解析文件名
        allow-update { none ;};
};

4.        配置正反向文件

正反解文件都在相同目录下,由于安装了chroot包后,所以配置正反解文件要到/var/named/chroot/var/named/目录下,而且在此目录下也有正反解的模板文件。具体用到的命令如下: 

cd /var/named/chroot/var/named/ 
cp -p localdomain.zone   wuhaneduyun.cn.zone 
cp -p named.local   zone.wuhaneduyun.cn

记得加参数P,不然很有可能启动不了named服务。现在就可以编辑正解(wuhaneduyun.cn.zone)、反解(zone.wuhaneduyun.cn)这两个文件了

1.         配置正向解析

[root@server-10-100 ~]# cat/var/named/chroot/var/named/wuhaneduyun.cn.zone 
$TTL    86400
@              IN SOA         dns.wuhaneduyun.cn.root.wuhaneduyun.cn. (
                                       2011062301              ; serial(d. adams)
                                        3H              ; refresh
                                       15M             ; retry
                                        1W              ; expiry
                                        1D)            ; minimum
 
               IN NS          dns.wuhaneduyun.cn.
dns            IN A            192.168.36.4
www            IN A            192.168.36.4
mail           IN A            192.168.10.111

2.         配置反向解析:

[root@server-10-100 named]# cat zone.wuhaneduyun.cn 
$TTL    86400
@       IN      SOA   36.168.192.in-addr.arpa.  dns.wuhaneduyun.cn. 
                                      2011062301; Serial //序号而已
                                     28800      ; Refresh  //slave 的更新时间
                                     14400      ; Retry  //当slave更新失败,重新更新时间
                                     3600000    ; Expire //重复多久后不在更新
                                      86400 )    ; Minimum //可看做TTL ,尤其是不设置TTL 时
        IN      NS     dns.wuhaneduyun.cn.
4       IN      PTR    dns.wuhaneduyun.cn.
4       IN      PTR    www.wuhaneduyun.cn.
111     IN      PTR    mail.wuhaneduyun.cn.

说明:最后一句前面的那个4是指的主机IP:192.168.36.4的最后一个数

  如果有多个IP段的话可以参考如下设置配置反向解析:

 

配置反向解析,反向解析不去要MXA ,和CNAME字段,它一般使用PRT

定义反向域配置:
zone"168.192.in-addr.arpa" IN {
        type master;
        file "zone.wuhaneduyun.cn";
        allow-update { none ;};
};
 
定义域文件
1. vim zone.wuhaneduyun.cn 
2.   
3. $TTL 1200  
4. @       IN      SOA     ns1.a.org.      admin.a.org. (  
5.                                 2011081601  
6.                                 1H  
7.                                 10M  
8.                                 7D  
9.                                 1D )  
10.                IN              NS      ns1.a.org.  
11.                IN              NS      ns2.a.org.  
12.1.100           IN              PTR     ns1.a.org.  
13.2.100           IN              PTR     ns2.a.org.  
14.1.100           IN              PTR     mail.a.org.  
15.3.100           IN              PTR     www.a.org.  
16.100.100         IN              PTR     ftp.a.org.  
17.# 声明域的时候已经有了,192.168 所以我们只需要输入1.100既代表192.168.1.100  
18.chomd :named 172.16.org  
19.service named reload

 

 

5 检查文件是否有语法错误

#named-checkconf      -z                                  //检查主配置文件是否有错误
 #named-checkzone  wuhaneduyun.cn  /var/named/a.org.internal        //检查区域文件是否有错误
 #named-checkzone  wuhaneduyun.cn  /var/named/a.org.external

 

6 验证试验是否成功

 

1、首先是修改/etc/resolv.conf文件。只有修改了这个文件才可以用自己的机器进行域名解析,命令如下:  
# vi /etc/resolv.conf 
只要加上一句:nameserver 192.168.10.100
 [root@server-13-30 ~]# nslookup 
> www.baidu.com
Server:         192.168.10.100
Address:        192.168.10.100#53
 
Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 180.97.33.107
Name:   www.a.shifen.com
Address: 180.97.33.108
> www.wuhaneduyun.cn
Server:         192.168.10.100
Address:        192.168.10.100#53
 
Name:   www.wuhaneduyun.cn
Address: 192.168.10.100
>192.168.10.100
www.wuhaneduyun.cn

 

二、centos  NDS 从配置

1.        安装从服务器,请按照方案一进行安装。

2.        配置named.conf

cd /var/named/chroot/etc/
cp -pnamed.caching-nameserver.conf  named.conf
ln -s/var/named/chroot/etc/named.conf  /etc/named.conf
cat  /etc/named.conf 
options {
"/var/named/slaves";
};
//因为安装了chroot,所以slaves 目录的真实目录应该在 /var/named/chroot/var/named/slaves/
view localhost_resolver {
        match-clients      { any; };
        match-destinations { any; };
        recursion yes;
        include"/etc/named.rfc1912.zones";
};
3.        配置 named.rfc1912.zones
cat/etc/named.rfc1912.zones 
//zone "." IN {
//      type hint;
//      file "named.ca";
//};
 
zone"localdomain" IN {
        type slave;
        masters {  192.168.10.100;}; // # 主服务器的地址,通过它来同步解析文件
        file "localdomain.zone";
//      allow-update { none; };
};
 
zone "localhost"IN {
        type slave;
        masters {  192.168.10.100; };
        file "localhost.zone";
//      allow-update { none; };
};
 
zone"0.0.127.in-addr.arpa" IN {
        type slave;
        masters {  192.168.10.100; };
        file "named.local";
//      allow-update { none; };
};
 
zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
        type slave;
        masters {  192.168.10.100; };
        file "named.ip6.local";
//      allow-update { none; };
};
 
zone"255.in-addr.arpa" IN {
        type slave;
        masters {  192.168.10.100; };
        file "named.broadcast";
//      allow-update { none; };
};
 
zone"0.in-addr.arpa" IN {
        type slave;
        masters {  192.168.10.100; };
        file "named.zero";
//      allow-update { none; };
};
 
//以下是我自定义的域,请参考主
zone"wuhaneduyun.cn" IN {
slave;# 类型为从 
192.168.10.100;}; //主服务器的地址,通过它来同步解析文件
wuhaneduyun.cn.zone";
//        allow-update { none ;};
};
 
zone"36.168.192.in-addr.arpa" IN {
slave;  //# 类型为从 
192.168.10.100;//主服务器的地址,通过它来同步解析文件
zone.wuhaneduyun.cn";
//        allow-update { none ;};
};

 

4.        重启服务,看解析文件是否同步:

/etc/init.d/named restart
如果报错,请查看日志: /var/log/message
 
ll  /var/named/chroot/var/named/slaves/

5.        测试从DNS 是否正常工作

1)        测试从dns服务器功能

登入内网任意一台服务器:

# vi/etc/resolv.conf 

只要加上一句:nameserver 192.168.10.101 #(备注:从dns 服务器)

 

说明配置从DNS成功

 

2)        测试主dns 关闭后,从是否能正常接管:

 

配置主从DNS 服务器IP

 

第一次解析,server 为:192.168.10.100

关闭主dns : 192.168.10.100  named 服务后,

第二次解析,server为:192.168.10.101

 

三、centos5.8 智能DNS地址解析

1.        添加named.conf配置

vi  /var/named/chroot/etc/named.conf
添加红色为自能解析:
//
//named.caching-nameserver.conf
//
// Provided by Red Hatcaching-nameserver package to configure the
// ISC BIND named(8) DNSserver as a caching only nameserver
// (as a localhost DNSresolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE -use system-config-bind or an editor
// to create named.conf -edits to this file will be lost on
// caching-nameserverpackage upgrade.
//
 
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file"/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
 
        // Those options should be usedcarefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;
 
        allow-query     { any; };
        allow-query-cache { any; };
};
logging {
        channel default_debug {
                file"data/named.run";
                severity dynamic;
        };
};
//view localhost_resolver {
//      match-clients      { any; };
//      match-destinations { any; };
//      recursion yes;
//      include"/etc/named.rfc1912.zones";
//};
 
acl"hosta" {
                192.168.10.1/24;
         };
acl"hostb"{
                192.168.13.1/24;
        };
 
 
view"hosta" {
             match-clients { hosta; };
             recursion yes;
             notify no;
             zone "test.com" IN {
                     type master;
                     file"test.com.hosta.file";
                     allow-update { none; };
             };
      };
 
view"hostb" {
             match-clients { hostb; };
             recursion yes;
             notify no;
             zone "test.com" IN {
                     type master;
                     file"test.com.hostb.file";
                     allow-update { none; };
             };
      };
 
备注:hosta  192.168.10.1/24; 的地址访问 test.com.hosta.file 
      hostb 192.168.13.1/24 的地址访问 test.com.hostb.file 
 
 
2.        添加智能正向解析:
hosta  192.168.10.1/24; 访问www.test.com 就到 192.168.10.100
# vi/var/named/chroot/var/named/test.com.hosta.file
$TTL    86400
@               IN SOA         dns.test.com.root.test.com.
                                       2011062301              ; serial(d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D)            ; minimum
 
dns.test.com.
dns             IN A            192.168.10.100
www             IN A            192.168.10.100
mail            IN A            192.168.10.100
 
 
hostb  192.168.13.1/24; 访问www.test.com 就到 192.168.20.11
# vi/var/named/chroot/var/named/test.com.hostb.file
$TTL    86400
@               IN SOA         dns.test.com.root.test.com.
                                       2011062301              ; serial(d. adams)
                                        3H              ; refresh
                                       15M             ; retry
                                        1W              ; expiry
                                        1D)            ; minimum
 
dns.test.com.
dns             IN A            192.168.20.11
www             IN A            192.168.20.11
mail            IN A            192.168.20.11


转载于:https://blog.51cto.com/2574526/1747579