学习记录——配置DNS服务器

一实验准备工作

主DNS服务器

1.配置主机域名

[[email protected] ~]# hostname xuan.com   ///临时修改名，永久修改需要去/etc/sysconfig/network 修改。然后记住在/etc/hosts 里更新自己的域，为了方便实验，先修改了名字

2.取消dhcp，ip地址改为静态

3.安装DNS

[[email protected] ～]# yum -y install bind

二配置DNS服务器

1.查看安装文件目录

[[email protected] ～]# rpm -ql bind

/etc/NetworkManager/dispatcher.d/13-named

/etc/logrotate.d/named

/etc/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/portreserve/named

/etc/rc.d/init.d/named

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

。

。

。

2.DNS自身配置文件更改

[[email protected] ~]# vim /etc/named.conf

options {

listen-on port 53 { any;};        //ipv4   表示监听的本机所有网卡

listen-on-v6 port 53 { any; };     //ipv6

directory      "/var/named";     //数据存放目录

dump-file      "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { any; };             //表示允许网络中所有主机来访问

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file"data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

include"/etc/named.rfc1912.zones";   //区域描述文件

include "/etc/named.root.key";

3.定义区域文件(区域文件可以直接在named.conf中添加也可以像下面样添加到自身配置文件定义的文件中)

[[email protected] ~]# vim/etc/named.rfc1912.zones     //最后一行添加4条信息，两条正向两条方向解析

zone "baidu.com" IN {

type master;                //指主域服务器

file "baidu.com.hosts";     //指定文件保存的名字，可以自定义，但一般遵循此规范

};

zone "qq.com" IN {

type master;

file "qq.com.hosts";

};

zone "2.21.222.in-addr.arpa" IN {

type master;

file "222.21.2.rev";

};

zone "33.16.172.in-addr.arpa" IN{

type master;

file "172.16.33.rev";

};

4.创建数据文件

（1） [[email protected] ~]# vim/var/named/baidu.com.hosts

$TTL 1D

@      IN SOA  xuan.com [email protected] (

201509160001

1D

1H

1W

3H )

IN   NS     xuan.com.

IN   MX 5   xuan.com.

server2         IN  A       222.21.2.21             //简单的负载均衡

server2         IN  A       222.21.2.22             //

www             IN   A      172.16.33.33

ftp             IN   CNAME  www                   //别名

（2）[[email protected] ~]# vim/var/named/qq.com.hosts

$TTL 1D

@      IN SOA  xuan.com [email protected] (

201509160005

1D

1H

1W

3H )

IN   NS     xuan.com.

IN   MX 5   xuan.com.

server2        IN   A      222.101.0.10

server2         IN  A       222.101.0.11

www             IN   A      172.16.33.99

ftp             IN   CNAME  www

（3）[[email protected] ~]# vim/var/named/222.21.2.rev

$TTL 1D

@      IN SOA xuan.com [email protected](

201509160003

3h

1h

1w

1h)

IN  NS  xuan.com.

21      IN  PTR server2.baidu.com.             //负载均衡的反向解析

22      IN  PTR server2.baidu.com.             //

（4）[[email protected] ~]# vim/var/named/172.16.33.rev

$TTL 1D

@      IN SOA xuan.com [email protected](

201509160003

3h

1h

1w

1h)

IN  NS  xuan.com.

33       IN PTR www.baidu.com.

33      IN  PTR ftp.baidu.com.

99      IN  PTR www.qq.com.

99      IN  PTR ftp.qq.com.

5.重启DNS服务（如果报错可以根据/var/log/messages日志排错）

[[email protected] ~]# service named restart

停止 named：                                              [确定]

启动 named：                                              [确定]

6.测试

正向解析测试：

[[email protected] named]# nsloopup

bash: nsloopup: command not found

[[email protected] named]# nslookup

> www.baidu.com

Server:           172.16.30.97

Address:  172.16.30.97#53

Name:     www.baidu.com

Address: 172.16.33.33

> ftp.qq.com

Server:           172.16.30.97

Address:  172.16.30.97#53

ftp.qq.com      canonicalname = www.qq.com.

Name:     www.qq.com

Address: 172.16.33.99

> server2.qq.com

Server:           172.16.30.97

Address:  172.16.30.97#53

Name:     server2.qq.com

Address: 222.101.0.10

Name:     server2.qq.com

Address: 222.101.0.11

反向解析测试：

> 172.16.33.33

Server:           172.16.30.97

Address:  172.16.30.97#53

33.33.16.172.in-addr.arpa     name = www.baidu.com.

33.33.16.172.in-addr.arpa     name = ftp.baidu.com.

> 172.16.33.99

Server:           172.16.30.97

Address:  172.16.30.97#53

99.33.16.172.in-addr.arpa     name = ftp.qq.com.

99.33.16.172.in-addr.arpa     name = www.qq.com.

> 222.21.2.21

Server:           172.16.30.97

Address:  172.16.30.97#53

21.2.21.222.in-addr.arpa       name = server2.baidu.com.

> 222.21.2.22

Server:           172.16.30.97

Address:  172.16.30.97#53

22.2.21.222.in-addr.arpa       name = server2.baidu.com.

辅助DNS服务器：

7.定义区域配置文件

[[email protected] ~]# vim/etc/named.rfc1912.zones    //最后一行添加，这边只添加了一条正向解析，反向也是一样配置。只要指定主DNS服务器配置有相关域解析就能直接获取

zone "test.com" IN {

type slave;

file "slaves/test.com.hosts";

masters {172.16.30.53;};

};

8.配置好后重启服务

[[email protected] ~]# service named restart

停止 named：                                              [确定]

启动 named：                                              [确定]

9.查看slaves文件夹是否已经获取主服务器test.com的解析

[[email protected] ~]# cat/var/named/slaves/test.com.hosts

$ORIGIN .

$TTL 86400    ;1 day

test.com         INSOA  lhost4.test.com.root.lhost4.test.com. (

2015091602; serial

10800      ; refresh (3 hours)

3600       ; retry (1 hour)

604800     ; expire (1 week)

3600       ; minimum (1 hour)

)

NS   lhost4.test.com.

MX  5 lhost4.test.com.

$ORIGIN test.com.

lhost4                    A     172.16.30.1

win03                   A     172.16.30.33

win04                   A     172.16.30.44

10.测试从主DNS获取的解析

[[email protected] ~]# nslookup

> win03.test.com

Server:           172.16.30.97

Address:  172.16.30.97#53

Name:     win03.test.com

Address: 172.16.30.33

> lhost4.test.com

Server:           172.16.30.97

Address:  172.16.30.97#53

Name:     lhost4.test.com

Address: 172.16.30.1

以前自己自学linux时，感觉DNS挺难的，后来参加培训听老师讲后理解很多。自学那会在读大学，搭建DNS时是用的system-config-bind，视窗下搭建，只要理解了概念就比较简单。那时自己查阅了很多资料，视窗下搭建了智能DNS，因为自己是机房主管，所以利用机房里不同网段主机做客户机。等后面有时间，更新智能DNS的配置