DNS是在网络中将计算机名转换成IP的一个服务,在LINUX中可以很轻松的搭建一台DNS服务器,我们需要在LINUX系统中安装DNS服务(安装包名:bind)为了安全我们通常用一起安装bind-chroot为DNS的牢目录、根目录。为了放便还可以安装DNS配置文件的模板包(caching-nameserver).安装完后,我们需要对DNS进行配置我们要监听的IP、端口、解析的域名,配置好后我们重启服务就好了,然后我们可以找别一台,本机也可以,指定DNS地址然后进行测试。
下面是我们的一个搭建过程
拓扑:
DNS Slave
-----DNS Master(vmnet1)----------(vmnet1)
Win7 Client
实验一:搭建主DNS服务器
tarena.com
www.tarena.com192.168.10.253
bbs.tarena.com 192.168.10.100
blog是bbs别名
1、安装软件包
[[email protected] ~]# yum -y install bind bind-chroot caching- nameserver
2、修改主配置文件
[[email protected] ~]# cd /var/named/chroot/etc/ //牢目录/var/named/chroot
[[email protected]]# cp -p named.caching-nameserver.confnamed.conf //拷贝模板成为主配置文件
[[email protected]]# vimnamed.conf
...
15 listen-on port 53 { 192.168.10.253; }; 监听本机端口
16 // listen-on-v6 port 53 { ::1; }; IPV6模式
...
27 allow-query { any; }; 访问权限
28 allow-query-cache { any; };
...
37 match-clients { any; };
38 match-destinations { any; };
[[email protected]]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN { 解析的域名
52 type master; 类型 主
53 file "tarena.com.zone"; 解析数据库文件
54 };
55
56 zone "10.168.192.in-addr.arpa" IN { 解析的IP地址段(反向解析)
57 type master;
58 file "tarena.com.arpa";
59 };
[[email protected]]# named-checkconfnamed.conf 检验配置文件语法
3、修改数据库文件
[[email protected]]# cd /var/named/chroot/var/named/ 进入数据库文件目录
[[email protected] named]# cp -p named.localtarena.com.zone 建立两个文件(与主配置文件中设置同名)
[[email protected] named]# cp -p named.localtarena.com.arpa
[[email protected] named]# vimtarena.com.zone编辑文件,写入信息
$TTL 86400
@ IN SOA localhost. root.localhost. (
2014061701 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
dns01 IN A 192.168.10.253
www IN A 192.168.10.253
bbs IN A 192.168.10.100
blog IN CNAME bbs
[[email protected] named]# cattarena.com.arpa
$TTL 86400
@ IN SOA localhost. root.localhost. (
2014061701; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
253 IN PTR dns01.tarena.com.
253 IN PTR www.tarena.com.
100 IN PTR bbs.tarena.com.
100 IN PTR blog.tarena.com.
[[email protected] named]# named-checkzone tarena.com tarena.com.zone //检验解析库语法
zone tarena.com/IN: loaded serial 1997022700
OK
[[email protected] named]# named-checkzonetarena.com tarena.com.arpa
zone tarena.com/IN: loaded serial 1997022700
OK
4、启动服务
[[email protected] named]# service named restart
[[email protected] named]# chkconfig named on
5、测试
取消之前hosts文件定义
把DNS指向服务器
nslookup
实验二:DNS高级应用
实现DNS负载均衡,当用户访问www.tarena.com的时候,2/3用户访问10.253,1/3用户访问10.100
确保用户访问tarena.com的时候仍然可以访问www.tarena.com 的网站
实现用户在访问的时候只要域名正确就可以访问www.tarena.com 的网站
[[email protected] ~]# cd /var/named/chroot/var/named/
[[email protected] named]# cat tarena.com.zone
...
www IN A 192.168.10.253
www IN A 192.168.10.253
www IN A 192.168.10.100
tarena.com. IN A 192.168.10.253
$GENERATE 20-50 station$ IN A 192.168.10.$
* IN A 192.168.10.253
实验三:搭建从DNS服务器
给上面的主DNS搭建一个辅助DNS
1、安装软件包
[[email protected] ~]# yum -y install bind bind-chroot caching- nameserver
2、修改从DNS的主配置文件
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected]]# cp -p named.caching-nameserver.confnamed.conf
[[email protected]]# vimnamed.conf
15 listen-on port 53 { 192.168.10.100; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
37 match-clients { any; };
38 match-destinations { any; };
编辑主配置连接文件,这个文件包含域名,域库文件的相关设置,解析方式。
[[email protected] etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN { 需要解析的域名
52 type slave; 从DNS服务器
53 file "slaves/tarena.com.zone"; 更新来的库文件存放位置
54 masters { 192.168.10.253; }; 从192.168.10.253处更新
55 };
56
57 zone "10.168.192.in-addr.arpa" IN {
58 type slave;
59 file "slaves/tarena.com.arpa";
60 masters { 192.168.10.253; };
61 };
[[email protected] etc]# named-checkconfnamed.conf
3、修改主DNS的主配置文件,添加授权信息
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected]]# vim named.conf //添加21行内容
21 allow-transfer { 192.168.10.100; }; 只允许192.168.10.100更新库文件
...
[[email protected]]# cd /var/named/chroot/var/named/
[[email protected] named]# cattarena.com.zone
$TTL 86400
@ IN SOA tarena.com. root.tarena.com. (
2014041802 ; Serial //序列号加1
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
IN NS dns02.tarena.com. //添加从DNS服务器
IN A 192.168.10.253
dns01 IN A 192.168.10.253
dns02 IN A 192.168.10.100 //为从DNS正向解析
www IN A 192.168.10.253
www IN A 192.168.10.253
www IN A 192.168.10.100
bbs IN A 192.168.10.100
blog IN CNAME bbs
$GENERATE 20-50 station$ IN A 192.168.10.$
* IN A 192.168.10.101
[[email protected] named]# cattarena.com.arpa
$TTL 86400
@ IN SOA tarena.com. root.tarena.com. (
2014041802 ; Serial //序列号加1
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS dns01.tarena.com.
IN NS dns02.tarena.com. //添加从DNS服务器
253 IN PTR dns01.tarena.com.
100 IN PTR dns02.tarena.com. //为从DNS反向解析
253 IN PTR www.tarena.com.
100 IN PTR bbs.tarena.com.
[[email protected]]# service named restart
4、启动从DNS服务器并验证
[[email protected]]# service named restart
[[email protected]]# chkconfig named on
[[email protected]]# ls /var/named/chroot/var/named/slaves/
tarena.com.zonetarena.com.arpa
【DNS子域授权配置】
使子域同样具有DNS解析的能力。只需要在子域中以子域为域名来建立DNS服务器
例:总部:tarena.com
分部:sh.tarena.com
分部DNS服务器:www.sh.tarena.com
【DNS子域授权配置】
kvm_node2(子域)上面操作:
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected] etc]# vim named.rfc1912.zones
...
51 zone "sh.tarena.com" IN {
52 type master;
53 file "sh.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# cd /var/named/chroot/var/named/
[[email protected] named]# cp -p named.zero sh.tarena.com.zone
[[email protected] named]# cat sh.tarena.com.zone
$TTL 86400
@ IN SOA dns1.sh.tarena.com. root.sh.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.sh.tarena.com.
dns1 IN A 192.168.100.20
www IN A 192.168.100.100
[[email protected] named]# service named restart
kvm_node1(父域)上面操作:
[[email protected] ~]# cd /var/named/chroot/var/named/
[[email protected] named]# cat tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
sh.tarena.com. IN NS dns1.sh.tarena.com. //标记子域DNS服务器
dns1.sh.tarena.com. IN A 192.168.100.20
dns1 IN A 192.168.100.10
www IN A 192.168.100.1
blog IN CNAME www
$GENERATE 1-100 station$ IN A 192.168.100.$
[[email protected] named]# service named restart
测试:
[[email protected] ~]# host www.sh.tarena.com 192.168.100.10
反过来客户端dns指向子域,解析父域条目
[[email protected] named]# vim /var/named/chroot/etc/named.conf
21 forwarders { 192.168.100.10; }; //指定父域
[[email protected] named]# service named restart
测试:
[[email protected] ~]# host www.tarena.com 192.168.100.20
Using domain server:
Name: 192.168.100.20
Address: 192.168.100.20#53
Aliases:
www.tarena.com has address 192.168.100.1
【DNS分离解析/视图】
判断不同的来源地址访问相同域名给解析不同结果,这样我们需要不同的配置文件,在主配置文件中进行判断,判断后指向不同的配置文件,来查找不同的解析库文件
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected] etc]# vim named.conf
...
15 listen-on port 53 { 192.168.100.10; };
16 // listen-on-v6 port 53 { ::1; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
36 view lt {
37 match-clients { 192.168.100.20; }; //判断依据
38 match-destinations { any; };
39 recursion yes;
40 include "/etc/named.rfc1912.zones"; //执行的文件
41 };
42
43 view yd {
44 match-clients { any; };
45 match-destinations { any; };
46 recursion yes;
47 include "/etc/named.rfc1913.zones";
48 };
[[email protected] etc]# cp -p named.rfc1912.zones named.rfc1913.zones
[[email protected] etc]# vim named.rfc1912.zones
...
51 zone "tarena.com" IN {
52 type master;
53 file "lt.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# vim named.rfc1913.zones
51 zone "tarena.com" IN {
52 type master;
53 file "yd.tarena.com.zone";
54 allow-transfer { none; };
55 };
[[email protected] etc]# cd /var/named/chroot/var/named/
[[email protected] named]# cp -p named.zero lt.tarena.com.zone
[[email protected] named]# cp -p named.zero yd.tarena.com.zone
[[email protected] named]# cat lt.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 1.1.1.1
[[email protected] named]# cat yd.tarena.com.zone
$TTL 86400
@ IN SOA dns1.tarena.com. root.tarena.com. (
2014062401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
dns1 IN A 192.168.100.10
www IN A 2.2.2.2
[[email protected] named]# service named restart
测试:
用192.168.100.20和其他客户机分别测试