入门DNS主从配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了入门DNS主从配置相关的知识,希望对你有一定的参考价值。
DNS:域名解析服务
常用DNS的记录类型:
A :称为正向解析,域名解析为IP地址
PTR:称为反向解析,IP解析为域名
MX :邮件交换记录
NS :指定域名服务器
CNAME:别名记录
SOA:start of authority用户表示域内主DNS服务器
提供DNS服务的软件:包名为BIND,需要如下几个包:
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
在RHEL6.5中,默认安装了bind-utils和bing-libs两个包;这里以rhel6.5为例,我们还需要安装两个包
[[email protected] ~]# mount /dev/cdrom /dev/cdrom
[[email protected] ~]# mount /dev/cdrom /media/cdrom/ //挂载光盘到/media/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[[email protected] ~]# cd /media/cdrom/Packages/ //切换到光盘下的包目录
[[email protected] Packages]# rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm //安装bind主程序包
[[email protected] Packages]# rpm -ivh bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm //安装chroot包;为bind提供伪装根目录
[[email protected] Packages]# rpm -qa | grep "^bind" //安装完成后,确定系统中已经存在以下四个包
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
[[email protected] Packages]# service named start //启动服务;包名为bind,服务名为named
启动 named: [确定] //启动成功
下面实例:为www.520sec.com添加正向解析和192.168.211.0/24网段的反向解析,新建区域配置文件
[[email protected] Packages]# vim /etc/named.conf //DNS的主配置文件
options {
listen-on port 53 { 192.168.211.3; }; //53为DNS的监听端口,后面为监听的IP地址,为本机IP
listen-on-v6 port 53 { ::1; };
directory "/var/named"; //工作目录;下面没有指定绝对路径的都是在这个目录下
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.211.0/24; }; //哪个网段可以使用本DNS解析
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "." IN { //此段为安装完bind后自带的根解析
type hint;
file "named.ca";
}; //下面开始是由自己新建的内容
zone "520sec.com" IN { //为520sec.com添加正向解析
type master; //类型为主
file "520sec.com.zone"; //区域数据文件的位置为/var/named/520sec.com.zone,520sec.com.zone是新建的解析记录文件
allow-transfer { 192.168.211.10; }; //允许从服务器从本服务器复制文件;此处写从服务器IP地址
}; //为520sec做的正向解析结束
zone "211.168.192.in-addr.arpa" IN { //为192.168.211.0/24添加反向解析,注意的要反过来写
type master; //类型为主
file "211.168.192.arpa"; //区域数据文件的位置为/var/named/211.168.192.arpa
allow-transfer { 192.168.211.10; }; //允许从服务器从本服务器复制文件;此处写从服务器IP地址
}; #反向解析结束;保存退出
[[email protected] named]# named-checkconf -z /etc/named.conf //使用命令检查刚才的配置文件有无语法错误
zone 520sec.com/IN: loading from master file 520sec.com.zone failed: file not found //提示520sec.com.zone没有找到,这是因为我们还没有新建区域文件
zone 520sec.com/IN: not loaded due to errors.
_default/520sec.com/IN: file not found
[[email protected] named]# vim 520sec.com.zone //新建一个名为520sec.com.zone的正向解析区域文件
$TTL 86400
@ SOA 520sec.com. admin.520sec.com (
2011030301
4H
30M
12H
1D
)
@ IN NS ns1.520sec.com.
IN NS ns2.520sec.com.
IN MX 10 mail.520sec.com.
ns1 IN A 192.168.211.3 //ns1.520sec.com解析到192.168.211.30
ns2 IN A 192.168.211.10 //ns2.520sec.com解析到192.168.211.10
mail IN A 192.168.211.3
www IN A 192.168.211.10
* IN A 192.168.211.3 //表示输入错误的主机名时统统解析到192.168.211.3;保存退出
[[email protected] named]# vim 211.168.192.arpa //新建反向区域配置文件
$TTL 86400
@ SOA 520sec.com. admin.520sec.com (
2011030301
4H
30M
12H
1D
)
IN NS ns1.520sec.com.
IN NS ns2.520sec.com.
1 IN PTR www.520sec.com. //将192.168.211.1解析到www.520sec.com;下面以此类推
2 IN PTR mail.520sec.com.
3 IN PTR ns1.520sec.com.
100 IN PTR ns2.520sec.com. //保存退出
[[email protected] named]# named-checkconf -z /etc/named.conf //再次使用名率检查配置文件有无错误和区域文件是否存在已经没有报错了
zone 520sec.com/IN: loaded serial 2011030301
zone 211.168.192.in-addr.arpa/IN: loaded serial 2011030301
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
[[email protected] named]# vim /etc/resolv.conf //将DNS地址更改为自己的IP,和从DNS的IP
nameserver 192.168.211.3
nameserver 192.168.211.10 //主DNS的配置到此结束
[[email protected] named]# nslookup www.benet.com 使用nslookup测试dns是否解析成功
Server: 192.168.211.3 //DNS地址
Address: 192.168.211.3#53
Name: www.benet.com //解析的域名
Address: 192.168.211.10 //解析到的IP;可以对比一下上面对呀www.benet.com的IP,是相同的
下面开始从DNS的配置:按照上面的安装步骤安装好对应的bind服务,打开dns配置文件,在配置文件中修改
zone "520sec.com" IN {
type slave;
masters { } //这里指定主的IP地址,以从主DNS复制文件
file "slaves/benet.com.zone" //下载的文件保存位置
}
配置到此结束
检查在从DNS在设置的下载文件保存目录里有没有下载到主DNS的解析文件
以上是关于入门DNS主从配置的主要内容,如果未能解决你的问题,请参考以下文章