dns安装和配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了dns安装和配置相关的知识,希望对你有一定的参考价值。
一. DNS原理相关
DNS 为Domain Name System(域名系统)的缩写,它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种服务机制。
其中通过域名解析出ip地址的叫做正向解析,通过ip地址解析出域名的叫做反向解析。 DNS使用TCP和UDP, 端口号都是53, 但它主要使用UDP,服务器之间备份使用TCP。
全世界只有13台“根”服务器,1个主根服务器放在美国,其他12台为辅根服务器,DNS服务器根据角色可以分为:主DNS, 从DNS, 缓存DNS服务器,DNS转发服务器。
二. 使用bind搭建DNS服务器
[[email protected] ~]# yum install -y bind bind-utils [[email protected] ~]# /etc/init.d/named start Generating /etc/rndc.key: [确定] 启动 named: [确定]
查看生成的关键文件
[[email protected] ~]# rpm -ql bind /etc/NetworkManager/dispatcher.d/13-named /etc/logrotate.d/named /etc/named /etc/named.conf /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/portreserve/named /etc/rc.d/init.d/named /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /usr/lib/bind /usr/sbin/arpaname
三.配置一个自定义的域(正向解析,通过IP解析域名)
[[email protected] ~]# vim /etc/named.conf 在最后面添加一行 zone "123.com" IN { type master; file "123.com.zone"; }; [[email protected] ~]# named-checkconf 检查一下配置文件有没有错,如果有错会出现字母提示 [[email protected] ~]# vim /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 20150109 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11 bbs IN CNAME WWW [[email protected] ~]# named-checkzone "123.com" /var/named/123.com.zone 测试刚定义的有没有错 zone 123.com/IN: loaded serial 20150109 OK [[email protected] ~]# vim /etc/named.conf 配置ns IP进行监听 options { listen-on port 53 { 127.0.0.1; 192.168.1.191;}; [[email protected] ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定] 测试能不能解析 [[email protected] ~]# dig @192.168.1.191 www.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 www.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52057 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.123.com. IN A ;; ANSWER SECTION: www.123.com. 86400 IN A 11.11.11.11 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.191#53(192.168.1.191) ;; WHEN: Sun Mar 27 01:50:38 2016 ;; MSG SIZE rcvd: 78
四.DNS主从配置
配置从
[[email protected] ~]# yum install -y bind bind-utils [[email protected] ~]# vim /etc/named.conf // listen-on port 53 { 127.0.0.1; }; 想监听所有的IP就注释掉,想监听某个IP就在127后面添加 // listen-on-v6 port 53 { ::1; }; zone "123.com" IN { type slave; file "slaves/123.com.zone"; masters { 192.168.1.191; }; }; [[email protected] ~]# /etc/init.d/named start Generating /etc/rndc.key: [确定] 启动 named: [确定] [[email protected] ~]# ls /var/named/slaves/ 123.com.zone
然后我们可以在主和从上看一下数据是不是一样的
先从
[[email protected] ~]# cat /var/named/slaves/123.com.zone $ORIGIN . $TTL 86400 ; 1 day 123.com IN SOA 123.com. admin.123.com. ( 20150109 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns.123.com. $ORIGIN 123.com. ns A 192.168.1.191 www A 11.11.11.11
再看主
[[email protected] ~]# cat /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 20150109 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11
是不是数据一样呢!这说明主从已设置成功。
测试一下从解析
[[email protected] ~]# dig @192.168.1.192 www.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.192 www.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62629 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.123.com. IN A ;; ANSWER SECTION: www.123.com. 86400 IN A 11.11.11.11 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.192#53(192.168.1.192) ;; WHEN: Sun Mar 27 01:16:46 2016 ;; MSG SIZE rcvd: 78
测试有没有主从同步,在主上修改配置文件。
[[email protected] ~]# vim /var/named/123.com.zone $TTL 1D @ IN SOA @ admin.123.com. ( 201501092 ; serial 后面更改一个数字2说明第二次更改 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.123.com. ns IN A 192.168.1.191 www IN A 11.11.11.11 bbs IN CNAME WWW guozhen IN A 111.111.111.111 新加一行做测试 [[email protected] ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定]
测试能不能解析
[[email protected] ~]# dig @192.168.1.191 guozhen.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 guozhen.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25913 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;guozhen.123.com. IN A ;; ANSWER SECTION: guozhen.123.com. 86400 IN A 111.111.111.111 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 0 msec ;; SERVER: 192.168.1.191#53(192.168.1.191) ;; WHEN: Sun Mar 27 02:46:06 2016 ;; MSG SIZE rcvd: 82
要想实时同步必须改主配置文件
[[email protected] ~]# vim /etc/named.conf zone "123.com" IN { type master; file "123.com.zone"; notify yes; 实时同步 also-notify {192.168.1.192; }; 从IP }; [[email protected] ~]# named-checkconf 检查有没有错 [[[email protected] ~]# /etc/init.d/named restart 停止 named: [确定] 启动 named: [确定]
在从上测试
[[email protected] ~]# dig @192.168.1.192 guozhen.123.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.192 guozhen.123.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5755 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;guozhen.123.com. IN A ;; ANSWER SECTION: guozhen.123.com. 86400 IN A 111.111.111.111 ;; AUTHORITY SECTION: 123.com. 86400 IN NS ns.123.com. ;; ADDITIONAL SECTION: ns.123.com. 86400 IN A 192.168.1.191 ;; Query time: 1 msec ;; SERVER: 192.168.1.192#53(192.168.1.192) ;; WHEN: Sun Mar 27 01:40:31 2016 ;; MSG SIZE rcvd: 82 [[email protected] ~]# cat /var/named/slaves/123.com.zone $ORIGIN . $TTL 86400 ; 1 day 123.com IN SOA 123.com. admin.123.com. ( 201501092 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns.123.com. $ORIGIN 123.com. bbs CNAME WWW guozhen A 111.111.111.111 ns A 192.168.1.191 www A 11.11.11.11 OK 经过查看已经全部同步完成 写的不好,见谅哦。
切记做的时候一定要关闭防火墙
忘记写反向解析了(通过域名解析IP)
步骤如下(在主上添加配置文件)
[[email protected] ~]# vim /etc/named.conf
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
notify yes;
also-notify {192.168.1.192; };
};
[[email protected] ~]# named-checkconf
[[email protected] ~]# vim /var/named/1.168.192.zone
$TTL 1D
@ IN SOA @ admin.123.com. (
201501092 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.123.com.
191 IN PTR ns.123.com.
20 IN PTR mail.123.com.
[[email protected] ~]# named-checkconf 检查有没有错
[[email protected] ~]# /etc/init.d/named restart 重启
停止 named: [确定]
启动 named: [确定]
[[email protected] ~]# dig @192.168.1.191 -x 192.168.1.191 测试能不能解析
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> @192.168.1.191 -x 192.168.1.191
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5620
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;191.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
191.1.168.192.in-addr.arpa. 86400 IN PTR ns.123.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS ns.123.com.
;; ADDITIONAL SECTION:
ns.123.com. 86400 IN A 192.168.1.191
;; Query time: 2 msec
;; SERVER: 192.168.1.191#53(192.168.1.191)
;; WHEN: Sun Mar 27 02:14:07 2016
;; MSG SIZE rcvd: 98本文出自 “Linux菜鸟” 博客,请务必保留此出处http://490617581.blog.51cto.com/11186315/1759461
以上是关于dns安装和配置的主要内容,如果未能解决你的问题,请参考以下文章