標籤:
參考網址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/
DNS(Domain Name System) 將主機名稱或者URLS翻譯成IP地址。例如如果 "www.unixmen.com"在瀏覽器,
DNS server 將把這個網域名稱翻譯成和他關聯的IP地址,DNS servers 用於將主機名稱類似 www.unixmen.com
翻譯成 173.xxx.xxx.xxx 這樣是為了方便人們記住網域名稱,而不是IP地址。
方案
主(primary/master) DNS Server
環境配置:
作業系統 : CentOS 6.5 server
主機名稱 : masterdns.unixmen.local
IP地址 : 192.168.1.100/24
從(secondary/slave) DNS Server
環境配置:
作業系統 : CentOS 6.5 server
主機名稱 : secondarydns.unixmen.local
IP地址 : 192.168.1.101/24
用戶端環境:
作業系統 : CentOS 6.5 Desktop
主機名稱 : Client.unixmen.local
IP地址 : 192.168.1.102/24
安裝主(primary/master) DNS Server
[[email protected] ~]# yum install bind* -y
1.配置DNS Server
添加如下所示行到/etc/named.conf檔案中
[[email protected] ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### 主DNS 的 IP地址 ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ### 允許訪問網路的IP範圍 ,末尾的 /24 是網路遮罩的縮寫表示(在本例中為 255.255.255.0)###
allow-transfer{ localhost; 192.168.1.101; }; ### 從 DNS IP ###
recursion yes; ###是否允許遞迴,有建議說應設定為no,為了是防止DDOS攻擊###
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
//自訂的正向和反向解析
zone"unixmen.local" IN {
type master;
file "forward.unixmen"; //正向解析檔案名稱
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";//反向解析檔案名稱
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.建立zone檔案
以下檔案已經在/etc/named.conf中定義
2.1 建立正向Zone
建立forward.unixmen 檔案在 /var/named 目錄下
[[email protected] ~]# vi /var/named/forward.unixmen
$TTL 86400
@ IN SOA masterdns.unixmen.local. root.unixmen.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.unixmen.local.
@ IN NS secondarydns.unixmen.local.
@ IN A 192.168.1.100
@ IN A 192.168.1.101
@ IN A 192.168.1.102
masterdns IN A 192.168.1.100
secondarydns IN A 192.168.1.101
client IN A 192.168.1.102
2.2建立反向Zone
建立reverse.unixmen 檔案在 /var/named 目錄下
[[email protected] ~]# vi /var/named/reverse.unixmen
$TTL 86400
@ IN SOA masterdns.unixmen.local. root.unixmen.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.unixmen.local.
@ IN NS secondarydns.unixmen.local.
@ IN PTR unixmen.local.
masterdns IN A 192.168.1.100
secondarydns IN A 192.168.1.101
client IN A 192.168.1.102
100 IN PTR masterdns.unixmen.local.
101 IN PTR secondarydns.unixmen.local.
102 IN PTR client.unixmen.local.
3.啟動DNS服務
[[email protected] ~]# service named start
Starting named: [ OK ]
[[email protected] ~]# chkconfig named on
4.調整防火牆允許DNS Server 訪問外部網路
添加以下內容到 /etc/sysconfig/iptables 檔案中
[[email protected] ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#添加DNS Server
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
5.重啟防火牆
[[email protected] ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6.設定當前的DNS伺服器
添加以下內容到 /etc/resolv.conf 檔案中
[[email protected] ~]# vim /etc/resolv.conf
nameserver 192.168.1.131
7.測試DNS配置和zone檔案是否有語法錯誤
[[email protected] ~]# named-checkconf /etc/named.conf
[[email protected] ~]# named-checkzone unixmen.local /var/named/forward.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK
[[email protected] ~]# named-checkzone unixmen.local /var/named/reverse.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK
8.測試DNS Server
[[email protected] ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSsecondarydns.unixmen.local.
unixmen.local.86400INNSmasterdns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:07:56 2013
;; MSG SIZE rcvd: 114
[[email protected] ~]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100
Name:unixmen.local
Address: 192.168.1.101
現在主DNS Server 已經可以使用了
安裝從(Secondary/Slave) DNS Server
[[email protected] ~]# yum install bind* -y
1.配置從DNS Server
添加如下所示行到/etc/named.conf檔案中
[[email protected] ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.啟動DNS服務
[[email protected] ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[[email protected] ~]# chkconfig named on
現在主DNS server上的正向和反向zone檔案,被自動複製到了從 DNS Server 的 /var/named/slaves/ 目錄下
[[email protected] ~]# ls /var/named/slaves/
unixmen.fwd unixmen.rev
[[email protected] ~]# cat /var/named/slaves/unixmen.fwd
$ORIGIN .
$TTL 86400; 1 day
unixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
A192.168.1.100
A192.168.1.101
A192.168.1.102
$ORIGIN unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
secondarydnsA192.168.1.101
[[email protected] ~]# cat /var/named/slaves/unixmen.rev
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
PTRunixmen.local.
$ORIGIN 1.168.192.in-addr.arpa.
100PTRmasterdns.unixmen.local.
101PTRsecondarydns.unixmen.local.
102PTRclient.unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
secondarydnsA192.168.1.101
3.添加DNS Server到所有系統中
[[email protected] ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8
4.測試DNS Server
[[email protected] ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 15 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:27:57 2013
;; MSG SIZE rcvd: 114
[[email protected] ~]# dig secondarydns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.unixmen.local.INA
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; Query time: 4 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:31:53 2013
;; MSG SIZE rcvd: 114
[[email protected] ~]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.101
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100
client配置
添加DNS Server到所有用戶端的 /etc/resolv.conf 檔案中
[[email protected] unixmen]# vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8
測試DNS Server
[[email protected] unixmen]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 30 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:47:55 2013
;; MSG SIZE rcvd: 114
[ro[email protected] unixmen]# dig secondarydns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.unixmen.local.INA
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.86400INNSsecondarydns.unixmen.local.
unixmen.local.86400INNSmasterdns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; Query time: 8 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:48:38 2013
;; MSG SIZE rcvd: 114
[[email protected] unixmen]# dig client.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;client.unixmen.local.INA
;; ANSWER SECTION:
client.unixmen.local.86400INA192.168.1.102
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 5 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar 7 13:49:11 2013
;; MSG SIZE rcvd: 137
[[email protected] unixmen]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100
Name:unixmen.local
Address: 192.168.1.101
現在主從DNS Server已經可以使用了
在CentOS 6.5/6.4/6.3上使用BIND一步一步安裝DNS伺服器
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
