centos5.8 DNS服務地址解析
目錄
如果有多個IP段的話可以參考如下設置配置反向解析:... 8
版本歷史
時間 | 版本 | 說明 | 編寫者 |
2016-03-4 | 1.0 | centos5.8 下DNS服務地址解析 | 崔四超 |
系統環境:
centos 5.8 64 bit
軟件環境
bind-utils-9.3.6-25.P1.el5_11.6
bind-libs-9.3.6-25.P1.el5_11.6
bind-9.3.6-25.P1.el5_11.6
bind-chroot-9.3.6-25.P1.el5_11.6
ypbind-1.19-12.el5_6.1
主dns服務器:192.168.10.100
從dns服務器:192.168.10.101
www 門戶 :192.168.36.4
一、DNS服務地址解析配置
1. 安裝bind
#yum install bind* //安裝DNS軟件bind
centos 5.8 系統裏面還需要安裝:
yum -y install caching-nameserver
由於安裝了chroot包,所以主配置文件named.conf在/var/named/chroot/etc/下進行配置。( 不是在/etc/named.conf)
由於安裝了上面六個包後,這個目錄下就默認會生成一個named.conf文件,但這個named.conf文件只是個解釋文檔,所以我們要通過以下命令來把named.conf文件的模板拷貝一份。
備註:安裝好之後,我的/etc/named.* 的文件都是軟連接
2. 配置named
cd /var/named/chroot/etc
cp -p named.caching-nameserver.conf named.conf
chown -R root:namednamed.conf
ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@server-10-100 etc]#cat named.conf
//
//named.caching-nameserver.conf
//
// Provided by Red Hatcaching-nameserver package to configure the
// ISC BIND named(8) DNSserver as a caching only nameserver
// (as a localhost DNSresolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE -use system-config-bind or an editor
// to create named.conf -edits to this file will be lost on
// caching-nameserverpackage upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// Those options should be usedcarefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include"/etc/named.rfc1912.zones";
};
由於安裝了chroot包(主要功能就不多介紹),所以主配置文件named.conf在/var/named/chroot/etc/下進行配置。命令如下:
3. 配置named.rfc1912.zones
[root@server-10-100 etc]#cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hatcaching-nameserver package
//
// ISC BIND named zone configurationfor zones recommended by
// RFC 1912 section 4.1 :localhost TLDs and address zones
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
//聲明一個根域".",用來解析外網域名,
zone "." IN {
type hint;
file "named.ca";
};
zone"localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost"IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone"0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone"255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "wuhaneduyun.cn"IN { //定義一個正向域 wuhaneduyun.cn
type master;
file "wuhaneduyun.cn.zone";//定義正向解析文件名wuhaneduyun.cn.zone
allow-update { none ;};
};
zone "36.168.192.in-addr.arpa"IN {//定義一個方向域
type master;
file "zone.wuhaneduyun.cn";//定義反向解析文件名
allow-update { none ;};
};
4. 配置正反向文件
正反解文件都在相同目錄下,由於安裝了chroot包後,所以配置正反解文件要到/var/named/chroot/var/named/目錄下,而且在此目錄下也有正反解的模板文件。具體用到的命令如下:
cd /var/named/chroot/var/named/
cp -p localdomain.zone wuhaneduyun.cn.zone
cp -p named.local zone.wuhaneduyun.cn
記得加參數P,不然很有可能啓動不了named服務。現在就可以編輯正解(wuhaneduyun.cn.zone)、反解(zone.wuhaneduyun.cn)這兩個文件了
1. 配置正向解析
[root@server-10-100 ~]# cat/var/named/chroot/var/named/wuhaneduyun.cn.zone
$TTL 86400
@ IN SOA dns.wuhaneduyun.cn.root.wuhaneduyun.cn. (
2011062301 ; serial(d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS dns.wuhaneduyun.cn.
dns IN A 192.168.36.4
www IN A 192.168.36.4
mail IN A 192.168.10.111
2. 配置反向解析:
[root@server-10-100 named]# cat zone.wuhaneduyun.cn
$TTL 86400
@ IN SOA 36.168.192.in-addr.arpa. dns.wuhaneduyun.cn. (
2011062301; Serial //序號而已
28800 ; Refresh //slave 的更新時間
14400 ; Retry //當slave更新失敗,重新更新時間
3600000 ; Expire //重複多久後不在更新
86400 ) ; Minimum //可看做TTL ,尤其是不設置TTL 時
IN NS dns.wuhaneduyun.cn.
4 IN PTR dns.wuhaneduyun.cn.
4 IN PTR www.wuhaneduyun.cn.
111 IN PTR mail.wuhaneduyun.cn.
說明:最後一句前面的那個4是指的主機IP:192.168.36.4的最後一個數
如果有多個IP段的話可以參考如下設置配置反向解析:
配置反向解析,反向解析不去要MX,A ,和CNAME字段,它一般使用PRT
定義反向域配置:
zone"168.192.in-addr.arpa" IN {
type master;
file "zone.wuhaneduyun.cn";
allow-update { none ;};
};
定義域文件
1. vim zone.wuhaneduyun.cn
2.
3. $TTL 1200
4. @ IN SOA ns1.a.org. admin.a.org. (
5. 2011081601
6. 1H
7. 10M
8. 7D
9. 1D )
10. IN NS ns1.a.org.
11. IN NS ns2.a.org.
12.1.100 IN PTR ns1.a.org.
13.2.100 IN PTR ns2.a.org.
14.1.100 IN PTR mail.a.org.
15.3.100 IN PTR www.a.org.
16.100.100 IN PTR ftp.a.org.
17.# 聲明域的時候已經有了,192.168 所以我們只需要輸入1.100既代表192.168.1.100
18.chomd :named 172.16.org
19.service named reload
5 檢查文件是否有語法錯誤
#named-checkconf -z //檢查主配置文件是否有錯誤
#named-checkzone wuhaneduyun.cn /var/named/a.org.internal //檢查區域文件是否有錯誤
#named-checkzone wuhaneduyun.cn /var/named/a.org.external
6 驗證試驗是否成功
1、首先是修改/etc/resolv.conf文件。只有修改了這個文件纔可以用自己的機器進行域名解析,命令如下:
# vi /etc/resolv.conf
只要加上一句:nameserver 192.168.10.100
[root@server-13-30 ~]# nslookup
> www.baidu.com
Server: 192.168.10.100
Address: 192.168.10.100#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 180.97.33.107
Name: www.a.shifen.com
Address: 180.97.33.108
> www.wuhaneduyun.cn
Server: 192.168.10.100
Address: 192.168.10.100#53
Name: www.wuhaneduyun.cn
Address: 192.168.10.100
>192.168.10.100
www.wuhaneduyun.cn
二、centos NDS 從配置
1. 安裝從服務器,請按照方案一進行安裝。
2. 配置named.conf
cd /var/named/chroot/etc/
cp -pnamed.caching-nameserver.conf named.conf
ln -s/var/named/chroot/etc/named.conf /etc/named.conf
cat /etc/named.conf
options {
directory "/var/named/slaves";
};
//因爲安裝了chroot,所以slaves 目錄的真實目錄應該在 /var/named/chroot/var/named/slaves/
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include"/etc/named.rfc1912.zones";
};
3. 配置 named.rfc1912.zones
cat/etc/named.rfc1912.zones
//zone "." IN {
// type hint;
// file "named.ca";
//};
zone"localdomain" IN {
type slave;
masters { 192.168.10.100;}; // # 主服務器的地址,通過它來同步解析文件
file "localdomain.zone";
// allow-update { none; };
};
zone "localhost"IN {
type slave;
masters { 192.168.10.100; };
file "localhost.zone";
// allow-update { none; };
};
zone"0.0.127.in-addr.arpa" IN {
type slave;
masters { 192.168.10.100; };
file "named.local";
// allow-update { none; };
};
zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type slave;
masters { 192.168.10.100; };
file "named.ip6.local";
// allow-update { none; };
};
zone"255.in-addr.arpa" IN {
type slave;
masters { 192.168.10.100; };
file "named.broadcast";
// allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type slave;
masters { 192.168.10.100; };
file "named.zero";
// allow-update { none; };
};
//以下是我自定義的域,請參考主
zone"wuhaneduyun.cn" IN {
type slave; //# 類型爲從
masters { 192.168.10.100;}; //主服務器的地址,通過它來同步解析文件
file "wuhaneduyun.cn.zone";
// allow-update { none ;};
};
zone"36.168.192.in-addr.arpa" IN {
type slave; //# 類型爲從
masters { 192.168.10.100; }; //主服務器的地址,通過它來同步解析文件
file "zone.wuhaneduyun.cn";
// allow-update { none ;};
};
4. 重啓服務,看解析文件是否同步:
/etc/init.d/named restart
如果報錯,請查看日誌: /var/log/message
ll /var/named/chroot/var/named/slaves/
5. 測試從DNS 是否正常工作
1) 測試從dns服務器功能
登入內網任意一臺服務器:
# vi/etc/resolv.conf
只要加上一句:nameserver 192.168.10.101 #(備註:從dns 服務器)
說明配置從DNS成功
2) 測試主dns 關閉後,從是否能正常接管:
配置主從DNS 服務器IP
第一次解析,server 爲:192.168.10.100
關閉主dns : 192.168.10.100 named 服務後,
第二次解析,server爲:192.168.10.101
三、centos5.8 智能DNS地址解析
1. 添加named.conf配置
vi /var/named/chroot/etc/named.conf
添加紅色爲自能解析:
//
//named.caching-nameserver.conf
//
// Provided by Red Hatcaching-nameserver package to configure the
// ISC BIND named(8) DNSserver as a caching only nameserver
// (as a localhost DNSresolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE -use system-config-bind or an editor
// to create named.conf -edits to this file will be lost on
// caching-nameserverpackage upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be usedcarefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
//view localhost_resolver {
// match-clients { any; };
// match-destinations { any; };
// recursion yes;
// include"/etc/named.rfc1912.zones";
//};
acl"hosta" {
192.168.10.1/24;
};
acl"hostb"{
192.168.13.1/24;
};
view"hosta" {
match-clients { hosta; };
recursion yes;
notify no;
zone "test.com" IN {
type master;
file"test.com.hosta.file";
allow-update { none; };
};
};
view"hostb" {
match-clients { hostb; };
recursion yes;
notify no;
zone "test.com" IN {
type master;
file"test.com.hostb.file";
allow-update { none; };
};
};
備註:hosta 192.168.10.1/24; 的地址訪問 test.com.hosta.file
hostb 192.168.13.1/24 的地址訪問 test.com.hostb.file
2. 添加智能正向解析:
hosta 192.168.10.1/24; 訪問www.test.com 就到 192.168.10.100
# vi/var/named/chroot/var/named/test.com.hosta.file
$TTL 86400
@ IN SOA dns.test.com.root.test.com. (
2011062301 ; serial(d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS dns.test.com.
dns IN A 192.168.10.100
www IN A 192.168.10.100
mail IN A 192.168.10.100
hostb 192.168.13.1/24; 訪問www.test.com 就到 192.168.20.11
# vi/var/named/chroot/var/named/test.com.hostb.file
$TTL 86400
@ IN SOA dns.test.com.root.test.com. (
2011062301 ; serial(d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS dns.test.com.
dns IN A 192.168.20.11
www IN A 192.168.20.11
mail IN A 192.168.20.11