rehhat5.5搭建各種dns服務器（3）

配置slave從服務器：

 

1.配置主配置文件

 

[root@Dns_slave etc]# cd  /var/named/chroot/etc

[root@Dns_slave etc]# ls

localtime  named.caching-nameserver.conf  named.rfc1912.zones  rndc.key

[root@Dns_slave etc]# vi  named.caching-nameserver.conf

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

 

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

 

        allow-query     { any; };

        allow-query-cache { any; };

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

 

acl cnc {192.168.1.0/24;};

acl tel {192.168.0.0/24;};

 

 

key "tel" {

        algorithm hmac-md5;

        secret " AO/jVw8Moo1USyH6dnyoFw==";

};

 

key "cnc" {

        algorithm hmac-md5;

        secret " GMhJe7tTV14A1LUyIHtErg==";

};

 

 

view "tel" {

        match-clients { key "tel";tel; };

        server 192.168.1.100 { keys "tel"; };

 

        zone "Skylinux.com" {

                type slave;

                file "slaves/tel.Skylinux.com.zone";

                masters {192.168.1.100;};

        };

 

};

 

view "cnc" {

        match-clients { key "cnc"; cnc;};

        server 192.168.1.100 { keys "cnc"; };

 

        zone "Skylinux.com" {

                type slave;

                file "slaves/cnc.Skylinux.com.zone";

                masters {192.168.1.100;};

        };

 

 

};

[root@Dns_slave etc]#

 

 

重啓主從兩臺服務器

 

 

主重啓

[root@Dns_master named]# service named restart

停止 named：                                               [確定]

啓動 named：                                               [確定]

[root@Dns_master named]#

 

從重啓

[root@Dns_slave etc]# cd ../var/named/slaves/

[root@Dns_slave slaves]# ls

cnc.Skylinux.com.zone  tel.Skylinux.com.zone

[root@Dns_slave slaves]# rm -rf *

[root@Dns_slave slaves]# ls

[root@Dns_slave slaves]# service named restart

停止 named：                                               [確定]

啓動 named：                                               [確定]

[root@Dns_slave slaves]# ls

cnc.Skylinux.com.zone  tel.Skylinux.com.zone

[root@Dns_slave slaves]# pwd

/var/named/chroot/var/named/slaves

[root@Dns_slave slaves]#

 

簡單測試：

 

在Master上設置nameserver 是192.168.1.100

 

[root@Dns_master named]# dig [email protected]

 

; <<>> dig 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> [email protected]

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21649

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www.Skylinux.com.          IN      A

 

;; ANSWER SECTION:

www.Skylinux.com.   86400   IN      A       192.168.1.100

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.1.100#53(192.168.1.100)

;; WHEN: Wed Sep  7 09:15:37 2011

;; MSG SIZE  rcvd: 72

====================

[root@Dns_master named]# dig [email protected]

 

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> ftp.Skylinux.com @192.168.1.100

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19894

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;ftp.Skylinux.com.          IN      A

 

;; ANSWER SECTION:

ftp.Skylinux.com.   86400   IN      A       192.168.1.102

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.1.100#53(192.168.1.100)

;; WHEN: Wed Sep  7 09:15:49 2011

;; MSG SIZE  rcvd: 72

==========================

[root@Dns_master named]# dig [email protected]

 

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www2.Skylinux.com @192.168.0.100

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29504

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www2.Skylinux.com.         IN      A

 

;; ANSWER SECTION:

www2.Skylinux.com.  86400   IN      A       192.168.0.103

 

;; AUTHORITY SECTION:

Skylinux.com.       86400   IN      NS      dns.Skylinux.com.

 

;; Query time: 0 msec

;; SERVER: 192.168.0.100#53(192.168.0.100)

;; WHEN: Wed Sep  7 09:17:57 2011

;; MSG SIZE  rcvd: 73

 

到這裏我們完成了view+TSIG+主從DNS服務器

============================================================================

第五階段

項目內容：搭建cache緩衝服務器，當客戶端發出請求時將請求發給指定的Dns服務器上做解析，並返回給客戶端

 

項目目的：模擬Internet中的緩衝服務器的原理。Internet上的客戶端並不知道真正的Dns服務器在哪，那麼就又整個緩衝服務器去幫我們查詢，並返回結果。

下面的實驗：

我們假定1.102是北京的服務器，202.106.0.20，當北京的用戶將nameserver，設置成它的時候，就會去給這臺服務器發請求，從而得到解析

 

我們假定0.102是長沙的服務器，202.103.96.112，當長沙的用戶將nameserver，設置成他的時候，就會去給這臺服務器發請求，從而得到解析

 

項目環境：

第四階段的整個環境

DNS Cache服務器：192.168.1.102/24  和  192.168.0.102/24 兩個IP地址互相切換

 

 

步驟：

 

1、以緩衝服務器IP是192.168.1.102

 

1）在緩衝服務器上安裝必要軟件

[root@Dns_cache ~]# yum install bind bind-chroot caching-nameserver

1）  配置

[root@Dns_cache etc]# vi named.caching-nameserver.conf

#在主配置文件中修改options字段中的內容

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

        allow-query     { any; };

        allow-query-cache { any; };

        forward only;

        forwarders {

                192.168.1.100;

        };

};

 

 

測試：

 

192.168.1.0/24網段的客戶端測試

 

將nameserver修改成緩衝服務器的IP地址

[root@Dns_cache etc]# vi /etc/resolv.conf

[root@Dns_cache etc]# cat /etc/resolv.conf

nameserver 192.168.1.102

[root@Dns_cache etc]#

 

Host命令測試解析結果

[root@Dns_cache etc]# host www.Skylinux.com

www.Skylinux.com has address 192.168.1.100

[root@Dns_cache etc]# host ftp.Skylinux.com

ftp.Skylinux.com has address 192.168.1.102

[root@Dns_cache etc]#

 

 

 

切換緩衝服務器的地址是192.168.0.102

 

修改主配置文件

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port

        // randomization

        // query-source    port 53;

        // query-source-v6 port 53;

        allow-query     { any; };

        allow-query-cache { any; };

        forward only;

        forwarders {

                192.168.0.100;

        };

};

 

緩衝服務器 重啓服務

[root@Dns_cache etc]# service named restart

停止 named：                                               [確定]

啓動 named：                                               [確定]

[root@Dns_cache etc]#

測試：

 

192.168.0.0/24網段的客戶機測試

 

將nameserver修改成緩衝服務器的IP地址

[root@Dns_cache etc]# vi /etc/resolv.conf

[root@Dns_cache etc]# cat /etc/resolv.conf

nameserver 192.168.0.102

[root@Dns_cache etc]#

 

Host命令測試解析結果

[root@Dns_cache etc]# host www.Skylinux.com

www.Skylinux.com has address 192.168.0.100

 

[root@Dns_cache etc]# host www2.Skylinux.com

www2.Skylinux.com has address 192.168.0.103