配置slave從服務器:
1.配置主配置文件
[root@Dns_slave etc]# cd /var/named/chroot/etc
[root@Dns_slave etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@Dns_slave etc]# vi named.caching-nameserver.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
acl cnc {192.168.1.0/24;};
acl tel {192.168.0.0/24;};
key "tel" {
algorithm hmac-md5;
secret " AO/jVw8Moo1USyH6dnyoFw==";
};
key "cnc" {
algorithm hmac-md5;
secret " GMhJe7tTV14A1LUyIHtErg==";
};
view "tel" {
match-clients { key "tel";tel; };
server 192.168.1.100 { keys "tel"; };
zone "Skylinux.com" {
type slave;
file "slaves/tel.Skylinux.com.zone";
masters {192.168.1.100;};
};
};
view "cnc" {
match-clients { key "cnc"; cnc;};
server 192.168.1.100 { keys "cnc"; };
zone "Skylinux.com" {
type slave;
file "slaves/cnc.Skylinux.com.zone";
masters {192.168.1.100;};
};
};
[root@Dns_slave etc]#
重啓主從兩臺服務器
主重啓
[root@Dns_master named]# service named restart
停止 named: [確定]
啓動 named: [確定]
[root@Dns_master named]#
從重啓
[root@Dns_slave etc]# cd ../var/named/slaves/
[root@Dns_slave slaves]# ls
cnc.Skylinux.com.zone tel.Skylinux.com.zone
[root@Dns_slave slaves]# rm -rf *
[root@Dns_slave slaves]# ls
[root@Dns_slave slaves]# service named restart
停止 named: [確定]
啓動 named: [確定]
[root@Dns_slave slaves]# ls
cnc.Skylinux.com.zone tel.Skylinux.com.zone
[root@Dns_slave slaves]# pwd
/var/named/chroot/var/named/slaves
[root@Dns_slave slaves]#
簡單測試:
在Master上設置nameserver 是192.168.1.100
[root@Dns_master named]# dig [email protected]
; <<>> dig 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> [email protected]
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21649
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.Skylinux.com. IN A
;; ANSWER SECTION:
www.Skylinux.com. 86400 IN A 192.168.1.100
;; AUTHORITY SECTION:
Skylinux.com. 86400 IN NS dns.Skylinux.com.
;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Sep 7 09:15:37 2011
;; MSG SIZE rcvd: 72
====================
[root@Dns_master named]# dig [email protected]
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> ftp.Skylinux.com @192.168.1.100
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19894
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ftp.Skylinux.com. IN A
;; ANSWER SECTION:
ftp.Skylinux.com. 86400 IN A 192.168.1.102
;; AUTHORITY SECTION:
Skylinux.com. 86400 IN NS dns.Skylinux.com.
;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Sep 7 09:15:49 2011
;; MSG SIZE rcvd: 72
==========================
[root@Dns_master named]# dig [email protected]
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> www2.Skylinux.com @192.168.0.100
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29504
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www2.Skylinux.com. IN A
;; ANSWER SECTION:
www2.Skylinux.com. 86400 IN A 192.168.0.103
;; AUTHORITY SECTION:
Skylinux.com. 86400 IN NS dns.Skylinux.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Wed Sep 7 09:17:57 2011
;; MSG SIZE rcvd: 73
到這裏我們完成了view+TSIG+主從DNS服務器
============================================================================
第五階段
項目內容:搭建cache緩衝服務器,當客戶端發出請求時將請求發給指定的Dns服務器上做解析,並返回給客戶端
項目目的:模擬Internet中的緩衝服務器的原理。Internet上的客戶端並不知道真正的Dns服務器在哪,那麼就又整個緩衝服務器去幫我們查詢,並返回結果。
下面的實驗:
我們假定1.102是北京的服務器,202.106.0.20,當北京的用戶將nameserver,設置成它的時候,就會去給這臺服務器發請求,從而得到解析
我們假定0.102是長沙的服務器,202.103.96.112,當長沙的用戶將nameserver,設置成他的時候,就會去給這臺服務器發請求,從而得到解析
項目環境:
第四階段的整個環境
DNS Cache服務器:192.168.1.102/24 和 192.168.0.102/24 兩個IP地址互相切換
步驟:
1、以緩衝服務器IP是192.168.1.102
1)在緩衝服務器上安裝必要軟件
[root@Dns_cache ~]# yum install bind bind-chroot caching-nameserver
1) 配置
[root@Dns_cache etc]# vi named.caching-nameserver.conf
#在主配置文件中修改options字段中的內容
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
forward only;
forwarders {
192.168.1.100;
};
};
測試:
192.168.1.0/24網段的客戶端測試
將nameserver修改成緩衝服務器的IP地址
[root@Dns_cache etc]# vi /etc/resolv.conf
[root@Dns_cache etc]# cat /etc/resolv.conf
nameserver 192.168.1.102
[root@Dns_cache etc]#
Host命令測試解析結果
[root@Dns_cache etc]# host www.Skylinux.com
www.Skylinux.com has address 192.168.1.100
[root@Dns_cache etc]# host ftp.Skylinux.com
ftp.Skylinux.com has address 192.168.1.102
[root@Dns_cache etc]#
切換緩衝服務器的地址是192.168.0.102
修改主配置文件
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
forward only;
forwarders {
192.168.0.100;
};
};
緩衝服務器 重啓服務
[root@Dns_cache etc]# service named restart
停止 named: [確定]
啓動 named: [確定]
[root@Dns_cache etc]#
測試:
192.168.0.0/24網段的客戶機測試
將nameserver修改成緩衝服務器的IP地址
[root@Dns_cache etc]# vi /etc/resolv.conf
[root@Dns_cache etc]# cat /etc/resolv.conf
nameserver 192.168.0.102
[root@Dns_cache etc]#
Host命令測試解析結果
[root@Dns_cache etc]# host www.Skylinux.com
www.Skylinux.com has address 192.168.0.100
[root@Dns_cache etc]# host www2.Skylinux.com
www2.Skylinux.com has address 192.168.0.103