DNS配置

DNS配置

實驗環境

主dns：192.168.110.33

從dns：192.168.110.59

iptables and selinux disabled

yum install -y bind

主dns端

1.主配置文件（注意文件權限）

# ll /etc/named.conf

-rw-r-----. 1 root named 453 Aug 7 22:44 /etc/named.conf

# vim /etc/named.conf

options {

directory "/var/named"; #定義區域數據目錄

};

zone "cheungssh.com" IN { #定義域

type master; #類型爲master

file "cheungssh.com.zone"; #定義區域數據文件

};

zone "110.168.192.in-addr.arpa" { #反向解析

type master;

file "192.168.110.zone";

};

zone "." IN { #根域

type hint; #類型爲根

file "named.ca";

};

zone "localhost" IN { #本地解析

type master;

2.區域數據文件（注意文件權限）

# pwd

/var/named

# ll

-rw-r-----. 1 root named 329 Aug 7 22:25 192.168.110.zone

-rw-r-----. 1 root named 427 Aug 8 00:27 cheungssh.com.zone

正向區域數據文件

# vim cheungssh.com.zone

$TTL 1D #ttl值爲一天

cheungssh.com. IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial #序列號(此文件修改一次，序列號必須變)

1D ; refresh #刷新時間

1H ; retry #重試時間

1W ; expire #過期時間

3H ) ; minimum #最小時常

IN NS ns #定義域所屬的dns服務器

IN MX 10 mail #定義郵件記錄

mail IN A 192.168.110.33

ns IN A 192.168.110.33

www IN A 192.168.110.33

ycc IN A 192.168.110.33

www IN A 192.168.110.34

ftp IN CNAME WWW #別名，ftp別名爲www

vip IN A 192.168.197.100

rs1 IN A 192.168.197.105

rs2 IN A 192.168.197.107

反向區域數據文件

# vim 192.168.110.zone

$TTL 1D

@ IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns.cheungssh.com.

33 IN PTR ns.cheungssh.com.

33 IN PTR www.cheungssh.com.

33 IN PTR mail.cheungssh.com

34 IN PTR ns.cheungssh.com.

6 IN PTR hello.cheungssh.com.

3.在/etc/resolv.conf中指明dns服務器

# vim /etc/resolv.conf

nameserver 192.168.110.33

4.重啓dns服務

5.命令測試

dig命令測試解析

# dig -t A www.cheungssh.com #-t指明rt記錄

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14084

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.cheungssh.com. IN A

;; ANSWER SECTION:

www.cheungssh.com. 86400 IN A 192.168.110.33

www.cheungssh.com. 86400 IN A 192.168.110.34

;; AUTHORITY SECTION: #權威答案

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION: #補充段，避免二次查詢，直接將主機名轉換爲ip

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 00:59:32 2016

;; MSG SIZE rcvd: 84

# dig -t CNAME ftp.cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t CNAME ftp.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57946

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;ftp.cheungssh.com. IN CNAME

;; ANSWER SECTION:

ftp.cheungssh.com. 86400 IN CNAME WWW.cheungssh.com.

;; AUTHORITY SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:10:39 2016

;; MSG SIZE rcvd: 86

# dig -t NS cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31012

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:

;cheungssh.com. IN NS

;; ANSWER SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:11:56 2016

;; MSG SIZE rcvd: 64

dig測試反向解析

# dig -x 192.168.110.33

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.110.33

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6945

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;33.110.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

33.110.168.192.in-addr.arpa. 86400 IN PTR www.cheungssh.com.

33.110.168.192.in-addr.arpa. 86400 IN PTR mail.cheungssh.com.110.168.192.in-addr.arpa.

33.110.168.192.in-addr.arpa. 86400 IN PTR ns.cheungssh.com.

;; AUTHORITY SECTION:

110.168.192.in-addr.arpa. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:37:53 2016

;; MSG SIZE rcvd: 156

host命令測試解析

# host -t A www.cheungssh.com

www.cheungssh.com has address 192.168.110.33

www.cheungssh.com has address 192.168.110.34

# host -t A www.cheungssh.com

www.cheungssh.com has address 192.168.110.34

www.cheungssh.com has address 192.168.110.33

# host -t NS cheungssh.com

cheungssh.com name server ns.cheungssh.com.

# host -t MX cheungssh.com

cheungssh.com mail is handled by 10 mail.cheungssh.com. #10表示優先級是10

# host -t SOA cheungssh.com

cheungssh.com has SOA record ns.cheungssh.com. admin.cheungssh.com. 1026080701 86400 3600 604800 10800

從dns端

1.主配置文件（注意文件權限）

# ll /etc/named.conf

-rw-r-----. 1 root named 523 Aug 7 22:00 /etc/named.conf

# cat /etc/named.conf

options {

directory "/var/named";

};

zone "cheungssh.com" IN {

type slave; #類型爲slave

file "slaves/cheungssh.com.zone"; #區域數據文件在slaves下

masters { 192.168.110.33; }; #指明主dns

};

zone "110.168.192.in-addr.arpa" {

type slave;

file "slaves/192.168.110.zone";

masters { 192.168.110.33; };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "localhost" IN {

type master;

file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

};

#include "/etc/named.rfc1912.zones";

#include "/etc/named.root.key";

2.在/etc/resolv.conf中指明dns服務器

# vim /etc/resolv.conf

nameserver 192.168.110.33

3.重啓dns服務，區域數據文件會從主dns同步至/var/named/slaves目錄下

4.區域數據文件（注意文件權限,從主dns同步過來，一般權限不存在問題）

#pwd

/var/named

# ll

total 8

-rw-r--r--. 1 named named 458 Aug 7 23:01 192.168.110.zone

-rw-r--r--. 1 named named 459 Aug 7 23:01 cheungssh.com.zone

# cat cheungssh.com.zone

$ORIGIN .

$TTL 86400 ; 1 day

cheungssh.com IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

86400 ; refresh (1 day)

3600 ; retry (1 hour)

604800 ; expire (1 week)

10800 ; minimum (3 hours)

)

NS ns.cheungssh.com.

MX 10 mail.cheungssh.com.

$ORIGIN cheungssh.com.

ftp CNAME WWW

mail A 192.168.110.33

ns A 192.168.110.33

www A 192.168.110.33

A 192.168.110.34

ycc A 192.168.110.33

# cat 192.168.110.zone

$ORIGIN .

$TTL 86400 ; 1 day

110.168.192.in-addr.arpa IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

86400 ; refresh (1 day)

3600 ; retry (1 hour)

604800 ; expire (1 week)

10800 ; minimum (3 hours)

)

NS ns.cheungssh.com.

$ORIGIN 110.168.192.in-addr.arpa.

33 PTR ns.cheungssh.com.

PTR www.cheungssh.com.

PTR mail.cheungssh.com

34 PTR ns.cheungssh.com.

6 PTR hello.cheungssh.com.

5.測試

# dig ycc.cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> ycc.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16006

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;ycc.cheungssh.com. IN A

;; ANSWER SECTION:

ycc.cheungssh.com. 86400 IN A 192.168.110.33

;; AUTHORITY SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.59#53(192.168.110.59)

;; WHEN: Mon Aug 8 03:01:28 2016

;; MSG SIZE rcvd: 84