CentOS6.5下DNS服务器搭建与配置

分类:CentOS运维 阅读:83164 次

一、缓存域名服务器

1、安装与配置

[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs DNS服务器所需的软件包

[root@localhost ~]# vim /etc/named.conf DNS服务器的主配置文件

options {

listen-on port 53 { 192.168.1.24; };使用53端口监听,监听的ip地192.168.1.24

listen-on-v6 port 53 { ::1; };监听ipv6的IP地址选项

directory "/var/named";DNS的根目录,由于安装了bind-chroot的所致, 因此服务的实际工作目录为/var/named/chroot/var/named

dump-file "/var/named/data/cache_dump.db";缓存转储文件

statistics-file "/var/named/data/named_stats.txt";记录了内存使用的统计信息

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; }; 允许查询的主机,默认为localhost

recursion yes;可以递归查询

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging { named服务的日志文件信息

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {根(.)域的配置及信息(也可以通过其它上级域名转发功能来

配置缓存域名服务器,可以自己去了解)

type hint;

file "named.ca";

};

[root@localhost ~]# ls -lh /etc/named.conf 主配置文件权限如下(红色字体)

-rw-r----- 1root named934 10月 21 23:06 /etc/named.conf

[root@localhost ~]# service named restartDNS的服务名称为named

停止 named:. [确定]

启动 named: [确定]

[root@localhost ~]# netstat -ltunp |grep named 查看端口监听状态

tcp 0 0 192.168.1.24:53 0.0.0.0:* LISTEN 8049/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8049/named

tcp 0 0 ::1:53 :::* LISTEN 8049/named

tcp 0 0 ::1:953 :::* LISTEN 8049/named

udp 0 0 192.168.1.24:53 0.0.0.0:* 8049/named

2、客户端测试

[root@localhost ~]# echo nameserver 192.168.1.24 >> /etc/resolv.conf

[root@localhost ~]# digwww.baidu.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57864

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:

;www.baidu.com. IN A

;; ANSWER SECTION:

www.baidu.com. 1200 IN CNAME www.a.shifen.com.

www.a.shifen.com. 300 IN A 180.97.33.107

www.a.shifen.com. 300 IN A 180.97.33.108

;; AUTHORITY SECTION:

a.shifen.com. 1200 IN NS ns5.a.shifen.com.

a.shifen.com. 1200 IN NS ns3.a.shifen.com.

3、注意事项

客户端必须要跟服务器端通信(能ping通)及关闭selinux

二、主域名服务器配置

1、配置(可以与缓存服务器共享一台主机)

[root@localhost ~]# vim /etc/named.conf

options {

listen-on port 53 { 192.168.1.24; };使用53端口监听,监听的ip地192.168.1.24

listen-on-v6 port 53 { ::1; };监听ipv6的IP地址选项

directory "/var/named";DNS的根目录,由于安装了bind-chroot的所致,

因此服务的实际目录为/var/named/chroot/var/named

dump-file "/var/named/data/cache_dump.db";缓存转储文件

statistics-file "/var/named/data/named_stats.txt";记录了内存使用的统计信息

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; }; 允许查询的主机,默认为localhost

recursion yes;可以递归查询

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging { named服务的日志文件信息

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {根(.)域的配置及信息

type hint;

file "named.ca";

};

zone "wxw.com" IN { 指定区名

type master; 服务器类别,master为主域名

file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建

allow-transfer {192.168.1.124;};指定从(辅助)域名服务器IP

};

zone "1.168.192.in-addr.arpa" IN {域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写

type master;

file "192.168.1.zone";反向解析文件名192.168.1.zone

allow-transfer {192.168.1.124;};

};

[root@localhost ~]# vim /var/named/wxw.com_zone编辑正向解析文件

$TTL 1D

@ IN SOA ns1.wxw.com. mail.www.wxw.com. (

2014102101 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns1.wxw.com. 主域名的域名地址

ns1.wxw.com. IN A 192.168.1.24 主域名的ip地址

@ IN NS ns2.wxw.com.从域名的域名地址

ns2.wxw.com. IN A 192.168.1.124 从域名的ip地址

@ IN MX 10 mail.ww.wxw.com.邮件服务器的域名地址

mail.www.wxw.com. IN A 192.168.1.4

www.wxw.com. IN A 192.168.1.2

ftp.wxw.com IN A 192.168.1.3

win7.wxw.com. IN A 192.168.1.224

linux.wxw.com. IN CNAME ns1.wxw.com.

smb.wxw.com. IN CNAME ns1.wxw.com.

dhcp.wxw.com. IN CNAME ns1.wxw.com.

[root@localhost ~]# vim /var/named/192.168.1.zone 反向解析文件

$TTL 1D

@ IN SOA ns1.wxw.com. mail.www.wxw.com. (

2014102101 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS ns1.wxw.com.

@ IN NS ns2.wxw.com.

24 IN PTR ns1.wxw.com.

124 IN PTR ns2.wxw.com.

@ IN MX 10 mail.www.wxw.com.

4 IN PTR mail.www.wxw.com.

2 IN PTR www.wxw.com.

3 IN PTR ftp.wxw.com.

124 IN PTR win7.wxw.com.

[root@localhost ~]# service named restart

停止 named:. [确定]

启动 named: [确定]

[root@localhost ~]# cat /etc/resolv.conf

; generated by /sbin/dhclient-script

search wxw.com

nameserver 192.168.1.24

2、客户端测试

[root@localhost ~]# dig www.wxw.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> www.wxw.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13587

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.wxw.com. IN A

;; ANSWER SECTION:

www.wxw.com. 86400 IN A 192.168.1.2

;; AUTHORITY SECTION:

wxw.com. 86400 IN NS ns2.wxw.com.

wxw.com. 86400 IN NS ns1.wxw.com.

;; ADDITIONAL SECTION:

ns1.wxw.com. 86400 IN A 192.168.1.24

ns2.wxw.com. 86400 IN A 192.168.1.124

;; Query time: 1 msec

;; SERVER: 192.168.1.24#53(192.168.1.24)

;; WHEN: Wed Oct 22 11:47:47 2014

;; MSG SIZE rcvd: 113

三、从域名服务器搭建与配置

1、重新开启一台linux虚拟主机(CentOS 6.5),网卡ip为192.168.1.124

2、服务的安装与配置

[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs

[root@localhost ~]# vim /etc/named.conf

options {

listen-on port 53 { 192.168.1.124; };

listen-on-v6 port 53 { ::1; };

directory "/var/named"; dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";

# managed-keys-directory "/var/named/dynamic";

};

logging { named服务的日志文件信息

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {根(.)域的配置及信息

type hint;

file "named.ca";

};

zone "wxw.com" IN { 指定区名

type slave; 服务器类别,slave为从域名服务器选项

file "wxw.com_zone"; 正向解析区域文件名wxw.com_zone,在/var/named目录下创建

masters {192.168.1.24;};指定主域名服务器IP

};

zone "1.168.192.in-addr.arpa" IN {域名对应的ip地址网段为192.168.1.0,此处必须按照相 同的格式写

type slave;

file "192.168.1.zone";反向解析文件名192.168.1.zone

masters {192.168.1.24;};

};

[root@localhost ~]# chmod 770 /var/named/

[root@localhost ~]# ll /var/named/ -d

drwxrwx--- 6 root named 4096 Oct 22 10:49 /var/named/

[root@localhost ~]# service named restart

停止 named: [确定]

启动 named: [确定]

3、客户端测试

[root@localhost ~]# dig @192.168.1.124 www.wxw.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> @192.168.1.124 www.wxw.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22358

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.wxw.com. IN A

;; ANSWER SECTION:

www.wxw.com. 86400 IN A 192.168.1.2

;; AUTHORITY SECTION:

wxw.com. 86400 IN NS ns1.wxw.com.

wxw.com. 86400 IN NS ns2.wxw.com.

;; ADDITIONAL SECTION:

ns1.wxw.com. 86400 IN A 192.168.1.24

ns2.wxw.com. 86400 IN A 192.168.1.124

;; Query time: 1 msec

;; SERVER: 192.168.1.124#53(192.168.1.124)

;; WHEN: Wed Oct 22 10:49:58 2014

4、注意事项:

(1)、如果还是无法解析,请返回主域名服务器的/var/named目录给区域配置文件加上权限(单纯是为了练习的话,就加到最大权限777吧)

(2)、以上的练习都是在关闭防火墙与seLinux的状态下操作的,如果防火墙开启,可自行去添加规则

四、还有根据接口来配置的DNS服务器,在此就不做介绍了,可自行去查阅资料练。