DNS 配置DNS uplooking.com ns.uplooking.com mail.uplooking.com www.uplooking.com ========================================== 解析域名時,先查詢/etc/hosts文件,若沒找到,再用DNS,查詢順序是由以下的配置文件來決定 [root@tian ~]#vim /etc/nsswitch.conf hosts: files dns 38行 配置DNS:類型 主 、從、緩存、轉發(forward) 軟體包 bind-9.3.4-10.P1.el5 主程序包 bind-utils-9.3.4-10.P1.el5 測試工具包 bind-libs-9.3.4-10.P1.el5 bind-chroot-9.3.4-10.P1.el5 ypbind-1.19-11.el5 [root@tian /var/ftp/RHEL5U3/Server]#rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm 產生bind的一些配置文件 ========================================== [root@tian /var/named/chroot/etc]#ls localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf options { listen-on port 53 { 127.0.0.1;192.168.1.133; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; blackhole {192.168.1.0/24;}; 指定192.168.1.0網段內的主機不能使用DNS 也可定義訪問列表 ,使某些主機不能使用DNS,即 blackhole { test }; 指定訪問控制列表的名字 ..................................................... allow-query { any; }; 允許所有主機查詢 }; acl test { 訪問控制列表, 可為localhost,localnets,none,any,也可是指定IP 192.168.1.0/24; 192.168.2.1; }; ................................................... view localhost_resolver { 配置智能DNS match-clients { any; }; match-destinations { any; }; recursion yes; include "/etc/named.rfc1912.zones"; }; ========================================= [root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加 zone "uplooking.com" { type master; file "uplooking.com.zone"; file指定存儲位置 allow-transfer { 192.168.1.44;}; 只讓1.44主機成為1.133的從伺服器 notify yes; 通道 (若從伺服器從主伺服器下載的文件更新比較慢) also-notify {192.168.1.44;}; 讓主伺服器把通道傳給從伺服器 }; ========================================= [root@tian /var/named/chroot/var/named]#vim uplooking.com.zone $TTL 86400 @ IN SOA ns.uplooking.com. root.uplooking.com ( 2010031000 更新序列號 3600 刷新時間 1800 7200 86400 ) @ NS ns.uplooking.com. NS 域名服務記錄 @ MX 10 mail.uplooking.com. ns A 192.168.1.133 A 地址記錄 mail A 192.168.1.133 www A 192.168.1.44 ftp CNAME www.uplooking.com. ============================================= [root@tian /var/named/chroot/var/named]#service named restart 啟動DNS服務 如果啟動不成功,查看日誌文件 [root@tian /var/named/chroot/var/named]#tail /var/log/messages ============================================= 客戶端,指明DNS伺服器 [root@tian /var/named/chroot/var/named]#vim /etc/resolv.conf search localdomain nameserver 192.168.1.133 [root@tian /var/named/chroot/var/named]#host mail.uplooking.com 解析域名 mail.uplooking.com has address 192.168.1.133 從伺服器 安裝包:caching-nameserver-9.3.4-10.P1.el5.i386.rpm [root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf options { listen-on port 53 { 127.0.0.1;192.168.1.44; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; .......................... allow-query { any; }; 允許所有主機訪問 }; ...................................................s view localhost_resolver { 配置智能DNS match-clients { any; }; match-destinations { any; }; recursion yes; include "/etc/named.rfc1912.zones"; }; =========================== [root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加 zone "uplooking.com" { type slave; file "slaves/uplooking.com.zone"; 該文件不需創建,可從主伺服器下載 masters { 192.168.1.133;}; 指定主伺服器IP }; ========================== [root@tian /var/named/chroot/var/named]#service named restart 啟動DNS服務 [root@tian /var/named/chroot/var/named/slaves]#ls 可在該目錄下產生文件 uplooking.com 事務簽名,保證主從伺服器的安全 通過密鑰來確定是否是主從關係 主伺服器 [root@tian /var/named/chroot/etc]#dnssec-keygen 回車查看幫助 Usage: dnssec-keygen -a alg -b bits -n type [options] name Version: 9.3.4-P1 Required options: -a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 -n nametype: ZONE | HOST | ENTITY | USER | OTHER -b key size, in bits: [root@tian /var/named/chroot/etc]#dnssec-keygen -a hmac-md5 -b 128 -n HOST abc -n 密鑰類型 -a加密演算法 -b密鑰長度 Kabc.+157+46433 [root@tian /var/named/chroot/etc]#ls Kabc.+157+46433.key localtime named.rfc1912.zones Kabc.+157+46433.private named.caching-nameserver.conf rndc.key [root@tian /var/named/chroot/etc]#cat Kabc.+157+46433.key abc. IN KEY 512 3 157 wNcX7z30RY/37cmkyn/HZw== [root@tian /var/named/chroot/etc]#vim named.rfc1912.zones zone "uplooking.com" { type master; file "uplooking.com.zone"; allow-transfer {key abc;}; }; key abc { algorithm hmac-md5; secret "wNcX7z30RY/37cmkyn/HZw=="; }; 重啟服務 ================================================ 從伺服器 [root@tian /var/named/chroot/etc]#vim named.rfc1912.zones zone "uplooking.com" { type slave; file "slaves/uplooking.com"; masters {192.168.1.133 key abc;}; }; key abc { algorithm hmac-md5; secret "wNcX7z30RY/37cmkyn/HZw=="; }; 重啟服務 轉發 [root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf options { listen-on port 53 { 127.0.0.1;192.168.1.133; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; forwarders {192.168.1.253;}; 轉發,本伺服器找不到對應的IP,會自動轉發到1.253伺服器上解析 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; 客戶端 [root@tian /var/named/chroot/etc]#host www.wanghang.com 1.133伺服器上沒有該域名 www.wanghang.com has address 192.168.1.197 負載均衡 輪詢 伺服器 [root@tian /var/named/chroot/var/named]#vim uplooking.com.zone $TTL 86400 @ IN SOA ns.uplooking.com. root.uplooking.com ( 2010031004 3600 1800 7200 86400 ) @ NS ns.uplooking.com. @ MX 10 mail.uplooking.com. ns A 192.168.1.133 mail A 192.168.1.133 www A 192.168.1.254 www A 192.168.1.253 www A 192.168.1.197 客戶端 反覆Ping 會連接不同的IP [root@tian /var/named/chroot/var/named]#ping www.uplooking.com [root@tian /var/named/chroot/var/named]#host www.uplooking.com www.uplooking.com has address 192.168.1.253 www.uplooking.com has address 192.168.1.254 www.uplooking.com has address 192.168.1.197 子域授權 父 域 授權 [root@tian /var/named/chroot/etc]#vim named.rfc1912.zones zone "it.net" { type master; file "it.net.zone"; }; [root@tian /var/named/chroot/var/named]#vim it.net.zone $TTL 86400 @ IN SOA ns.it.net. root.it.net ( 2010031000 3600 1800 7200 86400 ) @ IN NS ns.it.net. ns A 192.168.1.133 tian.it.net. IN NS ns.tian.it.net. <---- 子域的ns記錄 ns.tian.it.net. A 192.168.1.44 <---- 子域的ip地址 子域的設置 [root@tian /var/named/chroot/etc]#vim named.rfc1912.zones zone "tian.it.net" { type master; file "tian.it.net.zone"; }; [/var/named/chroot/var/named]#vim tian.it.net.zone $TTL 86400 @ IN SOA ns.tian.it.net. root.tian.it.net ( 2010031001 3600 1800 7200 86400 ) @ IN NS ns.tian.it.net. ns IN A 192.168.1.44 host1 IN A 192.168.1.253 DNS視圖 授權域名www.uplooking.com 網通cnc{1.151,1.197} 電信tel{1.79,1.191} 網通用戶解析到的域名為1.253 電信用戶解析到的域名為1.254 其他用戶解析到的域名為1.1 1.253 [root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf acl cnc-acl { 192.168.1.151;192.168.1.197; }; view cnc { match-clients { cnc-acl; }; 匹配客戶端 recursion yes; 是否允許遞歸 include "etc/named.cnc.zone"; }; view tel { match-clients { 192.168.1.79;192.168.1.191; }; recursion yes; zone "uplooking.com" { type master; file "uplooking.com.zone2"; }; }; view other { match-clients { any; }; recursion yes; zone "uplooking.com" { type master; file "uplooking.com.zone3"; }; }; [root@tian /var/named/chroot/etc]#vim named.cnc.zone zone "uplooking.com" { type master; file "uplooking.com.zone1"; }; [root@tian /var/named/chroot/var/named]#vim uplooking.com.zone1 $TTL 86400 @ IN SOA ns.uplooking.com. root.uplooking.com ( 2010031004 3600 1800 7200 86400 ) @ NS ns.uplooking.com. www A 192.168.1.253 [root@tian /var/named/chroot/var/named]#vim uplooking.com.zone2 ............................................. www A 192.168.1.254 [root@tian /var/named/chroot/var/named]#vim uplooking.com.zone3 ........................................... www A 192.168.1.1 客戶端 [root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.151和1.197 的主機 www.uplooking.com has address 192.168.1.253 [root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.79和1.191 www.uplooking.com has address 192.168.1.254 [root@tian /var/named/chroot/var/named]#host www.uplooking.com 其他主機 www.uplooking.com has address 192.168.1.1 ==================================== #rndc reload 重新載入配置文件和域的配置,不用重啟服務 測試命令 nslookup www.uplooking.com host www.uplooking.com dig www.uplooking.com #host -t ns uplooking.com -t 類型 uplooking.com name server ns.uplooking.com #host -t mx tian.com tian.com mail is handled by 10 mail.tian.com. #nslookup >server 192.168.1.133 自定義dns伺服器 Default server: 192.168.1.133 Address: 192.168.1.133#53 >www.uplooking.com .......................... Name: www.tian.com Address: 192.168.1.14 >set type=ns 指定解釋名字伺服器 >uplooking.com 寫域名 .......................... tian.com nameserver = ns.tian.com. >set type=mx 指定解釋郵件伺服器 >uplooking.com 寫域名 ................................. tian.com mail exchanger = 10 mail.tian.com. >set type=a >www.uplooking.com ................................ Name: mail.tian.com Address: 192.168.1.13 >exit #nslookup www.uplooking.com #dig www.uplooking.com #dig uplooking.com [root@tian /var/named/chroot/etc]#named-checkconf named.caching-nameserver.conf [root@tian /var/named/chroot/etc]#named-checkzone uplooking.com ../var/named/uplooking.com.zone ]#rndc flush 清空緩存 ]#rndc reload #service named reload 重載服務,查看配置文件的錯誤 #service reload 重載服務 DNS泛解析 $GENERATE 1-254 stu$ IN A 192.168.1.$
[火星人
]
DNS詳解 已經有466 次圍觀
本文地址: http://coctec.com/docs/linux/show-post-199164.html