|
来源:http://blog.51cto.com/leegh/1542352 1.1操作系统的版本信息 # uname -a Linux localhost.localdomain3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64GNU/Linux # cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) 1.2.BIND包的安装 # yum -y install bindbind-utils bind-chroot //yum 安装 # rpm -qc bind /etc/logrotate.d/named /etc/named.conf /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /var/named/named.ca /var/named/named.empty /var/named/named.localhost /var/named/named.loopback # rpm -qcbind-chroot /var/named/chroot/etc/named.conf 1.3.配置BIND #cd /etc #cp named.conf named.conf.origin //备份原配置文件 # vi /etc/named.conf
//listen-on port 53 { 127.0.0.1; }; listen-on port 53 { any; };
//allow-query { localhost; }; allow-query { any; };
//dnssec-enable yes; dnssec-enable no; //dnssec-validation yes; dnssec-validation no; 添加 forwarders {202.102.224.68; 202.102.227.68;}; //转发器 allow-transfer { 192.168.188.11; 192.168.188.12; }; //限制这个被盗DNS上的所有信息
#systemctl start named.service // 启动服务 # rndc status version: 9.9.4-RedHat-9.9.4-14.el7 <id:8f9657aa> CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 101 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 2/0/1000 tcp clients: 0/100 server is up and running 1.4.对DNS基本功能进行检查 # nslookup > server 192.168.188.11 切换到本机 Default server: 192.168.188.11 Address: 192.168.188.11#53 > www.g.cn. Server: 192.168.188.11 Address: 192.168.188.11#53
Non-authoritative answer: Name: www.g.cn Address: 203.208.46.179 Name: www.g.cn Address: 203.208.46.177 Name: www.g.cn Address: 203.208.46.180 Name: www.g.cn Address: 203.208.46.176 Name: www.g.cn Address: 203.208.46.178 > exit 1.5. 添加自定义Zone
# vi /etc/named.conf 添加如下zone信息 zone "lee.local" IN { typemaster; file"lee.local.zone"; };
zone "188.168.192.in-addr.arpa" IN { typemaster; file"192.168.188.zone"; };
zone "189.168.192.in-addr.arpa" IN { typemaster; file"192.168.189.zone"; };
# cd/var/named/ # vi lee.local.zone
# vi192.168.188.zone
# vi192.168.189.zone
1.6.启动服务 # systemctl restart named.service
查看日志,检查是否有报错信息。(建议在启动时,就在另外一个会话时就打开) # tail -f/var/log/messages
# rndc status version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa> CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 104 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running 1.7.设置为自动启动 # systemctl enable named # systemctl status named named.service - Berkeley Internet NameDomain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled) Active: active (running) since Tue2014-08-12 10:11:26 CST; 4min 9s ago MainPID: 5513 (named) CGroup: /system.slice/named.service 5513 /usr/sbin/named -u named named[5513]: zone localhost/IN: loadedserial 0 named[5513]: zone188.168.192.in-addr.arpa/IN: loaded serial 0 named[5513]: zone lee.local/IN: loadedserial 0 named[5513]: zone localhost.localdomain/IN:loaded serial 0 named[5513]: all zones loaded named[5513]: running systemd[1]: Started Berkeley Internet NameDomain (DNS). named[5513]: zone lee.local/IN:sending notifies (serial 0) named[5513]: zone188.168.192.in-addr.arpa/IN: sending notifies (serial 0) named[5513]: zone189.168.192.in-addr.arpa/IN: sending notifies (serial 0) 1.8. 测试 # nslookup > server192.168.188.11 Default server: 192.168.188.11 Address: 192.168.188.11#53 >www.lee.local. Server: 192.168.188.11 Address: 192.168.188.11#53
Name: www.lee.local Address: 192.168.188.11 >smtp.lee.local. Server: 192.168.188.11 Address: 192.168.188.11#53
smtp.lee.local canonical name = mailsrv1.lee.local. Name: mailsrv1.lee.local Address: 192.168.188.22 >192.168.188.11 Server: 192.168.188.11 Address: 192.168.188.11#53
11.188.168.192.in-addr.arpa name = ftp.lee.local. 11.188.168.192.in-addr.arpa name = dns1.lee.local. > exit
在Windows服务器上测试,尝试列出zone数据
2.辅助的DNS配置 2.1安装BIND与主DNS配安装一样,进行备份和简单配置。 操作略。 2.2对DNS基本功能进行检查和主的DNS操作相同,此处略。 2.3 添加辅助Zone # vi/etc/named.conf 添加如下zone信息
zone "lee.local" IN { typeslave; masters {192.168.188.11; }; file"lee.local.zone"; };
zone "188.168.192.in-addr.arpa" IN { typeslave; masters {192.168.188.11; }; file"192.168.188.zone"; };
zone "189.168.192.in-addr.arpa" IN { typeslave; masters {192.168.188.11; }; file"192.168.189.zone"; };
2.4 修改目录权限 # ll /var/named/ -d drwxr-x--- 6 root named 133 Aug 11 14:06/var/named/ # chmod g+w /var/named/ # ll /var/named/ -d drwxrwx--- 6 root named 133 Aug 11 14:06/var/named/
2.5 启动服务 # systemctl start named.service Redirecting to /bin/systemctl restart named.service 2.6 设置为自动启动 # systemctl enable named ln -s '/usr/lib/systemd/system/named.service''/etc/systemd/system/multi-user.target.wants/named.service'
查看日志,检查是否有报错信息。(建议在启动时,就在另外一个会话时就打开) # tail -f /var/log/messages
2.7 测试BIND
在辅助DNS上生成了相应的zone文件 [root@dns2~]# ll /var/named/ total 28 -rw-r--r-- 1 named named 451 Aug 11 14:58 192.168.188.zone -rw-r--r-- 1 named named 254 Aug 11 15:05 192.168.189.zone -rw-r--r-- 1 named named 647 Aug 11 15:12 lee.local.zone drwxr-x--- 7 root named 56 Aug 11 14:06 chroot drwxrwx--- 2 named named 22 Aug 11 14:19 data drwxrwx--- 2 named named 58 Aug 11 16:20 dynamic -rw-r----- 1 root named 2076 Jan 28 2013 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 6 Jun 10 16:13 slaves
[root@DNS1~]# vi /var/named/lee.local.zone 添加一个A记录 test IN A10.0.0.1 并且将,zone的序列号增大
[root@DNS1~]# rndc reload server reload successful
在主DNS的日志中会看到
在辅助DNS的日志中会看到
# nslookup > server 192.168.188.12 Default server: 192.168.188.12 Address: 192.168.188.12#53 >test.lee.local. Server: 192.168.188.12 Address: 192.168.188.12#53
Name: test.lee.local Address: 10.0.0.1 > exit 3.总结 DNS在服务器端很重要的,要配置好DNS服务器需要了解其工作的原理,当然遇到问题的时候要多看看日志。这样有助于更快的找到错误。 至此本次试验完成了。 |
|
|
