DNS配置案例 二
§·配置解析一个正向区域 : 以loveme.com域为例: 10
§·配置解析一个反向区域 : 以loveme.com域为例: 15
§·问题解决方法(/var/named/data/named.run) 26
§·DNS的配置与案例
※·BIND的安装与配置:
dns:协议 53
bind:dns协议的一种实现
named :bind程序的运行的进程名
※·程序包:
bind-libs :被bind和bind-untils包中程序共同用的库文件;
bind-untils :bind客户端程序集,例如: dig,host nslookup等;
bind :提供的dns server程序,以及几个常用的测试程序;
bind-chroot :选装,让程序运行在沙箱内,为安全的目的,让named运用于jail模式下。切根。
※·使用的软件为: BIND
[root@centos68 /]# yum list | grep bind PackageKit-device-rebind.x86_64 0.5.8-26.el6 @anaconda-CentOS-201605220104.x86_64/6.8 bind-libs.x86_64 32:9.8.2-0.47.rc1.el6 @anaconda-CentOS-201605220104.x86_64/6.8 bind-utils.x86_64 32:9.8.2-0.47.rc1.el6 @anaconda-CentOS-201605220104.x86_64/6.8 rpcbind.x86_64 0.2.0-12.el6 @anaconda-CentOS-201605220104.x86_64/6.8 samba-winbind.x86_64 3.6.23-33.el6 @anaconda-CentOS-201605220104.x86_64/6.8 samba-winbind-clients.x86_64 3.6.23-33.el6 @anaconda-CentOS-201605220104.x86_64/6.8 ypbind.x86_64 3:1.20.4-33.el6 @anaconda-CentOS-201605220104.x86_64/6.8 bind.x86_64 32:9.8.2-0.47.rc1.el6 cdrom-tools bind-chroot.x86_64 32:9.8.2-0.47.rc1.el6 cdrom-tools bind-devel.i686 32:9.8.2-0.47.rc1.el6 cdrom-tools bind-devel.x86_64 32:9.8.2-0.47.rc1.el6 cdrom-tools bind-dyndb-ldap.x86_64 2.3-8.el6 cdrom-tools bind-libs.i686 32:9.8.2-0.47.rc1.el6 cdrom-tools bind-sdb.x86_64
※·BIND的安装:
[root@centos68 /]# yum install -y bind [root@centos68 /]# rpm -ql bind /etc/NetworkManager/dispatcher.d/13-named /etc/logrotate.d/named /etc/named /etc/named.conf #DNS主配置文件 /etc/named.iscdlv.key /etc/named.rfc1912.zones /etc/named.root.key /etc/portreserve/named /etc/rc.d/init.d/named /etc/rndc.conf /etc/rndc.key /etc/sysconfig/named /usr/lib64/bind /usr/sbin/arpaname /usr/sbin/ddns-confgen /usr/sbin/dnssec-dsfromkey /usr/sbin/dnssec-keyfromlabel /usr/sbin/dnssec-keygen /usr/sbin/dnssec-revoke /usr/sbin/dnssec-settime /usr/sbin/dnssec-signzone /usr/sbin/genrandom /usr/sbin/isc-hmac-fixup /usr/sbin/lwresd /usr/sbin/named /usr/sbin/named-checkconf #检查配置文件是否有错误 /usr/sbin/named-checkzone #检查区域文件是否有错误 /usr/sbin/named-compilezone #编译区域文件为二进制程序 /usr/sbin/named-journalprint /usr/sbin/nsec3hash /usr/sbin/rndc /usr/sbin/rndc-confgen ..................................... /var/log/named.log /var/named #区域解析库文件路径 /var/named/data /var/named/dynamic /var/named/named.ca /var/named/named.empty /var/named/named.localhost /var/named/named.loopback /var/named/slaves /var/run/named
※·BIND文件结构:
主配置文件: /etc/named.conf #DNS主配置文件
或包含进来其它文件
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
解析库文件:
/var/named/目录下
一般名字为 :ZONE_NAME.zone
注意:(1)一台DNS服务器可同时为多个区域提供解析;
(2)必须要有根区域解析库文件:name.ca ;
(3)还应该有两个区域解析库文件:localhost 和 127.0.0.1的正方向解析库
正向 :named.loaclhost
反向 :named.loopback
rndc : remote name domain contoller (远程控制 DNS服务器)
953/tcp,但默认监听于 127.0.0.1地址,因此仅允许本地使用;
BIND程序安装完成之后,默认即可做缓存名称服务器使用;如果没有专门负责解析的区域,直接及可启动:
Centos 6 : service named start
Centos 7 : systemctl start named.service
§·测试工具
※·dig命令
·正向解析语法:dig [-t RR_type] name @SERVER [query options]
#把name转换为相应的记录,@server 表示指定DNS服务器
用于测试DNS系统,因此不会查询hosts文件;
查询选项:
+[no] trace :跟踪解析过程;
+[no] recurse :递归解析
·反向解析语法:dig -x IP
·模拟完全区域传送: dig -t axfr DOMAIN [@server]
[root@centos-68-64 ~]# dig -t A www.sohu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.sohu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17140 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6 ;; QUESTION SECTION: ;www.sohu.com. IN A ;; ANSWER SECTION: www.sohu.com. 600 IN CNAME gs.a.sohu.com. gs.a.sohu.com. 600 IN CNAME fdxtjxq.a.sohu.com. fdxtjxq.a.sohu.com. 600 IN A 118.244.253.65 ;; AUTHORITY SECTION: a.sohu.com. 870 IN NS x.a.sohu.com. a.sohu.com. 870 IN NS k.a.sohu.com. a.sohu.com. 870 IN NS w.a.sohu.com. a.sohu.com. 870 IN NS y.a.sohu.com. a.sohu.com. 870 IN NS s.a.sohu.com. ;; ADDITIONAL SECTION: k.a.sohu.com. 3169 IN A 211.95.75.9 s.a.sohu.com. 1711 IN A 101.227.172.21 w.a.sohu.com. 4114 IN A 221.179.180.22 x.a.sohu.com. 6247 IN A 14.18.240.43 y.a.sohu.com. 6823 IN A 220.181.26.169 y.a.sohu.com. 6822 IN AAAA 2408:80f0:4010::20 ;; Query time: 5 msec ;; SERVER: 202.106.0.20#53(202.106.0.20) ;; WHEN: Fri Sep 16 18:15:50 2016 ;; MSG SIZE rcvd: 275 [root@centos-68-64 ~]# dig +trace -t A www.baidu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> +trace -t A www.baidu.com ;; global options: +cmd . 175302 IN NS a.root-servers.net. . 175302 IN NS b.root-servers.net. . 175302 IN NS h.root-servers.net. . 175302 IN NS f.root-servers.net. . 175302 IN NS c.root-servers.net. . 175302 IN NS g.root-servers.net. . 175302 IN NS l.root-servers.net. . 175302 IN NS d.root-servers.net. . 175302 IN NS e.root-servers.net. . 175302 IN NS i.root-servers.net. . 175302 IN NS k.root-servers.net. . 175302 IN NS j.root-servers.net. . 175302 IN NS m.root-servers.net. ;; Received 508 bytes from 202.106.0.20#53(202.106.0.20) in 65223 ms com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. ;; Received 503 bytes from 192.5.5.241#53(192.5.5.241) in 55213 ms baidu.com. 172800 IN NS dns.baidu.com. baidu.com. 172800 IN NS ns2.baidu.com. baidu.com. 172800 IN NS ns3.baidu.com. baidu.com. 172800 IN NS ns4.baidu.com. baidu.com. 172800 IN NS ns7.baidu.com. ;; Received 201 bytes from 192.42.93.30#53(192.42.93.30) in 20264 ms www.baidu.com. 1200 IN CNAME www.a.shifen.com. a.shifen.com. 1200 IN NS ns1.a.shifen.com. a.shifen.com. 1200 IN NS ns4.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. ;; Received 228 bytes from 119.75.219.82#53(119.75.219.82) in 5 ms [root@centos-68-64 ~]# [root@centos-68-64 ~]# dig -t A www.baidu.com @172.18.16.142 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.baidu.com @172.18.16.142 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2037 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;www.baidu.com. IN A ;; ANSWER SECTION: www.baidu.com. 1200 IN CNAME www.a.shifen.com. www.a.shifen.com. 300 IN A 119.75.218.70 www.a.shifen.com. 300 IN A 119.75.217.109 ;; AUTHORITY SECTION: a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns4.a.shifen.com. a.shifen.com. 1200 IN NS ns1.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. ;; ADDITIONAL SECTION: ns1.a.shifen.com. 1200 IN A 61.135.165.224 ns2.a.shifen.com. 1200 IN A 180.149.133.241 ns3.a.shifen.com. 1200 IN A 61.135.162.215 ns4.a.shifen.com. 1200 IN A 115.239.210.176 ns5.a.shifen.com. 1200 IN A 119.75.222.17 ;; Query time: 2286 msec ;; SERVER: 172.18.16.142#53(172.18.16.142) ;; WHEN: Fri Sep 16 18:26:23 2016 ;; MSG SIZE rcvd: 260 [root@centos-68-64 ~]#
※·host 命令:
语法:host [-t RR_type] name SERVER_IP
※·nslookup 命令 :
语法:nslookup [-options] [name] [server]
交互式模式:nslookup :
server IP : 以指定IP为DNS服务器进行查询;
set q=RR_TYPE :要查询的资源记录类型;
name :要查询的名称;
※·rhdc命令:
named服务器控制命令
rhdc status
rhdc flush
§·主配置文件格式:/etc/named.conf
[root@centos68 /]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@centos68 /]#
全局配置段:
options{………}
日志配置段:
logging{………}
区域配置段:
zone {……..} 那些由本机负责解析的区域,或转发的区域;
§·缓存名称服务器的配置:
※·修改 /etc/named.conf 的全局配置段:options{………} 中相应的配置段
※·监听能与外部通信的地址即可:
listen-on port 53 ;
listen-on port 53 { 172.16.100.67; }; #{}中两边有空格,并且是以 ; 号结尾
※·学习时,建议关闭 dnssec功能:
dnssec-enable no;
dnssec-validation no;
※·检查配置文件语法错误:
[root@centos68 /]# named-checkconf (默认情况下检查 /etc/named.conf)
※·启动服务:
[root@centos68 /]# service named start
※·测试工具
◎·dig命令
·正向解析语法:dig [-t RR_type] name @SERVER [query options]
#把name转换为相应的记录,@server 表示指定DNS服务器
用于测试DNS系统,因此不会查询hosts文件;
查询选项:
+[no] trace :跟踪解析过程;
+[no] recurse :递归解析
·反向解析语法:dig -x IP
·模拟完全区域传送: dig -t axfr DOMAIN [@server]
◎·host 命令:
host [-t RR_type] name SERVER_IP
◎·nslookup 命令 :nslookup [-options] [name] [server]
交互式模式:nslookup :
server IP : 以指定IP为DNS服务器进行查询;
set q=RR_TYPE :要查询的资源记录类型;
name :要查询的名称;
◎·案例配置:修改主配置文件
[root@centos68 /]# named-checkconf
[root@centos68 /]# cat /etc/named.conf
options {
listen-on port 53 { 10.1.16.61 ; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
[root@centos68 /]#
◎·案例配置:启动服务 查看状态 端口监听
启动named服务
[root@centos68 /]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ]
查看服务启动情况
[root@centos68 /]# service named status version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 CPUs found: 4 worker threads: 4 number of zones: 19 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running named (pid 53978) is running...
查看监听端口状态
[root@centos68 /]# netstat -tuanp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.1.16.61:53 0.0.0.0:* LISTEN 53978/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3145/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 53978/named tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 52737/sshd tcp 0 0 127.0.0.1:55838 127.0.0.1:953 TIME_WAIT - tcp 0 596 10.1.16.61:22 10.1.16.1:49995 ESTABLISHED 52737/sshd tcp 0 0 ::1:53 :::* LISTEN 53978/named tcp 0 0 :::22 :::* LISTEN 3145/sshd cp 0 0 ::1:953 :::* LISTEN 53978/named tcp 0 0 ::1:25 :::* LISTEN 3324/master tcp 0 0 ::1:6010 :::* LISTEN 52737/sshd udp 0 0 10.1.16.61:53 0.0.0.0:* 53978/named udp 0 768 112.112.112.112:40308 192.33.4.12:53 ESTABLISHED 53978/named udp 0 0 ::1:53 :::* 53978/named [root@centos68 /]#
§·配置解析一个正向区域 : 以loveme.com域为例:
※·定义区域:
在主配置文件中或配置文件/etc/named.rfc1912.zones 辅助配置文件中实现;
zone “ZONE_NAME” IN {
type {master | slave | hint | forward};
file “ZONE_FILES”;
[root@centos-68-64 named]# cat /etc/named.rfc1912.zones
zone "loveme.com" IN {
type master;
file "loveme.com.zone";
};
※·建立区域数据文件
在区域文件目录下建立区域解析文件:/var/named/named.loveme.com
[root@centos-68-64 ~]# cat /var/named/loveme.com.zone $TTL 3600 $ORIGIN loveme.com. @ IN SOA loveme.com. admin.loveme.com. ( 0 ; serial 1H ; refresh 1M ; retry 3D ; expire 1D ) ; minimum IN NS ns1 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 10.1.16.142 mx1 IN A 10.1.16.143 mx2 IN A 10.1.16.144 www IN A 10.1.16.145 web IN CNAME www bbs IN A 10.1.16.146 bbs IN A 10.1.16.147 [root@centos-68-64 ~]#
※·让服务器重载配置文件和区域数据文件
·检测主配置文件:named-checkconf
·检测ZONE文件:named-checkzone loveme.com /var/named/loveme.com.zone
[root@centos-68-64 ~]# named-checkzone loveme.com /var/named/loveme.com.zone zone loveme.com/IN: loaded serial 0 OK [root@centos-68-64 ~]#
·重新载入配置文件:rndc reload
[root@centos-68-64 ~]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 CPUs found: 1 worker threads: 1 number of zones: 19 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running [root@centos-68-64 ~]# rndc reload server reload successful [root@centos-68-64 ~]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 CPUs found: 1 worker threads: 1 number of zones: 20 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running [root@centos-68-64 ~]#
·修改文件 /var/named/loveme.com.zone文件权限
[root@centos-68-64 named]# chown :named /var/named/loveme.com.zone [root@centos-68-64 named]# chowd o= /var/named/loveme.com.zone [root@centos-68-64 named]# ll 总用量 32 drwxrwx---. 2 named named 4096 9月 16 18:21 data drwxrwx---. 2 named named 4096 9月 16 18:21 dynamic -rw-r-----. 1 root named 312 9月 16 19:40 loveme.com.zone -rw-r-----. 1 root named 3171 1月 11 2016 named.ca -rw-r-----. 1 root named 152 12月 15 2009 named.empty -rw-r-----. 1 root named 152 6月 21 2007 named.localhost -rw-r-----. 1 root named 168 12月 15 2009 named.loopback drwxrwx---. 2 named named 4096 5月 11 07:07 slaves [root@centos-68-64 named]#
※·测试添加的域名 loveme.com
测试之前记得 loveme.com.zone文件权限一定修改属组为 named ,不然解析不成功:
[root@centos-68-64 named]# ll 总用量 32 drwxrwx---. 2 named named 4096 9月 16 18:21 data drwxrwx---. 2 named named 4096 9月 16 18:21 dynamic -rw-r-----. 1 root named 312 9月 16 19:40 loveme.com.zone -rw-r-----. 1 root named 3171 1月 11 2016 named.ca -rw-r-----. 1 root named 152 12月 15 2009 named.empty -rw-r-----. 1 root named 152 6月 21 2007 named.localhost -rw-r-----. 1 root named 168 12月 15 2009 named.loopback drwxrwx---. 2 named named 4096 5月 11 07:07 slaves [root@centos-68-64 named]#
测试NS (类型为 NS类型)
[root@centos-68-64 named]# dig -t NS loveme.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS loveme.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56721 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;loveme.com. IN NS ;; ANSWER SECTION: loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 1 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 19:47:48 2016 ;; MSG SIZE rcvd: 62
测试MX(测试类型为 MX类型)
[root@centos-68-64 named]# dig -t MX loveme.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t MX loveme.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7781 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3 ;; QUESTION SECTION: ;loveme.com. IN MX ;; ANSWER SECTION: loveme.com. 3600 IN MX 20 mx2.loveme.com. loveme.com. 3600 IN MX 10 mx1.loveme.com. ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: mx1.loveme.com. 3600 IN A 10.1.16.143 mx2.loveme.com. 3600 IN A 10.1.16.144 ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 0 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 19:47:56 2016 ;; MSG SIZE rcvd: 134
测试www(测试为A类型)
[root@centos-68-64 named]# dig -t A www.loveme.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.loveme.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64400 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.loveme.com. IN A ;; ANSWER SECTION: www.loveme.com. 3600 IN A 10.1.16.145 ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 0 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 19:48:06 2016 ;; MSG SIZE rcvd: 82
测试web(测试为cname类型)
[root@centos-68-64 named]# dig -t A web.loveme.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A web.loveme.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37318 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;web.loveme.com. IN A ;; ANSWER SECTION: web.loveme.com. 3600 IN CNAME www.loveme.com. www.loveme.com. 3600 IN A 10.1.16.145 ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 1 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 19:48:10 2016 ;; MSG SIZE rcvd: 100
测试BBS(双主机解析名称会交替使用)
[root@centos-68-64 named]# dig -t A bbs.loveme.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A bbs.loveme.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22189 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;bbs.loveme.com. IN A ;; ANSWER SECTION: bbs.loveme.com. 3600 IN A 10.1.16.147 bbs.loveme.com. 3600 IN A 10.1.16.146 ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 2 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 19:48:35 2016 ;; MSG SIZE rcvd: 98 [root@centos-68-64 named]#
§·配置解析一个反向区域 : 以loveme.com域为例:
※·定义反向解析区域
在主配置文件中或主配置文件的辅助配置文件/etc/named.rfc1912.zones中实现;
zone “ZONE_NAME” IN {
type {master | slave | hint | forward};
file “ZONE_FILES”;
zone "16.1.10.in-addr.arpa" IN {
type master;
file "10.1.16.zone";
};
注意:反向区域的名字:反写网段地址: in-addr.arpa 例如 : 16.1.10.in-addr.arpa
※·定义反向解析区域库文件/var/named/10.1.16.zone(主要记录为PTR记录)
[root@centos-68-64 named]# cat /var/named/10.1.16.zone $TTL 3600 $ORIGIN 16.1.10.in-addr.arpa. @ IN SOA ns1.loveme.com. admin.loveme.com. ( 0 1H 10M 3D 1D ) IN NS ns1.loveme.com. 142 IN PTR ns1.loveme.com. 143 IN PTR mx1.loveme.com. 144 IN PTR mx2.loveme.com. 145 IN PTR www.loveme.com. 145 IN PTR web.loveme.com. 146 IN PTR bbs.loveme.com. 147 IN PTR bbs.loveme.com. [root@centos-68-64 named]#
※·检查配置文件 zone文件语法 修改权限 重载文件
[root@centos-68-64 /]# named-checkconf [root@centos-68-64 /]# named-checkzone 16.1.10.in-addr.arpa. /var/named/10.1.16.zone zone 16.1.10.in-addr.arpa/IN: loaded serial 0 OK [root@centos-68-64 /]# named-checkzone 16.1.10.in-addr.arpa. /var/named/10.1.16.zone^C [root@centos-68-64 /]# rndc reload server reload successful [root@centos-68-64 /]# chown :named /var/named/10.1.16.zone [root@centos-68-64 /]# chmod o= /var/named/10.1.16.zone [root@centos-68-64 /]# ll /var/named/10.1.16.zone -rw-r-----. 1 root named 302 9月 16 20:25 /var/named/10.1.16.zone [root@centos-68-64 /]#
※·测试反向解析区域
测试 :10.1.16.142 IN PTR ns1.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.142 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.142 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57933 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;142.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 142.16.1.10.in-addr.arpa. 3600 IN PTR ns1.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 2 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:20 2016 ;; MSG SIZE rcvd: 100
测试 :10.1.16.143 IN PTR mx1.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.143 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.143 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35860 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;143.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 143.16.1.10.in-addr.arpa. 3600 IN PTR mx1.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 1 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:23 2016 ;; MSG SIZE rcvd: 104
测试 :10.1.16.144 IN PTR mx2.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.144 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.144 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19762 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;144.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 144.16.1.10.in-addr.arpa. 3600 IN PTR mx2.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 0 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:25 2016 ;; MSG SIZE rcvd: 104
测试 :10.1.16.145 IN PTR www.loveme.com. web.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.145 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.145 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60243 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;145.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 145.16.1.10.in-addr.arpa. 3600 IN PTR www.loveme.com. 145.16.1.10.in-addr.arpa. 3600 IN PTR web.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 1 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:27 2016 ;; MSG SIZE rcvd: 122
测试 :10.1.16.146 IN PTR bbs.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.146 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.146 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14060 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;146.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 146.16.1.10.in-addr.arpa. 3600 IN PTR bbs.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 0 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:29 2016 ;; MSG SIZE rcvd: 104
测试 :10.1.16.147 IN PTR bbs.loveme.com.
[root@centos-68-64 /]# dig -x 10.1.16.147 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.147 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43016 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;147.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 147.16.1.10.in-addr.arpa. 3600 IN PTR bbs.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ;; Query time: 0 msec ;; SERVER: 10.1.16.142#53(10.1.16.142) ;; WHEN: Fri Sep 16 20:37:31 2016 ;; MSG SIZE rcvd: 104
§·配置从DNS服务器
配置大概流程:
1 . 主DNS服务器上添加从DNS服务器的NS 及其A记录;
2 . 主DNS服务器设置可以传送区域文件的服务器地址;
3 . 从DNS服务器设置需要成为主DNS服务器的从服务器即可。
※·在从DNS服务器上的配置
◎·安装BIND的程序
[root@centos68 ~]# rpm -qa | grep bind bind-9.8.2-0.47.rc1.el6.x86_64 bind-libs-9.8.2-0.47.rc1.el6.x86_64 samba-winbind-clients-3.6.23-33.el6.x86_64 PackageKit-device-rebind-0.5.8-26.el6.x86_64 samba-winbind-3.6.23-33.el6.x86_64 rpcbind-0.2.0-12.el6.x86_64 ypbind-1.20.4-33.el6.x86_64 bind-utils-9.8.2-0.47.rc1.el6.x86_64
◎·配置本机为缓存服务器
查看主配置文件:
[root@centos68 ~]# cat /etc/named.conf
options {
listen-on port 53 { 10.1.16.61 ; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
◎·定义从DNS正向区域与反向区域
zone “loveme.com” IN {
type slave ;
file “slave/lovema.com.zone”;
masters {10.1.16.142;};
};
zone “16.1.10.in-addr.arpa” IN {
type slave ;
file “slave/10.1.16.zone”;
masters {10.1.16.142;};
};
修改查看主配置文件的辅助配置文件:
[root@centos68 ~]# cat /etc/named.rfc1912.zones
zone "loveme.com" IN {
type slave;
file "slaves/loveme.com.zone";
masters {10.1.16.142;};
};
zone "16.1.10.in-addr.arpa" IN {
type slave;
file "slaves/10.1.26.zone";
masters {10.1.16.142;};
};
[root@centos68 ~]#
◎·检查语法错误 重载服务
named-checkconf
rndc reload
systemctl reload named.serice
[root@centos68 ~]# named-checkconf [root@centos68 ~]# rndc reload server reload successful [root@centos68 ~]# rndc status version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 CPUs found: 4 worker threads: 4 number of zones: 21 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 2 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
没有在主DNS服务器上配置从DNS的信息时,从DNS是没有任何的DNS数据信息的:
[root@centos68 ~]# dig -t axfr loveme.com 10.1.16.142 ;; Connection to 10.1.0.1#53(10.1.0.1) for loveme.com failed: host unreachable. ;; Connection to 10.1.0.1#53(10.1.0.1) for 10.1.16.142 failed: host unreachable. [root@centos68 ~]# ping 10.1.16.142 PING 10.1.16.142 (10.1.16.142) 56(84) bytes of data. 64 bytes from 10.1.16.142: icmp_seq=1 ttl=64 time=1.94 ms 64 bytes from 10.1.16.142: icmp_seq=2 ttl=64 time=0.270 ms ^C --- 10.1.16.142 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1504ms rtt min/avg/max/mdev = 0.270/1.107/1.945/0.838 ms [root@centos68 ~]# dig -t axfr loveme.com 10.1.16.61 ;; Connection to 10.1.0.1#53(10.1.0.1) for loveme.com failed: host unreachable. ;; Connection to 10.1.0.1#53(10.1.0.1) for 10.1.16.61 failed: host unreachable. [root@centos68 ~]#
※·在主服务器上的配置
◎·正向反向区域数据文件中配置从DNS服务信息
确保正向反向区域数据文件中为每个从服务器有NS服务器信息及其相对应的A记录
正向解析记录:
[root@centos-68-64 /]# cat /var/named/loveme.com.zone $TTL 3600 $ORIGIN loveme.com. @ IN SOA loveme.com. admin.loveme.com. ( 0 1H 1M 3D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 10.1.16.142 mx1 IN A 10.1.16.143 mx2 IN A 10.1.16.144 www IN A 10.1.16.145 web IN CNAME www bbs IN A 10.1.16.146 bbs IN A 10.1.16.147 ns2 IN A 10.1.16.61
反向解析记录
[root@centos-68-64 /]# cat /var/named/10.1.16.zone $TTL 3600 $ORIGIN 16.1.10.in-addr.arpa. @ IN SOA ns1.loveme.com. admin.loveme.com. ( 0 1H 10M 3D 1D ) IN NS ns1.loveme.com. IN NS ns2.loveme.com. 142 IN PTR ns1.loveme.com. 143 IN PTR mx1.loveme.com. 144 IN PTR mx2.loveme.com. 145 IN PTR www.loveme.com. 146 IN PTR bbs.loveme.com. 147 IN PTR bbs.loveme.com. 145 IN PTR web.loveme.com. 61 IN PTR ns2.loveme.com. [root@centos-68-64 /]#
◎·检查语法错误 重载服务
named-checkconf
rndc reload
systemctl reload named.serice
※·测试从DNS服务器上是否配置成功
◎·是否生成区域文件(/var/named/slaves/)
[root@centos68 slaves]# ll /var/named/slaves/ total 8 -rw-r--r-- 1 named named 537 Sep 16 22:47 10.1.26.zone -rw-r--r-- 1 named named 510 Sep 16 22:47 loveme.com.zone [root@centos68 slaves]#
◎·测试是否可以正常解析域名或IP
测试FQDN到IP
[root@centos68 slaves]# dig -t A mx1.loveme.com @10.1.16.61 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A mx1.loveme.com @10.1.16.61 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42289 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;mx1.loveme.com. IN A ;; ANSWER SECTION: mx1.loveme.com. 3600 IN A 10.1.16.143 ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns2.loveme.com. loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ns2.loveme.com. 3600 IN A 10.1.16.61 ;; Query time: 0 msec ;; SERVER: 10.1.16.61#53(10.1.16.61) ;; WHEN: Fri Sep 16 23:07:15 2016 ;; MSG SIZE rcvd: 116 [root@centos68 slaves]# dig -t A web.loveme.com @10.1.16.61 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A web.loveme.com @10.1.16.61 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51356 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;web.loveme.com. IN A ;; ANSWER SECTION: web.loveme.com. 3600 IN CNAME www.loveme.com. www.loveme.com. 3600 IN A 10.1.16.145 ;; AUTHORITY SECTION: loveme.com. 3600 IN NS ns2.loveme.com. loveme.com. 3600 IN NS ns1.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ns2.loveme.com. 3600 IN A 10.1.16.61 ;; Query time: 0 msec ;; SERVER: 10.1.16.61#53(10.1.16.61) ;; WHEN: Fri Sep 16 23:07:20 2016 ;; MSG SIZE rcvd: 134 [root@centos68 slaves]#
测试IP 到 FQDN
[root@centos68 slaves]# dig -x 10.1.16.142 @10.1.16.61 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 10.1.16.142 @10.1.16.61 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50635 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;142.16.1.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 142.16.1.10.in-addr.arpa. 3600 IN PTR ns1.loveme.com. ;; AUTHORITY SECTION: 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. 16.1.10.in-addr.arpa. 3600 IN NS ns2.loveme.com. ;; ADDITIONAL SECTION: ns1.loveme.com. 3600 IN A 10.1.16.142 ns2.loveme.com. 3600 IN A 10.1.16.61 ;; Query time: 13 msec ;; SERVER: 10.1.16.61#53(10.1.16.61) ;; WHEN: Fri Sep 16 23:08:09 2016 ;; MSG SIZE rcvd: 134 [root@centos68 slaves]#
◎·dig命令测试
[root@centos68 slaves]# dig -t axfr loveme.com @10.1.16.61 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr loveme.com @10.1.16.61 ;; global options: +cmd loveme.com. 3600 IN SOA loveme.com. admin.loveme.com. 0 3600 60 259200 86400 loveme.com. 3600 IN MX 10 mx1.loveme.com. loveme.com. 3600 IN MX 20 mx2.loveme.com. loveme.com. 3600 IN NS ns1.loveme.com. loveme.com. 3600 IN NS ns2.loveme.com. bbs.loveme.com. 3600 IN A 10.1.16.146 bbs.loveme.com. 3600 IN A 10.1.16.147 mx1.loveme.com. 3600 IN A 10.1.16.143 mx2.loveme.com. 3600 IN A 10.1.16.144 ns1.loveme.com. 3600 IN A 10.1.16.142 ns2.loveme.com. 3600 IN A 10.1.16.61 web.loveme.com. 3600 IN CNAME www.loveme.com. www.loveme.com. 3600 IN A 10.1.16.145 loveme.com. 3600 IN SOA loveme.com. admin.loveme.com. 0 3600 60 259200 86400 ;; Query time: 4 msec ;; SERVER: 10.1.16.61#53(10.1.16.61) ;; WHEN: Fri Sep 16 23:10:09 2016 ;; XFR size: 14 records (messages 1, bytes 320) [root@centos68 slaves]# dig -t axfr 16.1.10.in-addr.arpa @10.1.16.61 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr 16.1.10.in-addr.arpa @10.1.16.61 ;; global options: +cmd 16.1.10.in-addr.arpa. 3600 IN SOA ns1.loveme.com. admin.loveme.com. 0 3600 600 259200 86400 16.1.10.in-addr.arpa. 3600 IN NS ns1.loveme.com. 16.1.10.in-addr.arpa. 3600 IN NS ns2.loveme.com. 142.16.1.10.in-addr.arpa. 3600 IN PTR ns1.loveme.com. 143.16.1.10.in-addr.arpa. 3600 IN PTR mx1.loveme.com. 144.16.1.10.in-addr.arpa. 3600 IN PTR mx2.loveme.com. 145.16.1.10.in-addr.arpa. 3600 IN PTR www.loveme.com. 145.16.1.10.in-addr.arpa. 3600 IN PTR web.loveme.com. 146.16.1.10.in-addr.arpa. 3600 IN PTR bbs.loveme.com. 147.16.1.10.in-addr.arpa. 3600 IN PTR bbs.loveme.com. 61.16.1.10.in-addr.arpa. 3600 IN PTR ns2.loveme.com. 16.1.10.in-addr.arpa. 3600 IN SOA ns1.loveme.com. admin.loveme.com. 0 3600 600 259200 86400 ;; Query time: 1 msec ;; SERVER: 10.1.16.61#53(10.1.16.61) ;; WHEN: Fri Sep 16 23:10:26 2016 ;; XFR size: 12 records (messages 1, bytes 321) [root@centos68 slaves]#
§·问题解决方法(/var/named/data/named.run)
主DNS报错信息一:
reloading zones succeeded client 10.1.16.61#28325: query '16.1.10.in-addr.arpa/SOA/IN' denied client 10.1.16.61#28325: query 'loveme.com/SOA/IN' denied
解:从DNS服务器存放区域文件的路径有问题
从DNS报错信息一:
zone loveme.com/IN: got_transfer_quota: skipping zone transfer as master 10.1.16.142#53 (source 0.0.0.0#0) is unreachable (cached) zone 16.1.10.in-addr.arpa/IN: refresh: unexpected rcode (REFUSED) from master 10.1.16.142#53 (source 0.0.0.0#0) zone 16.1.10.in-addr.arpa/IN: Transfer started. zone 16.1.10.in-addr.arpa/IN: got_transfer_quota: skipping zone transfer as master 10.1.16.142#53 (source 0.0.0.0#0) is unreachable (cached)
解:从DNS到主DNS的路由无法达到
§·配置子域正向解析服务器(反向解析比较麻烦)
·配置子域授权服务器步骤:
(1)在主DNS(loveme.com)上配置子域的NS记录与对应的A记录;
(2)在子域DNS(fin.loveme.com)服务器上配置正常的fin.loveme.com解析文件;
·详细配置说明:
※·在主DNS(loveme.com)上配置子域的NS记录与对应的A记录
cat /var/named/loveme.com.zone
[root@centos-68-64 ~]# cat /var/named/loveme.com.zone $TTL 3600 $ORIGIN loveme.com. @ IN SOA loveme.com. admin.loveme.com. ( 1 1H 1M 3D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 10.1.16.142 mx1 IN A 10.1.16.143 mx2 IN A 10.1.16.144 www IN A 10.1.16.145 web IN CNAME www bbs IN A 10.1.16.146 bbs IN A 10.1.16.147 ns2 IN A 10.1.16.61 fin.loveme.com. IN NS ns1.fin.loveme.com. ns1.fin IN A 10.1.16.141
※·在子域DNS(fin.loveme.com)服务器上配置正常的fin.loveme.com解析文件
cat /etc/named.rfc1912.zones 定义的区域
[root@localhost ~]# cat /etc/named.rfc1912.zones
.....................................
zone "fin.loveme.com" IN {
type master;
file "fin.loveme.com.zone";
..............................................
cat /var/named/fin.loveme.com.zone 定义的正向解析文件
[root@localhost ~]# cat /var/named/fin.loveme.com.zone $TTL 3600 $ORIGIN fin.loveme.com. @ IN SOA fin.loveme.com admin.fin.loveme.com. ( 0 1H 10M 3D 1D ) IN NS ns1.fin.loveme.com. IN MX 10 mx1.fin.loveme.com. IN MX 20 mx2.fin.loveme.com. mx1 IN A 10.1.16.141 mx2 IN A 10.1.16.242 ns1 IN A 10.1.16.141 www IN A 10.1.16.141 [root@localhost ~]#
※·子域DNS(fin.loveme.com)上测试相应的域名解析
[root@localhost ~]# dig -t axfr fin.loveme.com @10.1.16.141 ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr fin.loveme.com @10.1.16.141 ;; global options: +cmd fin.loveme.com. 3600 IN SOA fin.loveme.com.fin.loveme.com. admin.fin.loveme.com. 0 3600 600 259200 86400 fin.loveme.com. 3600 IN NS ns1.fin.loveme.com. fin.loveme.com. 3600 IN MX 10 mx1.fin.loveme.com. fin.loveme.com. 3600 IN MX 20 mx2.fin.loveme.com. mx1.fin.loveme.com. 3600 IN A 10.1.16.141 mx2.fin.loveme.com. 3600 IN A 10.1.16.242 ns1.fin.loveme.com. 3600 IN A 10.1.16.141 www.fin.loveme.com. 3600 IN A 10.1.16.141 fin.loveme.com. 3600 IN SOA fin.loveme.com.fin.loveme.com. admin.fin.loveme.com. 0 3600 600 259200 86400 ;; Query time: 2 msec ;; SERVER: 10.1.16.141#53(10.1.16.141) ;; WHEN: 六 9月 17 12:56:11 CST 2016 ;; XFR size: 9 records (messages 1, bytes 251) [root@localhost ~]#
§·配置转发域
转发的大概含义:
定义转发:
注意:被转发的服务器必须允许为当前服务做递归
(1)区域转发:仅转发某特定区域的解析请求
zone "ZONE_NAME" IN {
type forward;
forward {first | only};
forwarders {SERVER_IP;};
}
first :首先转发;转发器不响应时,自行迭代查询;
only:只转发
(2)全局转发:凡是本地没有通过定义zone的区域查询请求,通通转给某转发器;
在 named.conf
在 options中定义
options {
…….
forward {only | first };
forwarders {SERVER_IP;};
……
};
§·配置BIND view功能
BIND view的功能:可以使不同的客户端(来源不一样的IP地址)解析到的同一个域名(www.xxx.com)解析到不同的IP地址。
※·配置BIND view 服务器规划
·DNS服务器有两块网卡;
·DNS对内的IP地址为:192.168.1.1/24,域名为:
ftp.xxx.com
mx.xxx.com
web.xxxx.com
·DNS对外的IP地址为:192.168.10.1/24
ftp.xxx.com
mx.xxx.com
web.xxxx.com
※·配置BIND view配置文件的内如
定义 view的地方一定要注意,如果使用 view 功能 就必须包含所有的区域,
包括/etc/named.conf /etc/named.rfc1912.zones , 以下设置就把所有的区域放在/etc/named.rfc1912.zones中定义
[root@love681 named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl neiwang { 192.168.1.0/24; }; #设置内网的访问地址范围
acl waiwang { !192.168.100.0/24; }; #设置外网的访问地址范围
view "lan" { #定义内网的规则
match-clients { "neiwang"; };
zone "xxx.com" IN {
type master;
file "xxx.com.neiwang.zone"; #对应的文件为 xxx.com.neiwang.zone
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "wan" { #定义外网的地址规则
zone "xxx.com" IN {
type master;
file "xxx.com.waiwang.zone"; #对应的文件为 xxx.com.waiwang.zone
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
};
[root@love681 named]#
※·内网IP对应的xxx.com.zone.neiwang配置文件
[root@love681 named]# cat /var/named/xxx.com.neiwang.zone $TTL 3600 $ORIGIN xxx.com. @ IN SOA xxx.com. admin.xxx.com. ( 0 1H 10M 3D 1D ) IN NS ns.xxx.com. ns IN A 192.168.1.1 www IN A 192.168.1.1 ftp IN CNAME www bbs IN CNAME www pop3 IN CNAME www
※·外网IP对应的xxx.com.zone.waiwang配置文件
[root@love681 named]# cat /var/named/xxx.com.waiwang.zone $TTL 3600 $ORIGIN xxx.com. @ IN SOA xxx.com. admin.xxx.com. ( 0 1H 10M 3D 1D ) IN NS ns.xxx.com. ns IN A 192.168.100.1 www IN A 192.168.100.1 ftp IN CNAME www bbs IN CNAME www pop3 IN CNAME www
※·内网用户测试
[root@localhost ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:22:c1:9d brd ff:ff:ff:ff:ff:ff inet 192.168.1.44/24 scope global eth0 inet6 fe80::20c:29ff:fe22:c19d/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@localhost ~]# cat /etc/resolv.conf nameserver 192.168.1.1 search localdomain [root@localhost ~]# host www.xxx.com [root@localhost ~]# vim /etc/resolv.conf [root@localhost ~]# host www.xxx.com www.xxx.com has address 192.168.1.1 [root@localhost ~]# host ftp.xxx.com ftp.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.1.1 [root@localhost ~]# host bbs.xxx.com bbs.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.1.1 [root@localhost ~]# host pop3.xxx.com pop3.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.1.1 [root@localhost ~]#
※·外网用测试
localhost ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:22:C1:9D inet addr:192.168.100.4 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe22:c19d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9973 errors:0 dropped:0 overruns:0 frame:0 TX packets:1343 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:805620 (786.7 KiB) TX bytes:410081 (400.4 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1356 errors:0 dropped:0 overruns:0 frame:0 TX packets:1356 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2328568 (2.2 MiB) TX bytes:2328568 (2.2 MiB) [root@localhost ~]# cat /etc/resolv.conf nameserver 192.168.100.1 search localdomain [root@localhost ~]# host www.xxx.com www.xxx.com has address 192.168.100.1 [root@localhost ~]# host bbs.xxx.com bbs.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.100.1 [root@localhost ~]# host ftp.xxx.com ftp.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.100.1 [root@localhost ~]# host pop3.xxx.com pop3.xxx.com is an alias for www.xxx.com. www.xxx.com has address 192.168.100.1 [root@localhost ~]#
§·搭建一个内网的简单的根DNS系统
※·准备工作
|
主机名 |
ip地址分配 |
角色 |
|
root-server(.) |
10.1.16.10 |
根 DNS服务器 |
|
com-server(com.) |
10.1.16.20 |
.com DNS服务器 |
|
sbcom-server(sb.com.) |
10.1.16.200 |
sb.com DNS服务器 |
|
cn-server(cn.) |
10.1.16.30 |
.cn DNS服务器 |
|
sbcn-erver(sb.cn) |
10.1.16.40 |
sb.cn DNS服务器 |
※·root-server的配置工作
注意:由于自身就为根文件系统,所以不要hint区域,直接为 master区域即可,查看在root-server上的配置:
步骤一:查看DNS主配置文件: /etc/named.conf
zone "." IN {
type master;
file "named.ca";
步骤二:查看区域配置文件内容:
[root@root-server named]# cat /var/named/named.ca $TTL 3600 $ORIGIN . @ IN SOA a. admin.com. ( 0 1H 10M 3D 1D ) @ IN NS a. cn. IN NS ns1.cn. com. IN NS ns1.com. hao. IN NS ns1.hao. a. IN A 10.1.16.10 ns1.cn. IN A 10.1.16.30 ns1.com. IN A 10.1.16.20 www. IN A 8.8.8.8 ns1.hao. IN A 9.9.9.9
步骤三:测试本机上的DNS解析
[root@root-server named]# dig -t axfr . ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr . ;; global options: +cmd . 3600 IN SOA a. admin.com. 0 3600 600 259200 86400 . 3600 IN NS a. a. 3600 IN A 10.1.16.10 cn. 3600 IN NS ns1.cn. ns1.cn. 3600 IN A 10.1.16.30 com. 3600 IN NS ns1.com. ns1.com. 3600 IN A 10.1.16.20 hao. 3600 IN NS ns1.hao. ns1.hao. 3600 IN A 9.9.9.9 www. 3600 IN A 8.8.8.8 . 3600 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 1 msec ;; SERVER: 10.1.16.10#53(10.1.16.10) ;; WHEN: Fri Sep 23 22:18:56 CST 2016 ;; XFR size: 11 records (messages 1, bytes 252) [root@root-server named]#
※·com-server的配置工作
步骤一:查看DNS主配置文件: /etc/named.conf
zone "com" IN {
type master;
file "com.zone";
};
步骤二:查看区域配置文件内容:
[root@com-server ~]# cat /var/named/com.zone $ORIGIN com. $TTL 3600 @ IN SOA ns1.com. admin.com. ( 0 1H 10M 3D 1D ) @ IN NS ns1.com. sb.com. IN NS ns1.sb.com. ns1.com. IN A 10.1.16.20 ns1.sb.com. IN A 10.1.16.200
步骤三:修改根域的DNS地址
[root@com-server ~]# cat /var/named/named.ca . 3600000 NS a. a. 3600000 A 10.1.16.10
步骤四:测试本机上的DNS解析
[root@com-server ~]# dig -t axfr com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr com ;; global options: +cmd com. 3600 IN SOA ns1.com. admin.com. 0 3600 600 259200 86400 com. 3600 IN NS ns1.com. ns1.com. 3600 IN A 10.1.16.20 sb.com. 3600 IN NS ns1.sb.com. ns1.sb.com. 3600 IN A 10.1.16.200 com. 3600 IN SOA ns1.com. admin.com. 0 3600 600 259200 86400 ;; Query time: 1 msec ;; SERVER: 10.1.16.20#53(10.1.16.20) ;; WHEN: Fri Sep 23 22:23:49 2016 ;; XFR size: 6 records (messages 1, bytes 170) [root@com-server ~]#
※·cn-server的配置工作
步骤一:查看DNS主配置文件: /etc/named.conf
zone "cn" IN {
type master;
file "cn.zone";
};
步骤二:查看区域配置文件内容:
[root@cn-server ~]# cat /var/named/cn.zone $TTL 3600 $ORIGIN cn. @ IN SOA ns1.cn. admin.cn. ( 0 1H 10M 3D 1D ) @ IN NS ns1.cn. sb.cn. IN NS ns1.sb.cn. ns1 IN A 10.1.16.30 ns1.sb IN A 10.1.16.40 www IN A 4.4.4.4
步骤三:修改根域的DNS地址
[root@cn-server ~]# cat /var/named/named.ca . 3600000 IN NS a. a. 3600000 IN A 10.1.16.10
步骤四:测试本机上的DNS解析
[root@cn-server ~]# dig -t axfr cn ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr cn ;; global options: +cmd cn. 3600 IN SOA ns1.cn. admin.cn. 0 3600 600 259200 86400 cn. 3600 IN NS ns1.cn. ns1.cn. 3600 IN A 10.1.16.30 sb.cn. 3600 IN NS ns1.sb.cn. ns1.sb.cn. 3600 IN A 10.1.16.40 www.cn. 3600 IN A 4.4.4.4 cn. 3600 IN SOA ns1.cn. admin.cn. 0 3600 600 259200 86400 ;; Query time: 2 msec ;; SERVER: 10.1.16.30#53(10.1.16.30) ;; WHEN: 五 9月 23 22:26:17 CST 2016 ;; XFR size: 7 records (messages 1, bytes 189)
※·sb-com-server的配置工作
步骤一:查看DNS主配置文件: /etc/named.conf
zone "sb.com" IN {
type master;
file "sb.com.zone";
};
步骤二:查看区域配置文件内容
[root@sb-com ~]# cat /var/named/sb.com.zone $TTL 3600 $ORIGIN sb.com. @ IN SOA sb.com. admin.sb.com. ( 0 1H 10M 3D 1D ) @ IN NS ns1.sb.com. ns1 IN A 10.1.16.200 www IN A 100.100.100.100 ftp IN A 1.1.1.1 bbs IN A 2.2.2.2
步骤三:修改根域的DNS地址
[root@sb-com ~]# cat /var/named/named.ca . 3600000 NS a. a. 3600000 A 10.1.16.10
步骤四:测试本机上的DNS解析
[root@sb-com ~]# dig -t axfr sb.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr sb.com ;; global options: +cmd sb.com. 3600 IN SOA sb.com. admin.sb.com. 0 3600 600 259200 86400 sb.com. 3600 IN NS ns1.sb.com. bbs.sb.com. 3600 IN A 2.2.2.2 ftp.sb.com. 3600 IN A 1.1.1.1 ns1.sb.com. 3600 IN A 10.1.16.200 www.sb.com. 3600 IN A 100.100.100.100 sb.com. 3600 IN SOA sb.com. admin.sb.com. 0 3600 600 259200 86400 ;; Query time: 0 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Fri Sep 23 22:30:54 2016 ;; XFR size: 7 records (messages 1, bytes 196) [root@sb-com ~]#
※·sb-cn-server的配置工作
步骤一:查看DNS主配置文件: /etc/named.conf
zone "sb.cn" IN {
type master;
file "sb.cn.zone";
};
步骤二:查看区域配置文件内容
[root@sb ~]# cat /var/named/sb.cn.zone $TTL 3600 $ORIGIN sb.cn. @ IN SOA sb.cn. admin.sb.com. ( 0 1H 10M 3D 1D ) IN NS ns1.sb.com. ns1 IN A 10.1.16.40 www IN A 10.10.10.10 ftp IN CNAME www bbs IN CNAME www pop3 IN CNAME www
步骤三:修改根域的DNS地址
[root@sb ~]# cat /var/named/named.ca . 3600000 NS a. a. 3600000 A 10.1.16.10
步骤四:测试本机上的DNS解析
[root@sb ~]# dig -t axfr sb.cn ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t axfr sb.cn ;; global options: +cmd sb.cn. 3600 IN SOA sb.cn. admin.sb.com. 0 3600 600 259200 86400 sb.cn. 3600 IN NS ns1.sb.com. bbs.sb.cn. 3600 IN CNAME www.sb.cn. ftp.sb.cn. 3600 IN CNAME www.sb.cn. ns1.sb.cn. 3600 IN A 10.1.16.40 pop3.sb.cn. 3600 IN CNAME www.sb.cn. www.sb.cn. 3600 IN A 10.10.10.10 sb.cn. 3600 IN SOA sb.cn. admin.sb.com. 0 3600 600 259200 86400 ;; Query time: 3 msec ;; SERVER: 10.1.16.40#53(10.1.16.40) ;; WHEN: Fri Sep 23 22:33:26 2016 ;; XFR size: 8 records (messages 1, bytes 220) [root@sb ~]#
※·客户机测试(当DNS为ns1.sb.com 16.200时)
※·查看客户端的DNS设置:
[root@localhost ~]# cat /etc/resolv.conf nameserver 10.1.16.200 search localdomain [root@localhost ~]#
※·测试追踪解析: bbs.sb.com
[root@localhost ~]# dig trace -t A bbs.sb.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> trace -t A bbs.sb.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; AUTHORITY SECTION: . 3583 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 11 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:18 2016 ;; MSG SIZE rcvd: 68 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45511 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;bbs.sb.com. IN A ;; ANSWER SECTION: bbs.sb.com. 3600 IN A 2.2.2.2 ;; AUTHORITY SECTION: sb.com. 3600 IN NS ns1.sb.com. ;; ADDITIONAL SECTION: ns1.sb.com. 3600 IN A 10.1.16.200 ;; Query time: 1 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:18 2016 ;; MSG SIZE rcvd: 78
※·测试追踪解析: ftp.sb.com
[root@localhost ~]# dig trace -t A ftp.sb.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> trace -t A ftp.sb.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60550 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; AUTHORITY SECTION: . 3576 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 1 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:26 2016 ;; MSG SIZE rcvd: 68 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34084 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ftp.sb.com. IN A ;; ANSWER SECTION: ftp.sb.com. 3600 IN A 1.1.1.1 ;; AUTHORITY SECTION: sb.com. 3600 IN NS ns1.sb.com. ;; ADDITIONAL SECTION: ns1.sb.com. 3600 IN A 10.1.16.200 ;; Query time: 9 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:26 2016 ;; MSG SIZE rcvd: 78
※·测试追踪解析: ftp.sb.cn
[root@localhost ~]# dig trace -t A ftp.sb.cn ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> trace -t A ftp.sb.cn ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31575 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; AUTHORITY SECTION: . 3573 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 7 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:28 2016 ;; MSG SIZE rcvd: 68 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46052 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ftp.sb.cn. IN A ;; ANSWER SECTION: ftp.sb.cn. 3600 IN CNAME www.sb.cn. www.sb.cn. 3573 IN A 10.10.10.10 ;; AUTHORITY SECTION: sb.cn. 3573 IN NS ns1.sb.cn. ;; ADDITIONAL SECTION: ns1.sb.cn. 3573 IN A 10.1.16.40 ;; Query time: 6 msec ;; SERVER: 10.1.16.200#53(10.1.16.200) ;; WHEN: Sat Sep 24 11:00:28 2016 ;; MSG SIZE rcvd: 95
※·客户机测试(当DNS为ns1.sb.cn 16.40时)
※·查看客户的DNS服务器地址:
[root@localhost ~]# cat /etc/resolv.conf nameserver 10.1.16.40 search localdomain
※·测试追踪解析: ftp.sb.cn
[root@localhost ~]# dig trace -t A www.sb.cn ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> trace -t A www.sb.cn ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62554 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; AUTHORITY SECTION: . 3418 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 4 msec ;; SERVER: 10.1.16.40#53(10.1.16.40) ;; WHEN: Sat Sep 24 10:57:54 2016 ;; MSG SIZE rcvd: 68 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14798 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.sb.cn. IN A ;; ANSWER SECTION: www.sb.cn. 3600 IN A 10.10.10.10 ;; AUTHORITY SECTION: sb.cn. 3600 IN NS ns1.sb.cn. ;; ADDITIONAL SECTION: ns1.sb.cn. 3600 IN A 10.1.16.40 ;; Query time: 1 msec ;; SERVER: 10.1.16.40#53(10.1.16.40) ;; WHEN: Sat Sep 24 10:57:54 2016 ;; MSG SIZE rcvd: 77
※·测试追踪解析: bbs.sb.cn
[root@localhost ~]# dig trace -t A bbs.sb.cn ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> trace -t A bbs.sb.cn ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60159 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;trace. IN A ;; AUTHORITY SECTION: . 3413 IN SOA a. admin.com. 0 3600 600 259200 86400 ;; Query time: 1 msec ;; SERVER: 10.1.16.40#53(10.1.16.40) ;; WHEN: Sat Sep 24 10:57:58 2016 ;; MSG SIZE rcvd: 68 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42702 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;bbs.sb.cn. IN A ;; ANSWER SECTION: bbs.sb.cn. 3600 IN CNAME www.sb.cn. www.sb.cn. 3600 IN A 10.10.10.10 ;; AUTHORITY SECTION: sb.cn. 3600 IN NS ns1.sb.cn. ;; ADDITIONAL SECTION: ns1.sb.cn. 3600 IN A 10.1.16.40 ;; Query time: 1 msec ;; SERVER: 10.1.16.40#53(10.1.16.40) ;; WHEN: Sat Sep 24 10:57:58 2016 ;; MSG SIZE rcvd: 95 [root@localhost ~]#
※·客户机测试 host命令测试
[root@localhost ~]# host www.sb.com #sb.com域上的域名 www.sb.com has address 100.100.100.100 [root@localhost ~]# host ftp.sb.com #sb.com域上的域名 ftp.sb.com has address 1.1.1.1 [root@localhost ~]# host bbs.sb.com #sb.com域上的域名 bbs.sb.com has address 2.2.2.2 [root@localhost ~]# host ns1.sb.com ns1.sb.com has address 10.1.16.200 [root@localhost ~]# host ns1.cn #cn域上的域名 ns1.cn has address 10.1.16.30 [root@localhost ~]# host ns1.com #com域上的域名 ns1.com has address 10.1.16.20 [root@localhost ~]# host www. #根域上的域名 www has address 8.8.8.8 [root@localhost ~]# host a. #根域上的域名 a has address 10.1.16.10 [root@localhost ~]# host ns1.sb.cn #sb.cn域上的域名 ns1.sb.cn has address 10.1.16.40 [root@localhost ~]# host ftp.sb.cn #sb.cn域上的域名 ftp.sb.cn is an alias for www.sb.cn. www.sb.cn has address 10.10.10.10 [root@localhost ~]# host pop3.sb.cn #sb.cn域上的域名 pop3.sb.cn is an alias for www.sb.cn. www.sb.cn has address 10.10.10.10
§·小结:
自建根文件系统,需要注意一下事项:
1 . 开启allow-query { any; }(DNS服务器都可以查询);
2 . recursion yes (自己建根开启递归);
3. 关闭防火墙 (iptables -F);
4. 注意主机路由是否正常。
5. DNS服务器的根文件存放的根文件的IP地址和NS记录是否正确。
原创文章,作者:linux_root,如若转载,请注明出处:http://www.178linux.com/48855
评论列表(2条)
文章关于主从DNS服务器的配置讲解的很细,但是中间遇到了问题,为什么没有解决呢?【主从报错】
@马哥教育:问题头解决了,只是没有贴上去,是一些以前学习的细节问题,就没有放上去的!