ubuntu安装配置DNS server

 

2011-12-24 00:03:11|  分类：

OS |  标签：
|字号大中小 订阅

1. 在准备做DNS server的机器上（192.168.11.189）安装bind9

sudo apt-get install bind9

2. 修改配置文件/etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "deamon.com"{
        type master;
        file "/etc/bind/db.deamon.com";
};

zone "11.168.192.in-addr.arpa"{
        type master;
        file "/etc/bind/db.deamon.com";
};

3.创建文件/etc/bind/db.deamon.com

; DNS db for deamon.com domain
;
$TTL    604800
@       IN      SOA     deamon.com. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                          86400 )       ; Negative Cache TTL
; name to IP
        IN      NS      dns1    ; dns server 1
        IN      NS      dns2    ; dns server 2
@       IN      A       192.168.11.178  ; deamon.com
dns1    IN      A       192.168.11.189
dns2    IN      A       192.168.11.1
deamon1 IN      A       192.168.11.178
deamon2 IN      A       192.168.11.179
deamon3 IN      A       192.168.11.180
deamon4 IN      A       192.168.11.181
deamon5 IN      A       192.168.11.182
deamon6 IN      A       192.168.11.183

; IP to name
178     IN      PTR     deamon1.deamon.com
179     IN      PTR     deamon2.deamon.com
180     IN      PTR     deamon3.deamon.com
181     IN      PTR     deamon4.deamon.com
182     IN      PTR     deamon5.deamon.com
183     IN      PTR     deamon6.deamon.com

4.  修改配置文件/etc/bind/named.conf,用于转发本DNS Server不能解析的域名。在11.10中，只需要在named.conf.options中添加下面的配置。

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                192.168.11.1;
        };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

5. 重启bind9服务
sudo service bind9 restart

6. 在需要做域名解析的机器中修改文件/etc/resolv.conf设置DNS server IP

# Generated by NetworkManager
nameserver 192.168.11.189

由于该文件会在重启后被系统更改，需要运行下面命令来防止系统重启后修改。

sudo chattr +i /etc/resolv.conf

NOTE: in ubuntu12.04, don't support chattr for such file, need update the resolve.conf with the following steps:-

(1) sudo resolvconf -u

(2) vi /etc/resolvconf/resolv.conf.d/base

nameserver 192.168.11.189

(3) sudo resolvconf -u

The /etc/resolv.conf will be updated based on the base file in step 2.

7.验证DNS配置

hadoop@deamon6:~$ nslookup
> deamon3.deamon.com
Server:         192.168.11.189
Address:        192.168.11.189#53

Name:   deamon3.deamon.com
Address: 192.168.11.180
> 192.168.11.183
Server:         192.168.11.189
Address:        192.168.11.189#53

183.11.168.192.in-addr.arpa     name = deamon6.deamon.com.11.168.192.in-addr.arpa.

8.配置子域，添加子域sns.deamon.com

8.1 修改zone文件/etc/bind/zones/db.deamon.com

; DNS db for deamon.com domain
;
$TTL    604800
@      IN      SOA     deamon.com. root.localhost. (
; Do not modify the following lines!
                                                 20111115003
                                                 604800
                                                 86400
                                                 2419200
                                                 86400
);

;name to IP
        IN      NS      dns
@       IN      A       192.168.145.73
dns     IN      A       192.168.87.100
;SNS subdomain
sns     IN      NS      sns-act
sns-act IN      A       192.168.145.69

8.2 修改conf文件/etc/bind/named.conf.local
//
// Do any local configuration here
//
zone "deamon.com" {
        type master;
        file "/etc/bind/zones/db.deamon.com";
        };
zone "iot01.deamon.com"{
        type forward;
        forwarders { 192.168.145.69;};
        };

8.3 修改option文件/etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        //forwarders {
        //      192.168.145.69;
        //};

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
       
allow-query { any; };
};

NOTE:
1. two commands to validate the configuration files
named-checkconf named.conf.local
named-checkzone zonename luqdlab.com.db
2. To check the log of DNS server, look into the file /var/log/syslog
3. When configure the subdomain, must pay attention to the name.conf.options. If don't add the <allow-query { any; };>, main DNS server will reply the DNS query for address in subdomain with the address of
name server of subdomain.
i.e. main DNS server will not query the address to name server of the subdomain, just send back the address of the name server of subdomain. With the <allow-query>, main DNS server will query the address recursively
and send back the actual IP address.