centos 系统搭建 智能DNS解析-V1.1.pdf

centos5.8 DNS服务地址解析

目录
centos5.8 DNS服务地址解析... 1
一、 DNS服务地址解析... 2
1. 安装bind. 2
2. 配置named. 3
3. 配置named.rfc1912.zones. 4
4. 配置正反向文件... 7
1. 配置正向解析... 7
2. 配置反向解析：... 8
如果有多个IP段的话可以参考如下设置配置反向解析：... 8
5 检查文件是否有语法错误... 9
6 验证试验是否成功... 9
二、 centos NDS 从配置... 10
1. 安装从服务器，请按照方案一进行安装。... 10
2. 配置named.conf10
3. 配置 named.rfc1912.zones. 11
4. 重启服务，看解析文件是否同步：... 13
5. 测试从DNS 是否正常工作... 14
1) 测试从dns服务器功能... 14
2) 测试主dns 关闭后，从是否能正常接管：... 14
三、 centos5.8 智能DNS地址解析... 15
1. 添加 named.conf配置... 15
2. 添加智能正向解析：... 18

版本历史

时间	版本	说明	编写者
2016-03-4	1.0	centos5.8 下DNS服务地址解析	崔四超

系统环境：
centos 5.8 64 bit
软件环境
bind-utils-9.3.6-25.P1.el5_11.6
bind-libs-9.3.6-25.P1.el5_11.6
bind-9.3.6-25.P1.el5_11.6
bind-chroot-9.3.6-25.P1.el5_11.6
ypbind-1.19-12.el5_6.1

主dns服务器：192.168.10.100
从dns服务器：192.168.10.101
www 门户 ：192.168.36.4

一、DNS服务地址解析配置

1. 安装bind

#yum install bind* //安装DNS软件bind centos 5.8 系统里面还需要安装： yum -y install caching-nameserver由于安装了chroot包，所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。( 不是在/etc/named.conf)由于安装了上面六个包后，这个目录下就默认会生成一个named.conf文件，但这个named.conf文件只是个解释文档，所以我们要通过以下命令来把named.conf文件的模板拷贝一份。 备注：安装好之后，我的/etc/named.* 的文件都是软连接

2. 配置named

cd /var/named/chroot/etccp -p named.caching-nameserver.conf named.confchown -R root:namednamed.confln -s /var/named/chroot/etc/named.conf /etc/named.conf

[root@server-10-100 etc]#cat named.conf ////named.caching-nameserver.conf//// Provided by Red Hatcaching-nameserver package to configure the// ISC BIND named(8) DNSserver as a caching only nameserver // (as a localhost DNSresolver only). //// See/usr/share/doc/bind*/sample/ for example named configuration files.//// DO NOT EDIT THIS FILE -use system-config-bind or an editor// to create named.conf -edits to this file will be lost on // caching-nameserverpackage upgrade.//options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; // Those options should be usedcarefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { any; }; allow-query-cache { any; };};logging { channel default_debug { file "data/named.run"; severity dynamic; };};view localhost_resolver { match-clients { any; }; match-destinations { any; }; recursion yes; include"/etc/named.rfc1912.zones";}; 由于安装了chroot包（主要功能就不多介绍），所以主配置文件named.conf在/var/named/chroot/etc/下进行配置。命令如下：

3. 配置named.rfc1912.zones

[root@server-10-100 etc]#cat named.rfc1912.zones // named.rfc1912.zones://// Provided by Red Hatcaching-nameserver package //// ISC BIND named zone configurationfor zones recommended by// RFC 1912 section 4.1 :localhost TLDs and address zones// // See/usr/share/doc/bind*/sample/ for example named configuration files.////声明一个根域"."，用来解析外网域名，zone "." IN { type hint; file "named.ca";}; zone"localdomain" IN { type master; file "localdomain.zone"; allow-update { none; };}; zone "localhost"IN { type master; file "localhost.zone"; allow-update { none; };}; zone"0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; };}; zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type master; file "named.ip6.local"; allow-update { none; };}; zone"255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; };}; zone"0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; };}; zone "wuhaneduyun.cn"IN { //定义一个正向域 wuhaneduyun.cn type master; file "wuhaneduyun.cn.zone";//定义正向解析文件名wuhaneduyun.cn.zone allow-update { none ;};}; zone "36.168.192.in-addr.arpa"IN {//定义一个方向域 type master; file "zone.wuhaneduyun.cn";//定义反向解析文件名 allow-update { none ;};};

4. 配置正反向文件

正反解文件都在相同目录下，由于安装了chroot包后，所以配置正反解文件要到/var/named/chroot/var/named/目录下，而且在此目录下也有正反解的模板文件。具体用到的命令如下： cd /var/named/chroot/var/named/ cp -p localdomain.zone wuhaneduyun.cn.zone cp -p named.local zone.wuhaneduyun.cn 记得加参数P，不然很有可能启动不了named服务。现在就可以编辑正解（wuhaneduyun.cn.zone）、反解（zone.wuhaneduyun.cn）这两个文件了

1. 配置正向解析

[root@server-10-100 ~]# cat/var/named/chroot/var/named/wuhaneduyun.cn.zone $TTL 86400@ IN SOA dns.wuhaneduyun.cn.root.wuhaneduyun.cn. ( 2011062301 ; serial(d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D) ; minimum IN NS dns.wuhaneduyun.cn.dns IN A 192.168.36.4www IN A 192.168.36.4mail IN A 192.168.10.111

2. 配置反向解析：

[root@server-10-100 named]# cat zone.wuhaneduyun.cn $TTL 86400@ IN SOA 36.168.192.in-addr.arpa. dns.wuhaneduyun.cn. ( 2011062301; Serial //序号而已 28800 ; Refresh //slave 的更新时间 14400 ; Retry //当slave更新失败，重新更新时间 3600000 ; Expire //重复多久后不在更新 86400 ) ; Minimum //可看做TTL ，尤其是不设置TTL 时 IN NS dns.wuhaneduyun.cn.4 IN PTR dns.wuhaneduyun.cn.4 IN PTR www.wuhaneduyun.cn.111 IN PTR mail.wuhaneduyun.cn.说明：最后一句前面的那个4是指的主机IP：192.168.36.4的最后一个数

如果有多个IP段的话可以参考如下设置配置反向解析：

配置反向解析，反向解析不去要MX，A ，和CNAME字段，它一般使用PRT定义反向域配置：zone"168.192.in-addr.arpa" IN { type master; file "zone.wuhaneduyun.cn"; allow-update { none ;};}; 定义域文件1. vim zone.wuhaneduyun.cn 2. 3. $TTL 1200 4. @ IN SOA ns1.a.org. admin.a.org. ( 5. 2011081601 6. 1H 7. 10M 8. 7D 9. 1D ) 10. IN NS ns1.a.org. 11. IN NS ns2.a.org. 12.1.100 IN PTR ns1.a.org. 13.2.100 IN PTR ns2.a.org. 14.1.100 IN PTR mail.a.org. 15.3.100 IN PTR www.a.org. 16.100.100 IN PTR ftp.a.org. 17.# 声明域的时候已经有了，192.168 所以我们只需要输入1.100既代表192.168.1.100 18.chomd :named 172.16.org 19.service named reload

5 检查文件是否有语法错误

#named-checkconf -z //检查主配置文件是否有错误 #named-checkzone wuhaneduyun.cn /var/named/a.org.internal //检查区域文件是否有错误 #named-checkzone wuhaneduyun.cn /var/named/a.org.external

6 验证试验是否成功

1、首先是修改/etc/resolv.conf文件。只有修改了这个文件才可以用自己的机器进行域名解析，命令如下： # vi /etc/resolv.conf 只要加上一句：nameserver 192.168.10.100 [root@server-13-30 ~]# nslookup > www.baidu.comServer: 192.168.10.100Address: 192.168.10.100#53 Non-authoritative answer:www.baidu.com canonical name = www.a.shifen.com.Name: www.a.shifen.comAddress: 180.97.33.107Name: www.a.shifen.comAddress: 180.97.33.108> www.wuhaneduyun.cnServer: 192.168.10.100Address: 192.168.10.100#53 Name: www.wuhaneduyun.cnAddress: 192.168.10.100>192.168.10.100www.wuhaneduyun.cn

二、centos NDS 从配置

1. 安装从服务器，请按照方案一进行安装。

2. 配置named.conf

cd /var/named/chroot/etc/cp -pnamed.caching-nameserver.conf named.confln -s/var/named/chroot/etc/named.conf /etc/named.conf

cat /etc/named.conf options { directory "/var/named/slaves";};//因为安装了chroot,所以slaves 目录的真实目录应该在 /var/named/chroot/var/named/slaves/view localhost_resolver { match-clients { any; }; match-destinations { any; }; recursion yes; include"/etc/named.rfc1912.zones";};

3. 配置 named.rfc1912.zones

cat/etc/named.rfc1912.zones //zone "." IN {// type hint;// file "named.ca";//}; zone"localdomain" IN { type slave; masters { 192.168.10.100;}; // # 主服务器的地址，通过它来同步解析文件 file "localdomain.zone";// allow-update { none; };}; zone "localhost"IN { type slave; masters { 192.168.10.100; }; file "localhost.zone";// allow-update { none; };}; zone"0.0.127.in-addr.arpa" IN { type slave; masters { 192.168.10.100; }; file "named.local";// allow-update { none; };}; zone"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN { type slave; masters { 192.168.10.100; }; file "named.ip6.local";// allow-update { none; };}; zone"255.in-addr.arpa" IN { type slave; masters { 192.168.10.100; }; file "named.broadcast";// allow-update { none; };}; zone"0.in-addr.arpa" IN { type slave; masters { 192.168.10.100; }; file "named.zero";// allow-update { none; };}; //以下是我自定义的域，请参考主zone"wuhaneduyun.cn" IN { type slave; //# 类型为从 masters { 192.168.10.100;}; //主服务器的地址，通过它来同步解析文件 file "wuhaneduyun.cn.zone";// allow-update { none ;};}; zone"36.168.192.in-addr.arpa" IN { type slave; //# 类型为从 masters { 192.168.10.100; }; //主服务器的地址，通过它来同步解析文件 file "zone.wuhaneduyun.cn";// allow-update { none ;};};

4. 重启服务，看解析文件是否同步：

/etc/init.d/named restart如果报错，请查看日志： /var/log/message ll /var/named/chroot/var/named/slaves/

5. 测试从DNS 是否正常工作

1) 测试从dns服务器功能

登入内网任意一台服务器：
# vi/etc/resolv.conf
只要加上一句：nameserver 192.168.10.101 #（备注：从dns 服务器)



说明配置从DNS成功

2) 测试主dns 关闭后，从是否能正常接管：

配置主从DNS 服务器IP



第一次解析，server 为：192.168.10.100
关闭主dns : 192.168.10.100 named 服务后，
第二次解析，server为：192.168.10.101

三、centos5.8 智能DNS地址解析

1. 添加named.conf配置

vi /var/named/chroot/etc/named.conf添加红色为自能解析：////named.caching-nameserver.conf//// Provided by Red Hatcaching-nameserver package to configure the// ISC BIND named(8) DNSserver as a caching only nameserver// (as a localhost DNSresolver only).//// See/usr/share/doc/bind*/sample/ for example named configuration files.//// DO NOT EDIT THIS FILE -use system-config-bind or an editor// to create named.conf -edits to this file will be lost on// caching-nameserverpackage upgrade.// options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be usedcarefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { any; }; allow-query-cache { any; };};logging { channel default_debug { file"data/named.run"; severity dynamic; };};//view localhost_resolver {// match-clients { any; };// match-destinations { any; };// recursion yes;// include"/etc/named.rfc1912.zones";//}; acl"hosta" { 192.168.10.1/24; };acl"hostb"{ 192.168.13.1/24; }; view"hosta" { match-clients { hosta; }; recursion yes; notify no; zone "test.com" IN { type master; file"test.com.hosta.file"; allow-update { none; }; }; }; view"hostb" { match-clients { hostb; }; recursion yes; notify no; zone "test.com" IN { type master; file"test.com.hostb.file"; allow-update { none; }; }; }; 备注：hosta 192.168.10.1/24; 的地址访问 test.com.hosta.file hostb 192.168.13.1/24 的地址访问 test.com.hostb.file

2. 添加智能正向解析：

hosta 192.168.10.1/24; 访问www.test.com 就到 192.168.10.100# vi/var/named/chroot/var/named/test.com.hosta.file$TTL 86400@ IN SOA dns.test.com.root.test.com. ( 2011062301 ; serial(d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D) ; minimum IN NS dns.test.com.dns IN A 192.168.10.100www IN A 192.168.10.100mail IN A 192.168.10.100 hostb 192.168.13.1/24; 访问www.test.com 就到 192.168.20.11# vi/var/named/chroot/var/named/test.com.hostb.file$TTL 86400@ IN SOA dns.test.com.root.test.com. ( 2011062301 ; serial(d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D) ; minimum IN NS dns.test.com.dns IN A 192.168.20.11www IN A 192.168.20.11mail IN A 192.168.20.11

附件：http://down.51cto.com/data/2367416