Linux网络服务——DNS域名解析
【centos6.5】
目录
一、构建缓存域名服务器
二、构建主DNS域名解析服务器
一、构建缓存域名服务器
【以下皆由centos6.5操作】
准备工作:
设置虚拟机里的客户机win7
设置虚拟机里的centos6
进入虚拟网络编辑器编辑网段 ip
打开本机的vmware1
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.157.5
NETMASK=255.255.255.0
GATEWAY=192.168.157.1
DNS1=192.168.157.5
进来添加最后4行,倒数1,4行需要一致
修改倒数第5行
虚拟机里的win7网络属性
关闭虚拟机里win7防火墙
进入属性
关闭虚拟机win7防火墙
最后连接xsell
1: 关闭防火墙selinux安全机制
[root@localhost ~]# service iptables stop
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
[root@localhost ~]# chkconfig iptables off
[root@localhost ~]# setenforce 0 【临时关闭安全机制】
[root@localhost ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config 【强制模式换成关闭模式】
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
[root@localhost yum.repos.d]# mkdir a/
[root@localhost yum.repos.d]# mv C* a/
[root@localhost yum.repos.d]# cp a/*M* ./
[root@localhost yum.repos.d]# vi CentOS-Media.repo
[root@localhost yum.repos.d]# cd
[root@localhost ~]# mkdir -p /media/cdrom
[root@localhost ~]# umount /dev/sr0
[root@localhost ~]# mount /dev/sr0 /media/cdrom
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum -y clean all
Loaded plugins: fastestmirror, refresh-packagekit, security
Cleaning repos: c6-media
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@localhost ~]# yum makecache
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
* c6-media:
2:安装服务所需软件
2.1 搭建yum仓库并安装所需软件
[root@localhost ~]# rpm -q bind bind-utils bind-libs bind-chroot
package bind is not installed
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
package bind-chroot is not installed
[root@localhost ~]# yum -y install bind bind-chroot
Installed:
bind.x86_64 32:9.8.2-0.17.rc1.el6_4.6 bind-chroot.x86_64 32:9.8.2-0.17.rc1.el6_4.6
Complete!
[root@localhost ~]# rpm -q bind bind-utils bind-libs bind-chroot
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
3: 根据需求修改配置文件
DNS服务器的配置文件得有3个,分别是:
1、/etc/named.conf
/var/named/
2、 \____正向区域数据文件
3、 \____反向区域数据文件
3.1:首先来配置:DNS服务器的主配置文件 /etc/named.conf
任何服务器在修改其配置文件之前,都要进行先备份
[root@localhost ~]# cd /etc
[root@localhost etc]# cp -p named.conf named.conf.$(date +%Y%m%d%H%M)
[root@localhost etc]# ls named.conf*
named.conf named.conf.201903302347
下面我们就可以放心的修改主配置文件
vim /etc/named.conf
注意:在这份文档中,有三种符号都表示注释:
1、 //........
2、 ;.........
3、 /* .......... */
在关键行结束后,都必须以“;”结尾,否则,你省去就会报错!!!
有关 /etc/named.conf文件的注释
10 options {
//指定本地对外提供DNS服务侦听的IP地址和端口号
11 listen-on port 53 { 192.168.10.11; };
//禁用 IPV6相关配置
12 // listen-on-v6 port 53 { ::1; };
// 数据文件(缓存文件、正反向数据文件、13个根域服务器正反向数据等)存放位置
13 directory "/var/named";
// 缓存备份数据存放文档
14 dump-file "/var/named/data/cache_dump.db";
// 状态计数存放文档
15 statistics-file "/var/named/data/named_stats.txt";
// 内存状态计数存放文档
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
// 允许哪些客户机可以查询访问我们的DNS服务器
17 allow-query { any; };
// 允许递归查询吗?yes
18 recursion yes;
.....此处省略安全和日志管理。
//正向解析区域声明
37 zone "163.com" IN {
// 主域名服务器角色 master ; 从域名服务器角色 slave ; 根域名角色 hint;
38 type master;
// 正向数据文件名字 ,这份文件默认不存在,你需要把它创建在/var/named下
39 file "163.com.zone";
40 };
41
//反向解析区域声明
42 zone "10.168.192.in-addr.arpa" IN {
43 type master;
// 反向数据文件名字 ,这份文件默认不存在,你需要把它创建在/var/named下
44 file "192.168.10.arpa";
45 };
[root@localhost etc]# vi /etc/named.conf
10 options {
11 listen-on port 53 { 192.168.157.5; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; };
18 recursion yes;
19
37 zone "163.com" IN {
38 type master;
39 file "163.com.zone";
40 };
41
42 zone "157.168.192.in-addr.arpa"IN {
43 type master;
44 file "192.168.157.arpa";
45 };
保存退出
注意:
20到25行是关于安全机制的,不用管
30-35是关于日志的,不用管
“ dynamic”
“163.com.zone”放在/var/named下
3.2接下来要创建正反向数据文件到/var/named下
[root@localhost etc]# cd /var/named
[root@localhost named]# touch 163.com.zone 192.168.157.arpa
[root@localhost named]# ls
163.com.zone chroot dynamic named.empty named.loopback
192.168.157.arpa data named.ca named.localhost slaves
下图中的划线的部分正向数据文件和反向数据文件必须一致
接下来开始编辑正反向数据文件
要想编辑好他们:需要你掌握好7个资源记录配置
TTL SOA NS MX A CNAME PTR
TTL :生存时间资源记录
SOA : 起始授权信息记录
NS : 名称服务记录
MX : (mail exchange ) 邮件交换记录
A : 正向地址资源记录
CNAME : 正向地址别名记录
PTR : 反向指针资源记录。
其中: 对于正向数据文件一般包含6个地址资源记录: TTL SOA NS MX A CNAME
对于反向数据文件一般包含5个地址资源记录:TTL SOA NS MX PTR
3.2.1下面,修改正向数据文件163.com.zone
2019033001 ; 序列号,默认42 ,最大不能超过10位数字。2019年03月30号第1次修改
3H; 更新时间间隔
15M; 失败重试时间间隔
1W; 失效时间
1D); 失败解析生存时间
$TTL 此处可以是(D H M W秒不带单位直接是数字)
@代表163.com。所生成的一个域
数字1到20 数字越低优先等级越高
[root@localhost named]# vim 163.com.zone
15M
1W
1D)
IN NS ns1.163.com.
IN MX 5 mail.163.com.
ns1 IN A 192.168.157.5
www IN A 192.168.157.1
ftp IN CNAME www
bbs IN A 192.168.157.81
bbs IN A 192.168.157.82
bbs IN A 192.168.157.83
* IN A 192.168.157.250
3.2.2下面创建反向解析:
[root@localhost named]# cat 163.com.zone > 192.168.157.arpa
[root@localhost named]# vim 192.168.157.arpa
$TTL 1D
@ IN SOA 163.com admin.163.com. (
2019033001
3H
15M
1W
1D)
IN NS ns1.163.com.
IN MX 5 mail.163.com.
5 IN PTR ns1.163.com
1 IN PTR www.163.com
81 IN PTR bbs.163.com
[root@localhost named]# service named start
Generating /etc/rndc.key: [确定]
启动 named: [确定]
[root@localhost named]# chkconfig named on
[root@localhost named]# chkconfig named --list
named 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@localhost named]# nslookup
> www.163.com
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: www.163.com
Address: 192.168.157.1
> mail.163.com
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: mail.163.com
Address: 192.168.157.250
> bbs.163.com
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: bbs.163.com
Address: 192.168.157.82
Name: bbs.163.com
Address: 192.168.157.83
Name: bbs.163.com
Address: 192.168.157.81
> bbs.163.com
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: bbs.163.com
Address: 192.168.157.83
Name: bbs.163.com
Address: 192.168.157.81
Name: bbs.163.com
Address: 192.168.157.82
> bbs.163.com
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: bbs.163.com
Address: 192.168.157.81
Name: bbs.163.com
Address: 192.168.157.82
Name: bbs.163.com
Address: 192.168.157.83
> dsakjaf.163.com 【域名写错会出现192.168,157.250】
Server: 192.168.157.5
Address: 192.168.157.5#53
Name: dsakjaf.163.com
Address: 192.168.157.250
> 192.168.157.5
Server: 192.168.157.5
Address: 192.168.157.5#53
5.157.168.192.in-addr.arpa name = ns1.163.com.157.168.192.in-addr.arpa.
> 192.168.157.1
Server: 192.168.157.5
Address: 192.168.157.5#53
1.157.168.192.in-addr.arpa name = www.163.com.157.168.192.in-addr.arpa.
> 192.168.157.81
Server: 192.168.157.5
Address: 192.168.157.5#53
81.157.168.192.in-addr.arpa name = bbs.163.com.157.168.192.in-addr.arpa.
> exit
4、DNS服务器出错的原因
4.1没有为测试机指定服务器DNS服务的ip地址
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.157.5 【因为不联网所以NDS服务器必须指向自己ip地址】
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=no 【指明系统在启动时是否激活网卡】此处因改为yes
NM_CONTROLLED=yes 【这个为network manger的参数 ,为yes时,修改后无需重启网卡立即生效,参数改错后会导致无法连接远程服务器修改,所以因改为no】
BOOTPROTO=static
IPADDR=192.168.157.5
NETMASK=255.255.255.0
GATEWAY=192.168.157.1
DNS1=192.168.157.5 【一定要有,还一定的是你要访问的DNS服务器ip地址】
然后重启网卡,问题即可解决
[root@localhost ~]# service network restart
正在关闭接口 eth0: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: Determining if ip address 192.168.157.5 is already in use for device eth0...
[确定]
4.2测试软件包
[root@localhost ~]# rpm -q bind-utils
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
[root@localhost ~]# rpm -ql bind-utils
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
[root@localhost ~]# which named-checkconf
/usr/sbin/named-checkconf
[root@localhost ~]# rpm -qf /usr/sbin/named-checkconf【f:查看named-checkconf的由哪个包安装的】
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
[root@localhost ~]# rpm -qf /usr/sbin/named-checkzone
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
4.3测试域名是否工作正常
4.3.1:【host命令:分析域名查询工具,可以用来测试域名系统工作是否正常,可进行正反向解析】
[root@localhost ~]# host bbs.163.com
bbs.163.com has address 192.168.157.82
bbs.163.com has address 192.168.157.83
bbs.163.com has address 192.168.157.81
[root@localhost ~]# host 192.168.157.1
1.157.168.192.in-addr.arpa domain name pointer www.163.com.157.168.192.in-addr.arpa.
[root@localhost ~]# host 192.168.157.81
81.157.168.192.in-addr.arpa domain name pointer bbs.163.com.157.168.192.in-addr.arpa.
[root@localhost ~]# host 192.168.157.5
5.157.168.192.in-addr.arpa domain name pointer ns1.163.com.157.168.192.in-addr.arpa.
[root@localhost ~]# host 192.168.157.82
Host 82.157.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
[root@localhost ~]# host 192.168.157.83
Host 83.157.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
4.3.2:【dig命令(域信息搜索器的简称):查询域名相关的任务,用来测试域名系统工作是否正常】
[root@localhost ~]# dig www.163.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> www.163.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.163.com. IN A
;; ANSWER SECTION:
www.163.com. 86400 IN A 192.168.157.1
;; AUTHORITY SECTION:
163.com. 86400 IN NS ns1.163.com.
;; ADDITIONAL SECTION:
ns1.163.com. 86400 IN A 192.168.157.5
;; Query time: 1 msec
;; SERVER: 192.168.157.5#53(192.168.157.5)
;; WHEN: Sun Mar 31 05:19:13 2019
;; MSG SIZE rcvd: 79:
4.4 :检测服务器区域配置语法是否正确
[root@localhost ~]# rpm -qf /usr/sbin/named-checkconf 【检测DNS服务器主配置是否语法正确】
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
[root@localhost ~]# rpm -qf /usr/sbin/named-checkzone 【检测DNS服务器正反向区域配置是否与法正确】
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
他们如何来帮助你排除故障呢?
4.4.1 :named-checkconf 主配置文件绝对路径
[root@localhost ~]# named-checkconf /etc/named.conf
[root@localhost ~]# 【没有显示证明语法没有报错】
[root@localhost ~]# vi /etc/named.conf
37 zone "163.com" IN { 【把z去掉测试下】
38 type master;
39 file "163.com.zone";
40 };
[root@localhost ~]# named-checkconf /etc/named.conf 【检测配置语法】
/etc/named.conf:37: unknown option 'one' 【报错37行 ‘one’】
[root@localhost ~]# vi +37 /etc/named.conf 【进入文件肢解进入37行】
zone "163.com" IN {
"/etc/named.conf" 48L, 1097C
[root@localhost ~]# named-checkconf /etc/named.conf 【检测配置语法】
4.4.2 :named-checkzone 声明区域 要被检测的区域配置文件的绝对路径
[root@localhost ~]# tail -20 /etc/named.conf
.........
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "163.com" IN {
type master;
file "163.com.zone";
};
zone "157.168.192.in-addr.arpa"IN {
type master;
file "192.168.157.arpa";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
.................
其中:163.com 正向区域声明, 157.168.192.in-addr.arpa 反向区域声明
/var/named/163.com.zone 要被检查的正向区域配置文件绝对路径
/var/named/192.168.157.arpa 要被检查的反向区域配置文件绝对路径
[root@ns1 ~]# named-checkzone 163.com /var/named/163.com.zone 【正向检测区域配置文件】
zone 163.com/IN: loaded serial 2019033001
OK
[root@ns1 ~]# named-checkzone 157.168.192.in-addr.arpa /var/named/192.168.157.arpa
zone 157.168.192.in-addr.arpa/IN: loaded serial 2019033001
OK
[root@ns1 ~]# vi /var/named/163.com.zone
$TTL 1D 【删除$进行测试】
@ IN SOA 163.com admin.163.com. (
2019033001
3H
15M
1W
1D)
IN NS ns1.163.com.
IN MX 5 mail.163.com.
ns1 IN A 192.168.157.5
www IN A 192.168.157.1
ftp IN CNAME www
"/var/named/163.com.zone" 16L, 548C
[root@ns1 ~]# named-checkzone 163.com /var/named/163.com.zone 【测试正向区域配置文件
】
dns_master_load: /var/named/163.com.zone:2: unexpected end of line
dns_master_load: /var/named/163.com.zone:1: unexpected end of input
/var/named/163.com.zone:8: using RFC1035 TTL semantics 报错TTL,进入文件找关键词TTL
zone 163.com/IN: loading from master file /var/named/163.com.zone failed: unexpected end of input
zone 163.com/IN: not loaded due to errors.
修改回来后再次进行检测,正常
[root@ns1 ~]# named-checkzone 163.com /var/named/163.com.zone
zone 163.com/IN: loaded serial 2019033001
OK
二、构建主DNS域名解析服务器
1、配置前提
准备俩台虚拟机 和一个win7
设置本机网络后 ,禁用再重启
关闭防火墙、 selinux安全机制、构建本地YUM仓库、 在主和从上安装DNS所需软件
Master DNS 主虚拟机
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.157.5
NETMASK=255.255.255.0
GATEWAY=192.168.157.1
DNS1=192.168.157.5
DNS2=192.168.157.3
[root@localhost ~]# rm -f /etc/udev/rules.d/*net*
[root@localhost ~]# reboot
[root@localhost ~]# service network restart
正在关闭接口 eth0: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: Determining if ip address 192.168.157.5 is already in use for device eth0...
[确定]
Slave DNS 从虚拟机
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.157.3
NETMASK=255.255.255.0
GATEWAY=192.168.157.1
DNS1=192.168.157.5
DNS2=192.168.157.3
[root@localhost ~]# rm -f /etc/udev/rules.d/*net*
[root@localhost ~]# reboot
[root@localhost ~]# service network restart
正在关闭接口 eth0: [确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: Determining if ip address 192.168.157.3 is already in use for device eth0...
[确定]
Master DNS 主虚拟机
[root@localhost ~]# service iptables stop
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
[root@localhost ~]# chkconfig iptables off
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config
[root@localhost ~]# umount /dev/sr0
[root@localhost ~]# mkdir -p /media/cdrom
[root@localhost ]# mount /dev/sr0 /media/cdrom
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a/
[root@localhost yum.repos.d]# mv C* a/
[root@localhost yum.repos.d]# cp a/*M* ./
[root@localhost yum.repos.d]# sed -i '20 s/0/1/' C*
[root@localhost yum.repos.d]# yum -y clean all
Loaded plugins: fastestmirror, refresh-packagekit, security
Cleaning repos: c6-media
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@localhost yum.repos.d]# yum makecache
[root@localhost yum.repos.d]# yum -y install bind bind-libs bind-chroot bind-utils
[root@localhost yum.repos.d]# rpm -q bind bind-libs bind-chroot bind-utils
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
Slave DNS 从虚拟机
[root@localhost ~]# chkconfig iptables off
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config
[root@localhost ~]# umount /dev/sr0
[root@localhost ~]# mkdir -p /media/cdrom
[root@localhost ]# mount /dev/sr0 /media/cdrom
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir a/
[root@localhost yum.repos.d]# mv C* a/
[root@localhost yum.repos.d]# cp a/*M* ./
[root@localhost yum.repos.d]# sed -i '20 s/0/1/' C*
[root@localhost yum.repos.d]# yum -y clean all
Loaded plugins: fastestmirror, refresh-packagekit, security
Cleaning repos: c6-media
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@localhost yum.repos.d]# yum makecache
[root@localhost yum.repos.d]# yum -y install bind bind-libs bind-chroot bind-utils
[root@localhost yum.repos.d]# rpm -q bind bind-libs bind-chroot bind-utils
bind-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64
bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64
2、 配置主DNS服务器
2.1 配置named.conf
Master DNS 主虚拟机
[root@localhost ~]# cd /etc
[root@localhost etc]# cp named.conf named.conf.$(date +%Y%m%d%H%M%S)
[root@localhost sbin]# vi /etc/named.conf
[root@localhost sbin]# cat /etc/named.conf
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
options {
listen-on port 53 { 192.168.157.5; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "163.com" IN {
type master;
file "163.com.zone";
allow-transfer { 192.168.157.3; }; 【指定从DNS服务器的IP地址】
};
zone "157.168.192.in-addr.arpa" IN {
type master;
file "192.168.157.arpa";
allow-transfer { 192.168.157.3; }; 【指定从DNS服务器的IP地址】
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
保存退出
[root@localhost etc]# touch /var/named/{192.168.157.arpa,163.com.zone}
[root@localhost etc]# ls /var/named
163.com.zone chroot dynamic named.empty named.loopback
192.168.157.arpa data named.ca named.localhost slaves
2.2 正向数据文件: 163.com.zone
[root@localhost etc]# cd /etc/named
[root@localhost named]# vi /var/named/163.com.zone
[root@localhost named]# cat /var/named/163.com.zone
$TTL 1D
@ IN SOA 163.com. admin.163.com. (
2019040101
3H
15M
1W
1D )
IN NS ns1.163.com.
IN NS ns2.163.com.
IN MX 5 mail.163.com.
ns1 IN A 192.168.157.11
ns2 IN A 192.168.157.12
www IN A 192.168.157.55
www IN A 192.168.157.56
www IN A 192.168.157.57
bbs IN A 192.168.157.66
ftp IN CNAME bbs
* IN A 192.168.157.250
保存退出
[root@localhost named]# cat 163.com.zone > 192.168.157.arpa
2.3 反向数据文件: 192.168.157.arpa
[root@localhost named]# vi /var/named/192.168.157.arpa
[root@localhost named]# cat /var/named/192.168.157.arpa
$TTL 1D
@ IN SOA 163.com. admin.163.com. (
2019040101
3H
15M
1W
1D )
IN NS ns1.163.com.
IN NS ns2.163.com.
IN MX 5 mail.163.com.
5 IN PTR ns1.163.com.
3 IN PTR ns2.163.com.
55 IN PTR www.163.com.
66 IN PTR ftp.163.com.
66 IN PTR bbs.163.com.
2.4 主DNS服务器测试
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkzone 163.com 163.com.zone
zone 163.com/IN: loaded serial 2019040101
OK
[root@localhost named]# named-checkzone 157.168.192.in-addr.arpa 192.168.157.arpa
zone 157.168.192.in-addr.arpa/IN: 157.168.192.in-addr.arpa/MX 'mail.163.com' (out of zone) has no addresses records (A or AAAA)
zone 157.168.192.in-addr.arpa/IN: loaded serial 2019040101
OK
[root@localhost named]# service named restart
停止 named: [确定]
Generating /etc/rndc.key: [确定]
启动 named: [确定]
[root@localhost named]# chkconfig named on
[root@localhost named]# chkconfig named --list
named 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@localhost named]# host www.163.com
www.163.com has address 192.168.157.56
www.163.com has address 192.168.157.57
www.163.com has address 192.168.157.55
[root@localhost named]# host www.163.com
www.163.com has address 192.168.157.57
www.163.com has address 192.168.157.55
www.163.com has address 192.168.157.56
[root@localhost named]# host www.163.com
www.163.com has address 192.168.157.55
www.163.com has address 192.168.157.56
www.163.com has address 192.168.157.57
[root@localhost named]# host www.163.com
www.163.com has address 192.168.157.56
www.163.com has address 192.168.157.57
www.163.com has address 192.168.157.55
[root@localhost named]# host wfshodkjv.163.com
wfshodkjv.163.com has address 192.168.157.250
[root@localhost named]# host bbs.163.com
bbs.163.com has address 192.168.157.66
[root@localhost named]# host ftp.163.com
ftp.163.com is an alias for bbs.163.com.
bbs.163.com has address 192.168.157.66
[root@localhost named]# host ns1.163.com
ns1.163.com has address 192.168.157.5
[root@localhost named]# host ns2.163.com
ns2.163.com has address 192.168.157.3
反向
[root@localhost named]# host 192.168.157.55
55.157.168.192.in-addr.arpa domain name pointer www.163.com.
[root@localhost named]# host 192.168.157.66
66.157.168.192.in-addr.arpa domain name pointer ftp.163.com.
66.157.168.192.in-addr.arpa domain name pointer bbs.163.com.
[root@localhost named]# host 192.168.157.3
3.157.168.192.in-addr.arpa domain name pointer ns2.163.com.
[root@localhost named]# host 192.168.157.5
5.157.168.192.in-addr.arpa domain name pointer ns1.163.com
3、配置从DNS服务器
[root@localhost named]# vim /etc/named.conf
[root@localhost named]# cat /etc/named.conf
//
// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
options {
listen-on port 53 { 192.168.157.3; }; 从服务器的ip
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "163.com" IN {
type slave; 指定本机为从DNS角色
file "slaves/163.com.zone"; 指定从主DNS服务器收到从传过来文件备份到本地什么地方
masters { 192.168.157.5 ;}; 指定主DNS服务器的IP地址
};
zone "157.168.192.in-addr.arpa" IN {
type slave; 指定本机为从DNS角色
file "slaves/192.168.157.arpa"; 指定从主DNS服务器收到从传过来文件备份到本地什么地方
masters { 192.168.157.5 ;}; 指定主DNS服务器的IP地址
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
保存退出
【注意ip俩边有空格】
4、从服务器测试
在/var/named/slaves下的文件是空的
[root@localhost ~]# cd /var/named/slaves
[root@localhost slaves]# ls
[root@localhost ~]# service named restart
停止 named: [确定]
启动 named: [确定]
在从服务器查看有这些东西
[root@localhost ~]# ls /var/named/slaves
163.com.zone 192.168.157.arpa
[root@localhost ~]# cat /var/named/slaves/163.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
163.com IN SOA 163.com. admin.163.com. (
2019040101 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.163.com.
NS ns2.163.com.
MX 5 mail.163.com.
$ORIGIN 163.com.
* A 192.168.157.250
bbs A 192.168.157.66
ftp CNAME bbs
ns1 A 192.168.157.5
ns2 A 192.168.157.3
www A 192.168.157.55
A 192.168.157.56
A 192.168.157.57
[root@localhost ~]# cat /var/named/slaves/192.168.157.arpa
$ORIGIN .
$TTL 86400 ; 1 day
157.168.192.in-addr.arpa IN SOA 163.com. admin.163.com. (
2019040101 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.163.com.
NS ns2.163.com.
MX 5 mail.163.com.
$ORIGIN 157.168.192.in-addr.arpa.
3 PTR ns2.163.com.
5 PTR ns1.163.com.
55 PTR www.163.com.
66 PTR ftp.163.com.
PTR bbs.163.com.
总测试
主服务器ip192.168.157.5 测试
本地机ip4服务器设置成自己主虚拟机的ip192.168.157.5
还有禁掉其他的所有vm网 或者禁掉打开的vm网的服务器设置成手动获取,该为空的服务器ip
查看
打开本地机 按 “窗口键+r”进入符号界面,测试
从服务器测试ip192.168.157.3 修改本地服务器ip
禁用wmnet1的其他网段
查看
错误总结
[root@localhost named]# vi /etc/named.conf
zone "157.168.192.in-addr.arpa" IN {
type master;
file "192.168.157.arpa";
allow-transfer { 192.168.157.3; };
这个文件中ip错误,用named-checkconf /etc/named.conf检测不会报错
如果缺失单个字母有时也不会报错
实验补充:
1、vi编辑文件时,“;”后面写内容不起作用 ,中文输入法的符号会导致实验失败
2、做域名解析实验建议每做一次都进行检验,保证最后实验的进展
3、编辑文件用vim 出错会显示深红色
4.如果配置文件出错,修改完后需要重启named服务
5、最后进行DNS主从服务器测试必须关闭其他的本机的所有服务器
6、在反向解析中的配置文件中“ admin.163.com. ( ”这个部分的小数点缺了拼不同,
正向解析的这个部分的小数点缺了不会报错
7、有时在排除所有问题后实验还失败,可以重启下主机试试
- BENET3.0 Linux网络服务(S2)
- Linux网络服务——DNS全攻略
- Linux网络服务——DHCP全攻略
- Linux 第六周学习笔记(1) kickstart脚本 pxe网络安装服务
- 1 Linux网络配置和DHCP服务
- Linux 下使用 TCP 封装器来加强网络服务安全的技巧
- linux 网络服务的命令
- Linux 启动、关闭、重启网络服务
- linux 网络服务实验
- linux下重启网络服务
- LINUX网络服务 DHCP服务
- Linux企业级项目实践之网络爬虫(22)——编写爬虫系统服务控制脚本
- linux下网络文件系统NFS服务的搭建
- Linux网络服务-搭建DHCP服务器
- Linux---ubuntu重启网络服务
- Linux基础知识---6、网络服务基础
- Linux网络服务基础
- Linux NIS(网络信息服务)配置
- Linux学习第七单元-访问网络文件共享服务