来源:http://blog.51cto.com/leegh/1542352
1.1操作系统的版本信息
# uname -a
Linux localhost.localdomain3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64GNU/Linux
# cat/etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
1.2.BIND包的安装
# yum -y install bindbind-utils bind-chroot //yum 安装
# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
# rpm -qcbind-chroot
/var/named/chroot/etc/named.conf
1.3.配置BIND
#cd /etc
#cp named.conf named.conf.origin //备份原配置文件
# vi /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
//allow-query { localhost; };
allow-query { any; };
//dnssec-enable yes;
dnssec-enable no;
//dnssec-validation yes;
dnssec-validation no;
添加
forwarders {202.102.224.68; 202.102.227.68;}; //转发器
allow-transfer { 192.168.188.11; 192.168.188.12; }; //限制这个被盗DNS上的所有信息
#systemctl start named.service // 启动服务
# rndcstatus
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 2/0/1000
tcp clients: 0/100
server is up and running
1.4.对DNS基本功能进行检查
# nslookup
> server 192.168.188.11 切换到本机
Default server: 192.168.188.11
Address: 192.168.188.11#53
> www.g.cn.
Server: 192.168.188.11
Address: 192.168.188.11#53
Non-authoritative answer:
Name: www.g.cn
Address: 203.208.46.179
Name: www.g.cn
Address: 203.208.46.177
Name: www.g.cn
Address: 203.208.46.180
Name: www.g.cn
Address: 203.208.46.176
Name: www.g.cn
Address: 203.208.46.178
> exit
1.5. 添加自定义Zone
# vi/etc/named.conf
添加如下zone信息
zone "lee.local" IN {
typemaster;
file"lee.local.zone";
};
zone "188.168.192.in-addr.arpa" IN {
typemaster;
file"192.168.188.zone";
};
zone "189.168.192.in-addr.arpa" IN {
typemaster;
file"192.168.189.zone";
};
# cd/var/named/
# vi lee.local.zone
$TTL 3H
@ IN SOA dns1.lee.local. ligh126.gmail.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1.lee.local.
IN NS dns2.lee.local.
dns1 IN A 192.168.188.11
dns2 IN A 192.168.188.12
ftp IN A 192.168.188.11
mailsrv1 IN A 192.168.188.22
smtp IN CNAME mailsrv1.lee.local.
pop3 IN CNAME mailsrv1.lee.local.
www IN A 192.168.188.11
crm IN A 192.168.188.11
# vi192.168.188.zone
$TTL 3H
@ IN SOA dns1.lee.local. ligh126.gmail.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1.lee.local.
IN NS dns2.lee.local.
11 IN PTR dns1.lee.local.
11 IN PTR ftp.lee.local.
12 IN PTR dns2.lee.local.
12 IN PTR mailsrv1.lee.local.
# vi192.168.189.zone
$TTL 3H
@ IN SOA dns1.lee.local. ligh126.gmail.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns1.lee.local.
IN NS dns2.lee.local.
1.6.启动服务
# systemctl restart named.service
查看日志,检查是否有报错信息。(建议在启动时,就在另外一个会话时就打开)
# tail -f/var/log/messages
# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
1.7.设置为自动启动
# systemctl enable named
# systemctl status named
named.service - Berkeley Internet NameDomain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Tue2014-08-12 10:11:26 CST; 4min 9s ago
MainPID: 5513 (named)
CGroup: /system.slice/named.service
5513 /usr/sbin/named -u named
named[5513]: zone localhost/IN: loadedserial 0
named[5513]: zone188.168.192.in-addr.arpa/IN: loaded serial 0
named[5513]: zone lee.local/IN: loadedserial 0
named[5513]: zone localhost.localdomain/IN:loaded serial 0
named[5513]: all zones loaded
named[5513]: running
systemd[1]: Started Berkeley Internet NameDomain (DNS).
named[5513]: zone lee.local/IN:sending notifies (serial 0)
named[5513]: zone188.168.192.in-addr.arpa/IN: sending notifies (serial 0)
named[5513]: zone189.168.192.in-addr.arpa/IN: sending notifies (serial 0)
1.8. 测试
# nslookup
> server192.168.188.11
Default server: 192.168.188.11
Address: 192.168.188.11#53
>www.lee.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: www.lee.local
Address: 192.168.188.11
>smtp.lee.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
smtp.lee.local canonical name = mailsrv1.lee.local.
Name: mailsrv1.lee.local
Address: 192.168.188.22
>192.168.188.11
Server: 192.168.188.11
Address: 192.168.188.11#53
11.188.168.192.in-addr.arpa name = ftp.lee.local.
11.188.168.192.in-addr.arpa name = dns1.lee.local.
> exit
在Windows服务器上测试,尝试列出zone数据
> ls -d lee.local
`192`.`168`.`188`.`11`
*** 无法列出域 lee.local: Query refused
DNS 服务器拒绝将区域 lee.local 传送到您的计算机。如果这不正确
请检查 IP 地址 192.168.188.11 的 DNS 服务器上 lee.local 的
区域传送安全设置。
2.辅助的DNS配置
2.1安装BIND
与主DNS配安装一样,进行备份和简单配置。
操作略。
2.2对DNS基本功能进行检查
和主的DNS操作相同,此处略。
2.3 添加辅助Zone
# vi/etc/named.conf
添加如下zone信息
zone "lee.local" IN {
typeslave;
masters {192.168.188.11; };
file"lee.local.zone";
};
zone "188.168.192.in-addr.arpa" IN {
typeslave;
masters {192.168.188.11; };
file"192.168.188.zone";
};
zone "189.168.192.in-addr.arpa" IN {
typeslave;
masters {192.168.188.11; };
file"192.168.189.zone";
};
2.4 修改目录权限
# ll /var/named/ -d
drwxr-x--- 6 root named 133 Aug 11 14:06/var/named/
# chmod g+w /var/named/
# ll /var/named/ -d
drwxrwx--- 6 root named 133 Aug 11 14:06/var/named/
2.5 启动服务
# systemctl start named.service
Redirecting to /bin/systemctl restart named.service
2.6 设置为自动启动
# systemctl enable named
ln -s '/usr/lib/systemd/system/named.service''/etc/systemd/system/multi-user.target.wants/named.service'
查看日志,检查是否有报错信息。(建议在启动时,就在另外一个会话时就打开)
# tail -f /var/log/messages
2.7 测试BIND
在辅助DNS上生成了相应的zone文件
[root@dns2~]# ll /var/named/
total 28
-rw-r--r-- 1 named named 451 Aug 11 14:58 192.168.188.zone
-rw-r--r-- 1 named named 254 Aug 11 15:05 192.168.189.zone
-rw-r--r-- 1 named named 647 Aug 11 15:12 lee.local.zone
drwxr-x--- 7 root named 56 Aug 11 14:06 chroot
drwxrwx--- 2 named named 22 Aug 11 14:19 data
drwxrwx--- 2 named named 58 Aug 11 16:20 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Jun 10 16:13 slaves
[root@DNS1~]# vi /var/named/lee.local.zone
添加一个A记录
test IN A10.0.0.1
并且将,zone的序列号增大
[root@DNS1~]# rndc reload
server reload successful
在主DNS的日志中会看到
zone lee.local/IN: sending notifies rial 11)
client 192.168.188.12#41658 (lee.loc: transfer of 'lee.local/IN': AXFR-style IXFR started
client 192.168.188.12#41658 (lee.loc: transfer of 'lee.local/IN': AXFR-style IXFR ended
在辅助DNS的日志中会看到
client 192.168.188.11#33856: received notify for zone 'lee.local'
zone lee.local/IN: Transfer started.
transfer of 'lee.local/IN' from 192.168.188.11#53: connected using 192.168.188.12#41658
zone lee.local/IN: transferred serial 11
transfer of 'lee.local/IN' from 192.168.188.11#53: Transfer completed: 1 messages, 13 records, 339 bytes, 0.005 secs (67800 bytes/sec)
zone lee.local/IN: sending notifies (serial 11)
# nslookup
> server 192.168.188.12
Default server: 192.168.188.12
Address: 192.168.188.12#53
>test.lee.local.
Server: 192.168.188.12
Address: 192.168.188.12#53
Name: test.lee.local
Address: 10.0.0.1
> exit
3.总结
DNS在服务器端很重要的,要配置好DNS服务器需要了解其工作的原理,当然遇到问题的时候要多看看日志。这样有助于更快的找到错误。
至此本次试验完成了。
