2008-02-25 13:26:52| 分类: Linux&&Windows |字号 订阅
如何使用Red Hat Enterprise Linux 4.2操作系统和Bind-9.2.4-2来制作Master DNS + Slave DNS服务器,不作named作用的详细介绍,如果想了解更多关于named的内容可以参考鳥哥的 Linux 私房菜网站中 “简易DNS 服务器设定”文章!特别说明一下:小弟Linux水平有限所以会存在错误的地方请大家加以指导,以方便及时改正错误和完善本文章的内容,多谢!(注以下的操作请使用root用户来操作)
Step0、实现环境:
网络域名:easy.com
主DNS主机名称:ldap.easy.com
主机IP地址:192.168.1.254
从DNS主机名称:mail.easy.com
主机IP地址:192.168.1.253
操作系统:RedHat Enterprise Server 4.2中文版
Step1、主、从DNS服务器所需要的软件:
bind-9.2.4-2.i386.rpm
bind-chroot-9.2.4-2.i386.rpm
bind-devel-9.2.4-2.i386.rpm
Step2、分别在主、从服务器主机安装软件的过程:
# rpm -ivh bind-9.2.4-2.i386.rpm
warning: bind-9.2.4-2.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ##################################### [100%]
1:bind #################################### [100%]
# rpm -ivh bind-chroot-9.2.4-2.i386.rpm
warning: bind-chroot-9.2.4-2.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ##################################### [100%]
1:bind-chroot #################################### [100%]
# rpm -ivh bind-devel-9.2.4-2.i386.rpm
warning: bind-devel-9.2.4-2.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... #################################### [100%]
1:bind-devel #################################### [100%]
Step3、修改主DNS服务器/var/named/chroot/etc/named.conf文件,添加以下内容(注意修改/etc/目录下的named.conf也可以,因为是一个连接文件):
正解内容:
zone "easy.com" {
type master;
file "/var/named/easy.com.hosts";
};
反解内容:
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/named/192.168.1.rev";
};
Step4、在主DNS服务器/var/named/chroot/var/named/目录建立正解easy.com.hosts文件:
$ttl 38400
@ IN SOA @ root. easy.com. (
2005112401 ; Serial
10800
3600
604800
38400 )
@ IN MX 10 mail.easy.com
@ IN NS ldap.easy.com.
@ IN NS mail.easy.com.
@ IN A 192.168.1.254
@ IN A 192.168.1.253
ldap.easy.com. IN A 192.168.1.254
mail.easy.com. IN A 192.168.1.253
Step5、在主DNS服务器/var/named/chroot/var/named/目录建立反解192.168.1.rev文件:
$ttl 38400
@ IN SOA @ root. easy.com. (
2005112401 ; Serial
10800
3600
604800
38400 )
@ IN NS ldap.easy.com.
@ IN NS mail.easy.com.
253.1.168.192.in-addr.arpa. IN PTR easy.com.
254.1.168.192.in-addr.arpa. IN PTR easy.com.
253.1.168.192.in-addr.arpa. IN PTR mail.easy.com.
254.1.168.192.in-addr.arpa. IN PTR ldap.easy.com.
------------------------------------------------------------------------------------------
特别说明: Serial数值是随着easy.com.hosts和192.168.1.rev 两个文件发生
变化时,Serial数值也要发生变化。Serial数值同是master及slave是否同步有
关!一般而言,如果这个数值变大了,slave 才会同步更新!
------------------------------------------------------------------------------------------
Step6、修改主DNS服务器的/etc/resolv.conf文件:
search easy.com
nameserver 192.168.1.254
nameserver 192.168.1.253
Step7、修改主DNS服务器的/var/named/chroot/var/named/localhost.zone文件:
修改后内容如下:
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
Step8、修改主DNS服务器的/var/named/chroot/var/named/named.local文件:
修改后内容如下:
$TTL 86400
@ IN SOA localhost. root.localhost. (
2005112401 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
Step9、修改主DNS服务器的/var/named/chroot/var/named/named.zero文件:
修改后内容如下:
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS localhost
开始启动主named服务器:
# service named start (启动named服务器)
启动 named: [ 确定 ]
Step10、修改从DNS服务器/var/named/chroot/etc/named.conf文件,添加以下内容(注意修改/etc/目录下的named.conf也可以,因为是一个连接文件):
正解内容:
zone "easy.com" {
type slave;
masters{192.168.1.254;};
file "/var/named/easy.com.hosts";
};
反解内容:
zone "1.168.192.in-addr.arpa" {
type slave;
masters{192.168.1.254;};
file "/var/named/192.168.1.rev";
};
Step11、修改从DNS服务器的/etc/resolv.conf文件:
search easy.com
nameserver 192.168.1.254
nameserver 192.168.1.253
Step12、复制主DNS主机文件到从DNS服务器内(注意:复制文件的路径要跟主DNS主机的一样):
localhost.zone (存放的路径/var/named/chroot/var/named/)
named.local (存放的路径/var/named/chroot/var/named/)
named.zero (存放的路径/var/named/chroot/var/named/)
Step13、因为RHEL 4.0系统使用CHROOT制作,所以需要使用以下的命令,使用管理员有写入的权限:
# chmod g+w /var/named/chroot/var/named
开始启动从named服务器:
# service named start (启动named服务器)
启动 named: [ 确定 ]
Step14、对主、从DNS服务器进行测试:
使用nslookup命令来测试DNS服务器:
# nslookup
> easy.com (输入要解释的域名:easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: easy.com
Address: 192.168.1.253
Name: easy.com
Address: 192.168.1.254
> mail.easy.com (输入要查询的域名主机名:mail.easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: mail.easy.com
Address: 192.168.1.253
> ldap.easy.com (输入要查询的域名主机名:ldap.easy.com)
Server: 192.168.1.254
Address: 192.168.1.254#53
Name: ldap.easy.com
Address: 192.168.1.254
停止主DNS的服务项目工作,来测试从DNS服务器的工作情况:
# service named stop
停止 named: [ 确定 ]
# nslookup
> easy.com (输入要解释的域名:easy.com)
Server: 192.168.1.253
Address: 192.168.1.253#53
Name: easy.com
Address: 192.168.1.253
Name: easy.com
Address: 192.168.1.254
> mail.easy.com (输入要查询的域名主机名:mail.easy.com)
Server: 192.168.1.253
Address: 192.168.1.253#53
Name: mail.easy.com
Address: 192.168.1.253
> ldap.easy.com (输入要查询的域名主机名:ldap.easy.com)
Server: 192.168.1.253
Address: 192.168.1.253#53
Name: ldap.easy.com
Address: 192.168.1.254
检查主、从DNS服务器运行是否同步:
在主DNS服务器/var/named/chroot/var/named/easy.com.hosts文件新增
一个正解主机记录内容:
router.easy.com. IN A 192.168.1.252
在主DNS服务器/var/named/chroot/var/named/192.168.1.rev文件新增
一个反解主机记录内容:
252.1.168.192.in-addr.arpa. IN PTR router.easy.com.
检查从DNS服务器的日志记录,以便分析主、从DNS同步的情况:
# tail -n 15 /var/log/messages
Nov 25 18:28:24 mail named[3225]: zone localdomain/IN: loaded serial 42
Nov 25 18:28:24 mail named[3225]: zone localhost/IN: has no NS records
Nov 25 18:28:24 mail named[3225]: running
Nov 25 18:28:25 mail named[3225]: zone easy.com/IN: transferred serial 2005112402
Nov 25 18:28:25 mail named[3225]: transfer of 'easy.com/IN' from 192.168.1.254#53: end of transfer
Nov 25 18:28:25 mail named[3225]: zone easy.com/IN: sending notifies (serial 2005112402)
Nov 25 18:28:25 mail named[3225]: received notify for zone 'easy.com'
Nov 25 18:28:25 mail named[3225]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2005112402
Nov 25 18:28:25 mail named[3225]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.254#53: end of transfer
Nov 25 18:28:25 mail named[3225]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2005112402)
Nov 25 18:28:26 mail named[3225]: received notify for zone '1.168.192.in-addr.arpa'
Nov 25 18:28:30 mail named[3225]: received notify for zone 'easy.com'
Nov 25 18:28:30 mail named[3225]: received notify for zone '1.168.192.in-addr.arpa'
Nov 25 18:28:50 mail htt_server[2164]: Client shut down the connection owned by im_id(1).
如果出现以上的日志信息,那就要恭喜您了,您本次配置的主、从DNS服务器就算完成了
************************************************************
Mar 28 16:20:19 localhost named[19698]: client 218.7.120.95#32772: request has invalid signature: tsig ver
原因是主辅DNS时间不同步。解决方案:
1) 时间改成一样的。
2) 执行touch /
3) 重新启动ACA
3) 到主dns上,运行/usr/prima/sbin/syncDNS -a使得辅DNS被同步。
******************************************************************
---- 在BIND 8.2.2以后的版本中主要使用allow-update和update-policy语句来实现和控制动态更新。
---- allow-update的语法是:
---- allow-update { “acl-name”;} ;或 allow-update { ip_addr;} ;
---- update-policy用来定义简单的安全策略。由于在使用动态更新时,会带来一些安全问题,所以建议使用安全策略来控制动态更新。语法如下:
---- update-policy {(grant/deny) identity nametype name [type]; };
---- 每一个动态更新请求如果成功的匹配规则。那么动态更新被允许或禁止。接着,配置区文件中的静态项。需要注意的是区文件是要被动态更新的,所以文件权限必须是被named可写的。
**************************************************************************
联系客服
