RHEL5_DNS服务器配置详解.docx

RHEL5 DNS服务器配置详解RHEL5 DNS服务器配置详解DNS主机的设置前准备Master - 02 - (FQDN)Slave - 05 - (FQDN)客户端测试 - 08 - abc注意：DNS主机的IP地址必须为静态IP更改主机名（FQDN）：Master:Hostname 在 /etc/hosts配置文件中增加1921681102 在 /etc/sysconfig/network 配置文中增加02=Slave:Hostname 在 /etc/hosts配置文件中增加1921681105 在 /etc/sysconfig/network 配置文中增加02=架设DNS所需要的软件：bind-utils-9.3.3-7.el5 = 客户端搜索主机名称的相关指令 bind-9.3.3-7.el5 =DNS服务器主程序bind-chroot-9.3.3-7.el5 =bind主程序笼环境bind-libs-9.3.3-7.el5 = DNS库文件caching-nameserver-9.3.3-7.el5.i386.rpm = 配置文件模板设置DNS 配置文件：Master 设置RHEL5中的DNS配置文件分为options和Zone二部份OPTIONSVi /etc/named.caching-nameserver/ /为注释/ named.caching-nameserver.conf/ Provided by Red Hat caching-nameserver package to configure the/ ISC BIND named(8) DNS server as a caching only nameserver / (as a localhost DNS resolver only). / See /usr/share/doc/bind*/sample/ for example named configuration files./ DO NOT EDIT THIS FILE - use system-config-bind or an editor/ to create named.conf - edits to this file will be lost on / caching-nameserver package upgrade./options /listen-on port 53 ; ;/listen-on-v6 port 53 :1; ;directory /var/named; /Zone File 放置的目录dump-file /var/named/data/cache_dump.db; /缓存文件存放区 statistics-file /var/named/data/named_stats.txt; /DNS统计数据存放点 memstatistics-file /var/named/data/named_mem_stats.txt;query-source port 53;/源端口/query-source-v6 port 53;allow-query any; ; /是否允许客户端的查询（此处为允许任何客户端查询）;logging channel default_debug file data/named.run; severity dynamic; ;view localhost_resolver /match-clients localhost; ; match-destinations localhost; ;recursion yes;include /etc/named.rfc1912.zones;Zone配置Vi /etc/named.rfc1912/ named.rfc1912.zones:/ Provided by Red Hat caching-nameserver package / ISC BIND named zone configuration for zones recommended by/ RFC 1912 section 4.1 : localhost TLDs and address zones/ / See /usr/share/doc/bind*/sample/ for example named configuration files./zone . IN type hint;file named.ca; /根域部份（不用修改）;zone IN type master;file ; / 正解文件allow-update none; ;allow-transfer 05; ; / 正解部份;zone 1.168.192. IN type master;file named.192.168.1; / 反解文件allow-update none; ;allow-transfer 05; ; / 反解部份; 正解部份配置vi /var/named/chroot/var/named/$TTL 600INSOA. root.linux (2008081501 ；Serial: 更新序列号28800 ；Refresh Slave:服务器更新时间14400 ；Retry:当Slave主机更新失败，多久再重新更新一次720000 ；Expire:重复Retry多久后就宣告失败，不再更新86400 ) ；Minimum:可视为TTL，尤其是您没有设置$TTL时INNS. / Master DNS 主机名INNS. /Slave DNS 主机名linuxINA02 / Master DNS 主机名正向解析slaveINA05 / Slave DNS 主机名正向解析 反解部份配置vi /var/named/chroot/var/named/named.192.168.1$TTL 600 IN SOA . root.linux ( 2008081501 28800 14400 720000 86400 ) IN NS . IN NS .102 IN PTR . / Master DNS 主机名反向解析105 IN PTR . / Slave DNS 主机名反向解析最后修改/etc/resolv.conf，增加以下内容：Nameserver 02Nameserver 05到此Master 的设置已完成Slave 配置基本上Slave DNS 的配置文件 与Master DNS 一模一样，唯一不同的地方在于Zone的类型（TYPE）不同zone IN type slave; /此处改为Slave;file ;masters 02; ; /更新DNS用到，注意masters中多了一个S;zone 1.168.192. IN type slave; /此处改为Slave;file named.192.168.1;masters 02; ; /更新DNS用到，注意masters中多了一个Sallow-update none; ;最后修改/etc/resolv.conf，增加以下内容：Nameserver 02Nameserver 05Slave 配置完成客户端测试：客户端作如下修改：修改/etc/resolv.conf，增加以下内容：Nameserver 02Nameserver 05测试Nslookup 02Nslookup 05Nslookup 是否解析成功；Linux下的dns named.conf改变 named.caching-nameserver.conf 和 named.rfc1912.zones默认分类 2009-07-28 17:41:06 阅读181 评论0 字号：大中小订阅 1. 在系统安装过程中，将DNS服务选项选中，系统中将会安装好Bind安装包。-2. 系统安装完成后，用：rpm qa | grep bind 命令检验Bind的安装情况，正常情况下会有如下安装包：ypbind-1.19-8.el5bind-9.3.4-6.P1.el5bind-chroot-9.3.4-6.P1.el5bind-libs-9.3.4-6.P1.el5bind-utils-9.3.4-6.P1.el5-3. 看到如上安装包时，named服务是不会运行的，此时还要安装caching-nameserver-9.3.3-7.el5.i386.rpm (安装文件在附件中)安装方法：#yum install caching-nameserver-9.3.4-6.P1.el5.i386.rpm 提示安装完成后，查看，正常情况会有如下安装包：# rpm -qa | grep cachingcaching-nameserver-9.3.4-6.P1.el5安装成功-4. 启动named 服务：#service named start-5. 查看系统进程：# ps -aux | grep namedWarning: bad syntax, perhaps a bogus -? See /usr/share/doc/procps-3.2.7/FAQnamed 11615 0.5 0.3 38316 2980 ? Ssl 16:48 0:00 /usr/sbin/named -u named -c /etc/named.caching-nameserver.conf -t /var/named/chrootroot 11625 0.0 0.0 3928 668 pts/2 R+ 16:49 0:00 grep named-6. named 启动成功后，在/etc/目录下 named.caching-nameserver.conf 和 named.rfc1912.zones 两个文件（这两个为链接文件，链接目的地址这/var/named/chroot/etc）（修改红色部分）#vi /var/named/chroot/etc/named.caching-nameserver.conf/ named.caching-nameserver.conf/ Provided by Red Hat caching-nameserver package to configure the/ ISC BIND named(8) DNS server as a caching only nameserver / (as a localhost DNS resolver only). / See /usr/share/doc/bind*/sample/ for example named configuration files./ DO NOT EDIT THIS FILE - use system-config-bind or an editor/ to create named.conf - edits to this file will be lost on / caching-nameserver package upgrade./options listen-on port 53 any; ;listen-on-v6 port 53 :1; ;directory /var/named;dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt;query-source port 53;query-source-v6 port 53;allow-query any; ;logging channel default_debug file data/named.run; severity dynamic; ;view localhost_resolver match-clients localhost; ;match-destinations localhost; ;recursion yes;include /etc/named.rfc1912.zones;vi /var/named/chroot/etc/named.rfc1912.zones / named.rfc1912.zones:/ Provided by Red Hat caching-nameserver package / ISC BIND named zone configuration for zones recommended by/ RFC 1912 section 4.1 : localhost TLDs and address zones/ / See /usr/share/doc/bind*/sample/ for example named configuration files./zone . IN type hint;file named.ca;zone localdomain IN type master;file localdomain.zone;allow-update none; ;zone localhost IN type master;file localhost.zone;allow-update none; ;zone 0.0.127. IN type master;file named.local;allow-update none; ;zone .......0.0.0. IN type master;file named.ip6.local;allow-update none; ;zone 255. IN type master;file named.broadcast;allow-update none; ;zone 0. IN type master;file named.zero;allow-update none; ;zone IN type master; file -sec; allow-update none;zone 152.241.218. IN type master; file 218.241.152; allow-update none;-7. 将附件中的 -sec 和 218.241.152 文件考贝到/var/named目录下，根据实际域名和IP，分别编辑两个文件，重新启动named 服务即可。配置文件仅供参考，要根据实际情况编辑：I-sec 文件如下所示：（红色标记为根据实际情况修改部分）$TTL 86400 IN SOA . . ( 42; serial (d.adams) 3H; refresh 15M; retry 1W; expiry 1D); minimumdns. IN NS . IN NS .dns. IN A 16218.241.152文件如下所示：$ORIGIN 152.241.218.. IN SOA . . ( 2008040801 86400 10800 604800 86400 ) IN NS . IN NS .116 IN PTR . ( 注：116是本机IP的最后一段，如IP为，那么此处就为“4” )-8. 重启named服务后，即可正常运行# service named restart-9. 测试#nslookup server 16Default server: 16Address: 16#53 Server: 16Address: 16#53 出现对方域名为解析成功=以下配置slave服务器：#vi /var/named/chroot/etc/named.rfc1912.zones zone IN type slave; file -2007; masters ; ; /*，为主服务器*/;以下是把改变的named.caching-nameserver.conf 和 named.rfc1912.zones 两个文件合并成named.conf的方法很多朋友学习在Linux上配置DNS服务器的时候，都是参考的在RHEL4或Fedora Core5之前平台上的资料。在Fedora 7上，很多东西发生了变化。本文简单介绍一下应对的方法。软件列表bind-libs-9.4.0-6.fc7bind-chroot-9.4.0-6.fc7bind-utils-9.4.0-6.fc7bind-9.4.0-6.fc7 caching-nameserver-9.4.0-6.fc7如果您升级过系统，则软件的版本会略有不同。其中的bind-chroot可以增加DNS服务器的安全，不安装也能工作。Fedora 7上的bind软件和原来的结构有所不同，没有了以前的/etc/named.conf和 /var/named/chroot/etc/named.conf(前者是后者的符号链接)，导致很多朋友一时不知道该如何配置DNS服务器了，经过简 单研究，笔者终结出了DNS服务器的配置方法。在/var/named/chroot/etc下执行cat named.caching-nameserver.conf named.rfc1912.zones named.confrm named.caching-nameserver.conf named.rfc1912.zones named.confrootmaluyao ln -s /var/named/chroot/etc/named.conf /etc/named.conf上面的步骤是合并named.caching-nameserver.conf named.rfc1912.zones合并到一个文件(/var/named/chrrot/etc/named.conf)中，然后将其删除。实际操 作的时候，最好不要删除，而是将这俩个文件移动到其他位置备份。并且为了方便起见，在/etc下作了一个符号链接。修改named.conf文件，将其中的view localhost_resolver match-clients localhost; ;match-destinations localhost; ;recursion yes;和include /etc/named.rfc1912.zones;行注释或删除。Fedora 7中，默认仅仅在回环地址 和 :1(IPV6的回环地址)上打开53端口，如果希望在所有地址上都打开53端口，则应该修改named.conf 中listen-on port 53 ; ;listen-on-v6 port 53 :1; ;为listen-on port 53 any; ;listen-on-v6 port 53 any; ;Fedora 7 中的DNS服务器默认只允许这个客户端(即本机)发起查询，一般我们需要允许所有人查询，这要修改name.conf中的:allow-query localhost; ;为allow-query any; ;重新启动BIND后，用下列命令:rootmaluyao #netstat -nlu|grep 53rootmaluyao #netstat -A inet6 |grep 53即可看到53端口已经在所有地址上监听了。DNS服务器同时打开tcp和udp的53端口，上述命令只查看udp。如果不需要在ipv6地址上监听53端口，则可将listen-on-v6行注释。现在，bind服务的配置方法就和RHEL4或Fedora Core 5类似了。Fedora 7 中的默认设置有自己的道理，我们注释或删除的那些东西，希望读者也能知道其含义。但本文就不做介绍了。本节中将介绍下如何构建一个本地的服务器，可以用来解析公网域名以及基本的正,反向区域的基本配置，这个之前也整理过，但总觉得好多地方都不够完善，毕竟这是最基础的网络服务，希望能在此有所补漏拾遗吧 一：安装DNS服务器，实现基本的公网解析 rootserver1 # yum grouplist |grep DNS /使用包组方式安装DNS软件包 This system is not registered with RHN. RHN support will be disabled. DNS Name server rootserver1 # yum -y groupinstall DNS Name server1 Running Transaction Installing : bind /DNS主程序软件包 Installing : bind-chroot /chroot软件包，安装上该软件包后DNS服务器的工作目录会自动切换为/var/named/chroot rootserver1 named# cat /etc/sysconfig/named |grep chroot |grep -v # ROOTDIR=/var/named/chroot rootserver1 # yum -y install caching-nameserver1 /缓存DNS服务器软件包，主要包含了一些配置文件 rootserver1 # cd /var/named/chroot/etc/ rootserver1 etc# cp named.caching-nameserver1.conf named.conf /将其复制为namd.conf，该文件即为DNS服务器主配置文件 rootserver1 etc# ln -s /var/named/chroot/etc/named.conf /etc/ /将其软链接到/etc目录下 rootserver1 etc# grep -v / named.conf |grep -v / /修改配置文件如下 options listen-on port 53 54; ; /表示DNS服务器只监听在54这个网络接口上 directory /var/named; /DNS服务器工作目录，这里可不能写chroot下的目录哦 dump-file /var/named/data/cache_dump.db; /以下三行其实不重要，主要是定义一些缓存和静态文件的位置，可删除 statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; allow-query any; ; /运行任何网段的IP进行查询，any是内置的访问对象，也可以指定具体的网段，可参考man ; include /etc/named.rfc1912.zones; /include包含named.rfc1912.zones文件 rootserver1 etc# head -20 named.rfc1912.zones |grep -v / /该文件主要定义根域，localhost等的信息 zone . IN type hint; file named.ca; ; zone localdomain IN type master; file localdomain.zone; allow-update none; ; ; rootserver1 etc# chown d named.conf /这步比较重要，DNS服务器默认是以named用户来启动的，若权限不对，启动服务将会出错 rootserver1 etc# ping -c 2 /测试网络连通性 PING (04) 56(84) bytes of data. 64 bytes from (04): icmp_seq=1 ttl=237 time=99.9 ms 64 bytes from (04): icmp_seq=2 ttl=237 time=98.6 ms rootserver1 etc# service named start /试启动服务 Starting named: OK rootserver1 # tail -f /var/log/messages /监控日志 Mar 14 04:35:11 server1 named8436: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5 -u named -t /var/named/chroot Mar 14 04:35:11 server1 named8436: adjusted limit on open files from 1024 to 1048576 Mar 14 04:35:11 server1 named8436: found 2 CPUs, using 2 worker threads Mar 14 04:35:11 server1 named8436: using up to 4096 sockets Mar 14 04:35:11 server1 named8436: loading configuration from /etc/named.conf /载入配置文件 Mar 14 04:35:12 server1 named8436: using default UDP/IPv4 port range: 1024, 65535 Mar 14 04:35:12 server1 named8436: using default UDP/IPv6 port range: 1024, 65535 Mar 14 04:35:12 server1 named8436: listening on IPv4 interface eth1, 54#53 /监听IPV4，eth1上的53端口 Mar 14 04:35:12 server1 named8436: command channel listening on #953 /IPV4的本地回环接口的953端口，953主要用于rndc Mar 14 04:35:12 server1 named8436: command channel listening on :1#953 /同上，IPV6 Mar 14 04:35:12 server1 named8436: zone 0./IN: loaded serial 42 Mar 14 04:35:12 server1 named8436: zone 0.0.127./IN: loaded serial 1997022700 Mar 14 04:35:12 server1 named8436: zone 255./IN: loaded serial 42 Mar 14 04:35:12 server1 named8436: zone ......0. .0.0./IN: loaded serial 1997022700 Mar 14 04:35:12 server1 named8436: zone localdomain/IN: loaded serial 42 Mar 14 04:35:12 server1 named8436: zone localhost/IN: loaded serial 42 Mar 14 04:35:12 server1 named8436: running /正常运行 rootserver1 etc# dig 54 /测试，后面的54表示将DNS查询交给54 ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 54 ; global options: printcmd ; Got answer: ; -HEADER- opcode: QUERY, status: NOERROR, id: 45157 ; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0 ; QUESTION SECTION: ;. IN A ; ANSWER SECTION: . 300 IN A 9 . 300 IN A 04 ; AUTHORITY SECTION: . 21600 IN NS . . 21600 IN NS . . 21600 IN NS . . 21600 IN NS . . 21600 IN NS . ; Query time: 966 msec ; server1: 54#53(54) ; WHEN: Sun Mar 14 04:36:20 2010 ; MSG SIZE rcvd: 165 二：配置自己的正向和反向区域 rootserver1 etc# tail -13 named.conf /在主配置文件中添加正，反向区域 include /etc/named.rfc1912.zones; zone 666.com IN type master; file 666.zone; allow-update none; ; zone 100.168.192. IN type master; file 192.168.100.zone; allow-update none; ; rootserver1 etc# cd ./var/named/ /编辑正，反向区域的区域文件 rootser