首页 > 代码库 > DNS服务器的配置与应用
DNS服务器的配置与应用
DNS即域名系统,它帮助用户在互联网上寻找资源提供有效的路径。
##网卡设置项: #cat
/etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0c:29:66:26:67
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.0.10
TYPE=Ethernet
##由上可以看出是使用的静态IP:192.168.0.10。上述几项含义如下:
》DEVICE=name ,其中,name是物理设备名。
》IPADDR=addr,其中,addr是IP地址。
》NETMASK=mask,其中,mask是网络掩码值。
》BROADCAST=addr,其中,addr是广播地址。
》GATEWAY=addr,其中addr是网关地址。
》ONBOOT=answer,其中,answer是yes(引导时激活设备)或no(引导时不激活设备)
》USERCTL=answer,其中,answer是yes(非root用户能控制该设备)或no
》BOOTPROTO=proto,其中,proto取下列值之一:none,引导时不使用协议;static静态分配地址;bootp,使用BOOTP协议,或dhcp,使用DHCP协议。
一.DNS 服务的信息说明:
A:正向记录
PTR:反向,ip到域名
host -l example.com:查看域中的所有主机
dig -t soa example.com:辅助dns
软件包 : Bind bind-chroot caching-nameserver
DNS 主配置目录 :/var/named/chroot/
DNS 主配置文件 :/var/named/chroot/etc/named.conf
DNS A 记录存放目录: /var/named/chroot/var/named
二. 如何配置dns 正向解析:
1.cp -p /var/named/chroot/etc/named.caching-nameserver.conf /var/
named/chroot/etc/named.conf # 用模板生成dns 配置
文件
2. vi /var/named/chroot/etc/named.conf # 编辑配置文件
配置文件中要修改的内容如下:
在options中参数修改如下: # 全局设定
listen-on port 53 { localhost; }; # 监听本地53 端口
// listen-on-v6 port 53 { ::1; }; # 关闭ipv6 选项
allow-query { localnets; }; # 允许与本地直连的网络使用
dns
allow-query-cache { localnets; };
在view中的参数修改如下: # 局域生效
match-clients { localnets; }; # 允许与本地直连的网络使用
dns
match-destinations { localnets; };
3.vi /var/named/chroot/etc/named.rfc1912.zones
加入内容如下:
zone "example.com" IN { # 指定要维护的域名
type master;
file "example.com.zone"; # 指定A 记录文件名
allow-update { none; };
};
4.编写A记录文件:
cd /var/named/chroot/var/named/
cp -p localhost.zone example.com.zone #
A记录文件内容如下:
dns 服务器主机名
$TTL 86400 ||
@ IN SOA station62.example.com root.exampel.com (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station62.example.com # 指定dns 主机
IN A 192.168.0.62 # 指定dns 主机的ip
station62 IN A 192.168.0.62 # 指定dns 服务器的A 记录
www IN A 192.168.1.62 # 要添加的A 记录
vim named.rfc1912.zones
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};
cd /var/named/chroot/var/named/
cp -p localhost.zone example.com.zone
cp -p named.local example.com.local
定义正向解析数据库文件:
vi example.com.zone
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station41.example.com.
IN A 192.168.0.41
station41 IN A 192.168.0.41
www IN A 192.168.0.41
www IN A 192.168.0.42
www IN A 192.168.0.43
bbs IN CNAME www
* IN A 192.168.0.41
定义反向解析数据库
vim example.com.local
zone "0.168.192.in-addr.arpa" IN { //反向解析
type master;
file "example.com.local";
allow-update { none; };
};
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS station41.example.com.
41 IN PTR example.com.
41 IN PTR station41.example.com.
/etc/init.d/named restart
acl的使用:
acl example { 192.168.0.0/24; } ;
options {
listen-on port 53 { example; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
blackhole {} ; 黑名单。
allow-query { example; };
allow-query-cache { example; };
};
/etc/init.d/named configuretest :dns配置文件检测
添加网关:
route add default gw 192.168.0.254
高速缓存:
在主dns中配置:
vi named.conf
options {
// listen-on port 53 { localhost; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
forward only;
forwarders { 218.30.19.50; };
allow-query { example; };
allow-query-cache { example; };
};
辅助dns(从主dns复制数据):(应关闭iptables)
主dns:
/etc/named.rfc1912.zones
// allow-query { example; };
// allow-query-cache { example; };
zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
allow-transfer { 192.168.0.4; };
};
辅dns: (/var/named/chroot/var/named/slaves目录下会有主机的dns文
件),此时该机的dns设为本机地址
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// allow-query { localhost; };
// allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
// match-clients { localnets; };
// match-destinations { localnets; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type slave;
masters { 192.168.0.41; };
file "slaves/example.com.zone";
};
};
不同的机器使用不同的dns:
主dns:named.conf
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type master;
file "example.com.zone";
};
};
view internal_resolver {
match-clients { 192.168.0.0/24; };
match-destinations { 192.168.0.0/24; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type master;
file "example.com.internal";
};
example.com.zone:
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station41.example.com.
IN A 192.168.0.41
station41 IN A 192.168.0.41
www IN A 192.168.0.41
example.com.internal:
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station41.example.com.
IN A 192.168.0.41
station41 IN A 192.168.0.41
www IN A 192.168.0.49
此时辅机的dns设为主dns地址
dns文件同步:
主dns:
view localhost_resolver {
// match-clients { localhost; };
// match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type master;
also-notify {192.168.0.4; };
file "example.com.zone";
};
};
example.com.zone:每次修改后应更改serial 值
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
2010042101 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station41.example.com.
IN A 192.168.0.41
station41 IN A 192.168.0.41
www IN A 192.168.0.49
辅dns机:此时它的规则应设为主机可访问模式
view localhost_resolver {
// match-clients { localnets; };
// match-destinations { localnets; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "example.com" IN {
type slave;
masters { 192.168.0.41; };
file "slaves/example.com.zone";
};
};
##(1) SOA资源记录
每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority
Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个
区域文件只允许存在唯一的SOA记录。
##(2) NS资源记录
名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定
的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含
一个NS记录。
##(3) A资源记录
地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。
##(4) PTR资源记录
相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。
##(5) CNAME资源记录
规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME
记录中的别名来访问
##(6) MX资源记录
邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为
DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类
型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。
##(7) 泛域名解析记录
除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出
来。
$TTL 86400
@ IN SOA station41.example.com. root.example.com. (
221001 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS station41.example.com.
IN A 192.168.0.41
station41 IN A 192.168.0.41
www IN A 192.168.0.42
bbs IN A 192.168.0.43
mail IN A 192.168.0.44
forum IN A 192.168.0.45
web IN CNAME mail
@ IN MX 10 192.168.0.44
注意:
重启服务:/etc/init.d/named restart ; rndc reload; (主机,辅机同时
重启)
访问权限:
match-clients { localnets; };
match-destinations { localnets; };
更改序列值:
$TTL 86400
@ IN SOA station41.example.com. root.example.com.
(
2010042101 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
CNAME:
bbs IN CNAME www
泛域名解析记录,匹配所有记录:
* IN A www
Selinux:
不显示dns版本:
vi named.conf:
version "no version for you"
dig version.bind chaos txt @station41.example.com
Dns查询:客户机远程管理dns主机的dns记录
主机的named.conf
view localhost_resolver {
// match-clients { localhost; };
// match-destinations { localhost; };
recursion yes;
// include "/etc/named.rfc1912.zones";
include "/etc/named.wx.zones";
zone "example.com" IN {
type master;
allow-update { 192.168.0.4; };
file "example.com.zone";
};
};
chmod 775 /var/named/chroot/var/named
客户机:
nsupdate
server 192.168.0.41
update delete www.example.com
send
update add www.example.com 0 A 192.168.0.44
使用key查询:
vi named.conf:
view localhost_resolver {
// match-clients { localhost; };
// match-destinations { localhost; };
recursion yes;
include "/etc/named.wx.zones";
zone "example.com" IN {
type master;
// allow-update { 192.168.0.4; };
update-policy { grant example.com. name www.example.com. A; };
file "example.com.zone";
};
};
include "/etc/example.com.key";
key的制作与处理(example.com.key):
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com. :生
成key文件
cp -p rndc.key example.com.key
vi example.com.key:
key "example.com." {
algorithm hmac-md5;
secret "H1Oqzvs7jtqsk5zJ/e9gEQ==";
};
copy key到远程主机:
scp Kexample.com.+157+00308.* 192.168.0.4:/home
远程主机修改dns记录:
nsupdate -k Kexample.com.+157+00308.private
server 192.168.0.41
update delete www.example.com
send
host -l example.com
Dns主机对客户机的授权处理:
update-policy { grant example.com. name www.example.com. A; };
此种方式规定辅助机只可对www.example.com记录进行delete或add操作;
update-policy { grant example.com. subdomain example.com. ANY;
};
此种方式是辅助机可对example.com域下的所有记录进行更改
(www.mail.bbs)
使用key在dns辅助机中进行dns数据库文件同步:
view localhost_resolver {
// match-clients { localhost; };
// match-destinations { localhost; };
recursion yes;
// include "/etc/named.rfc1912.zones";
include "/etc/named.wx.zones";
zone "example.com" IN {
type master;
// allow-update { 192.168.0.4; };
// update-policy { grant example.com. subdomain example.com.
ANY; };
allow-transfer { key example.com.; };
also-notify {192.168.0.4; };
file "example.com.zone";
};
};
include "/etc/example.com.key";
key的制作与处理(example.com.key):
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com. :生
成key文件
cp -p rndc.key example.com.key
vi example.com.key:
key "example.com." {
algorithm hmac-md5;
secret "H1Oqzvs7jtqsk5zJ/e9gEQ==";
};
copy key到远程主机:
scp example.com.key 192.168.0.4:/var/named/chroot/etc/
远程主机:
cd /var/named/chroot/etc/
chgrp named example.com.key
vi named.conf:
server 192.168.0.41 {
keys { example.com.; };
};
include "/etc/example.com.key";
注意:此时如果无法同步文件,应删除chroot/var/named/目录下的 *.jnl文件
configtest 检测语法。
本文出自 “12444971” 博客,请务必保留此出处http://12454971.blog.51cto.com/12444971/1905278
DNS服务器的配置与应用