首页 > 代码库 > DNS服务器的配置与应用

DNS服务器的配置与应用

DNS即域名系统,它帮助用户在互联网上寻找资源提供有效的路径。


##网卡设置项: #cat /etc/sysconfig/network-scripts/ifcfg-eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
    DEVICE=eth0
    BOOTPROTO=static
    HWADDR=00:0c:29:66:26:67
    ONBOOT=yes
    NETMASK=255.255.255.0
    IPADDR=192.168.0.10
    TYPE=Ethernet


##由上可以看出是使用的静态IP:192.168.0.10。上述几项含义如下:


DEVICE=name ,其中,name是物理设备名。


IPADDR=addr,其中,addrIP地址。


NETMASK=mask,其中,mask是网络掩码值。


BROADCAST=addr,其中,addr是广播地址。


GATEWAY=addr,其中addr是网关地址。


ONBOOT=answer,其中,answeryes(引导时激活设备)或no(引导时不激活设备)


USERCTL=answer,其中,answeryes(非root用户能控制该设备)或no


BOOTPROTO=proto,其中,proto取下列值之一:none,引导时不使用协议;static静态分配地址;bootp,使用BOOTP协议,或dhcp,使用DHCP协议。


一.DNS 服务的信息说明:

A:正向记录

PTR:反向,ip到域名

host -l example.com:查看域中的所有主机

dig -t soa example.com:辅助dns

软件包 : Bind bind-chroot caching-nameserver

DNS 主配置目录 :/var/named/chroot/

DNS 主配置文件 :/var/named/chroot/etc/named.conf

DNS A 记录存放目录: /var/named/chroot/var/named

二. 如何配置dns 正向解析:

1.cp -p /var/named/chroot/etc/named.caching-nameserver.conf /var/

named/chroot/etc/named.conf # 用模板生成dns 配置

文件

2. vi /var/named/chroot/etc/named.conf # 编辑配置文件

配置文件中要修改的内容如下:

在options中参数修改如下: # 全局设定

listen-on port 53 { localhost; }; # 监听本地53 端口

// listen-on-v6 port 53 { ::1; }; # 关闭ipv6 选项

allow-query { localnets; }; # 允许与本地直连的网络使用

dns

allow-query-cache { localnets; };

在view中的参数修改如下: # 局域生效

match-clients { localnets; }; # 允许与本地直连的网络使用

dns

match-destinations { localnets; };

3.vi /var/named/chroot/etc/named.rfc1912.zones

加入内容如下:

zone "example.com" IN { # 指定要维护的域名

type master;

file "example.com.zone"; # 指定A 记录文件名

allow-update { none; };

};

4.编写A记录文件:

cd /var/named/chroot/var/named/

cp -p localhost.zone example.com.zone #

A记录文件内容如下:

dns 服务器主机名

$TTL 86400 ||

@ IN SOA station62.example.com root.exampel.com (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station62.example.com # 指定dns 主机

IN A 192.168.0.62 # 指定dns 主机的ip

station62 IN A 192.168.0.62 # 指定dns 服务器的A 记录

www IN A 192.168.1.62 # 要添加的A 记录

vim named.rfc1912.zones

zone "example.com" IN {

type master;

file "example.com.zone";

allow-update { none; };

};

cd /var/named/chroot/var/named/

cp -p localhost.zone example.com.zone

cp -p named.local example.com.local

定义正向解析数据库文件:

vi example.com.zone

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station41.example.com.

IN A 192.168.0.41

station41 IN A 192.168.0.41

www IN A 192.168.0.41

www IN A 192.168.0.42

www IN A 192.168.0.43

bbs IN CNAME www

* IN A 192.168.0.41

定义反向解析数据库

vim example.com.local

zone "0.168.192.in-addr.arpa" IN { //反向解析

type master;

file "example.com.local";

allow-update { none; };

};

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS station41.example.com.

41 IN PTR example.com.

41 IN PTR station41.example.com.

/etc/init.d/named restart

acl的使用:

acl example { 192.168.0.0/24; } ;

options {

listen-on port 53 { example; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

blackhole {} ; 黑名单。

allow-query { example; };

allow-query-cache { example; };

};

/etc/init.d/named configuretest :dns配置文件检测

添加网关:

route add default gw 192.168.0.254

高速缓存:

在主dns中配置:

vi named.conf

options {

// listen-on port 53 { localhost; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

forward only;

forwarders { 218.30.19.50; };

allow-query { example; };

allow-query-cache { example; };

};

辅助dns(从主dns复制数据):(应关闭iptables)

主dns:

/etc/named.rfc1912.zones

// allow-query { example; };

// allow-query-cache { example; };

zone "example.com" IN {

type master;

file "example.com.zone";

allow-update { none; };

allow-transfer { 192.168.0.4; };

};

辅dns: (/var/named/chroot/var/named/slaves目录下会有主机的dns文

件),此时该机的dns设为本机地址

options {

// listen-on port 53 { 127.0.0.1; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

// allow-query { localhost; };

// allow-query-cache { localhost; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

view localhost_resolver {

// match-clients { localnets; };

// match-destinations { localnets; };

recursion yes;

include "/etc/named.rfc1912.zones";

zone "example.com" IN {

type slave;

masters { 192.168.0.41; };

file "slaves/example.com.zone";

};

};

不同的机器使用不同的dns:

主dns:named.conf

view localhost_resolver {

match-clients { localhost; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.rfc1912.zones";

zone "example.com" IN {

type master;

file "example.com.zone";

};

};

view internal_resolver {

match-clients { 192.168.0.0/24; };

match-destinations { 192.168.0.0/24; };

recursion yes;

include "/etc/named.rfc1912.zones";

zone "example.com" IN {

type master;

file "example.com.internal";

};

example.com.zone:

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station41.example.com.

IN A 192.168.0.41

station41 IN A 192.168.0.41

www IN A 192.168.0.41

example.com.internal:

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station41.example.com.

IN A 192.168.0.41

station41 IN A 192.168.0.41

www IN A 192.168.0.49

此时辅机的dns设为主dns地址

dns文件同步:

主dns:

view localhost_resolver {

// match-clients { localhost; };

// match-destinations { localhost; };

recursion yes;

include "/etc/named.rfc1912.zones";

zone "example.com" IN {

type master;

also-notify {192.168.0.4; };

file "example.com.zone";

};

};

example.com.zone:每次修改后应更改serial 值

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

2010042101 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station41.example.com.

IN A 192.168.0.41

station41 IN A 192.168.0.41

www IN A 192.168.0.49

辅dns机:此时它的规则应设为主机可访问模式

view localhost_resolver {

// match-clients { localnets; };

// match-destinations { localnets; };

recursion yes;

include "/etc/named.rfc1912.zones";

zone "example.com" IN {

type slave;

masters { 192.168.0.41; };

file "slaves/example.com.zone";

};

};

##(1) SOA资源记录

每个数据库文件按的开始处都包含了一个起始授权记录(Start of Authority

Record),简称SOA记录。SOA定义了域的全局参数,进行整个域的管 理设置。一个

区域文件只允许存在唯一的SOA记录。

##(2) NS资源记录

名称服务器(NS)资源记录表示该区的授权服务器,它 们表示SOA资源记录中指定

的该区的主和辅助服务器,也表示了任何授权区的服务器。每个区在区根处至 少包含

一个NS记录。

##(3) A资源记录

地址(A)资源记录把FQDN映射到IP地址,因而解析器能查询FQDN对应的IP地址。

##(4) PTR资源记录

相对于A资源记录,指针(PTR)记录把IP地址映射到FQDN。

##(5) CNAME资源记录

规范名字(CNAME)资源记录创建特定FQDN的别名。用户可以通过定义的CANME

记录中的别名来访问

##(6) MX资源记录

邮件交换(MX)资源记录为DNS域名指定邮件交换服务器。邮件交换服务器是为

DNS域名处理或转发邮件的主机。处理邮 件指把邮件投递到目的地或转交另一不同类

型的邮件传送者。转发邮件指把邮件发送到最终目的服务器。

##(7) 泛域名解析记录

除了在数据库文件中定义的资源记录以为,其他的所有域名都可以被DNS所解析出

来。

$TTL 86400

@ IN SOA station41.example.com. root.example.com. (

221001 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS station41.example.com.

IN A 192.168.0.41

station41 IN A 192.168.0.41

www IN A 192.168.0.42

bbs IN A 192.168.0.43

mail IN A 192.168.0.44

forum IN A 192.168.0.45

web IN CNAME mail

@ IN MX 10 192.168.0.44

注意:

重启服务:/etc/init.d/named restart ; rndc reload; (主机,辅机同时

重启)

访问权限:

match-clients { localnets; };

match-destinations { localnets; };

更改序列值:

$TTL 86400

@ IN SOA station41.example.com. root.example.com.

(

2010042101 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

CNAME:

bbs IN CNAME www

泛域名解析记录,匹配所有记录:

* IN A www

Selinux:

不显示dns版本:

vi named.conf:

version "no version for you"

dig version.bind chaos txt @station41.example.com

Dns查询:客户机远程管理dns主机的dns记录

主机的named.conf

view localhost_resolver {

// match-clients { localhost; };

// match-destinations { localhost; };

recursion yes;

// include "/etc/named.rfc1912.zones";

include "/etc/named.wx.zones";

zone "example.com" IN {

type master;

allow-update { 192.168.0.4; };

file "example.com.zone";

};

};

chmod 775 /var/named/chroot/var/named

客户机:

nsupdate

server 192.168.0.41

update delete www.example.com

send

update add www.example.com 0 A 192.168.0.44

使用key查询:

vi named.conf:

view localhost_resolver {

// match-clients { localhost; };

// match-destinations { localhost; };

recursion yes;

include "/etc/named.wx.zones";

zone "example.com" IN {

type master;

// allow-update { 192.168.0.4; };

update-policy { grant example.com. name www.example.com. A; };

file "example.com.zone";

};

};

include "/etc/example.com.key";

key的制作与处理(example.com.key):

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com. :生

成key文件

cp -p rndc.key example.com.key

vi example.com.key:

key "example.com." {

algorithm hmac-md5;

secret "H1Oqzvs7jtqsk5zJ/e9gEQ==";

};

copy key到远程主机:

scp Kexample.com.+157+00308.* 192.168.0.4:/home

远程主机修改dns记录:

nsupdate -k Kexample.com.+157+00308.private

server 192.168.0.41

update delete www.example.com

send

host -l example.com

Dns主机对客户机的授权处理:

update-policy { grant example.com. name www.example.com. A; };

此种方式规定辅助机只可对www.example.com记录进行delete或add操作;

update-policy { grant example.com. subdomain example.com. ANY;

};

此种方式是辅助机可对example.com域下的所有记录进行更改

(www.mail.bbs)

使用key在dns辅助机中进行dns数据库文件同步:

view localhost_resolver {

// match-clients { localhost; };

// match-destinations { localhost; };

recursion yes;

// include "/etc/named.rfc1912.zones";

include "/etc/named.wx.zones";

zone "example.com" IN {

type master;

// allow-update { 192.168.0.4; };

// update-policy { grant example.com. subdomain example.com.

ANY; };

allow-transfer { key example.com.; };

also-notify {192.168.0.4; };

file "example.com.zone";

};

};

include "/etc/example.com.key";

key的制作与处理(example.com.key):

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com. :生

成key文件

cp -p rndc.key example.com.key

vi example.com.key:

key "example.com." {

algorithm hmac-md5;

secret "H1Oqzvs7jtqsk5zJ/e9gEQ==";

};

copy key到远程主机:

scp example.com.key 192.168.0.4:/var/named/chroot/etc/

远程主机:

cd /var/named/chroot/etc/

chgrp named example.com.key

vi named.conf:

server 192.168.0.41 {

keys { example.com.; };

};

include "/etc/example.com.key";

注意:此时如果无法同步文件,应删除chroot/var/named/目录下的 *.jnl文件

configtest 检测语法。

技术分享

技术分享


本文出自 “12444971” 博客,请务必保留此出处http://12454971.blog.51cto.com/12444971/1905278

DNS服务器的配置与应用