首页 > 代码库 > DNS配置

DNS配置

DNS配置

实验环境

主dns:192.168.110.33

从dns:192.168.110.59

iptables and selinux disabled

yum install -y bind


主dns端

1.主配置文件(注意文件权限)

# ll /etc/named.conf

-rw-r-----. 1 root named 453 Aug 7 22:44 /etc/named.conf

# vim /etc/named.conf

options {

directory "/var/named"; #定义区域数据目录

};

zone "cheungssh.com" IN { #定义域

type master; #类型为master

file "cheungssh.com.zone"; #定义区域数据文件

};

zone "110.168.192.in-addr.arpa" { #反向解析

type master;

file "192.168.110.zone";

};

zone "." IN { #根域

type hint; #类型为根

file "named.ca";

};

zone "localhost" IN { #本地解析

type master;


2.区域数据文件(注意文件权限)

# pwd

/var/named

# ll

-rw-r-----. 1 root named 329 Aug 7 22:25 192.168.110.zone

-rw-r-----. 1 root named 427 Aug 8 00:27 cheungssh.com.zone


正向区域数据文件

# vim cheungssh.com.zone

$TTL 1D #ttl值为一天

cheungssh.com. IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial #序列号(此文件修改一次,序列号必须变)

1D ; refresh #刷新时间

1H ; retry #重试时间

1W ; expire #过期时间

3H ) ; minimum #最小时常

IN NS ns #定义域所属的dns服务器

IN MX 10 mail #定义邮件记录

mail IN A 192.168.110.33

ns IN A 192.168.110.33

www IN A 192.168.110.33

ycc IN A 192.168.110.33

www IN A 192.168.110.34

ftp IN CNAME WWW #别名,ftp别名为www

vip IN A 192.168.197.100

rs1 IN A 192.168.197.105

rs2 IN A 192.168.197.107


反向区域数据文件

# vim 192.168.110.zone

$TTL 1D

@ IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS ns.cheungssh.com.

33 IN PTR ns.cheungssh.com.

33 IN PTR www.cheungssh.com.

33 IN PTR mail.cheungssh.com

34 IN PTR ns.cheungssh.com.

6 IN PTR hello.cheungssh.com.



3.在/etc/resolv.conf中指明dns服务器

# vim /etc/resolv.conf

nameserver 192.168.110.33



4.重启dns服务



5.命令测试

dig命令测试解析


# dig -t A www.cheungssh.com #-t指明rt记录

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14084

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.cheungssh.com. IN A

;; ANSWER SECTION:

www.cheungssh.com. 86400 IN A 192.168.110.33

www.cheungssh.com. 86400 IN A 192.168.110.34

;; AUTHORITY SECTION: #权威答案

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION: #补充段,避免二次查询,直接将主机名转换为ip

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 00:59:32 2016

;; MSG SIZE rcvd: 84


# dig -t CNAME ftp.cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t CNAME ftp.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57946

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;ftp.cheungssh.com. IN CNAME

;; ANSWER SECTION:

ftp.cheungssh.com. 86400 IN CNAME WWW.cheungssh.com.

;; AUTHORITY SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:10:39 2016

;; MSG SIZE rcvd: 86


# dig -t NS cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31012

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:

;cheungssh.com. IN NS

;; ANSWER SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:11:56 2016

;; MSG SIZE rcvd: 64

dig测试反向解析


# dig -x 192.168.110.33

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.110.33

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6945

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;33.110.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

33.110.168.192.in-addr.arpa. 86400 IN PTR www.cheungssh.com.

33.110.168.192.in-addr.arpa. 86400 IN PTR mail.cheungssh.com.110.168.192.in-addr.arpa.

33.110.168.192.in-addr.arpa. 86400 IN PTR ns.cheungssh.com.

;; AUTHORITY SECTION:

110.168.192.in-addr.arpa. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.33#53(192.168.110.33)

;; WHEN: Sun Aug 7 01:37:53 2016

;; MSG SIZE rcvd: 156

host命令测试解析


# host -t A www.cheungssh.com

www.cheungssh.com has address 192.168.110.33

www.cheungssh.com has address 192.168.110.34


# host -t A www.cheungssh.com

www.cheungssh.com has address 192.168.110.34

www.cheungssh.com has address 192.168.110.33


# host -t NS cheungssh.com

cheungssh.com name server ns.cheungssh.com.


# host -t MX cheungssh.com

cheungssh.com mail is handled by 10 mail.cheungssh.com. #10表示优先级是10


# host -t SOA cheungssh.com

cheungssh.com has SOA record ns.cheungssh.com. admin.cheungssh.com. 1026080701 86400 3600 604800 10800


从dns端

1.主配置文件(注意文件权限

# ll /etc/named.conf

-rw-r-----. 1 root named 523 Aug 7 22:00 /etc/named.conf

# cat /etc/named.conf

options {

directory "/var/named";

};

zone "cheungssh.com" IN {

type slave; #类型为slave

file "slaves/cheungssh.com.zone"; #区域数据文件在slaves下

masters { 192.168.110.33; }; #指明主dns

};

zone "110.168.192.in-addr.arpa" {

type slave;

file "slaves/192.168.110.zone";

masters { 192.168.110.33; };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "localhost" IN {

type master;

file "named.localhost";

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

};

#include "/etc/named.rfc1912.zones";

#include "/etc/named.root.key";


2.在/etc/resolv.conf中指明dns服务器

# vim /etc/resolv.conf

nameserver 192.168.110.33


3.重启dns服务,区域数据文件会从主dns同步至/var/named/slaves目录下


4.区域数据文件(注意文件权限,从主dns同步过来,一般权限不存在问题)

#pwd

/var/named

# ll

total 8

-rw-r--r--. 1 named named 458 Aug 7 23:01 192.168.110.zone

-rw-r--r--. 1 named named 459 Aug 7 23:01 cheungssh.com.zone


# cat cheungssh.com.zone

$ORIGIN .

$TTL 86400 ; 1 day

cheungssh.com IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

86400 ; refresh (1 day)

3600 ; retry (1 hour)

604800 ; expire (1 week)

10800 ; minimum (3 hours)

)

NS ns.cheungssh.com.

MX 10 mail.cheungssh.com.

$ORIGIN cheungssh.com.

ftp CNAME WWW

mail A 192.168.110.33

ns A 192.168.110.33

www A 192.168.110.33

A 192.168.110.34

ycc A 192.168.110.33


# cat 192.168.110.zone

$ORIGIN .

$TTL 86400 ; 1 day

110.168.192.in-addr.arpa IN SOA ns.cheungssh.com. admin.cheungssh.com. (

1026080702 ; serial

86400 ; refresh (1 day)

3600 ; retry (1 hour)

604800 ; expire (1 week)

10800 ; minimum (3 hours)

)

NS ns.cheungssh.com.

$ORIGIN 110.168.192.in-addr.arpa.

33 PTR ns.cheungssh.com.

PTR www.cheungssh.com.

PTR mail.cheungssh.com

34 PTR ns.cheungssh.com.

6 PTR hello.cheungssh.com.


5.测试

# dig ycc.cheungssh.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> ycc.cheungssh.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16006

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;ycc.cheungssh.com. IN A

;; ANSWER SECTION:

ycc.cheungssh.com. 86400 IN A 192.168.110.33

;; AUTHORITY SECTION:

cheungssh.com. 86400 IN NS ns.cheungssh.com.

;; ADDITIONAL SECTION:

ns.cheungssh.com. 86400 IN A 192.168.110.33

;; Query time: 0 msec

;; SERVER: 192.168.110.59#53(192.168.110.59)

;; WHEN: Mon Aug 8 03:01:28 2016

;; MSG SIZE rcvd: 84


本文出自 “真水无香” 博客,请务必保留此出处http://chengyanli.blog.51cto.com/11399167/1846788

DNS配置