Centos 6.5 BIND 主从 DNS 服务器搭建(测试用, 没有授权)
Centos 6.5 BIND 主从 DNS 服务器搭建(测试用, 没有授权)
1. 实验拓扑图, 图中服务器均为CentOS6.5 32bit, VMware搭建
任务需求:
1. 配置2台主从DNS服务器, 来解析域名test.com
2. 一台web服务器IP192.168.1.100
3. 要求具备正向解析, 反向解析功能
2. 准备工作
实验需要的软件: bind 版本(bind-9.8.2-0.23.rc1.el6_5.1.i686)
3. 配置主服务器
生成随机rndc key
[[email protected] ~]# rndc-confgen -r /dev/urandom -a wrote key file "/etc/rndc.key"
配置主配置文件:
[[email protected] ~]# vim /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; # 监听地址,端口 因为是测试就监听所有IP地址了. 生产环境请自行配置 listen-on-v6 port 53 { any; }; # IPv6的监听地址端口,同上 directory "/var/named"; # 区域配置文件的根目录 recursion yes; # 允许递归查询 managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; # 默认的区域信息配置文件, 我们就沿用这个 //include "/etc/named.root.key";
[[email protected] ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; // 需要我们手动添加以下信息 zone "test.com" IN { //主服务器,test.com正向解析配置信息 type master; //设置为主服务器 file "test.com.zone"; //设置区域文件名 allow-transfer { 192.168.1.102; }; //允许区域传送的IP地址, 设置为从服务器IP }; zone "1.168.192.in-addr.arpa" IN { //主服务器, test.com反向解析配置信息, 以反向的网络地址开头 type master; //设置为主服务器 file "192.168.1.100.zone"; //区域文件名 allow-transfer { 192.168.1.102; }; //允许区域传送的IP地址, 设置为从服务器IP };
配置区域文件
配置正向解析区域文件
[[email protected] ~]# vim /var/named/test.com.zone
$TTL 600 @ IN SOA ns.test.com. nsadmin.test.com. ( 2014092501 1H 5M 3D 12H ) IN NS ns IN NS ns2 ns IN A 192.168.1.101 ns2 IN A 192.168.1.102 www IN A 192.168.1.100
[[email protected] ~]# chown root:named /var/named/test.com.zone [[email protected] ~]# chmod 640 /var/named/test.com.zone [[email protected] ~]# ls -al /var/named/test.com.zone -rw-r----- 1 root named 171 Sep 25 13:02 /var/named/test.com.zone
配置反向解析区域文件
[[email protected] ~]# cp -p /var/named/test.com.zone /var/named/192.168.1.100.zone [[email protected] ~]# vim /var/named/192.168.1.100.zone
$TTL 600 @ IN SOA ns.test.com. nsadmin.test.com. ( 2014092501 1H 5M 3D 12H ) IN NS ns.test.com. IN NS ns2.test.com. 101 IN PTR ns.test.com. 102 IN PTR ns2.test.com. 100 IN PTR www.test.com.
进行配置文件语法检测
[[email protected] ~]# named-checkconf [[email protected] ~]# named-checkzone "test.com" /var/named/test.com.zone zone test.com/IN: loaded serial 2014092501 OK [[email protected] ~]# named-checkzone "1.168.192.in-addr.arpa" /var/named/192.168.1.100.zone zone 1.168.192.in-addr.arpa/IN: loaded serial 2014092501 OK
启动服务器
[[email protected] ~]# service named start Starting named: [ OK ]
4. 配置从服务器
生成随机key
[[email protected] ~]# rndc-confgen -r /dev/urandom -a wrote key file "/etc/rndc.key"
配置从服务器主配置文件
[[email protected] ~]# vim /etc/named.conf
内容如下
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; //dump-file "/var/named/data/cache_dump.db"; #statistics-file "/var/named/data/named_stats.txt"; #memstatistics-file "/var/named/data/named_mem_stats.txt"; #allow-query { localhost; }; recursion yes; #dnssec-enable yes; #dnssec-validation yes; #dnssec-lookaside auto; /* Path to ISC DLV key */ #bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; #include "/etc/named.root.key";
修改区域配置信息
[[email protected] ~]# vim /etc/named.rfc1912.zones
内容如下
// named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "test.com" IN { //从服务器,test.com正向解析配置信息 type slave; //设置为从服务器 masters { 192.168.1.101; }; //配置主服务器的IP file "slaves/test.com.zone"; //设置区域文件名 allow-transfer { none; }; //允许区域传送的IP地址,这就设置成不允许了 }; zone "1.168.192.in-addr.arpa" IN { //从服务器, test.com反向解析配置信息, 以反向的网络地址开头 type slave; //设置为从服务器 masters { 192.168.1.101; }; //主服务器的IP地址 file "slaves/192.168.1.100.zone"; //区域文件名 allow-transfer { none; }; };
配置文件语法检测
[[email protected] ~]# named-checkconf [[email protected] ~]#
启动从服务器named服务进程
[[email protected] ~]# service named start Starting named:
检查服务日志
[[email protected] ~]# tail /var/log/messages Sep 25 13:26:43 localhost named[2574]: zone 1.168.192.in-addr.arpa/IN: Transfer started. Sep 25 13:26:43 localhost named[2574]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.101#53: connected using 192.168.1.102#58413 Sep 25 13:26:43 localhost named[2574]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2014092501 Sep 25 13:26:43 localhost named[2574]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.101#53: Transfer completed: 1 messages, 7 records, 221 bytes, 0.001 secs (221000 bytes/sec) Sep 25 13:26:43 localhost named[2574]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2014092501) Sep 25 13:26:43 localhost named[2574]: zone test.com/IN: Transfer started. Sep 25 13:26:43 localhost named[2574]: transfer of 'test.com/IN' from 192.168.1.101#53: connected using 192.168.1.102#44966 Sep 25 13:26:43 localhost named[2574]: zone test.com/IN: transferred serial 2014092501 Sep 25 13:26:43 localhost named[2574]: transfer of 'test.com/IN' from 192.168.1.101#53: Transfer completed: 1 messages, 7 records, 193 bytes, 0.001 secs (193000 bytes/sec) Sep 25 13:26:43 localhost named[2574]: zone test.com/IN: sending notifies (serial 2014092501)
5. 对主从服务器进行测试
对主服务器进行正向解析测试
[[email protected] ~]# dig -t A "test.com" @192.168.1.101 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A test.com @192.168.1.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22226 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.com. IN A ;; AUTHORITY SECTION: test.com. 600 IN SOA ns.test.com. nsadmin.test.com. 2014092501 3600 300 259200 43200 ;; Query time: 3 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Sep 25 13:31:14 2014 ;; MSG SIZE rcvd: 73
对从服务器进行正向解析测试
[[email protected] ~]# dig -t A "test.com" @192.168.1.102 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A test.com @192.168.1.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22273 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.com. IN A ;; AUTHORITY SECTION: test.com. 600 IN SOA ns.test.com. nsadmin.test.com. 2014092501 3600 300 259200 43200 ;; Query time: 2 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Thu Sep 25 13:32:05 2014 ;; MSG SIZE rcvd: 73
对主服务器进行反向解析测试
[[email protected] ~]# dig -x "192.168.1.100" @192.168.1.101 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 192.168.1.100 @192.168.1.101 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45226 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;100.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.1.168.192.in-addr.arpa. 600 IN PTR www.test.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 600 IN NS ns.test.com. 1.168.192.in-addr.arpa. 600 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns.test.com. 600 IN A 192.168.1.101 ns2.test.com. 600 IN A 192.168.1.102 ;; Query time: 1 msec ;; SERVER: 192.168.1.101#53(192.168.1.101) ;; WHEN: Thu Sep 25 13:32:36 2014 ;; MSG SIZE rcvd: 137
对从服务器进行反向解析测试
[[email protected] ~]# dig -x "192.168.1.100" @192.168.1.102 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -x 192.168.1.100 @192.168.1.102 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45231 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;100.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.1.168.192.in-addr.arpa. 600 IN PTR www.test.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 600 IN NS ns.test.com. 1.168.192.in-addr.arpa. 600 IN NS ns2.test.com. ;; ADDITIONAL SECTION: ns.test.com. 600 IN A 192.168.1.101 ns2.test.com. 600 IN A 192.168.1.102 ;; Query time: 1 msec ;; SERVER: 192.168.1.102#53(192.168.1.102) ;; WHEN: Thu Sep 25 13:33:24 2014 ;; MSG SIZE rcvd: 137
在windows客户端上进行测试
转载于:https://blog.51cto.com/diguojin/1557874