DNS
配置DNS
uplooking.com
ns.uplooking.com
mail.uplooking.com
==========================================
解析域名时,先查询/etc/hosts文件,若没找到,再用DNS,查询顺序是由以下的配置文件来决定
[root@tian ~]#vim /etc/nsswitch.conf
hosts: files dns 38行
配置DNS:类型 主 、从、缓存、转发(forward)
软件包 bind-9.3.4-10.P1.el5 主程序包
bind-utils-9.3.4-10.P1.el5 测试工具包
bind-libs-9.3.4-10.P1.el5
bind-chroot-9.3.4-10.P1.el5
ypbind-1.19-11.el5
[root@tian /var/ftp/RHEL5U3/Server]#rpm -ivh caching-nameserver-9.3.4-10.P1.el5.i386.rpm 产生bind的一些配置文件
==========================================
[root@tian /var/named/chroot/etc]#ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.133; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
blackhole {192.168.1.0/24;}; 指定192.168.1.0网段内的主机不能使用DNS
也可定义访问列表 ,使某些主机不能使用DNS,即 blackhole { test }; 指定访问控制列表的名字
.....................................................
allow-query { any; }; 允许所有主机查询
};
acl test { 访问控制列表, 可为localhost,localnets,none,any,也可是指定IP
192.168.1.0/24;
192.168.2.1;
};
...................................................
view localhost_resolver { 配置智能DNS
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
=========================================
[root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加
zone "uplooking.com" {
type master;
file "uplooking.com.zone"; file指定存储位置
allow-transfer { 192.168.1.44;}; 只让1.44主机成为1.133的从服务器
notify yes; 通道 (若从服务器从主服务器下载的文件更新比较慢)
also-notify {192.168.1.44;}; 让主服务器把通道传给从服务器
};
=========================================
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031000 更新序列号
3600 刷新时间
1800
7200
86400 )
@ NS ns.uplooking.com. NS 域名服务记录
@ MX 10 mail.uplooking.com.
ns A 192.168.1.133 A 地址记录
mail A 192.168.1.133
www A 192.168.1.44
ftp CNAME www.uplooking.com .
=============================================
[root@tian /var/named/chroot/var/named]#service named restart 启动DNS服务
如果启动不成功,查看日志文件
[root@tian /var/named/chroot/var/named]#tail /var/log/messages
=============================================
客户端,指明DNS服务器
[root@tian /var/named/chroot/var/named]#vim /etc/resolv.conf
search localdomain
nameserver 192.168.1.133
[root@tian /var/named/chroot/var/named]#host mail.uplooking.com 解析域名
mail.uplooking.com has address 192.168.1.133
从服务器
安装包:caching-nameserver-9.3.4-10.P1.el5.i386.rpm
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.44; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
..........................
allow-query { any; }; 允许所有主机访问
};
...................................................s
view localhost_resolver { 配置智能DNS
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
===========================
[root@tian /var/named/chroot/etc]#vim /etc/named.rfc1912.zones 增加
zone "uplooking.com" {
type slave;
file "slaves/uplooking.com.zone"; 该文件不需创建,可从主服务器下载
masters { 192.168.1.133;}; 指定主服务器IP
};
==========================
[root@tian /var/named/chroot/var/named]#service named restart 启动DNS服务
[root@tian /var/named/chroot/var/named/slaves]#ls 可在该目录下产生文件
uplooking.com
事务签名,保证主从服务器的安全
通过密钥来确定是否是主从关系
主服务器
[root@tian /var/named/chroot/etc]#dnssec-keygen 回车查看帮助
Usage:
dnssec-keygen -a alg -b bits -n type [options] name
Version: 9.3.4-P1
Required options:
-a algorithm: RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5
-n nametype: ZONE | HOST | ENTITY | USER | OTHER
-b key size, in bits:
[root@tian /var/named/chroot/etc]#dnssec-keygen -a hmac-md5 -b 128 -n HOST abc -n 密钥类型 -a加密算法 -b密钥长度
Kabc.+157+46433
[root@tian /var/named/chroot/etc]#ls
Kabc.+157+46433.key localtime named.rfc1912.zones
Kabc.+157+46433.private named.caching-nameserver.conf rndc.key
[root@tian /var/named/chroot/etc]#cat Kabc.+157+46433.key
abc. IN KEY 512 3 157 wNcX7z30RY/37cmkyn/HZw==
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "uplooking.com" {
type master;
file "uplooking.com.zone";
allow-transfer {key abc;};
};
key abc {
algorithm hmac-md5;
secret "wNcX7z30RY/37cmkyn/HZw==";
};
重启服务
================================================
从服务器
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "uplooking.com" {
type slave;
file "slaves/uplooking.com";
masters {192.168.1.133 key abc;};
};
key abc {
algorithm hmac-md5;
secret "wNcX7z30RY/37cmkyn/HZw==";
};
重启服务
转发
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
options {
listen-on port 53 { 127.0.0.1;192.168.1.133; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
forwarders {192.168.1.253;}; 转发,本服务器找不到对应的IP,会自动转发到1.253服务器上解析
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
客户端
[root@tian /var/named/chroot/etc]#host www.wanghang.com 1.133服务器上没有该域名
www.wanghang.com has address 192.168.1.197
负载均衡 轮询
服务器
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031004
3600
1800
7200
86400 )
@ NS ns.uplooking.com.
@ MX 10 mail.uplooking.com.
ns A 192.168.1.133
mail A 192.168.1.133
www A 192.168.1.254
www A 192.168.1.253
www A 192.168.1.197
客户端
反复Ping 会连接不同的IP
[root@tian /var/named/chroot/var/named]#ping www.uplooking.com
[root@tian /var/named/chroot/var/named]#host www.uplooking.com
www.uplooking.com has address 192.168.1.253
www.uplooking.com has address 192.168.1.254
www.uplooking.com has address 192.168.1.197
子域授权
父 域 授权
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "it.net" {
type master;
file "it.net.zone";
};
[root@tian /var/named/chroot/var/named]#vim it.net.zone
$TTL 86400
@ IN SOA ns.it.net. root.it.net ( 2010031000 3600 1800 7200 86400 )
@ IN NS ns.it.net.
ns A 192.168.1.133
tian.it.net. IN NS ns.tian.it.net. <---- 子域的NS记录
ns.tian.it.net. A 192.168.1.44 <---- 子域的IP地址
子域的设置
[root@tian /var/named/chroot/etc]#vim named.rfc1912.zones
zone "tian.it.net" {
type master;
file "tian.it.net.zone";
};
[/var/named/chroot/var/named]#vim tian.it.net.zone
$TTL 86400
@ IN SOA ns.tian.it.net. root.tian.it.net ( 2010031001 3600 1800 7200 86400 )
@ IN NS ns.tian.it.net.
ns IN A 192.168.1.44
host1 IN A 192.168.1.253
DNS视图
授权域名 www.uplooking.com
网通cnc{1.151,1.197} 电信tel{1.79,1.191}
网通用户解析到的域名为1.253
电信用户解析到的域名为1.254
其他用户解析到的域名为1.1
1.253
[root@tian /var/named/chroot/etc]#vim named.caching-nameserver.conf
acl cnc-acl {
192.168.1.151;192.168.1.197;
};
view cnc {
match-clients { cnc-acl; }; 匹配客户端
recursion yes; 是否允许递归
include "etc/named.cnc.zone";
};
view tel {
match-clients { 192.168.1.79;192.168.1.191; };
recursion yes;
zone "uplooking.com" {
type master;
file "uplooking.com.zone2";
};
};
view other {
match-clients { any; };
recursion yes;
zone "uplooking.com" {
type master;
file "uplooking.com.zone3";
};
};
[root@tian /var/named/chroot/etc]#vim named.cnc.zone
zone "uplooking.com" {
type master;
file "uplooking.com.zone1";
};
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone1
$TTL 86400
@ IN SOA ns.uplooking.com. root.uplooking.com (
2010031004
3600
1800
7200
86400 )
@ NS ns.uplooking.com.
www A 192.168.1.253
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone2
.............................................
www A 192.168.1.254
[root@tian /var/named/chroot/var/named]#vim uplooking.com.zone3
...........................................
www A 192.168.1.1
客户端
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.151和1.197 的主机
www.uplooking.com has address 192.168.1.253
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 1.79和1.191
www.uplooking.com has address 192.168.1.254
[root@tian /var/named/chroot/var/named]#host www.uplooking.com 其他主机
www.uplooking.com has address 192.168.1.1
====================================
#rndc reload 重新加载配置文件和域的配置,不用重启服务
测试命令
nslookup www.uplooking.com
host www.uplooking.com
#host -t ns uplooking.com -t 类型
uplooking.com name server ns.uplooking.com
#host -t mx tian.com
tian.com mail is handled by 10 mail.tian.com.
#nslookup
>server 192.168.1.133 自定义dns服务器
Default server: 192.168.1.133
Address: 192.168.1.133#53
..........................
Name: www.tian.com
Address: 192.168.1.14
>set type=ns 指定解释名字服务器
>uplooking.com 写域名
..........................
tian.com nameserver = ns.tian.com.
>set type=mx 指定解释邮件服务器
>uplooking.com 写域名
.................................
tian.com mail exchanger = 10 mail.tian.com.
>set type=a
................................
Name: mail.tian.com
Address: 192.168.1.13
>exit
#nslookup www.uplooking.com
#dig www.uplooking.com
#dig uplooking.com
[root@tian /var/named/chroot/etc]#named-checkconf named.caching-nameserver.conf
[root@tian /var/named/chroot/etc]#named-checkzone uplooking.com ../var/named/uplooking.com.zone
]#rndc flush 清空缓存
]#rndc reload
#service named reload 重载服务,查看配置文件的错误
#service reload 重载服务
DNS泛解析
$GENERATE 1-254 stu$ IN A 192.168.1.$
标签:named,192.168,uplooking,tian,详解,DNS,var,com From: https://www.cnblogs.com/smoke520/p/18351705