一、 DNS介紹
網域名稱系統DNS(Domain Name System)是網際網路的一項核心服務,它作為可以將域名和IP位址相互對映的
一個分布式資料庫,能夠使人更方便的存取網際網路,而不用去記住能夠被機器直接讀取的IP數串。
DNS 使用TCP和UDP埠53。
二、 系統配置
主機環境 :
Centos 5.6 32位元
Master Dns:192.168.1.122
Slave Dns:192.168.1.123
設定項目 :
Master Dns
Slave Dns
三、 DNS (BIND)設定方式
1. 安裝套件:
1.1 在開始設定DNS之前要先確認是否有以下套件
bind-utils、bind-chroot、bind、bind-libs
|
[root@localhost ~]# rpm -qa | grep '^bind' bind-libs-9.3.6-16.P1.el5 #給 bind 與相關指令使用的函式庫 bind-9.3.6-16.P1.el5 #這個是用戶端搜尋主機名稱的相關指令 bind-chroot-9.3.6-16.P1.el5 #就是 bind 主程式所需軟體 bind-utils-9.3.6-16.P1.el5 #將 bind 主程式限制在/var/named/chroot裡 |
基本上在安裝Linux時就會把以上四樣所需的安裝好
若是沒有安裝的話請自行先行安裝
|
安裝方式一: [root@localhost ~]# yum -y install bind bind-chroot bind-utils bind-libs 安裝方式二: [root@localhost ~]# yum -y install bind* |
1.2 安裝caching-nameserver相關套件(一定要安裝)
|
[root@localhost ~]# yum -y install caching-nameserver |
2. 設定master DNS Server
2.1 設定named.conf文件
先建立一個named.conf文件,然後在修改內容。
|
[root@localhost ~]# cd /var/named/chroot/etc/ [root@localhost etc]# cp named.rfc1912.zones named.conf [root@localhost etc]# chown root:named named.conf |
2.2 編輯DNS主要設定檔named.conf
黃色文字部份請依個人需求自行設定,想了解named.conf的設定方式可參考【DNS主要設定檔named.conf介紹】
|
[root@localhost ~]# vim /var/named/chroot/etc/named.conf // named.rfc1912.zones: // Provided by Red Hat caching-nameserver package // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // See /usr/share/doc/bind*/sample/ for example named configuration files. options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; query-source port 53; query-source-v6 port 53; allow-query { any; }; version "None of your business"; forwarders { 168.95.1.1; 168.95.192.2; 8.8.8.8; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { file "named.ip6.local"; allow-update { none; } }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; #正解 zone "faq-book.com.tw" IN { type master; file "faq-book.com.zone"; also-notify {192.168.1.123;}; allow-transfer {192.168.1.123;}; allow-update { none; }; }; #反解 zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.local"; also-notify {192.168.1.123;}; allow-transfer {192.168.1.123;}; allow-update { none; }; }; |
2.3 建立正反解檔案
正反解檔案放在( /var/named/chroot/var/named)
|
[root@localhost ~]# cd /var/named/chroot/var/named/ [root@localhost named]# cp localhost.zone faq-book.com.zone [root@localhost named]# cp named.local 192.168.1.local [root@localhost named]# chown root:named faq-book.com.zone 192.168.1.local |
2.4編輯faq-book.com.zone 正解(請依照個人設定)
|
[root@localhost ~]# cd /var/named/chroot/var/named/ [root@localhost named]# vim faq-book.com.zone $TTL 3600 @ IN SOA ns.faq-book.com. root.faq-book.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN NS ns1.faq-book.com. IN MX 5 mail IN A 192.168.1.122 ns IN A 192.168.1.122 ns1 IN A 192.168.1.123 www IN A 192.168.1.122 mail IN A 192.168.1.122 blog IN A 192.168.1.122 ftp IN CNAME www |
2.5 編輯192.168.1.local 正解
|
[root@localhost ~]# cd /var/named/chroot/var/named/ [root@localhost named]# vim 192.168.1.local $TTL 3600 @ IN SOA ns.faq-book.com. root.faq-book.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.faq-book.com. IN NS ns1.faq-book.com. 122 IN PTR faq-book.com. 122 IN PTR blog.faq-book.com. 122 IN PTR www.faq-book.com. 122 IN PTR mail.faq-book.com. |
若想了解正反解檔案的說明,可參考此篇【DNS 正反解區域檔案記錄格式】
3. 建立Slave DNS Server
3.1 設定named.conf文件
先建立一個named.conf文件,然後在修改內容。
|
[root@localhost ~]# cd /var/named/chroot/etc/ [root@localhost etc]# cp named.rfc1912.zones named.conf [root@localhost etc]# chown root:named named.conf |
3.2 編輯DNS主要設定檔named.conf,黃色文字部份請依個人需求自行設定
|
[root@localhost ~]# vim /var/named/chroot/etc/named.conf // named.rfc1912.zones: // Provided by Red Hat caching-nameserver package // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // See /usr/share/doc/bind*/sample/ for example named configuration files. options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; query-source port 53; query-source-v6 port 53; allow-query { any; }; version "None of your business"; forwarders { 168.95.1.1; 168.95.192.2; 8.8.8.8; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; #正解 zone "faq-book.com" IN { type slave; file "slaves/faq-book.com.zone"; masters { 192.168.1.122; }; }; #反解 zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.1.local"; masters { 192.168.1.122; }; }; |
3.3 設定完這兩台DNS Server後就請啟動或是重新啟動dns服務。
|
[root@localhost ~]# /etc/init.d/named restart |
4. 測試DNS
|
[root@localhost ~]# nslookup > server 127.0.0.1 #用本機的DNS做測試 Default server: 127.0.0.1 Address : 127.0.0.1#53 > faq-book.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: faq-book.com Address: 192.168.1.122 > set q=mx > faq-book.com Server: 127.0.0.1 Address: 127.0.0.1#53 faq-book.com mail exchanger = 5 mail.faq-book.com. > set q=ns > faq-book.com Server: 127.0.0.1 Address: 127.0.0.1#53 faq-book.com nameserver = ns.faq-book.com. faq-book.com nameserver = ns1.faq-book.com. > set q=a > bolg.faq-book.com Server: 127.0.0.1 Address: 127.0.0.1#53 blog.faq-book.com canonical name = www.faq-book.com. Name: www.faq-book.com Address: 192.168.1.122 |
如果測試完DNS後都正常的話就表示大制上設定好了。
5. 設定開機自動執行
|
[root@localhost ~]# chkconfig named on |
評論
此文章尚無評論。