搭建主DNS服务器
DNS是在網(wǎng)絡(luò)中將計算機(jī)名轉(zhuǎn)換成IP的一個服務(wù),在LINUX中可以很輕松的搭建一臺DNS服務(wù)器,我們需要在LINUX系統(tǒng)中安裝DNS服務(wù)(安裝包名:bind)為了安全我們通常用一起安裝bind-chroot為DNS的牢目錄、根目錄。為了放便還可以安裝DNS配置文件的模板包(caching-nameserver).安裝完后,我們需要對DNS進(jìn)行配置我們要監(jiān)聽的IP、端口、解析的域名,配置好后我們重啟服務(wù)就好了,然后我們可以找別一臺,本機(jī)也可以,指定DNS地址然后進(jìn)行測試。
下面是我們的一個搭建過程
拓?fù)?#xff1a;
???????????????????????????????? DNS Slave
-----DNS Master(vmnet1)----------(vmnet1)
???????????????????????????????? Win7 Client
實(shí)驗一:搭建主DNS服務(wù)器
???? tarena.com
???? www.tarena.com192.168.10.253
???? bbs.tarena.com??? 192.168.10.100
???? blog是bbs別名????
1、安裝軟件包
[root@localhost ~]# yum -y install bind bind-chroot caching- nameserver
2、修改主配置文件
[root@localhost ~]# cd /var/named/chroot/etc/?????//牢目錄/var/named/chroot [root@localhostetc]# cp -p named.caching-nameserver.confnamed.conf?? //拷貝模板成為主配置文件 [root@localhostetc]# vimnamed.conf ... ?15???????? listen-on port 53 { 192.168.10.253; };??????????????????? //監(jiān)聽本機(jī)端口 ?16 //????? listen-on-v6 port 53 { ::1; };???????????????????????????????? ??//IPV6模式 ... ?27???????? allow-query???? { any; };????????????????????????????????????????? ???//訪問權(quán)限 ?28???????? allow-query-cache { any; }; ... ?37???????? match-clients????? { any; }; ?38???????? match-destinations { any; }; [root@localhostetc]# vim named.rfc1912.zones ... ?51 zone "tarena.com" IN {?????????????????????????????????????????????? ?????? ????//解析的域名 ?52???????? type master;?????????????????????????????????????????????? ??????????????? ???//類型?? 主 ?53???????? file "tarena.com.zone";?????????????????????????????? ???// 解析數(shù)據(jù)庫文件 54 }; ?55 ?56 zone "10.168.192.in-addr.arpa" IN {??????????????//解析的IP地址段(反向解析) ?57???????? type master; ?58?????? ??file "tarena.com.arpa"; 59 }; |
[root@localhostetc]# named-checkconfnamed.conf????????????????? 檢驗配置文件語法
?
3、修改數(shù)據(jù)庫文件
?
?
[root@localhostetc]# cd /var/named/chroot/var/named/? //進(jìn)入數(shù)據(jù)庫文件目錄 [root@localhost named]# cp -p named.localtarena.com.zone?????????????? //?建立兩個文件(與主配置文件中設(shè)置同名) [root@localhost named]# cp -p named.localtarena.com.arpa [root@localhost named]# vim tarena.com.zone??????//編輯文件,寫入信息 $TTL??? 86400 @?????? IN????? SOA???? localhost. root.localhost.? ( 2014061701 ; Serial ??????????????????????? ??????????????28800????? ; Refresh ????????????????????????????????????? 14400????? ; Retry ????????????????????????????????????? 3600000??? ; Expire 86400 )??? ; Minimum IN????? NS????? dns01.tarena.com. dns01??? IN????? A?????? 192.168.10.253 www???? IN ?????A?????? 192.168.10.253 bbs???? IN????? A?????? 192.168.10.100 blog??? IN????? CNAME?? bbs [root@localhost named]# cattarena.com.arpa $TTL??? 86400 @?????? IN????? SOA???? localhost. root.localhost.? ( ????????????????????????????????????? 2014061701; Serial ????????????????????????????????????? 28800????? ; Refresh ????????????????????????????????????? 14400????? ; Retry ????????????????????????????????????? 3600000??? ; Expire 86400 )??? ; Minimum IN? ????NS????? dns01.tarena.com. 253????? IN????? PTR???? dns01.tarena.com. 253????? IN????? PTR???? www.tarena.com. 100????? IN????? PTR???? bbs.tarena.com. 100????? IN????? PTR???? blog.tarena.com. [root@localhost named]# named-checkzone tarena.com? tarena.com.zone??????????????? //檢驗解析庫語法 zone tarena.com/IN: loaded serial 1997022700 OK [root@localhost named]# named-checkzonetarena.com? tarena.com.arpa????????????????????????????????????????? ? //檢驗解析庫語法 zone tarena.com/IN: loaded serial 1997022700 OK??????????????????????????????????????????? |
4、啟動服務(wù)
[root@localhost named]# service named restart
[root@localhost named]# chkconfig named on
?
5、測試
取消之前hosts文件定義
把DNS指向服務(wù)器
host www.tarena.com
nslookup
?
?
實(shí)驗二:DNS高級應(yīng)用
???? 實(shí)現(xiàn)DNS負(fù)載均衡,當(dāng)用戶訪問www.tarena.com的時候,2/3用戶訪問10.253,1/3用戶訪問10.100
???? 確保用戶訪問tarena.com的時候仍然可以訪問www.tarena.com 的網(wǎng)站?????
???? 實(shí)現(xiàn)用戶在訪問的時候只要域名正確就可以訪問www.tarena.com 的網(wǎng)站
?
[root@localhost ~]# cd /var/named/chroot/var/named/ [root@localhost named]# cat tarena.com.zone ... www???? IN????? A?????? 192.168.10.253 www???? IN????? A?????? 192.168.10.253 www???? IN????? A?????? 192.168.10.100 tarena.com.? IN A??? 192.168.10.253 $GENERATE 20-50 station$ IN A?? 192.168.10.$ *?????? IN????? A?????? 192.168.10.253 |
?
實(shí)驗三:搭建從DNS服務(wù)器
???? 給上面的主DNS搭建一個輔助DNS
1、安裝軟件包
[root@localhost ~]# yum -y install bind bind-chroot caching- nameserver
2、修改從DNS的主配置文件
?
[root@localhost ~]# cd /var/named/chroot/etc/ [root@localhostetc]# cp -p named.caching-nameserver.confnamed.conf [root@localhostetc]# vimnamed.conf 15???????? listen-on port 53 { 192.168.10.100; }; ... ?27???????? allow-query???? { any; }; ?28???????? allow-query-cache { any; }; ... ?37???????? match-clients????? { any; }; ?38???????? match-destinations { any; }; //編輯主配置連接文件,這個文件包含域名,域庫文件的相關(guān)設(shè)置,解析方式。 [root@ser2 etc]# vim named.rfc1912.zones ... ?51 zone "tarena.com" IN {???????????????????????????????????????????????? //需要解析的域名 ?52???????? type slave;???????????????????????????????????????????????? //從DNS服務(wù)器 ?53???????? file "slaves/tarena.com.zone";?????????????//更新來的庫文件存放位置 ?54???????? masters { 192.168.10.253; };??????????????? //從192.168.10.253處更新 55 }; ?56 ?57 zone "10.168.192.in-addr.arpa" IN { ?58???????? type slave; ?59???????? file "slaves/tarena.com.arpa"; ?60???????? masters { 192.168.10.253; }; 61 }; [root@ser2 etc]# named-checkconfnamed.conf |
?
?
3、修改主DNS的主配置文件,添加授權(quán)信息
?
?
?
[root@localhost ~]# cd /var/named/chroot/etc/??????????????????????????????????? [root@localhostetc]# vim named.conf?????????????? //添加21行內(nèi)容??????????????????????????????? ? ? ?21???????? allow-transfer { 192.168.10.100; };? ? //只允許192.168.10.100更新庫文件 ... [root@localhostetc]# cd /var/named/chroot/var/named/ 下面是正向解析文件 [root@localhost named]# cat tarena.com.zone $TTL??? 86400 @?????? IN????? SOA???? tarena.com. root.tarena.com.? ( ????????????????????????????????????? 2014041802 ; Serial??????????//序列號加1 ????????????????????????????????????? 28800????? ; Refresh ????????????????????????????????????? 14400????? ; Retry ????????????????????????????????????? 3600000??? ; Expire 86400 )??? ; Minimum IN????? NS????? dns01.tarena.com. IN????? NS????? dns02.tarena.com.?????????????????????? ? //添加從DNS服務(wù)器 ??????? IN????? A?????? 192.168.10.253 dns01??? IN????? A?????? 192.168.10.253 dns02??? IN????? A?????? 192.168.10.100????????????????? ?//為從DNS正向解析 www??? IN????? A?????? 192.168.10.253 www??? IN????? A?????? 192.168.10.253 www???? IN????? A?????? 192.168.10.100 bbs???? IN????? A?????? 192.168.10.100 blog??? IN ?????CNAME?? bbs $GENERATE 20-50 station$ IN A?? 192.168.10.$??? //定義變量 *?????? IN????? A?????? 192.168.10.101 ? 下面是反向解析文件 ? [root@localhost named]# cat tarena.com.arpa $TTL??? 86400 @?????? IN????? SOA???? tarena.com. root.tarena.com.? ( ????????????????????????????????????? 2014041802 ; Serial????? //序列號加1 ????????????????????????????????????? 28800????? ; Refresh ????????????????????????????????????? 14400????? ; Retry ????????????????????????????????????? 3600000??? ; Expire 86400 )??? ; Minimum IN????? NS????? dns01.tarena.com. IN????? NS????? dns02.tarena.com.?????????? //添加從DNS服務(wù)器 253????? IN????? PTR???? dns01.tarena.com. 100???? IN????? PTR???? dns02.tarena.com.?????? //為從DNS反向解析 253????? IN????? PTR???? www.tarena.com. 100????? IN ?????PTR???? bbs.tarena.com. [root@localhostetc]# service named restart ? ? |
?4、啟動從DNS服務(wù)器并驗證
?
[root@localhostetc]# service named restart [root@localhostetc]# chkconfig named on [root@localhostetc]# ls /var/named/chroot/var/named/slaves/ tarena.com.zonetarena.com.arpa |
【DNS子域授權(quán)配置】
使子域同樣具有DNS解析的能力。只需要在子域中以子域為域名來建立DNS服務(wù)器
例:總部:tarena.com
??? 分部:sh.tarena.com
??? 分部DNS服務(wù)器:www.sh.tarena.com
【DNS子域授權(quán)配置】
kvm_node2(子域)上面操作:
進(jìn)到目錄
[root@dns2 ~]# cd /var/named/chroot/etc/
編輯配置文件
[root@dns2 etc]# vim named.rfc1912.zones ? [root@dns2 etc]# cd /var/named/chroot/var/named/ kvm_node1(父域)上面操作: //標(biāo)記子域DNS服務(wù)器 |
[root@dns1 named]# service named restart??????????????? //重啟服務(wù)???????????????????????
測試:
[root@localhost ~]# host www.sh.tarena.com 192.168.100.10
反過來客戶端dns指向子域,解析父域條目
?
[root@dns2 named]# vim /var/named/chroot/etc/named.conf |
測試:
?
[root@localhost ~]# host www.tarena.com 192.168.100.20 www.tarena.com has address 192.168.100.1???? //成功解析到了域名 |
?
?
【DNS分離解析/視圖】
判斷不同的來源地址訪問相同域名給解析不同結(jié)果,這樣我們需要不同的配置文件,在主配置文件中進(jìn)行判斷,判斷后指向不同的配置文件,來查找不同的解析庫文件
| [root@dns1 ~]# cd /var/named/chroot/etc/ [root@dns1 etc]# vim named.conf ... ?15???????? listen-on port 53 { 192.168.100.10; }; ?16 //????? listen-on-v6 port 53 { ::1; }; ... ?27???????? allow-query???? { any; }; ?28???????? allow-query-cache { any; }; ... ?36 view lt { ?37???????? match-clients????? { 192.168.100.20; };????????????//判斷依據(jù) ?38???????? match-destinations { any; }; ?39???????? recursion yes; ?40???????? include "/etc/named.rfc1912.zones";????????????? //執(zhí)行的文件 ?41 }; ?42 ?43 view yd { ?44???????? match-clients????? { any; }; ?45???????? match-destinations { any; }; ?46???????? recursion yes; ?47???????? include "/etc/named.rfc1913.zones"; ?48 }; [root@dns1 etc]# cp -p named.rfc1912.zones named.rfc1913.zones [root@dns1 etc]# vim named.rfc1912.zones ... ?51 zone "tarena.com" IN { ?52???????? type master; ?53???????? file "lt.tarena.com.zone"; ?54???????? allow-transfer { none; }; ?55 }; [root@dns1 etc]# vim named.rfc1913.zones ?51 zone "tarena.com" IN { ?52???????? type master; ?53???????? file "yd.tarena.com.zone"; ?54???????? allow-transfer { none; }; ?55 }; |
| [root@dns1 etc]# cd /var/named/chroot/var/named/ [root@dns1 named]# cp -p named.zero lt.tarena.com.zone [root@dns1 named]# cp -p named.zero yd.tarena.com.zone [root@dns1 named]# cat lt.tarena.com.zone $TTL??? 86400 @?????????????? IN SOA? dns1.tarena.com.????? root.tarena.com. ( ??????????????????????????????????????? 2014062401????? ; serial (d. adams) ??????????????????????????????????????? 3H????????????? ; refresh ??????????????????????????????????????? 15M???????????? ; retry ??????????????????????????????????????? 1W????????????? ; expiry ??????????????????????????????????????? 1D )??????????? ; minimum ??????? IN????? NS????? dns1.tarena.com. dns1??? IN????? A?????? 192.168.100.10 www???? IN????? A?????? 1.1.1.1 [root@dns1 named]# cat yd.tarena.com.zone $TTL??? 86400 @?????????????? IN SOA? dns1.tarena.com.????? root.tarena.com. ( ??????????????????????????????????????? 2014062401????? ; serial (d. adams) ??????????????????????????????????????? 3H????????????? ; refresh ??????????????????????????????????????? 15M???????????? ; retry ??????????????????????????????????????? 1W????????????? ; expiry ??????????????????????????????????????? 1D )??????????? ; minimum ??????? IN????? NS????? dns1.tarena.com. dns1??? IN????? A?????? 192.168.100.10 www???? IN????? A?????? 2.2.2.2 |
[root@dns1 named]# service named restart???????????????//?重啟服務(wù)器?????????
測試:
用192.168.100.20和其他客戶機(jī)分別測試
?
?
?
?
?
?
轉(zhuǎn)載于:https://blog.51cto.com/9054321/1430519
總結(jié)
- 上一篇: javascript中的call()和a
- 下一篇: DB2常用函数:字符串函数