分类: LINUX
2009-06-29 18:55:16
Linux多DNS服务
一、 实验目标
一台Linux服务器提供多个DNS服务。
二、 实验环境
Linux服务器版本为Red Hat Enterprise Linux Server release 5.2 (Tikanga),内核版本号
三、 实施步骤
1、 安装bind软件包
放入安装光盘,并切换到软件包所在目录,执行下列命令安装相应软件包:
rpm -ivh bind-
rpm -ivh bind-chroot-
rpm -ivh bind-devel-
rpm -ivh bind-libbind-devel-
rpm -ivh bind-libs-
rpm -ivh bind-sdb-
rpm -ihv bind-utils-
rpm -ivh caching-nameserver-
2、 创建、修改配置文件
1) 创建第二个DNS服务的相关配置文件
[root@server ~]# cp -a /var/named /var/dns 注:-a参数保留目录及其以下文件属性
对链接文件重新链接到正确的目标文件。把/var/dns/chroot/var/named目录更名为/var/dns/chroot/var/dns
2) 第一个DNS服务修改后的内容如下:
[root@server ~]# cat /var/named/chroot/etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 192.168.13.11; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@server ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "china.test" IN {
type master;
file "china.test.zone";
allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "china.test.arpa";
allow-update { none; };
};
3) 第二个DNS服务的主配置文件内容如下:
[root@server ~]# cat /var/dns/chroot/etc/dns.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 54 { 192.168.13.11; };
listen-on-v6 port 54 { ::1; };
directory "/var/dns";
dump-file "/var/dns/data/cache_dump.db";
statistics-file "/var/dns/data/named_stats.txt";
memstatistics-file "/var/dns/data/named_mem_stats.txt";
query-source port 54;
query-source-v6 port 54;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "china.test" IN {
type master;
file "china.test.zone";
allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "china.test.arpa";
allow-update { none; };
};
4) 第一个DNS服务的域文件内容如下:
[root@server ~]# cat /var/named/chroot/var/named/china.test.zone
$TTL 86400
@ IN SOA server.china.test. admin.china.test. (
2009062100
28800
14400
360000
86400
)
NS server.china.test.
server IN A 192.168.13.11
client IN A 192.168.13.24
HT
[root@server ~]# cat /var/named/chroot/var/named/china.test.arpa
$TTL 86400
@ IN SOA server.china.test. admin.china.test. (
2009062100
28800
14400
360000
86400
)
@ NS server.china.test.
5) 第二个DNS服务的域名文件内容如下:
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.zone
$TTL 86400
@ IN SOA server.china.test. admin.china.test. (
2009062100
28800
14400
360000
86400
)
NS server.china.test.
server IN A 192.168.13.11
client IN A 192.168.13.14
HT
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.arpa
$TTL 86400
@ IN SOA server.china.test. admin.china.test. (
2009062100
28800
14400
360000
86400
)
@ NS server.china.test.
3、 开启DNS服务
/usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot/
/usr/sbin/named -u named -c /etc/dns.conf -t /var/dns/chroot/
4、 配置防火墙,使不同的客户端得到不同的解析结果。
iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
5、 制作启动脚本,内容如下:
[root@server init.d]# cat dns
#!/bin/bash
NAMED_CONF="/etc/named.conf"
NAMED_CHROOT="/var/named/chroot/"
DNS_CONF="/etc/dns.conf"
DNS_CHROOT="/var/dns/chroot/"
start()
{
echo -n $"Starting named: "
if [ -r ${NAMED_CHROOT}${NAMED_CONF} ]; then
/usr/sbin/named -u named -c ${NAMED_CONF} -t ${NAMED_CHROOT}
if [ "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${NAMED_CHROOT}/var/run/named/named.pid`" ]
then
echo -e " [ \033[;
else
echo -e " [ \033[;31mFiled\033[;
fi
else
echo "${NAMED_CHROOT}${NAMED_CONF} cound not open! please check...."
fi
echo -n $"Starting dns: "
if [ -r ${DNS_CHROOT}${DNS_CONF} ]; then
/usr/sbin/named -u named -c ${DNS_CONF} -t ${DNS_CHROOT}
if [ "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${DNS_CHROOT}/var/run/named/named.pid`" ]
then
iptables -t nat -N PREDNS
iptables -t nat -F PREDNS
iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
do
iptables -t nat -D PREROUTING -j PREDNS
done
iptables -t nat -I PREROUTING -j PREDNS
echo -e " [ \033[;
else
echo -e " [ \033[;31mFiled\033[;
fi
else
echo "${DNS_CHROOT}${DNS_CONF} cound cont open! please check...."
fi
}
stop()
{
if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "Stopping named: [ \033[;31mFiled\033[;
else
kill -9 `ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping named: [ \033[;
fi
if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "Stopping dns: [ \033[;31mFiled\033[;
else
until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
do
iptables -t nat -D PREROUTING -j PREDNS
done
iptables -t nat -F PREDNS
iptables -t nat -X PREDNS
kill -9 `ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping dns: [ \033[;
fi
}
restart()
{
stop
sleep 2
start
}
status()
{
if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "\033[;
else
echo -e "\033[;
fi
if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
then
echo -e "\033[;
else
echo -e "\033[;
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 2
esac
6、 设置脚本可执行,并添加到/usr/sbin目录
[root@server ~]# chmod +x /etc/init.d/dns
[root@server ~]# cp /etc/init.d/dns /usr/sbin/dns
7、 设置自启动
[root@server ~]# echo "/usr/sbin/dns start" >> /etc/rc.d/rc.local
四、 测试与结论
主机A的测试结果如下:
C:\>ipconfig/all
Ethernet adapter lonet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter #2
Physical Address. . . . . . . . . : 02-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.13.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.13.11
C:\>nslookup client.china.test
Server: server.china.test
Address: 192.168.13.11
Name: client.china.test
Address: 192.168.13.24
主机B的测试结果如下:
[root@client ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:
inet addr:192.168.13.24 Bcast:192.168.13.255 Mask:255.255.255.0
inet6 addr: fe80::
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
TX packets:779 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:219817 (214.6 KiB) TX bytes:105427 (102.9 KiB)
Interrupt:169 Base address:0x2000
[root@client ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search china.test
nameserver 192.168.13.11
[root@client init.d]# ping client.china.test
PING client.china.test (192.168.13.14) 56(84) bytes of data.
结论:实现了实验目标。
