Chinaunix首页 | 论坛 | 博客
  • 博客访问: 749532
  • 博文数量: 176
  • 博客积分: 2548
  • 博客等级: 少校
  • 技术积分: 1749
  • 用 户 组: 普通用户
  • 注册时间: 2008-11-29 16:36
个人简介

爱咋咋地

文章分类

全部博文(176)

文章存档

2024年(1)

2023年(17)

2022年(19)

2021年(3)

2020年(1)

2018年(1)

2017年(1)

2014年(1)

2013年(4)

2012年(11)

2011年(19)

2010年(22)

2009年(71)

2008年(5)

分类:

2010-05-31 17:30:46

本节中将介绍 下如何构建一个本地的服务器,可以用来解析公网域名以及基本的正,反向区域的基本配置,这个之前也整理过,但总觉得好多地方都不够完善,毕竟这是最基础的 网络服务,希望能在此有所补漏拾遗吧…

一:安装DNS服务器,实现基本的公网解析
[root@server1 ~]# yum grouplist |grep 'DNS'    //使用包组方式安装DNS软件包
This system is not registered with RHN.
RHN support will be disabled.
   DNS Name server

[root@server1 ~]# yum -y groupinstall "DNS Name server1"
Running Transaction
Installing     : bind              //DNS主程序软件包                                            
Installing     : bind-chroot      //chroot软件包,安装上该软件包后DNS服务器的工作目录会自动切换为/var/named/chroot
                                  
[root@server1 named]# cat /etc/sysconfig/named |grep chroot |grep -v '^#'
ROOTDIR=/var/named/chroot
[root@server1 ~]# yum -y install caching-nameserver1    //缓存DNS服务器软件包,主要包含了一些配置文件
[root@server1 ~]# cd /var/named/chroot/etc/
[root@server1 etc]# cp named.caching-nameserver1.conf named.conf      //将其复制为namd.conf,该文件即为DNS服务器主配置文件
[root@server1 etc]# ln -s /var/named/chroot/etc/named.conf /etc/     //将其软链接到/etc目录下
[root@server1 etc]# grep -v '^//' named.conf |grep -v '//'           //修改配置文件如下
options {
        listen-on port 53 { 192.168.100.254; };   //表示DNS服务器只监听在192.168.100.254这个网络接口上
        directory       "/var/named";             //DNS服务器工作目录,这里可不能写chroot下的目录哦
        dump-file       "/var/named/data/cache_dump.db";     //以下三行其实不重要,主要是定义一些缓存和静态文件的位置,可删除
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";


        allow-query     { any; };   //运行任何网段的IP进行查询,any是内置的访问对象,也可以指定具体的网段,可参考man
};
        include "/etc/named.rfc1912.zones";   //include包含named.rfc1912.zones文件

[root@server1 etc]# head -20 named.rfc1912.zones |grep -v '^//'      //该文件主要定义根域,localhost等的信息
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

[root@server1 etc]# chown named.named named.conf    //这步比较重要,DNS服务器默认是以named用户来启动的,若权限不对,启动服务将会出错
[root@server1 etc]# ping -c 2
              //测试网络连通性
PING
(203.208.37.104) 56(84) bytes of data.
64 bytes from bg-in-f104.1e100.net (203.208.37.104): icmp_seq=1 ttl=237 time=99.9 ms
64 bytes from bg-in-f104.1e100.net (203.208.37.104): icmp_seq=2 ttl=237 time=98.6 ms

[root@server1 etc]# service named start     //试启动服务
Starting named: [ OK ]

[root@server1 ~]# tail -f /var/log/messages   //监控日志
Mar 14 04:35:11 server1 named[8436]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5 -u named -t /var/named/chroot
Mar 14 04:35:11 server1 named[8436]: adjusted limit on open files from 1024 to 1048576
Mar 14 04:35:11 server1 named[8436]: found 2 CPUs, using 2 worker threads
Mar 14 04:35:11 server1 named[8436]: using up to 4096 sockets
Mar 14 04:35:11 server1 named[8436]: loading configuration from '/etc/named.conf'       //载入配置文件
Mar 14 04:35:12 server1 named[8436]: using default UDP/IPv4 port range: [1024, 65535]
Mar 14 04:35:12 server1 named[8436]: using default UDP/IPv6 port range: [1024, 65535]
Mar 14 04:35:12 server1 named[8436]: listening on IPv4 interface eth1, 192.168.100.254#53 //监听IPV4,eth1上的53端口
Mar 14 04:35:12 server1 named[8436]: command channel listening on 127.0.0.1#953            //IPV4的本地回环接口的953端口,953主要用于rndc
Mar 14 04:35:12 server1 named[8436]: command channel listening on ::1#953                 //同上,IPV6
Mar 14 04:35:12 server1 named[8436]: zone 0.in-addr.arpa/IN: loaded serial 42            
Mar 14 04:35:12 server1 named[8436]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Mar 14 04:35:12 server1 named[8436]: zone 255.in-addr.arpa/IN: loaded serial 42
Mar 14 04:35:12 server1 named[8436]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
Mar 14 04:35:12 server1 named[8436]: zone localdomain/IN: loaded serial 42
Mar 14 04:35:12 server1 named[8436]: zone localhost/IN: loaded serial 42
Mar 14 04:35:12 server1 named[8436]: running                                       //正常运行


[root@server1 etc]# dig @192.168.100.254     //测试,后面的@192.168.100.254表示将DNS查询交给192.168.100.254

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45157
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
; IN      A

;; ANSWER SECTION:
.               300     IN      A       203.208.37.99
.               300     IN      A       203.208.37.104

;; AUTHORITY SECTION:
g.cn.                   21600   IN      NS      ns4.google.com.
g.cn.                   21600   IN      NS      ns1.google.cn.
g.cn.                   21600   IN      NS      ns1.google.com.
g.cn.                   21600   IN      NS      ns2.google.com.
g.cn.                   21600   IN      NS      ns3.google.com.

;; Query time: 966 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 04:36:20 2010
;; MSG SIZE rcvd: 165


二:配置自己的正向和反向区域
[root@server1 etc]# tail -13 named.conf         //在主配置文件中添加正,反向区域
        include "/etc/named.rfc1912.zones";

zone "666.com" IN {
        type master;
        file "666.zone";
        allow-update {none;};
};

zone "100.168.192.in-addr.arpa" IN {
        type    master;
        file    "192.168.100.zone";
        allow-update {none;};
};


[root@server1 etc]# cd ../var/named/   //编辑正,反向区域的区域文件
[root@server1 named]# pwd
/var/named/chroot/var/named
[root@server1 named]# cp localhost.zone 666.zone
[root@server1 named]# cp named.local 192.168.100.zone
[root@server1 named]# chown named.named 666.zone 192.168.100.zone   //权限同样需要改
[root@server1 named]# cat 666.zone                                 //正向区域配置
$TTL    86400    //DNS查询过期时间
@               IN SOA 666.com.//服务器名        root.666.com.//管理员邮件地址 (
                                        42              ; serial (d. adams) //更新序列号,主要用于主从同步
                                        3H              ; refresh   //主从同步刷新时间
                                        15M             ; retry     //主从同步失败后的重试时间
                                        1W              ; expiry    //从服务器记录过期时间
                                        1D )            ; minimum   //最小TTL值

@               IN NS                   666.com.            //ns记录
@               IN MX    10             666.com.           //mx记录
www             IN A                    192.168.100.254   //A记录
ftp             IN CNAME                www              //别名记录


[root@server1 named]# cat 192.168.100.zone                  //反向区域配置
$TTL    86400
@       IN      SOA     666.com. root.666.com. (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum

@             IN      NS      666.com.
254           IN      PTR     666.com.
200           IN      PTR    
.

[root@server1 named]# service named restart   //重启服务
Stopping named: [ OK ]
Starting named: [ OK ]

[root@server1 named]# dig @192.168.100.254         //测试A记录
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>>
@192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61297
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
; IN      A

;; ANSWER SECTION:
.            86400   IN      A       192.168.100.254

;; AUTHORITY SECTION:
666.com.                86400   IN      NS      666.com.

;; Query time: 6 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 04:58:42 2010

[root@server1 named]# dig @192.168.100.254   //测试别名记录

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4178
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp.666.com.                   IN      A

;; ANSWER SECTION:
.            86400   IN      CNAME   .
.            86400   IN      A       192.168.100.254

;; AUTHORITY SECTION:
666.com.                86400   IN      NS      666.com.

;; Query time: 4 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 04:59:30 2010
;; MSG SIZE rcvd: 77

[root@server1 named]# dig -x 192.168.100.254 @192.168.100.254          //测试反向域

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -x 192.168.100.254 @192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53186
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;254.100.168.192.in-addr.arpa. IN      PTR

;; ANSWER SECTION:
254.100.168.192.in-addr.arpa. 86400 IN PTR     666.com.

;; AUTHORITY SECTION:
100.168.192.in-addr.arpa. 86400 IN      NS      666.com.

;; Query time: 2 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 04:57:04 2010
;; MSG SIZE rcvd: 81

[root@server1 named]# dig -t mx 666.com @192.168.100.254             //测试邮件交换记录

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t mx 666.com @192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41222
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;666.com.                       IN      MX

;; ANSWER SECTION:
666.com.                86400   IN      MX      10 666.com.

;; AUTHORITY SECTION:
666.com.                86400   IN      NS      666.com.

;; Query time: 2 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 04:57:51 2010
;; MSG SIZE rcvd: 55

[root@server1 named]# dig -t ns 666.com. @192.168.100.254     //测试NS记录

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -t ns 666.com. @192.168.100.254
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20572
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;666.com.                       IN      NS

;; ANSWER SECTION:
666.com.                86400   IN      NS      666.com.

;; Query time: 2 msec
;; server1: 192.168.100.254#53(192.168.100.254)
;; WHEN: Sun Mar 14 05:31:58 2010
;; MSG SIZE rcvd: 39

[root@server1 named]# netstat -ntpl |grep 53
tcp        0      0 192.168.100.254:53          0.0.0.0:*                   LISTEN      8887/named         
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      8887/named         
tcp        0      0 ::1:953                     :::*                        LISTEN      8887/named         

[root@server1 named]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT //若服务器部署了防火墙,则需要允许tcp,udp的53端口
[root@server1 named]# iptables -A INPUT -p udp --dport 53 -j ACCEPT


[root@server1 ~]# chkconfig named on

阅读(1707) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~