迷彩 潜伏 隐蔽 伪装
分类:
2012-08-07 07:59:34
原文地址:linux dns服务器 安装配置详解 作者:gron
linux dns服务器 安装配置详解
一,什么是DNS
DNS 是计算机域名 (Domain Name System) 的缩写,它是由解析器和域名服务器组成的。域名服务器是指保存有该网络中所有主机的域名和对应IP地址,并具有将域名转换为IP地址功能的服务器。其中域名必须对应一个IP地址,而IP地址不一定有域名。
二,DNS安装
1. [root@linux ~]# yum -y install bind* caching-nameserver
[root@linux ~]# yum -y install bind* caching-nameserver
三,DNS配置
1. [root@linux ~]# cd /var/named/chroot/etc/
2. [root@linux etc]# cp -p named.caching-nameserver.conf named.conf
3. [root@linux etc]# cp -p named.rfc1912.zones named.rfc1912.zones.bak //做好备份
[root@linux ~]# cd /var/named/chroot/etc/
[root@linux etc]# cp -p named.caching-nameserver.conf named.conf
[root@linux etc]# cp -p named.rfc1912.zones named.rfc1912.zones.bak //做好备份
注意:这里别忘了加上-p,不然文件的所属用户组属性就会改变,启动named的时候会报错。看下面
1. [root@linux etc]# ll |grep named.conf
2. -rw-r----- 1 root named 1206 11-03 17:58 named.conf //加上-p
3. -rw-r----- 1 root root 1206 11-03 19:35 named.conf_bak //不加-p
[root@linux etc]# ll |grep named.conf
-rw-r----- 1 root named 1206 11-03 17:58 named.conf //加上-p
-rw-r----- 1 root root 1206 11-03 19:35 named.conf_bak //不加-p
1,配置named.conf
1. [root@linux etc]# cat named.conf //这个是我改过的文件
2. //
3. // named.caching-nameserver.conf
4. //
5. // Provided by Red Hat caching-nameserver package to configure the
6. // ISC BIND named(8) DNS server as a caching only nameserver
7. // (as a localhost DNS resolver only).
8. //
9. // See /usr/share/doc/bind*/sample/ for example named configuration files.
10. //
11. // DO NOT EDIT THIS FILE - use system-config-bind or an editor
12. // to create named.conf - edits to this file will be lost on
13. // caching-nameserver package upgrade.
14. //
15. options {
16. listen-on port 53 { any; }; //把localhost改成any
17. listen-on-v6 port 53 { ::1; };
18. directory "/var/named";
19. dump-file "/var/named/data/cache_dump.db";
20. statistics-file "/var/named/data/named_stats.txt";
21. memstatistics-file "/var/named/data/named_mem_stats.txt";
22.
23. // Those options should be used carefully because they disable port
24. // randomization
25. // query-source port 53;
26. // query-source-v6 port 53;
27.
28. allow-query { any; };
29. allow-query-cache { any; };
30. };
31. logging {
32. channel default_debug {
33. file "data/named.run";
34. severity dynamic;
35. };
36. };
37. view localhost_resolver {
38. match-clients { any; };
39. match-destinations { any; };
40. recursion yes;
41. include "/etc/named.rfc1912.zones";
42. };
[root@linux etc]# cat named.conf //这个是我改过的文件
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; }; //把localhost改成any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
把文件中的localhost改成any。
三,配置named.rfc1912.zones
1. [root@linux etc]# cat named.rfc1912.zones
2. // named.rfc1912.zones:
3. //
4. // Provided by Red Hat caching-nameserver package
5. //
6. // ISC BIND named zone configuration for zones recommended by
7. // RFC 1912 section 4.1 : localhost TLDs and address zones
8. //
9. // See /usr/share/doc/bind*/sample/ for example named configuration files.
10. //
11. zone "." IN {
12. type hint;
13. file "named.ca";
14. };
15.
16. zone "localdomain" IN {
17. type master;
18. file "localdomain.zone";
19. allow-update { none; };
20. };
21.
22. zone "localhost" IN {
23. type master;
24. file "localhost.zone";
25. allow-update { none; };
26. };
27.
28. zone "0.0.127.in-addr.arpa" IN {
29. type master;
30. file "named.local";
31. allow-update { none; };
32. };
33.
34. zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
35. type master;
36. file "named.ip6.local";
37. allow-update { none; };
38. };
39.
40. zone "255.in-addr.arpa" IN {
41. type master;
42. file "named.broadcast";
43. allow-update { none; };
44. };
45.
46. zone "0.in-addr.arpa" IN {
47. type master;
48. file "named.zero";
49. allow-update { none; };
50. };
51.
52. zone "51yip.com" IN { //从这儿开始到下面是我加的,根上面的内容copy后改的
53. type master;
54. file "51yip.com.zone";
55. allow-update { none; };
56. };
57.
58. zone "1.168.192.in-addr.arpa" IN {
59. type master;
60. file "1.168.192.in-addr.local";
61. allow-update { none; };
62. };
[root@linux etc]# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "51yip.com" IN { //从这儿开始到下面是我加的,根上面的内容copy后改的
type master;
file "51yip.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr.local";
allow-update { none; };
};
如果是多个域名的话,在加一个
1. zone "51yip.net" IN {
2. type master;
3. file "51yip.net.zone";
4. allow-update { none; };
5. };
zone "51yip.net" IN {
type master;
file "51yip.net.zone";
allow-update { none; };
};
三,修改Zone的配置文件
1. [root@linux etc]# cd /var/named/chroot/var/named/
2. [root@linux named]# cp -p localdomain.zone 51yip.com.zone
3. //[root@linux named]# cp -p localdomain.zone 51yip.net.zone //如果是多个域名就在copy一份
4. [root@linux named]# cp -p named.local 1.168.192.in-addr.local
[root@linux etc]# cd /var/named/chroot/var/named/
[root@linux named]# cp -p localdomain.zone 51yip.com.zone
//[root@linux named]# cp -p localdomain.zone 51yip.net.zone //如果是多个域名就在copy一份
[root@linux named]# cp -p named.local 1.168.192.in-addr.local
1,修改51yip.com.zone
1. [root@linux named]# cat 51yip.com.zone
2. $TTL 86400
3. @ IN SOA localhost root (
4. 42 ; serial (d. adams)
5. 3H ; refresh
6. 15M ; retry
7. 1W ; expiry
8. 1D ) ; minimum
9. IN NS 51yip.com
10. IN MX 10 mail.51yip.com
11. www IN A 192.168.1.132
12. mail IN A 192.168.1.131
13. dns IN A 192.168.1.130
[root@linux named]# cat 51yip.com.zone
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS 51yip.com
IN MX 10 mail.51yip.com
www IN A 192.168.1.132
mail IN A 192.168.1.131
dns IN A 192.168.1.130
添加的内容,修改的内容,对比一下localhost.zone文件
2,修改1.168.192.in-addr.local
1. [root@linux named]# cat 1.168.192.in-addr.local
2. $TTL 86400
3. @ IN SOA localhost. root.localhost. (
4. 1997022700 ; Serial
5. 28800 ; Refresh
6. 14400 ; Retry
7. 3600000 ; Expire
8. 86400 ) ; Minimum
9. IN NS 51yip.com.
10. 132 IN PTR www.51yip.com.
11. 131 IN PTR mail.51yip.com.
12. 130 IN PTR dns.51yip.com.
[root@linux named]# cat 1.168.192.in-addr.local
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS 51yip.com.
132 IN PTR www.51yip.com.
131 IN PTR mail.51yip.com.
130 IN PTR dns.51yip.com.
到这儿dns的简单配置就好了。
四,启动DNS
1. [root@linux named]# /etc/init.d/named start
2. 启动 named: [确定]
[root@linux named]# /etc/init.d/named start
启动 named: [确定]
五,测试DNS
1,正向解释
1. [root@linux named]# nslookup www.51yip.com
2. Server: 192.168.1.130
3. Address: 192.168.1.130#53
4.
5. Name: www.51yip.com
6. Address: 192.168.1.132
[root@linux named]# nslookup www.51yip.com
Server: 192.168.1.130
Address: 192.168.1.130#53
Name: www.51yip.com
Address: 192.168.1.132
2,反向解释
1. [root@linux named]# nslookup 192.168.1.131
2. Server: 192.168.1.130
3. Address: 192.168.1.130#53
4.
5. 131.1.168.192.in-addr.arpa name = mail.51yip.com.
[root@linux named]# nslookup 192.168.1.131
Server: 192.168.1.130
Address: 192.168.1.130#53
131.1.168.192.in-addr.arpa name = mail.51yip.com.
转载请注明
作者:海底苍鹰
地址:http://blog.51yip.com/server/1348.html