在Oracle 11g的RAC中增加了SCAN IP,而使用 SCAN IP的一种方式就是使用DNS,这里介绍在RedHat Linux 5.4中DNS的详细配置操作。
在配置DNS之前修改主机名
Redhat Linux 5.4 DNS配置操作
在配置DNS之前修改主机名
[root@beiku1 etc]# hostname beiku1.linuxidc.com
[root@beiku1 etc]# vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 beiku1.linuxidc.com localhost
::1 localhost6.localdomain6 localhost6
10.138.130.161 beiku1
[root@beiku1 etc]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=beiku1.linuxidc.com
GATEWAY=10.138.130.254
一.安装软件包
Redhat linux 5.4 下的dns服务所有的bind包如下:
bind-9.3.6-4.P1.el5
bind-libbind-devel-9.3.6-4.P1.el5
kdebindings-devel-3.5.4-6.el5
kdebindings-3.5.4-6.el5
bind-devel-9.3.6-4.P1.el5
bind-utils-9.3.6-4.P1.el5
bind-chroot-9.3.6-4.P1.el5
ypbind-1.19-12.el5
system-config-bind-4.0.3-4.el5
bind-libs-9.3.6-4.P1.el5
bind-sdb-9.3.6-4.P1.el5
使用rpm –qa | grep bind来检查系统是否已经安装了以上软件包:
[root@beiku1 soft]# rpm -qa | grep bind
bind-chroot-9.3.6-4.P1.el5
kdebindings-3.5.4-6.el5
ypbind-1.19-12.el5
bind-libs-9.3.6-4.P1.el5
bind-9.3.6-4.P1.el5
system-config-bind-4.0.3-4.el5
bind-utils-9.3.6-4.P1.el5
对于没有安装的软件包执行以下命令进行安装
[root@beiku1 soft]# rpm -ivh bind-9.3.6-4.P1.el5.i386.rpm
warning: bind-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package bind-9.3.6-4.P1.el5.i386 is already installed
[root@beiku1 soft]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm
warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:caching-nameserver ########################################### [100%]
[root@beiku1 soft]# rpm -ivh install kdebindings-devel-3.5.4-6.el5.i386.rpm
error: open of install failed: No such file or directory
warning: kdebindings-devel-3.5.4-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
[root@beiku1 soft]# rpm -ivh kdebindings-devel-3.5.4-6.el5.i386.rpm
warning: kdebindings-devel-3.5.4-6.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:kdebindings-devel ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-sdb-9.3.6-4.P1.el5.i386.rpm
warning: bind-sdb-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-sdb ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
warning: bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-libbind-devel ########################################### [100%]
[root@beiku1 soft]# rpm -ivh bind-devel-9.3.6-4.P1.el5.i386.rpm
warning: bind-devel-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind-devel ########################################### [100%]
还要手动安装一个软件包caching-nameserver-9.3.6-4.P1.el5 ,不安装这个软件包named服务不能启动,会报错误信息 例如:
[root@beiku1 ~]# service named start
Locating /var/named/chroot//etc/named.conf failed:
[FAILED]
[root@beiku1 soft]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm
warning: caching-nameserver-9.3.6-4.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:caching-nameserver ########################################### [100%]
[root@beiku1 soft]# service named start
Starting named: [ OK ]
二.复制模板文件
由于安装了chroot环境,所以我们的DNS主配置文件应该在/var/named/chroot/etc目录下面
[root@beiku1 soft]# cd /var/named/chroot/
[root@beiku1 chroot]# ls
dev etc proc var
[root@beiku1 chroot]# cd etc
[root@beiku1 etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@beiku1 etc]#
named.caching-nameserver.conf文件内容如下:
[root@beiku1 etc]# cat named.caching-nameserver.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; };
allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
这个文件告诉我们不要直接的编辑这个文件,去创建一个named.conf文件,然后编辑named.conf文件,当有了named.conf,将不在读取这个文件。现在就将named.caching-nameserver.conf文件复制成named.conf文件。
[root@beiku1 etc]# cp -p named.caching-nameserver.conf named.conf
[root@beiku1 etc]# ls
localtime named.caching-nameserver.conf named.conf named.rfc1912.zones rndc.key
可以看到,named.conf文件就被创建成功了。最好在copy的时候加上-P的参数,保留权限。否则启动服务的时候会报权限拒绝的。
三.编辑named.conf文件
[root@beiku1 etc]# vi named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { 10.138.130.0/24; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { 10.138.130.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
解释这些语法参数的意思
options
代表全局配置
listen-on port 53 { any; };
DNS服务监听在所有接口
listen-on-v6 port 53 { ::1; };
ipv6监听在本地回环接口
directory "/var/named";
zone文件的存放目录,指的是chroot环境下面的/var/named
dump-file "/var/named/data/cache_dump.db";
存放缓存的信息
statistics-file "/var/named/data/named_stats.txt";
统计用户的访问状态
memstatistics-file "/var/named/data/named_mem_stats.txt";
每一次访问耗费了多数内存的存放文件
allow-query { 10.138.130.0/24 };
允许查询的客户端,现在修改成本地网段,
allow-query-cache {any; };
允许那些客户端来查询缓存,any表示允许任何人。
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
定义日志的存放位置在/var/named/chroot/var/named/data/目录下面
};
view localhost_resolver {
match-clients { 10.138.130.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
这里是定义视图的功能,
Match-clients 是指匹配的客户端
Match-destination 是指匹配的目标
到这里,named.conf文件就已经配置成功了,这个视图最后写include "/etc/named.rfc1912.zones";接下面,就去配置这个文件。当然,我们可以匹配不同的客户端来创建不同的视图。
四.定义zone文件
[root@beiku1 etc]# vi named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
type hint;
file "named.ca";
};
zone "linuxidc.com" IN {
type master;
file "linuxidc.zone";
allow-update { none; };
};
zone "130.138.10.in-addr.arpa" IN {
type master;
file "named.linuxidc";
allow-update { none; };
};
解释这些语法参数的意思
Zone “.” 根区域
Zone “linuxidc.com” 定义正向解析的区域
zone "130.138.10.in-addr.arpa" 定义反向解析的区域
IN Internet记录
type hint 根区域的类型为hint
type master 区域的类型为主要的
file “named.ca” ; 区域文件是named,ca
file "linuxidc.zone"; 指定正向解析的区域文件是linuxidc.zone
file "named.linuxidc"; 指定反向解析的区域文件是named,linuxidc
allow-update { none; }; 默认情况下,是否允许客户端自动更新
在named.ca文件中就定义了全球的13台根服务器,
在linuxidc.com文件中就定义DNS的正向解析数据库
在named.linuxidc文件中就定义DNS反向解析的数据库
定义zone文件就完成了,下面来编辑DNS的数据库文件。
五.使用模板文件来创建数据库文件
[root@beiku1 etc]# cd /var/named/chroot/var/named/
[root@beiku1 named]# ls
data localdomain.zone localhost.zone named.broadcast named.ca named.ip6.local named.local named.zero slaves
可以看到,在chroot环境下面的/var/named/有很多模板文件。Named.ca就是根区域的数据库文件,我们将localhost.zone复制成linuxidc.zone,这个是正向解析的数据库文件,将named.local复制成named.linuxidc,这个是反向解析的数据库文件。数据库文件一定要和/etc/named.rfc1912.zones这个文件里面的匹配。
[root@beiku1 named]# cp -p localhost.zone linuxidc.zone
[root@beiku1 named]# cp -p named.local named.linuxidc
[root@beiku1 named]# ls
data named.broadcast named.local linuxidc.zone
localdomain.zone named.ca named.linuxidc slaves
localhost.zone named.ip6.local named.zero
复制成功,正向解析和反向解析的数据库文件就创建完成了。
六.定义数据库文件
1. 定义正向解析数据库文件
[root@beiku1 named]# vi linuxidc.zone
$TTL 86400
@ IN SOA beiku1.linuxidc.com. root.linuxidc.com. (
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS beiku1.linuxidc.com.
beikuscan IN A 10.138.130.167
beikuscan IN A 10.138.130.168
beikuscan IN A 10.138.130.169
beiku2 IN A 10.138.130.162
beiku1 IN A 10.138.130.161
关于正向解析数据库中每一行参数的解释
$TTL 86400
最小的存活的时间是86400S(24H)
@ IN SOA @ root (
这是一笔SOA记录,只允许存在一个SOA记录
@是代表要解析的这个域本身()
IN是Internet记录。
SOA 是初始授权记录,指定网络中第一台DNS Server。
root是指管理员的邮箱。
44 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
这些部分主要是用来主DNS和辅助DNS做同步用的
44 序列号,当主DNS数据改变时,这个序列号就要被增加1,而辅助DNS通过序列号来和主DNS同步。
3H 刷新,主DNS和辅助DNS每隔三小时同步一次。
15M 重试,3H之内,没有同步,每隔15M在尝试同步
1W 过期,1W之内,还没有同步,就不同步了
1D 生存期,没有这条记录,缓存的时间。
@ IN NS beiku1.linuxidc.com.
这是一笔NS记录,指定nameserver为beiku1.linuxidc.com至少要有一笔NS记录
beiku1 IN A 10.138.130.161
指定beiku1的ip地址为10.138.130.161
beikuscan IN A 10.138.130.167
指定beikuscan的ip地址为10.138.130.167
beikuscan IN A 10.138.130.168
指定beikuscan的ip地址为10.138.130.168
beikuscan IN A 10.138.130.169
指定beikuscan的ip地址为10.138.130.169
beiku2 IN A 10.138.130.162
指定beiku2的ip地址为10.138.130.162
正向解析的数据库就完成了,下面定义反向解析的数据库。
2. 定义反向解析数据库
[root@beiku1 named]# vi named.linuxidc
$TTL 86400
@ IN SOA beiku1.linuxidc.com. root.linuxidc.com. (
1997022702 ; Serial
120 ; Refresh
120 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS beiku1.linuxidc.com.
167 IN PTR beikuscan.linuxidc.com.
168 IN PTR beikuscan.linuxidc.com.
169 IN PTR beikuscan.linuxidc.com.
162 IN PTR beiku2.linuxidc.com.
161 IN PTR beiku1.linuxidc.com.
其实反向解析的数据库文件的配置和正向解析的差不多,只需要将ip地址和域名换一个位置就可以了,把A换成PTR就ok了。
DNS的基本配置就完成了,在来看看DNS是否能够正常工作。
我们先重启一下DNS服务
[root@beiku1 etc]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
可以看到,DNS服务启动成功了。
在查询以前,要在客户端来指定DNS Server,在/etc/resolv.conf这个文件中指定。
[root@beiku1 etc]# vi /etc/resolv.conf
search linuxidc.com
nameserver 10.138.130.161
[root@beiku1 etc]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
参数及意义:
nameserver 表明dns 服务器的ip 地址,可以有很多行的nameserver,每一个带一个ip地址。
在查询时就按nameserver 在本文件中的顺序进行,且只有当第一个nameserver 没有反应时才查询下面的nameserver.
domain 声明主机的域名。很多程序用到它,如邮件系统;当为没有域名的主机进行dns 查询时,也要用到。如果没有域名,主机名将被使,用删除所有在第一个点( . )前面的内容。
search 它的多个参数指明域名查询顺序。当要查询没有域名的主机,主机将在由search 声明的域中分别查找。
domain 和search 不能共存;如果同时存在,后面出现的将会被使用。
sortlist 允许将得到域名结果进行特定的排序。它的参数为网络/掩码对,允许任意的排列顺序。
再来使用nslookup工具来查询一下
[root@beiku1 named]# nslookup beiku1.linuxidc.com
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beiku1.linuxidc.com
Address: 10.138.130.161
[root@beiku1 named]# nslookup beiku2.linuxidc.com
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beiku2.linuxidc.com
Address: 10.138.130.162
[root@beiku1 named]# nslookup beikuscan.linuxidc.com
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beikuscan.linuxidc.com
Address: 10.138.130.169
Name: beikuscan.linuxidc.com
Address: 10.138.130.167
Name: beikuscan.linuxidc.com
Address: 10.138.130.168
[root@beiku1 named]# nslookup beiku1
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beiku1.linuxidc.com
Address: 10.138.130.161
[root@beiku1 named]# nslookup beiku2
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beiku2.linuxidc.com
Address: 10.138.130.162
[root@beiku1 named]# nslookup beikuscan
Server: 10.138.130.161
Address: 10.138.130.161#53
Name: beikuscan.linuxidc.com
Address: 10.138.130.168
Name: beikuscan.linuxidc.com
Address: 10.138.130.169
Name: beikuscan.linuxidc.com
Address: 10.138.130.167
[root@beiku1 named]# nslookup 10.138.130.161
Server: 10.138.130.161
Address: 10.138.130.161#53
161.130.138.10.in-addr.arpa name = beiku1.linuxidc.com.
[root@beiku1 named]# nslookup 10.138.130.162
Server: 10.138.130.161
Address: 10.138.130.161#53
162.130.138.10.in-addr.arpa name = beiku2.linuxidc.com.
[root@beiku1 named]# nslookup 10.138.130.167
Server: 10.138.130.161
Address: 10.138.130.161#53
167.130.138.10.in-addr.arpa name = beikuscan.linuxidc.com.
[root@beiku1 named]# nslookup 10.138.130.168
Server: 10.138.130.161
Address: 10.138.130.161#53
168.130.138.10.in-addr.arpa name = beikuscan.linuxidc.com.
[root@beiku1 named]# nslookup 10.138.130.169
Server: 10.138.130.161
Address: 10.138.130.161#53
169.130.138.10.in-addr.arpa name = beikuscan.linuxidc.com.
可以看到,DNS解析一切正常,上面只是配置了主DNS服务器,而且主DNS服务器也工作正常,现在我们来配置一个辅助DNS服务器