红帽实习历程

首页　| 　博文目录　| 　关于我

rha030

博客访问： 488422
博文数量： 82
博客积分： 3003
博客等级：中校
技术积分： 1285
用户组：普通用户
注册时间： 2007-09-11 15:27

文章分类

全部博文（82）

系统管理（29）
红帽故事（1）
脚本编程（1）
桌面应用（0）
存储管理（4）
网络服务（19）
安装引导（3）
成长脚步（4）
未分配的博文（21）

文章存档

2011年（1）

2010年（5）

2009年（63）

2008年（13）

我的朋友

wang5090

用BIND配置区域委派DNS服务

撰写者信息：

Alin Fang (Fang Yunlin)

MSN:

G Talk:

Blog: http://www.alinblog.cn/

修改日期：

30 Oct, 2008

第1次修改

版权：

GNU

声明：

本人实验笔记，非权威文档。如有错误请告知。十分感谢！

正文：

拓扑图

实验环境：

操作系统：Red Hat Enterprise Linux 5 update 2

网络：

net: 192.168.200.128/25

org: 192.168.200.0/25

dns server root:

eth0:192.168.200.126/25

eth1:192.168.200.254/25

dns server org:

eth0:192.168.200.125/25

dns server net:

eth0:192.168.200.253/25

对root服务器进行操作

在root机上安装bind以及相关组件：

[root@root-ns ~]# yum install -y bind bind-chroot caching-nameserver

Loading "security" plugin

Loading "rhnplugin" plugin

This system is not registered with RHN.

RHN support will be disabled.

Setting up Install Process

Parsing package install arguments

Resolving Dependencies

--> Running transaction check

---> Package bind-chroot.i386 30:9.3.4-6.P1.el5 set to be updated

---> Package caching-nameserver.i386 30:9.3.4-6.P1.el5 set to be updated

---> Package bind.i386 30:9.3.4-6.P1.el5 set to be updated

--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================

Package Arch Version Repository Size

=============================================================================

Installing:

bind-chroot i386 30:9.3.4-6.P1.el5 Server 41 k

caching-nameserver i386 30:9.3.4-6.P1.el5 Server 58 k

Installing for dependencies:

bind i386 30:9.3.4-6.P1.el5 Server 959 k

Transaction Summary

=============================================================================

Install 3 Package(s)

Update 0 Package(s)

Remove 0 Package(s)

Total download size: 1.0 M

Downloading Packages:

(1/3): bind-chroot-9.3.4- 100% |=========================| 41 kB 00:00

(2/3): bind-9.3.4-6.P1.el 100% |=========================| 959 kB 00:00

(3/3): caching-nameserver 100% |=========================| 58 kB 00:00

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

Installing: bind ######################### [1/3]

Installing: bind-chroot ######################### [2/3]

Installing: caching-nameserver ######################### [3/3]

Installed: bind-chroot.i386 30:9.3.4-6.P1.el5 caching-nameserver.i386 30:9.3.4-6.P1.el5

Dependency Installed: bind.i386 30:9.3.4-6.P1.el5

Complete!

[root@root-ns ~]#

BIND + bind-chroot + cachiing-namerserver之后，配置文件存放在这里

[root@root-ns ~]# cd /var/named/chroot/

[root@root-ns chroot]# pwd

/var/named/chroot

[root@root-ns chroot]#

配置named.conf

[root@root-ns chroot]# cd etc/

[root@root-ns etc]# pwd

/var/named/chroot/etc

[root@root-ns etc]# ls

localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key

[root@root-ns etc]# mv named.caching-nameserver.conf named.conf

[root@root-ns etc]# vim named.conf

这个是我的配置

acl "org" { 192.168.200.0/25; };

acl "net" { 192.168.200.128/25; };

options {

listen-on port 53 { 127.0.0.1; org; net; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { localhost; org; net; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

view my_resolver {

match-clients { localhost; org; net; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.zones";

};

配置name.zones

[root@root-ns etc]# mv named.rfc1912.zones named.zones

[root@root-ns etc]# vim named.zones

这个是我的配置

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

zone "." IN {

type master;

file "root.zone";

allow-update { none; };

};

检查下配置的语法是否正确

[root@root-ns etc]# named-checkconf -t /var/named/chroot/

[root@root-ns etc]#

配置zone文件

[root@root-ns named]# ll

total 36

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone

-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone

-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast

-rw-r----- 1 root named 1892 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local

-rw-r----- 1 root named 426 Feb 29 2008 named.local

-rw-r----- 1 root named 427 Feb 29 2008 named.zero

drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

[root@root-ns named]#

配置root.zone

这个是我的配置

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

org IN NS ns.org

net IN NS ns.net

IN A 127.0.0.1

IN AAAA ::1

ns.org. IN A 192.168.200.125

ns.net. IN A 192.168.200.253

检查文件权限以及语法是否正确

[root@root-ns named]# ll root.zone

-rw-r----- 1 root root 295 Oct 30 20:22 root.zone

[root@root-ns named]# chown root.named root.zone

[root@root-ns named]# named-checkzone root.zone

usage: named-checkzone [-djqvD] [-c class] [-o output] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] zonename filename

[root@root-ns named]# named-checkzone . root.zone

zone ./IN: loaded serial 42

OK

[root@root-ns named]#

启动BIND

[root@root-ns named]# service named restart

Stopping named: [ OK ]

Starting named: [ OK ]

[root@root-ns named]# chkconfig --level 35 named on

[root@root-ns named]#

BIND已经开始监听端口待命了

[root@root-ns named]# netstat -ntupal | grep named

tcp 0 0 192.168.200.254:53 0.0.0.0:* LISTEN 5416/named

tcp 0 0 192.168.200.126:53 0.0.0.0:* LISTEN 5416/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5416/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5416/named

tcp 0 0 ::1:53 :::* LISTEN 5416/named

tcp 0 0 ::1:953 :::* LISTEN 5416/named

udp 0 0 0.0.0.0:53 0.0.0.0:* 5416/named

udp 0 0 192.168.200.254:53 0.0.0.0:* 5416/named

udp 0 0 192.168.200.126:53 0.0.0.0:* 5416/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 5416/named

udp 0 0 :::53 :::* 5416/named

udp 0 0 ::1:53 :::* 5416/named

[root@root-ns named]#

在ns.org服务器上操作

在ns.org机上安装bind以及相关组件

[root@org-ns ~]# yum install -y bind bind-chroot caching-nameserver > /dev/null

This system is not registered with RHN.

RHN support will be disabled.

[root@org-ns ~]# rpm -q bind bind-chroot caching-nameserver

bind-9.3.4-6.P1.el5

bind-chroot-9.3.4-6.P1.el5

caching-nameserver-9.3.4-6.P1.el5

[root@org-ns ~]#

编辑named.conf配置

[root@org-ns ~]# cd /var/named/chroot/etc/

[root@org-ns etc]# ls

localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key

[root@org-ns etc]# vim named.conf

这个是我的配置

options {

listen-on port 53 { 127.0.0.1; 192.168.200.126/0; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { localhost; 192.168.200.126/0; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

view localhost_resolver {

match-clients { localhost; 192.168.200.126/0; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.zones";

};

编辑named.zones

这个是我的配置

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

zone "org" IN {

type master;

file "org.zone";

allow-update { none; };

};

检查配置的语法正确性

[root@org-ns etc]# named-checkconf -t /var/named/chroot/

[root@org-ns etc]#

编辑org.zone

这是我的配置

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

ns IN A 192.168.200.125

client1 IN A 192.168.200.2

修改文件权限

[root@org-ns named]# chown root.named org.zone

[root@org-ns named]#

检查配置语法正确性

[root@org-ns named]# named-checkzone org org.zone

zone org/IN: loaded serial 42

OK

启动BIND

[root@org-ns named]# service named restart

Stopping named: [ OK ]

Starting named: [ OK ]

[root@org-ns named]# chkconfig --level 35 named on

[root@org-ns named]#

在ns.net上进行操作

同配置ns.org的方法，配置ns.net。

具体细节省略。

这是我的配置文件

named.conf

options {

listen-on port 53 { 127.0.0.1; 192.168.200.254/0; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { localhost; 192.168.200.254/0; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

view localhost_resolver {

match-clients { localhost; 192.168.200.254/0; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.zones";

};

named.zones

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

zone "net" IN {

type master;

file "net.zone";

allow-update { none; };

};

net.zone

$TTL 86400

@ IN SOA @ root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS @

IN A 127.0.0.1

IN AAAA ::1

ns IN A 192.168.200.253;

client1 IN A 192.168.200.130;

在client1.org上进行操作

指定客户端client1的DNS服务器

[root@localhost ~]# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:16:3E:7A:58:AD

inet addr:192.168.200.2 Bcast:192.168.200.127 Mask:255.255.255.128

inet6 addr: fe80::216:3eff:fe7a:58ad/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:54 errors:0 dropped:0 overruns:0 frame:0

TX packets:108 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:5447 (5.3 KiB) TX bytes:21214 (20.7 KiB)

Interrupt:10 Base address:0x4000

[root@localhost ~]# vim /etc/resolv.conf

配置如下

nameserver 192.168.200.126

测试DNS服务

[root@localhost ~]# nslookup client1.org

Server: 192.168.200.126

Address: 192.168.200.126#53

Non-authoritative answer:

Name: client1.org

Address: 192.168.200.2

[root@localhost ~]# nslookup client1.net

Server: 192.168.200.126

Address: 192.168.200.126#53

Non-authoritative answer:

Name: client1.net

Address: 192.168.200.130

[root@localhost ~]#

阅读(3078) | 评论(0) | 转发(0) |

上一篇：硬盘ext2/3文件系统superblock损坏修复试验 by Alin Fang

下一篇：搭建SSL安全网站认证服务器(CA)以及SSL安全网站实验笔记 by Alin Fang

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6