顺着天性做事,逆着个性做人.
分类:
2005-10-28 17:52:34
每三人一组,完成以下实验:
主机A的IP为192.168.169.2
主机B的IP为192.168.169.3
主机C的IP为192.168.169.4
安装BIND和cache-only软件包
1)简单配置DNS服务器:配置主机A为DNS服务器,是区sina.com的主域名服务器,设置满足如下要求:
a. 本机的域名为dns.sina.com,别名为A
b. 给B分配的域名为test.sina.com,别名为B
c. 给C分配的域名为,别名为C
d. cache存活周期为60秒,刷新时间为8秒,重试时间为4秒
e. 管理员的邮件设置为自己的Email地址
主机A:配置/etc/named.conf文件
----------------------------------------------------------------------------------------
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};
zone "sina.com" IN {
type master;
file "named.sina.com";
};
----------------------------------------------------------------------------------------
配置数据库文件:
named.sina.com
----------------------------------------------------------------------------------------
$TTL 60
@ IN SOA dns.sina.com admin.dns.sina.con. (
2005102601 ; Serial
8 ; Refresh
4 ; Retry
720000 ; Expire
86400 ) ; minimum
@ IN NS dns.sina.com.
@ IN MX 10 dns.sina.com.
dns IN A 192.168.169.2
A IN CNAME dns
test IN NS test.sina.com.
test IN A 192.168.169.3
B IN CNAME test
www IN A 192.168.169.4
C IN CNAME www
----------------------------------------------------------------------------------------
主机B设置:
配置/etc/resolv.conf客户端文件:
----------------------------------------------------------------------------------------
domain sina.com
search
nameserver 192.168.169.2
----------------------------------------------------------------------------------------
主机C配置:
配置/etc/resolv.conf客户端文件:
----------------------------------------------------------------------------------------
domain sina.com
search
nameserver 192.168.169.2
----------------------------------------------------------------------------------------
2)使用DNS客户端工具:配置好主机A的客户端,使用自己刚设置好的DNS
a.利用nslookup命令获取以下站点所属DNS的管理员邮件地址、serial值
学号1-10的同学获取:
学号11-20的同学获取:
学号21-30的同学获取:
学号31-40的同学获取:
学号41-50的同学获取:
学号51-60的同学获取:
学号61-70的同学获取:
学号71-80的同学获取:
学号81-90的同学获取:
学号91-100的同学获取:
学号101-110的同学获取:
学号111-120的同学获取:
学号121-130的同学获取:
学号131-140的同学获取:
学号141-150的同学获取:
学号151-160的同学获取:
学号161-170的同学获取:
学号171-180的同学获取:
学号181-190的同学获取:ns1.msft.com
学号191-196的同学获取:
#nslookup
>set type=ns
>
>
b.用dig命令获取dns.sohu.com上的named.ca内容,替换主机A上的named.ca
#dig @dns.sohu.com . ns
3)配置辅助DNS:配置主机B为DNS服务器,是区sina.com的辅助域名服务器。
A主机不改变
B主机设置:
----------------------------------------------------------------------------------------
options {
directory "/var/named";
};
zone "sina.com" IN {
type slave;
file "bak.sina.com";
masters {192.168.169.2;};
};
----------------------------------------------------------------------------------------
4)配置子DNS(下级DNS):配置主机B为DNS服务器,是区test.sina.com的主域名服务器(是主机A的下级DNS)
a. B的设置满足如下要求:给C分配的域名为c.test.sina.com
主机B:配置/etc/named.conf文件
----------------------------------------------------------------------------------------
options {
directory "/var/named";
};
zone "test.sina.com" IN {
type master;
file "test.sina.com";
};
----------------------------------------------------------------------------------------
配置数据库文件:
test.sina.com
----------------------------------------------------------------------------------------
$TTL 60
@ IN SOA test.sina.com admin.test.sina.con. (
2005102601 ; Serial
8 ; Refresh
4 ; Retry
720000 ; Expire
86400 ) ; minimum
@ IN NS test.sina.com.
@ IN MX 10 test.sina.com.
@ IN A 192.168.169.3
C IN A 192.168.169.4
----------------------------------------------------------------------------------------
b. 将B的客户机DNS设置为192.168.169.3(即本机的IP)
netcfg 基本设置 DNS:192.168.169.3
c. 配置主机C为DNS服务器,是区test.sina.com的辅助域名服务器
C主机设置:
----------------------------------------------------------------------------------------
options {
directory "/var/named";
};
zone "sina.com" IN {
type slave;
file "bak.sina.com";
masters {192.168.169.3;};
};
----------------------------------------------------------------------------------------
d. 将C的客户机DNS设置为192.168.169.4(即本机的IP)
netcfg 基本设置 DNS:192.168.169.4
e. 分别在A、B、C三台主机上运行以下三条命令,执行结果如何,为什么?:
ping dns.sina.com
ping test.sina.com
ping c.test.sina.com
A主机:都可以ping通
B主机:可以ping通test.sina.com和c.test.sina.com
C主机:可以ping通c.test.sina.com和test.sina.com
5)配置cache-only dns:将C重新配置为cache-only dns,所有dns请求由192.168.169.3来转发。
配置named.conf文件
------------------------------------------
options {
directory "/var/named";
forward only;
forwarders {192.168.169.3;};
};
------------------------------------------
6)DNS安全性设置:
a. 在主机A上设置只允许192.168.学号.0/24查询,设置只允许192.168.169.3作为区sina.com的辅助DNS
----------------------------------------------------------------------------------------
options {
directory "/var/named";
allow-query {
192.168.169.0/24;};
};
zone "sina.com" IN {
type master;
file "named.sina.com";
allow-transfer {192.168.169.3;};
};
----------------------------------------------------------------------------------------
b. 在主机B上设置禁止别人作为区test.sina.com的辅助dns
----------------------------------------------------------------------------------------
zone "test.sina.com" IN {
type master;
file "named.sina.com";
allow-transfer {none;};
};
----------------------------------------------------------------------------------------
