DNS服务器的搭建及配置详解(三)

服务器 struggling 1058次浏览 0个评论

由于DNS服务器是最重要的网络服务之一,一旦出现问题就会造成许多域名不能解析,导致网站不能访问,所以设置多个DNS服务器是绝佳的选择,比如世界上有十三台根服务器,google有五台DNS服务器,所以下面会介绍设置DNS的从服务器,通常除了一部主要 Master DNS 之外,其他的 DNS 会使用 slave 的模式,slave DNS 服务器本身并没有数据库,他的数据库是由 master DNS 所提供的。

首先先准备好两个虚拟机,

设置文件已经将192.168.1.2设置为从服务器了,

在配置文件中已经在feiyu.com域设置了允许从服务器进行传送:

<code>
allow-transfer { 192.168.1.2;};    /* 允许此ns服务器进行区域传送*/
</code>

在1.168.192.in-addr.arpa也已经设置了:

<code>
allow-transfer {192.168.1.2; 192.168.1.1;};   /*允许从服务进行区域传送*/
</code>

在从服务器上安装bind,并设置从服务器的配置文件,其实从服务器的配置文件只需要将主服务器的配置文件稍作修改就行,
设置成以下的样子。

<code>
[root@localhost slaves]# vim  /etc/named.conf  
options {

	directory  "/var/named";
	/*recursion  no;     /*允许递归,默认开启*/  
	allow-recursion {192.168.0.0/16;  };  /*定义递归网段*/
	/*allow-query   拒绝传送 */
	/*allow-transfer     定义在此则允许所有主机进行传送*/

};


zone "." IN  {   		/*解析根*/

	type  hint;
	file "named.ca";
	/*allow-transfer { none;};  /*没有从服务器不传送*/
};

zone "localhost"  IN {           /*解析自己*/
	type master;
	file "named.localhost";
	allow-transfer { none; };  /*没有从服务器不传送*/
};

zone "0.0.127.in-addr.arpa"  IN {   /*反向解析自己*/
	type  master;
	file "named.loopback";
	allow-transfer {none;};
};
zone "feiyu.com" IN {
	type  slave;
	file "slaves/feiyu.com.zone";
	masters { 192.168.1.1; };
	allow-transfer { none;};
};
zone "1.168.192.in-addr.arpa" IN  {
	type slave;
	file "slaves/192.168.1.zone";
	masters { 192.168.1.1; };
	allow-transfer {none;};   /*允许从服务进行区域传送*/
};
</code>

启动从服务器的named:

<code>
[root@localhost slaves]# service named start
</code>

启动主服务器的named服务

<code>
[root@localhost slaves]# service named start
</code>

查看主服务器的日志文件,已经发送通知给从服务器进行文件传输

<code>
[root@localhost named]# tail -20  /var/log/messages        
Apr 27 05:48:05 localhost named[10391]: command channel listening on 192.168.1.1#953
Apr 27 05:48:05 localhost named[10391]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 27 05:48:05 localhost named[10391]: zone 1.168.192.in-addr.arpa/IN: loaded serial 20150419
Apr 27 05:48:05 localhost named[10391]: zone feiyu.com/IN: loaded serial 20150422
Apr 27 05:48:05 localhost named[10391]: zone localhost/IN: loaded serial 0
Apr 27 05:48:05 localhost named[10391]: managed-keys-zone ./IN: loaded serial 4
Apr 27 05:48:05 localhost named[10391]: running
Apr 27 05:48:05 localhost named[10391]: zone feiyu.com/IN: sending notifies (serial 20150422)
Apr 27 05:48:05 localhost named[10391]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 20150419)
</code>

以下为从服务器的日志文件说明其开始传送

<code>
[root@localhost slaves]# tail /var/log//messages
Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
Apr 27 06:08:28 localhost named[11479]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.1#53: connected using 192.168.1.2#45481
Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: transferred serial 20150419
Apr 27 06:08:28 localhost named[11479]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.1#53: Transfer completed: 1 messages, 11 records, 299 bytes, 0.001 secs (299000 bytes/sec)
Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 20150419)
Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: Transfer started.
Apr 27 06:08:29 localhost named[11479]: transfer of 'feiyu.com/IN' from 192.168.1.1#53: connected using 192.168.1.2#47222
Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: transferred serial 20150422
Apr 27 06:08:29 localhost named[11479]: transfer of 'feiyu.com/IN' from 192.168.1.1#53: Transfer completed: 1 messages, 20 records, 447 bytes, 0.003 secs (149000 bytes/sec)
Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: sending notifies (serial 20150422)
</code>

查看从服务器的解析文件,从服务器的解析文件放在 /var/named/slaves/目录下,如果是下面这样说明已经完成传送,如果刚修改过主服务器的解析文件,重启服务后,从服务器没有完成传送,可能原因是刷新时间没到,可以删除从服务器/var/named/slaves/目录下的文件并重启从服务器解决。

<code>
[root@localhost ~]# ls -l  /var/named/slaves/
total 8
-rw-r--r--. 1 named named 499 Apr 27 06:08 192.168.1.zone
-rw-r--r--. 1 named named 724 Apr 27 06:39 feiyu.com.zone
</code>

使用从服务器解析域,解析前先修改从服务器的/etc/resolv.conf中的第一条nameserver记录为自己。

<code>
[root@localhost slaves]# dig  -t NS  feiyu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS feiyu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40205
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;feiyu.com.			IN	NS

;; ANSWER SECTION:
feiyu.com.		600	IN	NS	ns2.feiyu.com.
feiyu.com.		600	IN	NS	ns1.feiyu.com.

;; ADDITIONAL SECTION:
ns1.feiyu.com.		600	IN	A	192.168.1.1
ns2.feiyu.com.		600	IN	A	192.168.1.2

;; Query time: 1 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Mon Apr 27 06:10:14 2015
;; MSG SIZE  rcvd: 95
</code>

解析域的A记录

<code>
[root@localhost slaves]# dig  -t A  www.feiyu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t A www.feiyu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61903
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.feiyu.com.			IN	A

;; ANSWER SECTION:
www.feiyu.com.		600	IN	A	192.168.1.1
www.feiyu.com.		600	IN	A	192.168.1.3

;; AUTHORITY SECTION:
feiyu.com.		600	IN	NS	ns1.feiyu.com.
feiyu.com.		600	IN	NS	ns2.feiyu.com.

;; ADDITIONAL SECTION:
ns1.feiyu.com.		600	IN	A	192.168.1.1
ns2.feiyu.com.		600	IN	A	192.168.1.2

;; Query time: 4 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Mon Apr 27 06:26:00 2015
;; MSG SIZE  rcvd: 131
</code>

子域授权设置
除了 Master/Slave 需要协同 DNS 服务器共同提供服务之外,DNS 之间如果有上层、下属的关系时,上层的 DNS 希望要将某些域的解析直接交给下层负责人来负责,要怎么设定呢?很简单,1.设置上层DNS服务器的授权,2,设置下层 DNS 服务器的解析。

主服务器端上层 DNS 服务器设置授权,修改 /var/named/feiyu.com.zone 文件,

<code>
[root@localhost ~]# vim  /var/named/feiyu.com.zone 
1 $TTL  600
  2 feiyu.com.     IN     SOA       ns1.feiyu.com. admin.feiyu.com. (
  3                                         20150422
  4                                         1M
  5                                         5M
  6                                         2D
  7                                         1H)
  8 
  9                 IN      NS      ns1
 10                 IN      NS      ns2
 11                 IN      MX   10 mail
 12 ns1             IN      A       192.168.1.1
 13 ns2             IN      A       192.168.1.2
 14 mail            IN      A       192.168.1.2
 15 www             IN      A       192.168.1.1
 16 www             IN      A       192.168.1.3
 17 pop             IN      A       192.168.1.4
 18 ftp1            IN      CNAME   www
 19 ftp             IN      A       192.168.1.1
 20 imap            IN      A       192.168.1.5
 21 hello           IN      A       192.168.1.6
 22 asd             IN      A       192.168.1.7
 23 
 24 fin             IN      NS      ns1.fin                       --->添加此条记录
 25 ns1.fin         IN      A       192.168.1.8               --->添加此条记录
</code>

为了简单起见,先不添加PTR记录,然后设置子域下层 DNS 服务器的配置文件:

<code>
[root@localhost named]# vim  /etc/named.conf
  1 options {
  2 
  3         directory  "/var/named";
  4         /*recursion  no;     /*允许递归,默认开启*/
  5         /*allow-query   拒绝传送 */
  6         /*allow-transfer     定义在此则允许所有主机进行传送*/
  7 
  8 };
  9 
 10 
 11 zone "." IN  {                  /*解析根*/
 12 
 13         type  hint;
 14         file "named.ca";
 15         /*allow-transfer { none;};  /*没有从服务器不传送*/
 16 };
 17 
 18 zone "localhost"  IN {           /*解析自己*/
 19         type master;
 20         file "named.localhost";
 21         allow-transfer { none; };  /*没有从服务器不传送*/
 22 };
 23 
 24 zone "0.0.127.in-addr.arpa"  IN {   /*反向解析自己*/
 25         type  master;
 26         file "named.loopback";
 27         allow-transfer {none;};
 28 };
 29 
 30 zone  "fin.feiyu.com"  IN {       /*定义子域,不设置反解*/
 31         type  master;
 32         file  "fin.feiyu.com.zone";    
 33 };
 34 
 35 zone "feiyu.com" IN {
 36         type forward;                ----->设置主服务器为其转发
 37         forward first;
 38         forwarders {192.168.1.1; };
 39 };
 40 
</code>

设置正向解析文件,与上面的设置方法相同

<code>
[root@localhost ~]# vim  /var/named/fin.feiyu.com.zone 
  1 $TTL  600
  2 @     IN     SOA        ns1.fin.feiyu.com. admin.fin.feiyu.com. (
  3                                         20150420
  4                                         1M
  5                                         5M
  6                                         2D
  7                                         1H)
  8 
  9                 IN      NS      ns1
 10                 IN      MX   10 mail
 11 ns1             IN      A       192.168.1.8
 12 mail            IN      A       192.168.1.9
 13 www             IN      A       192.168.1.10
</code>

启动服务前先设置/etc/resolv.conf 指向自己,否则解析不到

<code>
[root@localhost ~]# service named  start
</code>

开始解析自定义的域

<code>
[root@localhost named]# dig -t NS  fin.feiyu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS fin.feiyu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27403
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;fin.feiyu.com.			IN	NS

;; ANSWER SECTION:
fin.feiyu.com.		600	IN	NS	ns1.fin.feiyu.com.

;; ADDITIONAL SECTION:
ns1.fin.feiyu.com.	600	IN	A	192.168.1.8

;; Query time: 1 msec
;; SERVER: 192.168.1.8#53(192.168.1.8)
;; WHEN: Mon Apr 27 06:53:41 2015
;; MSG SIZE  rcvd: 65

[root@localhost named]# dig -t A  www.fin.feiyu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t A www.fin.feiyu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59996
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.fin.feiyu.com.		IN	A

;; ANSWER SECTION:
www.fin.feiyu.com.	600	IN	A	192.168.1.10

;; AUTHORITY SECTION:
fin.feiyu.com.		600	IN	NS	ns1.fin.feiyu.com.

;; ADDITIONAL SECTION:
ns1.fin.feiyu.com.	600	IN	A	192.168.1.8

;; Query time: 2 msec
;; SERVER: 192.168.1.8#53(192.168.1.8)
;; WHEN: Mon Apr 27 06:53:51 2015
;; MSG SIZE  rcvd: 85
</code>

通过转发也可以解析到feiyu域的NS服务器

<code>
[root@localhost ~]# dig -t NS  feiyu.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS feiyu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65337
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;feiyu.com.			IN	NS

;; ANSWER SECTION:
feiyu.com.		571	IN	NS	ns1.feiyu.com.
feiyu.com.		571	IN	NS	ns2.feiyu.com.

;; ADDITIONAL SECTION:
ns1.feiyu.com.		571	IN	A	192.168.1.1
ns2.feiyu.com.		571	IN	A	192.168.1.2

;; Query time: 1 msec
;; SERVER: 192.168.1.8#53(192.168.1.8)
;; WHEN: Mon Apr 27 07:06:36 2015
;; MSG SIZE  rcvd: 95
</code>

到此就OK了!!!


DevOps-田飞雨 》》转载请注明源地址
喜欢 (2)or分享 (0)
发表我的评论
取消评论
*

表情 贴图 加粗 链接 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址