1、DNS构架centos5.3搭建DNS多域名解析服务器 2009-08-03 17:57:11标签:centos 5.3 dns 多域名推送到技术圈 centos5.3下搭建DNS服务器一、域名与域名解析网络中为了区别各个主机,必须为每台主机分配一个惟一的地址,这个地址即称为“IP 地址”。但这些数字难以记忆,所以就采用“域名”的方式来取代这些数字了。不过最终还是必须将域名转换为对应的IP 地址才能访问主机。DNS 服务,又叫域名解析服务,即提供域名与IP 地址的相互转换。域名的正向解析是将主机名转换成IP 地址的过程,域名的反向解析是将IP 地址转换成主机名的过程。通常我们很少需要将IP 地
2、址转换成主机名,即反向解析。反向解析经常被一些后台程序使用,用户看不到。二、DNS 架构域的层次结构如同一棵倒立的树,层次结构非常清晰,如图所示。根域位于顶部,紧接着在根域的下面是几个顶级域,每个顶级域又可以进一步划分为不同的二级域,二级域再划分出子域,子域下面可以是主机也可以是再划分的子域,直到最后的主机。在Internet 中的域是由InterNIC负责管理的,域名的服务则由DNS 来实现。三、DNS 解析流程1、客户机请求解析的IP 地址,如果本地hosts文件中没有相关解析,则向本地DNS服务器发出解析请求;2、如果本地DNS服务器有该域名的解析信息,则直接返回给客户机;如果本地DNS
3、 服务器没有该域名的解析信息,则本地DNS 服务器向根DNS服务器询问的IP地址;3、如果根DNS 服务器有该域名的解析信息,则直接返回信息给本地DNS 服务器,本地DNS 服务器再将解析信息返回给客户机;如果根DNS 服务器没有该域名的解析信息,则返回管辖.cn解析业务的DNS 服务器的IP 地址;4、本地DNS 服务器向管辖.cn的DNS 服务器询问的IP 地址;5、如果.cn 服务器有该域名的解析信息,则直接返回信息给本地DNS 服务器,本地DNS服务器再将解析信息返回给客户机;如果.cn DNS 服务器没有该域名的解析信息,则管辖.cn解析业务的DNS服务器告知的DNS 服务器的IP地
4、址;6、本地DNS 服务器向管辖的DNS服务器询问的IP 地址;7、如果 服务器有该域名的解析信息,则直接返回信息给本地DNS 服务器,本地DNS 服务器再将解析信息返回给客户机;如果 DNS 服务器没有该域名的解析信息,则管辖解析业务的DNS 服务器告知的DNS服务器的IP地址;8、本地DNS服务器向管辖的DNS 服务器询问www. IP 地址;9、管辖的DNS服务器告知的DNS服务器的IP地址;10、本地DNS服务器解析出的IP 地址,并传回给客户机。四、搭建centos5.3下的DNS多域解析服务器系统平台:centos5.3 内核版本:2.6.18-128.2.1.el5DNS 服务器
5、IP :192.168.2.210Web 服务器A: 192.168.2.181Mail服务器B: 192.168.2.182Web 服务器C:www.chinaunix.org 192.168.2.183Mail服务器D:mail.chinaunix.org 192.168.2.1851、安装bind相关软件包rootserver # yum -y install bind* caching-nameserver2、修改主配置文件rootserver # cd /var/named/chroot/etc/rootserver etc# cp p named.caching-nameserve
6、r.conf named.confrootserver etc# cp p named.rfc1912.zones named.rfc1912.zones.bak备注:cp 参数-p 除复制源文件的内容外,还将把其修改时间和访问权限也复制到新文件中。这里大多数配置文件的属主是root,组为named,如果只是cp,启动named 服务时会报错。rootserver etc# vi named.conf/ named.caching-nameserver.conf/ Provided by Red Hat caching-nameserver package to configure the/
7、ISC BIND named(8) DNS server as a caching only nameserver/ (as a localhost DNS resolver only)./ See /usr/share/doc/bind*/sample/ for example named configurationfiles./ DO NOT EDIT THIS FILE - use system-config-bind or an editor/ to create named.conf - edits to this file will be lost on/ caching-name
8、server package upgrade./options listen-on port 53 any; ;listen-on-v6 port 53 :1; ;directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;memstatistics-file /var/named/data/named_mem_stats.txt;/ Those options should be used carefully because they
9、disable port/ randomization/ query-source port 53;/ query-source-v6 port 53;allow-query any; ;logging channel default_debug file data/named.run;severity dynamic;view localhost_resolver match-clients any; ;match-destinations any; ;recursion yes;include /etc/named.rfc1912.zones;rootserver etc# vi name
10、d.rfc1912.zones/ named.rfc1912.zones:/ Provided by Red Hat caching-nameserver package/ ISC BIND named zone configuration for zones recommended by/ RFC 1912 section 4.1 : localhost TLDs and address zones/ See /usr/share/doc/bind*/sample/ for example named configurationfiles./zone . IN type hint;file
11、named.ca; # 根DNS服务器配置文件;zone localdomain IN type master;file localdomain.zone;allow-update none; ; # 模板1;zone 0.0.127.in-addr.arpa IN type master;file named.local;allow-update none; ; # 模板2;zone IN type master;file .zone;allow-update none; ; # 模板1复制并修改后的;zone chinaunix.org IN type master;file chinau
12、nix.org.zone;allow-update none; ; # 模板1复制并修改后的;zone 2.168.192.in-addr.arpa IN type master;file 2.168.192.in-addr.local;allow-update none; ; # 模板2 复制并修改后的;备注:蓝色字体是添加、修改过的;3、Zone配置文件rootserver etc# cd ./var/named/rootserver named# cp p localdomain.zone .zonerootserver named# cp p localdomain.zone chin
13、aunix.org.zonerootserver named# cp p named.local 2.168.192.in-addr.localrootserver named# vi .zone$TTL 86400 IN SOA localhost root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS .IN MX 10 .www IN A 192.168.2.181mail IN A 192.168.2.182rootserver named# vi chinaunix.org.z
14、one$TTL 86400 IN SOA localhost root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS chinaunix.org.IN MX 10 mail.chinaunix.org.www IN A 192.168.2.183mail IN A 192.168.2.185rootserver named# vi 2.168.192.in-addr.local$TTL 86400 IN SOA localhost. root.localhost. (1997022700
15、 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS .IN NS chinaunix.org.181 IN PTR .182 IN PTR .183 IN PTR www.chinaunix.org.185 IN PTR mail.chinaunix.org.4、测试rootserver # nslookup Server: 192.168.2.210Address: 192.168.2.210#53Name: Address: 192.168.2.181 www.chinaunix.orgSe
16、rver: 192.168.2.210Address: 192.168.2.210#53Name: www.chinaunix.orgAddress: 192.168.2.182 Server: 192.168.2.210Address: 192.168.2.210#53Name: Address: 192.168.2.183 mail.chinaunix.orgServer: 192.168.2.210Address: 192.168.2.210#53Name: Address: 192.168.2.185 192.168.2.181Server: 192.168.2.210Address:
17、 192.168.2.210#53181.2.168.192.in-addr.arpa name = . 192.168.2.182Server: 192.168.2.210Address: 192.168.2.210#53182.2.168.192.in-addr.arpa name = . 192.168.2.183Server: 192.168.2.210Address: 192.168.2.210#53183.2.168.192.in-addr.arpa name = www.chinaunix.org. 192.168.2.185Server: 192.168.2.210Addres
18、s: 192.168.2.210#53185.2.168.192.in-addr.arpa name = mail.chinaunix.org.备注:蓝色为键盘输入五、结束资料转自互联网,仅供学习交流.本文出自 51CTO.COM技术博客用centos 5.2做智能DNS服务器 -2009-04-23 17:47:32标签:centos DNS 智能推送到技术圈 版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。 1、安装openssltar -zxvf openssl-0.9.8d.tar.gzcd openssl-0.9.8d
19、./config -prefix=/usr/local/opensslmake;make install2、安装bindtar -zxvf bind-9.5.1-P2.tar.gzcd bind-9.5.1-P2./configure -prefix=/usr/local/named/ -mandir=/usr/local/share/man/ -enable-threads -with-openssl=/usr/local/openssl/make;make installgroupadd -g 25 nameduseradd -u 25 -g 25 -d /usr/local/named
20、-s /sbin/nologin namedmkdir /usr/local/named/namedb开始配置bind创建 rndc.conf文件,用bind自带程序生成cd /usr/local/named/sbin/rndc-confgen etc/rndc.conf把rndc.conf 中的key信息输出到 named.conf 中cd /etc/tail n10 rndc.conf | head -n9 | sed -e s/# /g ./named.conf编辑named.conf vi named.conf写入以下内容:options directory /usr/local/na
21、med; dump-file /usr/local/named/data/cache_dump.db; statistics-file /usr/local/named/data/named_stats.txt; version ; datasize 40M; allow-transfer trusted-lan; ; recursion yes; allow-notify trusted-lan; ; allow-recursion trusted-lan; ; auth-nxdomain no; forwarders 202.103.44.150; 202.103.24.68; ;logg
22、ing channel warning file /usr/local/named/var/dns_warning versions 3 size 1240k; severity warning; print-category yes; print-severity yes; print-time yes; ; channel general_dns file /usr/local/named/var/dns_log versions 3 size 1240k; severity info; print-category yes; print-severity yes; print-time
23、yes; ; category default warning; ; category queries general_dns; ;include cnc_acl.conf;include telecom_acl.conf;view view_cnc match-clients CNC; ; zone . type hint; file named.ca; ; include master/cnc.def;view view_telecom match-clients TELECOM; ; zone . type hint; file named.ca; ; include master/te
24、lecom.def;view view_any match-clients any; ; zone . type hint; file named.ca; ; include master/any.def;保存,退出。3、安装IP地址段查询工具Ripe-dbase-client-v3:下载软件包:wget urltar zxvf ripe-dbase-client-v3.tar.gzcd whois-3.1./configure -prefix=/usrmake;make install4、设置配置文件mkdir /usr/local/named/datamkdir /usr/local/na
25、med/masterwget urlftp:/ftp.internic.org/domain/named.root/url -O /usr/local/named/named.ca配置ACL文件/usr/bin/whois3 -h -l -i mb MAINT-CNCGROUP | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl CNC print $1;ENDprint ; /usr/local/named/cnc_acl.conf/usr/bin/whois3 -
26、h -l -i mb MAINT-CHINANET | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl TELECOM print $1;ENDprint ; /usr/local/named/telecom_acl.conf增加域名解析配置文件设置网通解析配置文件:vi /usr/local/named/master/cnc.def=cnc.def begin=zone type master; file master/cnc/;allow-transfer 192.168.1.100 ; ; notify yes; also-notify 192.168.1.100 ; ;=cnc.def end= 设置电信解析配置文件:vi /usr/local/named/master/telecom.def=telecom.def begin=zone type master; file master/telecom/; allow-transfer 192.168.1.100 ; ; notify yes; also-notify
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1
升级会员 