如何在CentOS 6.5中设置DNS服务器
时间:2020-03-21 11:47:04 来源:igfitidea点击:
DNS(域名系统)是网络基础架构的核心组件。
DNS服务将主机名解析为IP地址,反之亦然。
例如,如果在浏览器中键入theitroad.com,则DNS服务器将域名转换为其对应的IP地址。
因此,它让我们轻松记住域名而不是其IP地址。
此操作方法将向我们展示如何安装和配置主DNS服务器和辅助DNS服务器。
这里提供的步骤在CentOS 6.5 32位版中进行了测试,但它应该在RHEL 6.x(x代表版)中工作,也是科学的Linux 6.x。
方案
以下是我的测试设置方案
[A]主(主机)DNS服务器详细信息:
Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : masterdns.theitroad.com IP Address : 192.168.1.200/24
[b]辅助(SLAVE)DNS服务器详细信息:
Operating System : CentOS 6.5 32 bit (Minimal Server) Hostname : slavedns.theitroad.com IP Address : 192.168.1.201/24
安装主(MASTER)DNS服务器
[Hyman@theitroad ~]# yum install bind* -y
1.配置DNS服务器
DNS的主要配置如下所示。
编辑并添加下面的条目,在此配置文件中标记为粗体。
[Hyman@theitroad ~]# vi /etc/named.conf
//
//named.conf
//
//Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
//server as a caching only nameserver (as a localhost DNS resolver only).
//
//See /usr/share/doc/bind*/sample/for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;}; ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; }; ## Slave DNS IP ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"theitroad.com" IN {
type master;
file "fwd.theitroad.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.theitroad.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.创建区域文件
现在我们应该创建我们在"/etc/named.conf"文件中提到的前向和反向区域文件。
[a]创建前向区域
在'/var/named'目录中创建"fwd.theitroad.com"文件,并添加前向区域的条目,如下所示。
[Hyman@theitroad ~]# vi /var/named/fwd.theitroad.com
$TTL 86400
@ IN SOA masterdns.theitroad.com. root.theitroad.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.theitroad.com.
@IN NS slavedns.theitroad.com.masterdns IN A 192.168.1.200
slavedns IN A 192.168.1.201
[b]创建反向区域
在'/var/named'目录中创建'rev.theitroad.com'文件,并添加反向区域的条目,如下所示。
[Hyman@theitroad ~]# vi /var/named/rev.theitroad.com
$TTL 86400
@ IN SOA masterdns.theitroad.com. root.theitroad.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@IN NS masterdns.theitroad.com.
@IN NS slavedns.theitroad.com.
masterdnsIN A 192.168.1.200
slavedns IN A 192.168.1.201
200 IN PTR masterdns.theitroad.com.
201 IN PTR slavedns.theitroad.com.
3.启动绑定服务
[Hyman@theitroad ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [Hyman@theitroad ~]# chkconfig named on
4.允许DNS服务器通过iptables
在'/etc/sysconfig/iptables'文件中添加以粗体字母显示的行。
这将允许所有客户端访问DNS服务器。
[Hyman@theitroad ~]# vi /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
5.重新启动iptables以保存更改
[Hyman@theitroad ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
6.测试DNS配置和区域文件的语法错误
[A]检查DNS配置文件
[Hyman@theitroad ~]# named-checkconf /etc/named.conf [Hyman@theitroad ~]# named-checkconf /etc/named.rfc1912.zones
[b]检查区域文件
[Hyman@theitroad ~]# named-checkzone theitroad.com /var/named/fwd.theitroad.com zone theitroad.com/IN: loaded serial 2011071001 OK [Hyman@theitroad ~]# named-checkzone theitroad.com /var/named/rev.theitroad.com zone theitroad.com/IN: loaded serial 2011071001 OK [Hyman@theitroad ~]#
7.测试DNS服务器
方法A:
[Hyman@theitroad ~]# dig masterdns.theitroad.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.theitroad.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.theitroad.com.INA ;; ANSWER SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: theitroad.com.86400INNSmasterdns.theitroad.com. theitroad.com.86400INNSslavedns.theitroad.com. ;; ADDITIONAL SECTION: slavedns.theitroad.com.86400INA192.168.1.201 ;; Query time: 5 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:48:35 2013 ;; MSG SIZE rcvd: 110
方法B:
[Hyman@theitroad ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.theitroad.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.theitroad.com. 1.168.192.in-addr.arpa.86400INNSslavedns.theitroad.com. ;; ADDITIONAL SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 slavedns.theitroad.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 12:49:53 2013 ;; MSG SIZE rcvd: 150
方法C:
[Hyman@theitroad ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.theitroad.com Address: 192.168.1.200
现在主DNS服务器已准备就绪
设置辅助(从)DNS服务器
[Hyman@theitroad ~]# yum install bind* -y
1.配置从站DNS服务器
打开主配置文件'/etc/named.conf'并添加按粗体字母所示的行。
[Hyman@theitroad ~]# vi /etc/named.conf
//
//named.conf
//
//Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
//server as a caching only nameserver (as a localhost DNS resolver only).
//
//See /usr/share/doc/bind*/sample/for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; }; ## Slve DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; }; ## IP Range ##
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"theitroad.com" IN {
type slave;
file "slaves/theitroad.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/theitroad.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2.启动DNS服务
[Hyman@theitroad ~]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] [Hyman@theitroad ~]# chkconfig named on
现在,前向和反向区域自动从主DNS服务器自动复制到从属DNS服务器。
要验证,转到DNS数据库位置(即'/var /命名/从')并使用命令'ls'。
[Hyman@theitroad ~]# cd /var/named/slaves/ [Hyman@theitroad slaves]# ls theitroad.fwd theitroad.rev
前向和反向区域自动从主DNS复制。
现在检查区域文件是否复制了正确的区域文件。
[a]检查前向区域:
[Hyman@theitroad slaves]# cat theitroad.fwd $ORIGIN . $TTL 86400; 1 day theitroad.comIN SOAmasterdns.theitroad.com. root.theitroad.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.theitroad.com. NSslavedns.theitroad.com. $ORIGIN theitroad.com. masterdnsA192.168.1.200 slavedns A192.168.1.201
[b]检查反向区域:
[Hyman@theitroad slaves]# cat theitroad.rev $ORIGIN . $TTL 86400; 1 day 1.168.192.in-addr.arpaIN SOAmasterdns.theitroad.com. root.theitroad.com. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NSmasterdns.theitroad.com. NSslavedns.theitroad.com. $ORIGIN 1.168.192.in-addr.arpa. 200PTRmasterdns.theitroad.com. 201PTRslavedns.theitroad.com. masterdnsA192.168.1.200 slavedns A192.168.1.201
3.将DNS服务器详细信息添加到所有系统
[Hyman@theitroad ~]# vi /etc/resolv.conf # Generated by NetworkManager search theitroad.com nameserver 192.168.1.200 nameserver 192.168.1.201 nameserver 8.8.8.8
4.测试DNS服务器
方法A:
[Hyman@theitroad ~]# dig slavedns.theitroad.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.theitroad.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;slavedns.theitroad.com.INA ;; ANSWER SECTION: slavedns.theitroad.com.86400INA192.168.1.201 ;; AUTHORITY SECTION: theitroad.com.86400INNSmasterdns.theitroad.com. theitroad.com.86400INNSslavedns.theitroad.com. ;; ADDITIONAL SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 ;; Query time: 7 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:00:17 2013 ;; MSG SIZE rcvd: 110
方法B:
[Hyman@theitroad ~]# dig masterdns.theitroad.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.theitroad.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.theitroad.com.INA ;; ANSWER SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 ;; AUTHORITY SECTION: theitroad.com.86400INNSmasterdns.theitroad.com. theitroad.com.86400INNSslavedns.theitroad.com. ;; ADDITIONAL SECTION: slavedns.theitroad.com.86400INA192.168.1.201 ;; Query time: 13 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:01:02 2013 ;; MSG SIZE rcvd: 110
方法C:
[Hyman@theitroad ~]# nslookup slavedns Server:192.168.1.200 Address:192.168.1.200#53 Name:slavedns.theitroad.com Address: 192.168.1.201
方法D:
[Hyman@theitroad ~]# nslookup masterdns Server:192.168.1.200 Address:192.168.1.200#53 Name:masterdns.theitroad.com Address: 192.168.1.200
方法E:
[Hyman@theitroad ~]# dig -x 192.168.1.201 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;201.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.theitroad.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSmasterdns.theitroad.com. 1.168.192.in-addr.arpa.86400INNSslavedns.theitroad.com. ;; ADDITIONAL SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 slavedns.theitroad.com.86400INA192.168.1.201 ;; Query time: 6 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:03:39 2013 ;; MSG SIZE rcvd: 150
方法F:
[Hyman@theitroad ~]# dig -x 192.168.1.200 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;200.1.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.theitroad.com. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa.86400INNSslavedns.theitroad.com. 1.168.192.in-addr.arpa.86400INNSmasterdns.theitroad.com. ;; ADDITIONAL SECTION: masterdns.theitroad.com. 86400INA192.168.1.200 slavedns.theitroad.com.86400INA192.168.1.201 ;; Query time: 4 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Sun Mar 3 13:04:15 2013 ;; MSG SIZE rcvd: 150
