當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

使用BIND安装智能DNS服务器（一）---基本的主从DNS服务器搭建

發(fā)布時間：2023/12/10 编程问答 26 豆豆

生活随笔收集整理的這篇文章主要介紹了使用BIND安装智能DNS服务器（一）---基本的主从DNS服务器搭建小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

參考網(wǎng)址：http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/　　

DNS(Domain Name System) 將主機名或者URLS翻譯成IP地址。

例如：如果在瀏覽器輸入網(wǎng)址 "www.unixmen.com"?

DNS server 將把這個域名翻譯成和他關(guān)聯(lián)的IP地址。

就是說：DNS servers 用于將類似 www.unixmen.com 這樣的名稱?翻譯成 173.xxx.xxx.xxx 這樣是為了方便人們記住域名，而不是IP地址。

方案

主(primary/master) DNS Server
環(huán)境配置：

操作系統(tǒng) : CentOS 6.5 server 主機名 : masterdns.unixmen.local IP地址 : 192.168.1.100/24

從(secondary/slave) DNS Server
環(huán)境配置：

操作系統(tǒng) : CentOS 6.5 server 主機名 : secondarydns.unixmen.local IP地址 : 192.168.1.101/24

客戶端環(huán)境：

操作系統(tǒng) : CentOS 6.5 Desktop 主機名 : Client.unixmen.local IP地址 : 192.168.1.102/24

安裝主(primary/master) DNS Server
[root@masterdns ~]# yum install bind* -y
1.配置DNS Server
添加如下所示行到/etc/named.conf文件中
[root@masterdns ~]# vi /etc/named.conf

// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### 主DNS 的 IP地址 ### listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; ### 允許訪問網(wǎng)絡(luò)的IP范圍，末尾的 /24 是網(wǎng)絡(luò)掩碼的縮寫表示（在本例中為 255.255.255.0）### allow-transfer{ localhost; 192.168.1.101; }; ### 從 DNS IP ### recursion yes; ###是否允許遞歸，有建議說應(yīng)設(shè)置為no，為了是防止DDOS攻擊### dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; };//自定義的正向和反向解析 zone"unixmen.local" IN { type master; file "forward.unixmen"; //正向解析文件名 allow-update { none; }; }; zone"1.168.192.in-addr.arpa" IN { type master; file "reverse.unixmen";//反向解析文件名 allow-update { none; }; };include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

2.創(chuàng)建zone文件
以下文件已經(jīng)在/etc/named.conf中定義

2.1 創(chuàng)建正向Zone
創(chuàng)建forward.unixmen 文件在 /var/named 目錄下
[root@masterdns ~]# vi /var/named/forward.unixmen

$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN A 192.168.1.100 @ IN A 192.168.1.101 @ IN A 192.168.1.102 masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 client IN A 192.168.1.102

2.2創(chuàng)建反向Zone
創(chuàng)建reverse.unixmen 文件在 /var/named 目錄下
[root@masterdns ~]# vi /var/named/reverse.unixmen

$TTL 86400 @ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.unixmen.local. @ IN NS secondarydns.unixmen.local. @ IN PTR unixmen.local. masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 client IN A 192.168.1.102 100 IN PTR masterdns.unixmen.local. 101 IN PTR secondarydns.unixmen.local. 102 IN PTR client.unixmen.local.

3.啟動DNS服務(wù)
[root@masterdns ~]# service named start
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on

4.調(diào)整防火墻允許DNS Server 訪問外部網(wǎng)絡(luò)
添加以下內(nèi)容到 /etc/sysconfig/iptables 文件中
[root@masterdns ~]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]#添加DNS Server -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

5.重啟防火墻
[root@masterdns ~]# service iptables restart

iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]

6.設(shè)置當前的DNS服務(wù)器
添加以下內(nèi)容到 /etc/resolv.conf 文件中
[root@masterdns ~]# vim /etc/resolv.conf
nameserver 192.168.1.131

7.測試DNS配置和zone文件是否有語法錯誤
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK

8.測試DNS Server
[root@masterdns ~]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSsecondarydns.unixmen.local. unixmen.local.86400INNSmasterdns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 6 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:07:56 2013 ;; MSG SIZE rcvd: 114

[root@masterdns ~]# nslookup unixmen.local

Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100 Name:unixmen.local Address: 192.168.1.101

現(xiàn)在主DNS Server 已經(jīng)可以使用了

安裝從(Secondary/Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
1.配置從DNS Server
添加如下所示行到/etc/named.conf文件中
[root@secondarydns ~]# vi /etc/named.conf

// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.1.101; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone"unixmen.local" IN { type slave; file "slaves/unixmen.fwd"; masters { 192.168.1.100; }; }; zone"1.168.192.in-addr.arpa" IN { type slave; file "slaves/unixmen.rev"; masters { 192.168.1.100; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

2.啟動DNS服務(wù)
[root@secondarydns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@secondarydns ~]# chkconfig named on

現(xiàn)在主DNS server上的正向和反向zone文件，被自動復制到了從 DNS Server 的 /var/named/slaves/ 目錄下
[root@secondarydns ~]# ls /var/named/slaves/
unixmen.fwd unixmen.rev

[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd

$ORIGIN . $TTL 86400; 1 day unixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS masterdns.unixmen.local. NS secondarydns.unixmen.local. A192.168.1.100 A192.168.1.101 A192.168.1.102 $ORIGIN unixmen.local. clientA192.168.1.102 masterdnsA192.168.1.100 secondarydnsA192.168.1.101

[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev?

$ORIGIN . $TTL 86400; 1 day 1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. ( 2011071001 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS masterdns.unixmen.local. NS secondarydns.unixmen.local. PTRunixmen.local. $ORIGIN 1.168.192.in-addr.arpa. 100PTRmasterdns.unixmen.local. 101PTRsecondarydns.unixmen.local. 102PTRclient.unixmen.local. clientA192.168.1.102 masterdnsA192.168.1.100 secondarydnsA192.168.1.101

3.添加DNS Server到所有系統(tǒng)中
[root@secondarydns ~]# vi /etc/resolv.conf

# Generated by NetworkManager search ostechnix.com nameserver 192.168.1.100 nameserver 192.168.1.101 nameserver 8.8.8.8

4.測試DNS Server
[root@secondarydns ~]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 15 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:27:57 2013 ;; MSG SIZE rcvd: 114

[root@secondarydns ~]# dig secondarydns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;secondarydns.unixmen.local.INA ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; Query time: 4 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:31:53 2013 ;; MSG SIZE rcvd: 114[root@secondarydns ~]# nslookup unixmen.local Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.101 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100

client配置
添加DNS Server到所有客戶端的 /etc/resolv.conf 文件中
[root@client unixmen]# vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

測試DNS Server

[root@client unixmen]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.unixmen.local.INA ;; ANSWER SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 30 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:47:55 2013 ;; MSG SIZE rcvd: 114

[root@client unixmen]# dig secondarydns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;secondarydns.unixmen.local.INA ;; ANSWER SECTION: secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; AUTHORITY SECTION: unixmen.local.86400INNSsecondarydns.unixmen.local. unixmen.local.86400INNSmasterdns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 ;; Query time: 8 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:48:38 2013 ;; MSG SIZE rcvd: 114

[root@client unixmen]# dig client.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;client.unixmen.local.INA ;; ANSWER SECTION: client.unixmen.local.86400INA192.168.1.102 ;; AUTHORITY SECTION: unixmen.local.86400INNSmasterdns.unixmen.local. unixmen.local.86400INNSsecondarydns.unixmen.local. ;; ADDITIONAL SECTION: masterdns.unixmen.local. 86400INA192.168.1.100 secondarydns.unixmen.local. 86400 INA192.168.1.101 ;; Query time: 5 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:49:11 2013 ;; MSG SIZE rcvd: 137

[root@client unixmen]# nslookup unixmen.local

Server:192.168.1.100 Address:192.168.1.100#53 Name:unixmen.local Address: 192.168.1.102 Name:unixmen.local Address: 192.168.1.100 Name:unixmen.local Address: 192.168.1.101

現(xiàn)在主從DNS Server已經(jīng)可以使用了

轉(zhuǎn)載于:https://www.cnblogs.com/etangyushan/p/4309014.html

總結(jié)

以上是生活随笔為你收集整理的使用BIND安装智能DNS服务器（一）---基本的主从DNS服务器搭建的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。