Red Hat Enterprise Linux Server release 5.5 (Tikanga) 上搭建DNS服务器
软件环境:Red Hat Enterprise Linux Server release 5.5 (Tikanga)
0、本机IP地址
[root@rhels5532 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:4B:27:5A inet addr:192.168.1.210 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe4b:275a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:61765 errors:0 dropped:0 overruns:0 frame:0 TX packets:80 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6013360 (5.7 MiB) TX bytes:13070 (12.7 KiB) eth1 Link encap:Ethernet HWaddr 08:00:27:97:2E:A5 inet addr:192.168.56.10 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe97:2ea5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4829 errors:0 dropped:0 overruns:0 frame:0 TX packets:5507 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:408357 (398.7 KiB) TX bytes:948999 (926.7 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:70 errors:0 dropped:0 overruns:0 frame:0 TX packets:70 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7752 (7.5 KiB) TX bytes:7752 (7.5 KiB) [root@rhels5532 ~]#
1、安装DNS软件包
[root@rhels5532 etc]# yum install bind* Loaded plugins: rhnplugin, security This system is not registered with RHN. RHN support will be disabled. Setting up Install Process Package 30:bind-sdb-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-libs-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-utils-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Package 30:bind-libbind-devel-9.3.6-4.P1.el5_4.2.i386 already installed and latest version Nothing to do
[root@rhels5532 etc]# yum install caching* Loaded plugins: rhnplugin, security This system is not registered with RHN. RHN support will be disabled. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package caching-nameserver.i386 30:9.3.6-4.P1.el5_4.2 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Installing: caching-nameserver i386 30:9.3.6-4.P1.el5_4.2 base 61 k Transaction Summary ============================================================================================================================================== Install 1 Package(s) Upgrade 0 Package(s) Total download size: 61 k Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : caching-nameserver 1/1 Installed: caching-nameserver.i386 30:9.3.6-4.P1.el5_4.2 Complete!
2、配置/var/named/chroot/etc/named.conf 文件
先拷贝生成该文件
[root@rhels5532 etc]# pwd /var/named/chroot/etc [root@rhels5532 etc]# ll total 24 -rw-r--r-- 1 root root 3519 Feb 27 2006 localtime -rw-r----- 1 root named 1230 Jan 18 2010 named.caching-nameserver.conf -rw-r----- 1 root named 955 Jan 18 2010 named.rfc1912.zones -rw-r----- 1 root named 113 Dec 2 18:59 rndc.key [root@rhels5532 etc]# cp -p named.caching-nameserver.conf named.conf
修改后的文件内容如下
[root@rhels5532 etc]# vi named.conf // // named.caching-nameserver.conf // // Provided by Red Hat caching-nameserver package to configure the // ISC BIND named(8) DNS server as a caching only nameserver // (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // DO NOT EDIT THIS FILE - use system-config-bind or an editor // to create named.conf - edits to this file will be lost on // caching-nameserver package upgrade. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { any; }; allow-query-cache { any; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { any; }; match-destinations { any; }; recursion yes; include "/etc/named.rfc1912.zones"; }; ~ ~ ~ "named.conf" 41L, 1200C written
说明:
为简单起见,将该文件中的127.0.0.1、localhost 全部修改成any,且修改时,需
要注意左右两边留空格。修改部分在上述配置文件中以红色加粗标示。
通过拷贝来生成/var/named/chroot/etc/named.conf 文件时,注意加上-p 选项,来保证文
件的权限问题,否则会导致DNS 服务启不来!
3、配置Zone 文件,修改/var/named/chroot/etc/named.rfc1912.zones 文件
配置Zone 的目的是为了解析SCAN IP,在该文件末尾添加以下反向Zone:
zone "1.168.192.in-addr.arpa." IN { type master; file "0.168.192.in-addr.arpa"; allow-update { none; }; };
配置反向Zone 之后的该文件内容如下:
[root@rhels5532 etc]# vi /var/named/chroot/etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "1.168.192.in-addr.arpa." IN { type master; file "0.168.192.in-addr.arpa"; allow-update { none; }; }; "named.rfc1912.zones" 55L, 1066C written
说明:
正常情况下还应该配置正向Zone 文件。这里,我们的RAC 双节点node1、node2
的域名domain 都设置为localdomain , 而默认情况下, 该配置文件
(/var/named/chroot/etc/named.rfc1912.zones)的第15 行到第20 行中已经自带下述正向Zone 文
件配置信息,所以无需再添加。
zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; };
4、 配置正、反向解析数据库文件。在/var/named/chroot/var/named 路径下进行配置
首先,生成正、反向解析数据库文件。
利用/var/named/chroot/var/named/localhost.zone 复制生成正向解析的数据库文件,
利用/var/named/chroot/var/named/localhost.zone 复制生成名为0.16.172.in-addr.arpa 的反向解析的数据库文件。
[root@rhels5532 named]# ll total 44 drwxrwx--- 2 named named 4096 Aug 26 2004 data -rw-r----- 1 root named 198 Jan 18 2010 localdomain.zone -rw-r----- 1 root named 195 Jan 18 2010 localhost.zone -rw-r----- 1 root named 427 Jan 18 2010 named.broadcast -rw-r----- 1 root named 1892 Jan 18 2010 named.ca -rw-r----- 1 root named 424 Jan 18 2010 named.ip6.local -rw-r----- 1 root named 426 Jan 18 2010 named.local -rw-r----- 1 root named 427 Jan 18 2010 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves [root@rhels5532 named]# cp -p named.local 1.168.192.in-addr.arpa [root@rhels5532 named]# ll total 48 -rw-r----- 1 root named 426 Jan 18 2010 1.168.192.in-addr.arpa drwxrwx--- 2 named named 4096 Aug 26 2004 data -rw-r----- 1 root named 198 Jan 18 2010 localdomain.zone -rw-r----- 1 root named 195 Jan 18 2010 localhost.zone -rw-r----- 1 root named 427 Jan 18 2010 named.broadcast -rw-r----- 1 root named 1892 Jan 18 2010 named.ca -rw-r----- 1 root named 424 Jan 18 2010 named.ip6.local -rw-r----- 1 root named 426 Jan 18 2010 named.local -rw-r----- 1 root named 427 Jan 18 2010 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
说明:
在上述步骤③中我们没有配置正向Zone 文件,故只需生成反向解析数据库文件,正向解析数据库文件利用默认的localdomain.zone 文件。
生成的正、反向解析数据库文件名一定要同上述步骤③中定义的正、反向Zone 文件一致,否则DNS 出错!
然后,定义正、反向解析数据库文件。
在正向解析数据库文件localdomain.zone 末尾添加下述内容:
SCAN-CLUSTER IN A 192.168.1.203
添加后内容如下:
[root@rhels5532 named]# vi localdomain.zone $TTL 86400 @ IN SOA localhost root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS localhost localhost IN A 127.0.0.1 SCAN-CLUSTER IN A 192.168.1.203
在反向解析数据库文件0.16.172.in-addr.arpa 末尾添加下述内容:
203 IN PTR SCAN-CLUSTER.localdomain
添加后内容如下:
[root@rhels5532 named]# vi 1.168.192.in-addr.arpa $TTL 86400 @ IN SOA localhost. root.localhost. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS localhost. 1 IN PTR localhost. 203 IN PTR SCAN-CLUSTER.localdomain
>测试DNS服务器解析SCAN IP正常
首先,在DNS 服务器172.16.0.176 上启动DNS 服务:
[root@rhels5532 named]# /etc/init.d/named status rndc: connect failed: 127.0.0.1#953: connection refused named is stopped [root@rhels5532 named]# /etc/init.d/named start Starting named: [ OK ] [root@rhels5532 named]# /etc/init.d/named status number of zones: 7 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/1000 tcp clients: 0/100 server is up and running named (pid 3114) is running... [root@rhels5532 named]# chkconfig named on
其次,在192.168.1.150这台机器的/etc/resolv.conf配置文件中添加如下配置信息
search localdomain nameserver 192.168.1.210
添加之后
[root@BJRAC ~]# vi /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com search localdomain nameserver 192.168.1.210
最后,测试SCAN IP是否成功
[root@BJRAC ~]# nslookup 192.168.1.203 Server: 192.168.1.210 Address: 192.168.1.210#53 203.1.168.192.in-addr.arpa name = SCAN-CLUSTER.localdomain.1.168.192.in-addr.arpa. [root@BJRAC ~]# nslookup SCAN-CLUSTER.localdomain. Server: 192.168.1.210 Address: 192.168.1.210#53 Name: SCAN-CLUSTER.localdomain Address: 192.168.1.203 [root@BJRAC ~]# nslookup SCAN-CLUSTER Server: 192.168.1.210 Address: 192.168.1.210#53 Name: SCAN-CLUSTER.localdomain Address: 192.168.1.203
出现上述信息,表示配置成功;
节点2配置DNS服务器参数
Last login: Mon Feb 17 18:03:29 2014 from 192.168.56.1 [root@CQRAC ~]# vi /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com search localdomain nameserver 192.168.1.210 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "/etc/resolv.conf" 11L, 272C written [root@CQRAC ~]# nslookup 192.168.1.203 Server: 192.168.1.210 Address: 192.168.1.210#53 203.1.168.192.in-addr.arpa name = SCAN-CLUSTER.localdomain.1.168.192.in-addr.arpa. [root@CQRAC ~]# nslookup SCAN-CLUSTER.localdomain Server: 192.168.1.210 Address: 192.168.1.210#53 Name: SCAN-CLUSTER.localdomain Address: 192.168.1.203 [root@CQRAC ~]# nslookup SCAN-CLUSTER Server: 192.168.1.210 Address: 192.168.1.210#53 Name: SCAN-CLUSTER.localdomain Address: 192.168.1.203 [root@CQRAC ~]#