Fork me on GitHub

DNS服务——服务端 和 客户端 配置

参考:Linux下DNS主从服务器搭建详解 

前言

电脑经常会出现一些网络小毛病。有的时候,QQ能正常上网,但是网页却打不开。这种时候十有八九是DNS出问题了。

QQ在DNS不可用的时候,可以跳过DNS解析,直接访问对方IP

实验环境

rhel-server-6.4-x86_64-dvd(ED2000.COM).iso最小化安装

常用公网DNS服务器

8.8.8.8

222.222.222.222

202.99.168.8

202.99.160.68

配置DNS服务器

设置本地yum源

搭建KVM环境——03 创建虚拟机后配置环境

安装bind

域名系统 (Domain Name System, DNS)一种因特网的通讯协议名称,提供这种服务的软件有很多,比如(Berkeley Internet Name Domain, BIND)。

[root@ziqiang ~]# yum list | grep bind
PackageKit-device-rebind.x86_64        0.5.8-21.el6                         vcd 
bind.x86_64                            32:9.8.2-0.17.rc1.el6                vcd 
bind-chroot.x86_64                     32:9.8.2-0.17.rc1.el6                vcd 
bind-dyndb-ldap.x86_64                 2.3-2.el6                            vcd 
bind-libs.i686                         32:9.8.2-0.17.rc1.el6                vcd 
bind-libs.x86_64                       32:9.8.2-0.17.rc1.el6                vcd 
bind-utils.x86_64                      32:9.8.2-0.17.rc1.el6                vcd 
rpcbind.x86_64                         0.2.0-11.el6                         vcd 
samba-winbind.x86_64                   3.6.9-151.el6                        vcd 
samba-winbind-clients.i686             3.6.9-151.el6                        vcd 
samba-winbind-clients.x86_64           3.6.9-151.el6                        vcd 
samba4-winbind.x86_64                  4.0.0-55.el6.rc4                     vcd 
samba4-winbind-clients.x86_64          4.0.0-55.el6.rc4                     vcd 
samba4-winbind-krb5-locator.x86_64     4.0.0-55.el6.rc4                     vcd 
ypbind.x86_64                          3:1.20.4-30.el6                      vcd 
[root@ziqiang ~]# yum -y install bind
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-0.17.rc1.el6 for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: liblwres.so.80()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: libisccfg.so.82()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: libisccc.so.80()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: libisc.so.83()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: libdns.so.81()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Processing Dependency: libbind9.so.80()(64bit) for package: 32:bind-9.8.2-0.17.rc1.el6.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================
 Package                       Arch                       Version                                    Repository               Size
===================================================================================================================================
Installing:
 bind                          x86_64                     32:9.8.2-0.17.rc1.el6                      vcd                     4.0 M
Installing for dependencies:
 bind-libs                     x86_64                     32:9.8.2-0.17.rc1.el6                      vcd                     871 k

Transaction Summary
===================================================================================================================================
Install       2 Package(s)

Total download size: 4.8 M
Installed size: 9.4 M
Downloading Packages:
-----------------------------------------------------------------------------------------------------------------------------------
Total                                                                                               69 MB/s | 4.8 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-libs-9.8.2-0.17.rc1.el6.x86_64                                                                          1/2 
  Installing : 32:bind-9.8.2-0.17.rc1.el6.x86_64                                                                               2/2 
  Verifying  : 32:bind-9.8.2-0.17.rc1.el6.x86_64                                                                               1/2 
  Verifying  : 32:bind-libs-9.8.2-0.17.rc1.el6.x86_64                                                                          2/2 

Installed:
  bind.x86_64 32:9.8.2-0.17.rc1.el6                                                                                                

Dependency Installed:
  bind-libs.x86_64 32:9.8.2-0.17.rc1.el6                                                                                           

Complete!
View Code

查看安装完毕后的DNS服务

[root@ziqiang ~]# chkconfig 
auditd             0:off    1:off    2:on    3:on    4:on    5:on    6:off
crond              0:off    1:off    2:on    3:on    4:on    5:on    6:off
dhcpd              0:off    1:off    2:off    3:off    4:off    5:off    6:off
dhcpd6             0:off    1:off    2:off    3:off    4:off    5:off    6:off
dhcrelay           0:off    1:off    2:off    3:off    4:off    5:off    6:off
ip6tables          0:off    1:off    2:on    3:on    4:on    5:on    6:off
iptables           0:off    1:off    2:on    3:on    4:on    5:on    6:off
named              0:off    1:off    2:off    3:off    4:off    5:off    6:off
netconsole         0:off    1:off    2:off    3:off    4:off    5:off    6:off
netfs              0:off    1:off    2:off    3:on    4:on    5:on    6:off
network            0:off    1:off    2:on    3:on    4:on    5:on    6:off
portreserve        0:off    1:off    2:on    3:on    4:on    5:on    6:off
postfix            0:off    1:off    2:on    3:on    4:on    5:on    6:off
rdisc              0:off    1:off    2:off    3:off    4:off    5:off    6:off
restorecond        0:off    1:off    2:off    3:off    4:off    5:off    6:off
rhnsd              0:off    1:off    2:on    3:on    4:on    5:on    6:off
rhsmcertd          0:off    1:off    2:off    3:on    4:on    5:on    6:off
rsyslog            0:off    1:off    2:on    3:on    4:on    5:on    6:off
saslauthd          0:off    1:off    2:off    3:off    4:off    5:off    6:off
sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off
udev-post          0:off    1:on    2:on    3:on    4:on    5:on    6:off
View Code

刚刚安装的服务叫named,显示是关闭状态,接下来开启该服务

[root@ziqiang ~]# chkconfig named on
[root@ziqiang ~]# chkconfig 
auditd             0:off    1:off    2:on    3:on    4:on    5:on    6:off
crond              0:off    1:off    2:on    3:on    4:on    5:on    6:off
dhcpd              0:off    1:off    2:off    3:off    4:off    5:off    6:off
dhcpd6             0:off    1:off    2:off    3:off    4:off    5:off    6:off
dhcrelay           0:off    1:off    2:off    3:off    4:off    5:off    6:off
ip6tables          0:off    1:off    2:on    3:on    4:on    5:on    6:off
iptables           0:off    1:off    2:on    3:on    4:on    5:on    6:off
named              0:off    1:off    2:on    3:on    4:on    5:on    6:off
netconsole         0:off    1:off    2:off    3:off    4:off    5:off    6:off
netfs              0:off    1:off    2:off    3:on    4:on    5:on    6:off
network            0:off    1:off    2:on    3:on    4:on    5:on    6:off
portreserve        0:off    1:off    2:on    3:on    4:on    5:on    6:off
postfix            0:off    1:off    2:on    3:on    4:on    5:on    6:off
rdisc              0:off    1:off    2:off    3:off    4:off    5:off    6:off
restorecond        0:off    1:off    2:off    3:off    4:off    5:off    6:off
rhnsd              0:off    1:off    2:on    3:on    4:on    5:on    6:off
rhsmcertd          0:off    1:off    2:off    3:on    4:on    5:on    6:off
rsyslog            0:off    1:off    2:on    3:on    4:on    5:on    6:off
saslauthd          0:off    1:off    2:off    3:off    4:off    5:off    6:off
sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off
udev-post          0:off    1:on    2:on    3:on    4:on    5:on    6:off
[root@ziqiang ~]# runlevel
N 3
View Code

查看配置文件

bind安装完毕后所有配置文件(包含可执行文件)

[root@ziqiang ~]# rpm -lq bind
/etc/NetworkManager/dispatcher.d/13-named
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/portreserve/named
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/usr/lib64/bind
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/share/doc/bind-9.8.2
/usr/share/doc/bind-9.8.2/CHANGES
/usr/share/doc/bind-9.8.2/COPYRIGHT
/usr/share/doc/bind-9.8.2/Copyright
/usr/share/doc/bind-9.8.2/README
/usr/share/doc/bind-9.8.2/arm
/usr/share/doc/bind-9.8.2/arm/Bv9ARM-book.xml
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch01.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch02.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch03.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch04.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch05.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch06.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch07.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch08.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch09.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.ch10.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.html
/usr/share/doc/bind-9.8.2/arm/Bv9ARM.pdf
/usr/share/doc/bind-9.8.2/arm/Makefile
/usr/share/doc/bind-9.8.2/arm/Makefile.in
/usr/share/doc/bind-9.8.2/arm/README-SGML
/usr/share/doc/bind-9.8.2/arm/dnssec.xml
/usr/share/doc/bind-9.8.2/arm/isc-logo.eps
/usr/share/doc/bind-9.8.2/arm/isc-logo.pdf
/usr/share/doc/bind-9.8.2/arm/latex-fixup.pl
/usr/share/doc/bind-9.8.2/arm/libdns.xml
/usr/share/doc/bind-9.8.2/arm/man.arpaname.html
/usr/share/doc/bind-9.8.2/arm/man.ddns-confgen.html
/usr/share/doc/bind-9.8.2/arm/man.dig.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-keygen.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-revoke.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-settime.html
/usr/share/doc/bind-9.8.2/arm/man.dnssec-signzone.html
/usr/share/doc/bind-9.8.2/arm/man.genrandom.html
/usr/share/doc/bind-9.8.2/arm/man.host.html
/usr/share/doc/bind-9.8.2/arm/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.8.2/arm/man.named-checkconf.html
/usr/share/doc/bind-9.8.2/arm/man.named-checkzone.html
/usr/share/doc/bind-9.8.2/arm/man.named-journalprint.html
/usr/share/doc/bind-9.8.2/arm/man.named.html
/usr/share/doc/bind-9.8.2/arm/man.nsec3hash.html
/usr/share/doc/bind-9.8.2/arm/man.nsupdate.html
/usr/share/doc/bind-9.8.2/arm/man.rndc-confgen.html
/usr/share/doc/bind-9.8.2/arm/man.rndc.conf.html
/usr/share/doc/bind-9.8.2/arm/man.rndc.html
/usr/share/doc/bind-9.8.2/arm/managed-keys.xml
/usr/share/doc/bind-9.8.2/arm/pkcs11.xml
/usr/share/doc/bind-9.8.2/draft
/usr/share/doc/bind-9.8.2/draft/draft-faltstrom-uri-06.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-6man-text-addr-representation-07.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-behave-address-format-07.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-behave-dns64-11.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-axfr-clarify-14.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-dns-tcp-requirements-03.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-dnssec-bis-updates-12.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-dnssec-registry-fixes-06.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-ecc-key-07.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-interop3597-02.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-rfc2671bis-edns0-05.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-rfc2672bis-dname-19.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-rfc3597-bis-02.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-bad-dns-res-05.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-dnssec-key-timing-02.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-dnssec-trust-history-01.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-inaddr-required-07.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt
/usr/share/doc/bind-9.8.2/draft/draft-ietf-dnsop-respsize-06.txt
/usr/share/doc/bind-9.8.2/draft/draft-kato-dnsop-local-zones-00.txt
/usr/share/doc/bind-9.8.2/draft/draft-kerr-ixfr-only-01.txt
/usr/share/doc/bind-9.8.2/draft/draft-mekking-dnsop-auto-cpsync-00.txt
/usr/share/doc/bind-9.8.2/draft/draft-yao-dnsext-bname-04.txt
/usr/share/doc/bind-9.8.2/draft/update
/usr/share/doc/bind-9.8.2/misc
/usr/share/doc/bind-9.8.2/misc/Makefile
/usr/share/doc/bind-9.8.2/misc/Makefile.in
/usr/share/doc/bind-9.8.2/misc/dnssec
/usr/share/doc/bind-9.8.2/misc/format-options.pl
/usr/share/doc/bind-9.8.2/misc/ipv6
/usr/share/doc/bind-9.8.2/misc/migration
/usr/share/doc/bind-9.8.2/misc/migration-4to9
/usr/share/doc/bind-9.8.2/misc/options
/usr/share/doc/bind-9.8.2/misc/rfc-compliance
/usr/share/doc/bind-9.8.2/misc/roadmap
/usr/share/doc/bind-9.8.2/misc/sdb
/usr/share/doc/bind-9.8.2/misc/sort-options.pl
/usr/share/doc/bind-9.8.2/named.conf.default
/usr/share/doc/bind-9.8.2/rfc
/usr/share/doc/bind-9.8.2/rfc/index.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1032.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1033.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1034.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1035.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1101.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1122.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1123.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1183.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1348.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1535.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1536.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1537.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1591.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1611.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1612.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1706.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1712.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1750.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1876.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1886.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1912.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1982.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1995.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc1996.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2052.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2104.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2119.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2133.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2136.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2137.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2163.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2168.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2181.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2230.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2308.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2317.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2373.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2374.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2375.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2418.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2535.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2536.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2537.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2538.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2539.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2540.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2541.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2553.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2671.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2672.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2673.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2782.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2825.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2826.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2845.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2874.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2915.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2929.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2930.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc2931.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3007.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3008.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3071.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3090.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3110.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3123.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3152.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3197.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3225.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3226.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3258.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3363.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3364.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3425.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3445.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3467.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3490.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3491.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3492.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3493.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3513.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3596.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3597.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3645.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3655.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3658.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3755.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3757.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3833.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3845.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc3901.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4025.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4033.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4034.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4035.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4074.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4159.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4193.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4255.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4294.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4339.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4343.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4367.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4398.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4408.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4431.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4470.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4471.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4472.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4509.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4634.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4635.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4641.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4648.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4697.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4701.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4892.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4955.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc4956.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5001.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5011.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5155.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5205.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5452.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5507.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5625.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5702.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc5933.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc6303.txt.gz
/usr/share/doc/bind-9.8.2/rfc/rfc952.txt.gz
/usr/share/doc/bind-9.8.2/rfc1912.txt
/usr/share/doc/bind-9.8.2/sample
/usr/share/doc/bind-9.8.2/sample/etc
/usr/share/doc/bind-9.8.2/sample/etc/named.conf
/usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.8.2/sample/var
/usr/share/doc/bind-9.8.2/sample/var/named
/usr/share/doc/bind-9.8.2/sample/var/named/data
/usr/share/doc/bind-9.8.2/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.8.2/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.8.2/sample/var/named/named.ca
/usr/share/doc/bind-9.8.2/sample/var/named/named.empty
/usr/share/doc/bind-9.8.2/sample/var/named/named.localhost
/usr/share/doc/bind-9.8.2/sample/var/named/named.loopback
/usr/share/doc/bind-9.8.2/sample/var/named/slaves
/usr/share/doc/bind-9.8.2/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.8.2/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
/var/run/named
View Code

/etc/named.conf主配置文件设置DNS服务器的属性

/etc/named.rfc1912.zones区域定义

/var/named/区域文件所在的目录

查看Internet上根DNS服务器

[root@ziqiang data]# cat /var/named/named.ca 
; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;.                IN    NS

;; ANSWER SECTION:
.            518400    IN    NS    M.ROOT-SERVERS.NET.
.            518400    IN    NS    A.ROOT-SERVERS.NET.
.            518400    IN    NS    B.ROOT-SERVERS.NET.
.            518400    IN    NS    C.ROOT-SERVERS.NET.
.            518400    IN    NS    D.ROOT-SERVERS.NET.
.            518400    IN    NS    E.ROOT-SERVERS.NET.
.            518400    IN    NS    F.ROOT-SERVERS.NET.
.            518400    IN    NS    G.ROOT-SERVERS.NET.
.            518400    IN    NS    H.ROOT-SERVERS.NET.
.            518400    IN    NS    I.ROOT-SERVERS.NET.
.            518400    IN    NS    J.ROOT-SERVERS.NET.
.            518400    IN    NS    K.ROOT-SERVERS.NET.
.            518400    IN    NS    L.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.    3600000    IN    A    198.41.0.4
A.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:503:ba3e::2:30
B.ROOT-SERVERS.NET.    3600000    IN    A    192.228.79.201
C.ROOT-SERVERS.NET.    3600000    IN    A    192.33.4.12
D.ROOT-SERVERS.NET.    3600000    IN    A    128.8.10.90
E.ROOT-SERVERS.NET.    3600000    IN    A    192.203.230.10
F.ROOT-SERVERS.NET.    3600000    IN    A    192.5.5.241
F.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:500:2f::f
G.ROOT-SERVERS.NET.    3600000    IN    A    192.112.36.4
H.ROOT-SERVERS.NET.    3600000    IN    A    128.63.2.53
H.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:500:1::803f:235
I.ROOT-SERVERS.NET.    3600000    IN    A    192.36.148.17
J.ROOT-SERVERS.NET.    3600000    IN    A    192.58.128.30
J.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:503:c27::2:30
K.ROOT-SERVERS.NET.    3600000    IN    A    193.0.14.129
K.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:7fd::1
L.ROOT-SERVERS.NET.    3600000    IN    A    199.7.83.42
M.ROOT-SERVERS.NET.    3600000    IN    A    202.12.27.33
M.ROOT-SERVERS.NET.    3600000    IN    AAAA    2001:dc3::35

;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE  rcvd: 615
View Code

修改主配置文件

named.conf原始配置文件内容如下

[root@ziqiang named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
View Code

修改后named.conf原始配置文件内容如下

[root@ziqiang named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { 192.168.80.0/24;192.168.90.0/24;};
    recursion yes;

    dnssec-enable no;
    dnssec-validation no;
    dnssec-lookaside no;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
View Code

关键字段解析

listen-on port 53 { any; };

 假如DNS服务器有多块网卡,每个网卡有不同IP,我们可以只填一个IP,这样就只有一块网卡在53号端口监听DNS请求。也可以填多个IP,这样就有多块网卡在53号端口监听DNS请求。如果填any,是所有网卡都监听53号端口的DNS请求

allow-query     { 192.168.80.0/24;192.168.90.0/24 };

允许哪些网段计算机向我发起域名解析。默认值是localhost,即只允许自己找自己解析。

recursion yes;

DNS服务器是否允许递归查询。所谓递归查询,其过程是:如果当前DNS无法解析该域名,则向Root DNS请求,根据Root DNS返回记录在向其他层级的DNS查询。

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

是否允许安全DNS查询,全部改成no。因为目前Internet上的DNS服务器不支持安全的DNS查询。

重启DNS服务

[root@ziqiang named]# service named restart
Stopping named:                                            [  OK  ]
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
View Code

再重启过程中会生成远程配置管理DNS所需要的密钥/etc/rndc.key

重启完毕后,查询DNS进程

[root@ziqiang named]# ps -eeaf | grep named
named      1439      1  0 18:47 ?        00:00:00 /usr/sbin/named -u named
root       1450   1357  0 18:49 pts/0    00:00:00 grep named
View Code

查看named服务侦听的53端口

[root@ziqiang named]# netstat -an | grep 53
tcp        0      0 192.168.40.120:53           0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      
tcp        0      0 ::1:53                      :::*                        LISTEN      
tcp        0      0 ::1:953                     :::*                        LISTEN      
udp        0      0 192.168.40.120:53           0.0.0.0:*                               
udp        0      0 127.0.0.1:53                0.0.0.0:*                               
udp        0      0 ::1:53                      :::*                                    
unix  3      [ ]         STREAM     CONNECTED     11953  
View Code

查看日志

[root@ziqiang named]# cat /var/named/data/named.run 
zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
managed-keys-zone ./IN: loaded serial 0
running
managed-keys-zone ./IN: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period
View Code

配置DNS客户端

Windows

填写上面DNS服务器的IP

然后在命令行下ping www.baidu.com

如果不能ping通,关闭服务器端防火墙。service iptables stop

但实际场景中,防火墙不能轻易关闭。下面单独为TCP和UDP开放53端口

[root@ziqiang ~]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT
[root@ziqiang ~]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
[root@ziqiang ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination    
View Code

保存防火墙配置,防止重启后新配置的防火墙规则消失

[root@ziqiang ~]# /sbin/service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
View Code

 

 

 

 

posted @ 2018-08-22 23:35  克拉默与矩阵  阅读(1764)  评论(0编辑  收藏  举报