DNS
rhel6的dns服务在没有启动时
配置文件在/etc/目录下
区域解析文件在/var/named目录下
在服务启动以后,因为安装了bind-chroot
系统会做出一个虚拟的根目录/var/named/chroot
然后系统会将原有的dns相关目录挂载到
/var/named/chroot目录下
在第一次启动dns服务时,会生成rndc.key文件
这个文件需要收集乱数,
我们可以在终端里晃动鼠标快速生成乱数
如果终端鼠标服务没有安装,需要提前安装好
#yum install gpm -y
#service gpm start
#chkconfig gpm on
--------------------------------------
#yum install bind bind-chroot -y
# vi /etc/named.conf
---------------------
11 // listen-on port 53 { 127.0.0.1; };
17 // allow-query { localhost; };
---------------------
# vi /etc/named.rfc1912.zones
---------------------
43 zone "sina.com" IN {
44 type master;
45 file "sina.com.zone";
46 allow-update { none; };
47 };
---------------------
# cd /var/named
# cp -p named.localhost sina.com.zone //正向解析
# vi sina.com.zone
-------------------------------------
$TTL 1D
@ IN SOA dns.sina.com. root.mail.sina.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.sina.com.
dns A 172.16.254.101
mail A 172.16.254.101
www A 172.16.254.101
-------------------------------------
#service named start
#chkconfig named on
linux制定dns服务器时使用的配置文件是/etc/resolv.conf
#vi /etc/resolv.conf
--------------------
nameserver 172.16.254.101
--------------------
# nslookup www.sina.com //尝试解析一个域名对应的IP地址
Server: 172.16.254.101
Address: 172.16.254.101#53
Name: www.sina.com
Address: 172.16.254.101
# vi /etc/named.rfc1912.zones //反向解析
----------------------------------
49 zone "254.16.172.in-addr.arpa" IN {
50 type master;
51 file "172.16.254.local";
52 allow-update { none; };
53 };
----------------------------------
# cd /var/named
# cp -p named.loopback 172.16.254.local
# vi 172.16.254.local
---------------------------------------
$TTL 1D
@ IN SOA dns.sina.com. root.mail.sina.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.sina.com.
101 PTR dns.sina.com.
101 PTR mail.sina.com.
101 PTR www.sina.com.
---------------------------------------
#service named restart
使用手写DNS主配置文件named.conf配置
可以解析google.com域的正向与反向
------------------------------
#yum install bind bind-chroot -y
#vi /etc/named.conf
-------------------
options {
directory "/var/named";
};
zone "google.com" IN {
type master;
file "google.com.zone";
};
zone "254.16.172.in-addr.arpa" IN {
type master;
file "172.16.254.local";
};
-------------------
# cd /var/named/
# cp -p named.localhost google.com.zone
# cp -p named.loopback 172.16.254.local
# vi google.com.zone
# vi 172.16.254.local
# service named start
# chkconig named on
# nslookup www.google.com
# dig -x 172.16.254.102
------------------------------------------------------------
从DNS服务器配置(slave dns server)
---主dns服务器配置文件
#cat /etc/named.conf
----------------------------------------------
options {
directory "/var/named";
};
zone "uplooking.com" IN {
type master;
file "uplooking.com.zone";
allow-transfer { 172.16.254.102; }; //允许向谁传输区域文件
};
zone "sina.com" IN {
type master;
file "sina.com.zone";
allow-transfer { 172.16.254.102; };
};
-----------------------------------------------
---从dns服务器配置文件
#cat /etc/named.conf
-----------------------------------------------
options {
directory "/var/named";
};
zone "uplooking.com" IN {
type slave; //类型是从服务器
file "slaves/uplooking.com.zone"; //slaves---/var/named/slaves
masters { 172.16.254.101; }; //主服务器是谁
};
zone "sina.com" IN {
type slave;
file "slaves/sina.com.zone";
masters { 172.16.254.101; };
};
-----------------------------------------------
#service named start
#ls /var/named/slaves
将dns服务器地址设置成为从服务器的地址
测试是否可以解析域名与IP的对应关系
-------------------------------------------------------
还有一个问题就是当主服务器做了zone文件修改以后,
从服务还没有到刷新时间,主从不同步
那么可以通过主动推的方式,进行zone文件的更新
---主服务器的named.conf文件中
将allow-transfer改为also-notify
然后将zone文件中的serial的值增加,
这样在重启主服务器时,就是将zone文件主动推到从服务器
从服务器发现zone文件的serial比自己的大时,
就会更新zone文件信息
--------------------------------------------------------
转发DNS服务器 (caching dns server)
保证主服务器正常运行,
---转发dns服务器配置文件---
# cat /etc/named.conf
options {
directory "/var/named";
forwarders { 172.16.254.101; };
forward only;
};
# service named start
===============================================
# cat /var/named/uplooking.com.zone
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.uplooking.com.
dns A 172.16.254.101
www A 172.16.254.101
ftp A 172.16.254.101
$TTL //数据缓存时间,单位: 秒
@ //本域 uplooking.com
IN //internet
SOA //起始授权记录,标识标记区域数据的开始
dns.uplooking.com. //Master DNS服务器的主机名
//这个区域主要由哪个DNS作为master
serial //序列号,用于主从更新
refresh //从服务器更新数据的周期
retry //未更新成功的重试时间周期
expire //无法从主服务器更新数据,原有数据多少时间失效
minimum //如果得到的信息是否定的,保存多长时间
NS 名称服务器
A 正向解析记录 域名--->IP nslookup
PTR 反向解析记录 IP--->域名 dig -x
MX 邮件服务器
CNAME 别名
===============================================
/etc/resolv.conf
----------------------------
01 在srv1上部署dhcp/dns服务
02 dns服务可以解析www.uplooking.com的地址为srv1的地址
03 srv2为从dns服务器,可以从srv1上获取zone文件进行域名解析
04 当srv3通过dhcp方式获取IP地址时,
srv1为srv3提供IP地址,子网掩码,网关,dns
* 网关为srv1的地址
* dns为srv2的地址
----------------------------
主从无法同步的几个原因:
主从无法通信(ping不通)
主服务器无法读取zone文件
从服务器的masters选项写错了
主服务器的allow-transfer写错了
从配置文件格式错误(*** 配置文件中不要有多余的空格)
===子域授权===
www.uplooking.com
www.sy.uplooking.com
www.bj.uplooking.com
www.sz.uplooking.com
===srv2=== uplooking.com主服务器
#yum install bind bind-chroot -y
#vi /etc/named.conf
------------------
options {
directory "/var/named";
};
zone "uplooking.com" IN {
type master;
file "uplooking.com.zone";
};
------------------
#cd /var/named
#cp -p named.localhost uplooking.com.zone
#vi uplooking.com.zone
-----------------------
$TTL 1D
@ IN SOA dns.uplooking.com. root.mail.uplooking.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.uplooking.com.
@ A 172.16.254.102
dns A 172.16.254.102
mail A 172.16.254.102
www A 172.16.254.102
sy.uplooking.com. NS dns.sy.uplooking.com. //制定sy.uplooking.com.这个子域由那台服务器负责
dns.sy.uplooking.com. A 172.16.254.103 //需要手动解析一下子域dns服务器的IP地址
-------------------------
#vi /etc/sysctl.conf
--------------------------
net.ipv4.ip_forward=1
--------------------------
#sysctl -p
===srv3=== sy.uplooking.com子域dns服务器
#yum install bind bind-chroot -y
#vi /etc/named.conf
------------------
options {
directory "/var/named";
};
zone "sy.uplooking.com" IN {
type master;
file "sy.uplooking.com.zone";
};
------------------
#cd /var/named
#cp -p named.localhost sy.uplooking.com.zone
#vi sy.uplooking.com.zone
----------------------------
$TTL 1D
@ IN SOA dns.uplooking.com. root.mail.sy.uplooking.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.sy.uplooking.com.
@ A 172.16.254.103
dns A 172.16.254.103
mail A 172.16.254.103
www A 172.16.254.103
-----------------------------
#service named start
使用第三台机器进行测试
* 将dns服务器指向srv2
* 使用nslookup进行子域下的域名的正向解析操作
#nslookup www.sy.uplooking.com
===泛解析===
域名的批量解析工作
在上面的子域服务器的zone文件里,添加
$GENERATE 1-10 srv$ A 172.16.254.$
重启服务器以后,就可以做到泛解析的功能
$GENERATE 1-10 srv$ A 172.16.254.$
泛解析标记 变量取值范围 带有变量的主机名 带有变量的IP地址
====DDNS(DHCP-DNS联动)====
===s2===
--dhcpServer--
# cat /etc/dhcp/dhcpd.conf
----------------
ddns-update-style interim; //支持DHCP-DNS联动(先拿到IP地址,然后通过反向解析再拿到主机名)
subnet 172.16.0.0 netmask 255.255.0.0 {
range 172.16.254.50 172.16.254.60;
option domain-name-servers 172.16.254.102; //要制定DNS服务器
}
----------------
# cat /etc/named.conf
----------------
options {
directory "/var/named";
};
zone "uplooking.com" IN {
type master;
file "uplooking.com.zone";
};
zone "254.16.172.in-addr.arpa" IN {
type master;
file "172.16.254.local";
};
----------------
# cat /var/named/uplooking.com.zone
----------------
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.uplooking.com.
@ A 172.16.254.102
dns A 172.16.254.102
www A 172.16.254.102
$GENERATE 50-60 server$ A 172.16.254.$
----------------
# cat /var/named/172.16.254.local
----------------
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.uplooking.com.
102 PTR uplooking.com.
102 PTR dns.uplooking.com.
102 PTR www.uplooking.com.
$GENERATE 50-60 $ PTR server$.uplooking.com. //dhcp分区的地址范围都应该在你的解析范围内
----------------
使用另外一台测试机,主机名修改为localhost
使用dhcp方式获取IP地址,
重启你的服务器,
登录后应该可以看到你的主机名变成DNS所解析的域名
===========================
