Ubuntu 12.04 DNS服务器的配置方法

Bind是一款开放源码的DNS服务器软件,由美国加州大学Berkeley分校开发和维护的,全名为Berkeley Internet Name Domain它是目前世界上使用最为广泛的DNS服务器软件,支持各种unix平台和windows平台。

一、安装bind

1、检查是否已安装bind

# dpkg -l |grep bind

2、安装bind9

# apt-get install bind9

再次检查,现在已经安装成功了。

root@nfsserver:~# dpkg -l |grep bind
ii  bind9                            1:9.8.1.dfsg.P1-4ubuntu0.10       Internet Domain Name Server

DNS配置文件在/etc/bind目录中,查看bind安装目录

root@nfsserver:/etc/bind# ls -l
total 52
-rw-r--r-- 1 root root 2389 Feb 18 21:45 bind.keys
-rw-r--r-- 1 root root  237 Feb 18 21:45 db.0
-rw-r--r-- 1 root root  271 Feb 18 21:45 db.127
-rw-r--r-- 1 root root  237 Feb 18 21:45 db.255
-rw-r--r-- 1 root root  353 Feb 18 21:45 db.empty
-rw-r--r-- 1 root root  270 Feb 18 21:45 db.local
-rw-r--r-- 1 root root 2994 Feb 18 21:45 db.root
-rw-r--r-- 1 root bind  463 Feb 18 21:45 named.conf
-rw-r--r-- 1 root bind  490 Feb 18 21:45 named.conf.default-zones
-rw-r--r-- 1 root bind  165 Feb 18 21:45 named.conf.local
-rw-r--r-- 1 root bind  890 Mar 20 14:37 named.conf.options
-rw-r----- 1 bind bind   77 Mar 20 14:37 rndc.key
-rw-r--r-- 1 root root 1317 Feb 18 21:45 zones.rfc1918
View Code

安装bind9后会生成如下三个配置文件:named.conf,named.conf.options,named.conf.local 。

其中name.conf是主配置文件,里面包含了name.conf.options和named.conf.local。我们在假设本地dns时,只需要改动named.conf.local即可。

root@nfsserver:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
View Code

3、name.conf.options配置

root@nfsserver:/etc/bind# cat named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable 
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing 
        // the all-0's placeholder.

         forwarders {
                8.8.8.8;
                8.8.4.4;
                0.0.0.0;
         };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
View Code

该配置文件用来设置bind的forwards 地址。当bind遇到不能解析的IP地址时,它会交给forwards address DNS去处理。

二、环境和需求

Server的ip:10.1.101.188

Client的ip范围为10.1.101.1——10.1.101.254相互能Ping通。

现在将Server架设成主dns服务器,任务的需求是能解析

master.lxy.com 10.1.101.11

www.lxy.com 10.1.101.11

slave1.lxy.com 10.1.101.12

slave2.lxy.com 10.1.101.15

分析:根据上面的主机名和对应ip可以看出:

  • 需要添加正向区域"lxy.com"和反向区域"101.1.10.in-addr.arpa".
  • 在"lxy.com"区域中添加A记录master对应10.1.101.11,CNAME(别名记录)记录www对应master
  • 在"101.1.10.in-addr.arpa"区域中添加各个ip地址对应的主机名

三、配置

1、编辑name.conf.local

root@nfsserver:/etc/bind# cat named.conf.local 
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

//正向解析域
zone "lxy.com"{
type master; #定义DNS服务器为主DNS
file "/etc/bind/db.lxy.com";
};
# For reverse DNS
//反向解析域
zone "101.1.10.in-addr.arpa"{
type master;
notify no;
file "/etc/bind/rev.101.1.10.in-addr.arpa.";
};

反解析zone名称定义规定前部分ip倒着写。如ip 192.168.1.2,名称定义为1.168.192.in-addr.arpa。

2、新建name.conf.local中指定的区域文件

在/etc/bind下新建正向区域文件(复制一份)

命令:# cp /etc/bind/db.local /etc/bind/db.lxy.com

root@nfsserver:/etc/bind# cp db.local db.lxy.com
root@nfsserver:/etc/bind# ls
bind.keys  db.127  db.empty  db.lxy.com  named.conf                named.conf.local    rndc.key
db.0       db.255  db.local  db.root     named.conf.default-zones  named.conf.options  zones.rfc1918
root@nfsserver:/etc/bind# 

在/etc/bind下新建反向区域文件(复制一份)

命令:cp /etc/bind/db.127 /etc/bind/rev.101.1.10.in-addr.arpa

root@nfsserver:/etc/bind# cp db.127 rev.101.1.10.in-addr.arpa
root@nfsserver:/etc/bind# ls
bind.keys  db.127  db.empty  db.lxy.com  named.conf                named.conf.local    rev.101.1.10.in-addr.arpa  zones.rfc1918
db.0       db.255  db.local  db.root     named.conf.default-zones  named.conf.options  rndc.key

3、编辑正向解析域文件

root@nfsserver:/etc/bind# cat db.lxy.com   
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1
master  IN      A       10.1.101.11
www     IN      CNAME   master
slave1  IN      A       10.1.101.12
slave2  IN      A       10.1.101.15

4、编辑反向解析域文件

root@nfsserver:/etc/bind# cat rev.101.1.10.in-addr.arpa
;
; BIND reverse data file for local loopback interface
;
$TTL    604800 #指示为每个没有特殊TTL设置的RR给出了一个默认的TTL。
@       IN      SOA     localhost. root.localhost. ( #定义SOA记录,包括Zone的名字,一个技术联系人和各种不同的超时值。
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.0   IN      PTR     localhost.
11      IN      PTR     master.lxy.com
11      IN      PTR     www.lxy.com
12      IN      PTR     slave1.lxy.com
15      IN      PTR     slave2.lxy.com

 反解析域可以不设置。

5、重启DNS服务

# service bind9 restart
或者
# /etc/init.d/bind9 restart

四、指定Linux系统使用DNS服务

现在我在10.1.101.189中配置DNS为刚才配置的10.1.101.188。

有一点需要注意不要在/etc/resolv.conf中去修改DNS,重启网络后配置就丢失了。

root@nfsclient:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.1.101.188

在/etc/network/interface中设置DNS

root@nfsclient:~# cat /etc/network/interfaces   
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.1.101.189
netmask 255.255.255.0
gateway 10.1.101.254
dns-nameservers 10.1.101.188

重启网络,然后就可以ping通刚才配置的域名了。

root@nfsclient:~# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.1.101.188
root@nfsclient:~# ping -c 4 master.lxy.com
PING master.lxy.com (10.1.101.11) 56(84) bytes of data.
64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=0.978 ms
64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.626 ms
64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.628 ms
64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.591 ms

--- master.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.591/0.705/0.978/0.161 ms
root@nfsclient:~# ping -c 4 www.lxy.com
PING master.lxy.com (10.1.101.11) 56(84) bytes of data.
64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=1 ttl=64 time=1.06 ms
64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=2 ttl=64 time=0.655 ms
64 bytes from www.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=3 ttl=64 time=0.556 ms
64 bytes from master.lxy.com.101.1.10.in-addr.arpa (10.1.101.11): icmp_req=4 ttl=64 time=0.577 ms

--- master.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.556/0.714/1.068/0.207 ms
root@nfsclient:~# ping -c 4 slave1.lxy.com
PING slave1.lxy.com (10.1.101.12) 56(84) bytes of data.
64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=1 ttl=64 time=1.07 ms
64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=2 ttl=64 time=0.352 ms
64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=3 ttl=64 time=0.346 ms
64 bytes from slave1.lxy.com.101.1.10.in-addr.arpa (10.1.101.12): icmp_req=4 ttl=64 time=0.321 ms

--- slave1.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.321/0.523/1.075/0.319 ms
root@nfsclient:~# ping -c 4 slave2.lxy.com
PING slave2.lxy.com (10.1.101.15) 56(84) bytes of data.
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=1 ttl=64 time=3.69 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=2 ttl=64 time=1.63 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=3 ttl=64 time=1.59 ms
64 bytes from slave2.lxy.com.101.1.10.in-addr.arpa (10.1.101.15): icmp_req=4 ttl=64 time=1.56 ms

--- slave2.lxy.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.566/2.122/3.696/0.909 ms
root@nfsclient:~#

五、常见错误处理

root@dns:/etc/bind# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                     rndc: connect failed: 127.0.0.1#953: connection refused
                                                                                                      [ OK ]
 * Starting domain name service... bind9                                                              [fail] 

原因是在name.conf.local中配置了两个相同的www.teststack.com,删除多余的一条域名记录,然后就可以重启了。

六、资源链接

《Pro_DNS_and_BIND》

bind下载地址

BIND9中文手册:

http://linuxnx.blog.51cto.com/6676498/1169567

了解更多DNS知识推荐一个人的博客:

CobbLiu

posted @ 2015-03-23 08:40  starof  阅读(4879)  评论(3编辑  收藏  举报