撰写者信息:Alin Fang (Fang Yunlin)
MSN: cst05001@hotmail.comG Talk: cst05001@gmail.comBlog: http://www.alinblog.cn/修改日期:30 Oct, 2008第1次修改
版权:GNU
声明:本人实验笔记,非权威文档。如有错误请告知。十分感谢!
正文:拓扑图实验环境:操作系统:Red Hat Enterprise Linux 5 update 2网络:
net: 192.168.200.128/25org: 192.168.200.0/25dns server root: eth0:192.168.200.126/25eth1:192.168.200.254/25dns server org:
eth0:192.168.200.125/25dns server net:
eth0:192.168.200.253/25
对root服务器进行操作在root机上安装bind以及相关组件:
[root@root-ns ~]# yum install -y bind bind-chroot caching-nameserver Loading \"security\" plugin Loading \"rhnplugin\" plugin
This system is not registered with RHN. RHN support will be disabled. Setting up Install Process
Parsing package install arguments Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i386 30:9.3.4-6.P1.el5 set to be updated
---> Package caching-nameserver.i386 30:9.3.4-6.P1.el5 set to be updated ---> Package bind.i386 30:9.3.4-6.P1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved
============================================================================= Package Arch Version Repository Size ============================================================================= Installing:
bind-chroot i386 30:9.3.4-6.P1.el5 Server 41 k caching-nameserver i386 30:9.3.4-6.P1.el5 Server 58 k Installing for dependencies:
bind i386 30:9.3.4-6.P1.el5 Server 959 k Transaction Summary
============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s)
Total download size: 1.0 M Downloading Packages:
(1/3): bind-chroot-9.3.4- 100% |=========================| 41 kB 00:00 (2/3): bind-9.3.4-6.P1.el 100% |=========================| 959 kB 00:00 (3/3): caching-nameserver 100% |=========================| 58 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction
Installing: bind ######################### [1/3] Installing: bind-chroot ######################### [2/3] Installing: caching-nameserver ######################### [3/3]
Installed: bind-chroot.i386 30:9.3.4-6.P1.el5 caching-nameserver.i386 30:9.3.4-6.P1.el5 Dependency Installed: bind.i386 30:9.3.4-6.P1.el5 Complete!
[root@root-ns ~]#
BIND + bind-chroot + cachiing-namerserver之后,配置文件存放在这里
[root@root-ns ~]# cd /var/named/chroot/ [root@root-ns chroot]# pwd /var/named/chroot
[root@root-ns chroot]#
配置named.conf
[root@root-ns chroot]# cd etc/ [root@root-ns etc]# pwd /var/named/chroot/etc [root@root-ns etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@root-ns etc]# mv named.caching-nameserver.conf named.conf [root@root-ns etc]# vim named.conf
这个是我的配置
acl \"org\" { 192.168.200.0/25; }; acl \"net\" { 192.168.200.128/25; };
options {
listen-on port 53 { 127.0.0.1; org; net; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\";
dump-file \"/var/named/data/cache_dump.db\"; statistics-file \"/var/named/data/named_stats.txt\";
memstatistics-file \"/var/named/data/named_mem_stats.txt\"; query-source port 53; query-source-v6 port 53;
allow-query { localhost; org; net; }; };
logging {
channel default_debug {
file \"data/named.run\"; severity dynamic; }; };
view my_resolver {
match-clients { localhost; org; net; }; match-destinations { localhost; }; recursion yes;
include \"/etc/named.zones\"; };
配置name.zones
[root@root-ns etc]# mv named.rfc1912.zones named.zones [root@root-ns etc]# vim named.zones
这个是我的配置
zone \".\" IN {
type hint;
file \"named.ca\";
};
zone \"localdomain\" IN {
type master;
file \"localdomain.zone\"; allow-update { none; };
};
zone \"localhost\" IN {
type master;
file \"localhost.zone\"; allow-update { none; };
};
zone \"0.0.127.in-addr.arpa\" IN {
type master;
file \"named.local\";
allow-update { none; };
};
zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;
file \"named.ip6.local\"; allow-update { none; };
};
zone \"255.in-addr.arpa\" IN {
type master;
file \"named.broadcast\"; allow-update { none; };
};
zone \"0.in-addr.arpa\" IN {
type master;
file \"named.zero\";
allow-update { none; };
};
zone \".\" IN {
type master;
file \"root.zone\";
allow-update { none; };
};
检查下配置的语法是否正确
[root@root-ns etc]# named-checkconf -t /var/named/chroot/ [root@root-ns etc]#
配置zone文件
[root@root-ns named]# ll total 36
drwxrwx--- 2 named named 4096 Aug 26 2004 data
-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone -rw-r----- 1 root named 195 Feb 29 2008 localhost.zone -rw-r----- 1 root named 427 Feb 29 2008 named.broadcast -rw-r----- 1 root named 12 Feb 29 2008 named.ca
-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local -rw-r----- 1 root named 426 Feb 29 2008 named.local -rw-r----- 1 root named 427 Feb 29 2008 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves [root@root-ns named]#
配置root.zone
这个是我的配置
$TTL 800
@ IN SOA @ root (
42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS @
org IN NS ns.org net IN NS ns.net IN A 127.0.0.1 IN AAAA ::1
ns.org. IN A 192.168.200.125 ns.net. IN A 192.168.200.253
检查文件权限以及语法是否正确
[root@root-ns named]# ll root.zone
-rw-r----- 1 root root 295 Oct 30 20:22 root.zone [root@root-ns named]# chown root.named root.zone [root@root-ns named]# named-checkzone root.zone
usage: named-checkzone [-djqvD] [-c class] [-o output] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] zonename filename
[root@root-ns named]# named-checkzone . root.zone zone ./IN: loaded serial 42 OK
[root@root-ns named]#
启动BIND
[root@root-ns named]# service named restart
Stopping named: [ OK ] Starting named: [ OK ] [root@root-ns named]# chkconfig --level 35 named on [root@root-ns named]#
BIND已经开始监听端口待命了
[root@root-ns named]# netstat -ntupal | grep named
tcp 0 0 192.168.200.254:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 192.168.200.126:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5416/named tcp 0 0 ::1:53 :::* LISTEN 5416/named tcp 0 0 ::1:953 :::* LISTEN 5416/named udp 0 0 0.0.0.0:53 0.0.0.0:* 5416/named udp 0 0 192.168.200.254:53 0.0.0.0:* 5416/named udp 0 0 192.168.200.126:53 0.0.0.0:* 5416/named udp 0 0 127.0.0.1:53 0.0.0.0:* 5416/named udp 0 0 :::53 :::* 5416/named udp 0 0 ::1:53 :::* 5416/named [root@root-ns named]#
在ns.org服务器上操作在ns.org机上安装bind以及相关组件
[root@org-ns ~]# yum install -y bind bind-chroot caching-nameserver > /dev/null This system is not registered with RHN. RHN support will be disabled.
[root@org-ns ~]# rpm -q bind bind-chroot caching-nameserver bind-9.3.4-6.P1.el5
bind-chroot-9.3.4-6.P1.el5
caching-nameserver-9.3.4-6.P1.el5 [root@org-ns ~]#
编辑named.conf配置
[root@org-ns ~]# cd /var/named/chroot/etc/ [root@org-ns etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@org-ns etc]# vim named.conf
这个是我的配置
options {
listen-on port 53 { 127.0.0.1; 192.168.200.126/0; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\"; dump-file \"/var/named/data/cache_dump.db\";
statistics-file \"/var/named/data/named_stats.txt\";
memstatistics-file \"/var/named/data/named_mem_stats.txt\";
query-source port 53; query-source-v6 port 53;
allow-query { localhost; 192.168.200.126/0; };
};
logging {
channel default_debug {
file \"data/named.run\"; severity dynamic; }; };
view localhost_resolver {
match-clients { localhost; 192.168.200.126/0; }; match-destinations { localhost; }; recursion yes;
include \"/etc/named.zones\";
};
编辑named.zones
这个是我的配置
zone \".\" IN {
type hint;
file \"named.ca\";
};
zone \"localdomain\" IN {
type master;
file \"localdomain.zone\"; allow-update { none; };
};
zone \"localhost\" IN {
type master;
file \"localhost.zone\"; allow-update { none; };
};
zone \"0.0.127.in-addr.arpa\" IN {
type master;
file \"named.local\";
allow-update { none; };
};
zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;
file \"named.ip6.local\"; allow-update { none; };
};
zone \"255.in-addr.arpa\" IN {
type master;
file \"named.broadcast\"; allow-update { none; };
};
zone \"0.in-addr.arpa\" IN {
type master;
file \"named.zero\";
allow-update { none; };
};
zone \"org\" IN {
type master;
file \"org.zone\";
allow-update { none; };
};
检查配置的语法正确性
[root@org-ns etc]# named-checkconf -t /var/named/chroot/ [root@org-ns etc]#
编辑org.zone
这是我的配置
$TTL@
800
IN SOA@ root (
423H15M1W1D )
; serial (d. adams) ; refresh ; retry ; expiry ; minimum
IN NS IN A
@
127.0.0.1 nsIN AAAA
IN A::1
192.168.200.125 client1IN A192.168.200.2
修改文件权限
[root@org-ns named]# chown root.named org.zone [root@org-ns named]#
检查配置语法正确性
[root@org-ns named]# named-checkzone org org.zone zone org/IN: loaded serial 42 OK
启动BIND
[root@org-ns named]# service named restart
Stopping named: [ OK ] Starting named: [ OK ] [root@org-ns named]# chkconfig --level 35 named on [root@org-ns named]#
在ns.net上进行操作同配置ns.org的方法,配置ns.net。具体细节省略。这是我的配置文件
named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.200.254/0; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\"; dump-file \"/var/named/data/cache_dump.db\";
statistics-file \"/var/named/data/named_stats.txt\";
memstatistics-file \"/var/named/data/named_mem_stats.txt\";
query-source port 53; query-source-v6 port 53;
allow-query { localhost; 192.168.200.254/0; };
};
logging {
channel default_debug {
file \"data/named.run\"; severity dynamic; }; };
view localhost_resolver {
match-clients { localhost; 192.168.200.254/0; }; match-destinations { localhost; }; recursion yes;
include \"/etc/named.zones\";
};
named.zones
zone \".\" IN {
type hint;
file \"named.ca\";
};
zone \"localdomain\" IN {
type master;
file \"localdomain.zone\"; allow-update { none; };
};
zone \"localhost\" IN {
type master;
file \"localhost.zone\"; allow-update { none; };
};
zone \"0.0.127.in-addr.arpa\" IN {
type master;
file \"named.local\";
allow-update { none; };
};
zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;
file \"named.ip6.local\"; allow-update { none; };
};
zone \"255.in-addr.arpa\" IN {
type master;
file \"named.broadcast\"; allow-update { none; };
};
zone \"0.in-addr.arpa\" IN {
type master;
file \"named.zero\";
allow-update { none; };
};
zone \"net\" IN {
type master;
file \"net.zone\";
allow-update { none; };
};
net.zone
$TTL@
800
IN SOA
@ root (
423H15M1W1D )
IN NS IN A
IN AAAA
nsIN Aclient1IN A
@
127.0.0.1 ::1
192.168.200.253; 192.168.200.130;
; serial (d. adams) ; refresh ; retry ; expiry ; minimum
在client1.org上进行操作指定客户端client1的DNS服务器
[root@localhost ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:16:3E:7A:58:AD
inet addr:192.168.200.2 Bcast:192.168.200.127 Mask:255.255.255.128 inet6 addr: fe80::216:3eff:fe7a:58ad/ Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:108 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000
RX bytes:5447 (5.3 KiB) TX bytes:21214 (20.7 KiB) Interrupt:10 Base address:0x4000 [root@localhost ~]# vim /etc/resolv.conf
配置如下
nameserver 192.168.200.126
测试DNS服务
[root@localhost ~]# nslookup client1.org Server:192.168.200.126 Address:192.168.200.126#53 Non-authoritative answer: Name:client1.org Address: 192.168.200.2
[root@localhost ~]# nslookup client1.net Server:192.168.200.126 Address:192.168.200.126#53 Non-authoritative answer: Name:client1.net
Address: 192.168.200.130 [root@localhost ~]#
因篇幅问题不能全部显示,请点此查看更多更全内容