在CentOS 6或者Red Hat 6中安装主从BIND DNS

时间:2019-08-20 17:58:30  来源:igfitidea点击:

DNS是一个很大的概念,互联网世界正在运行它。

在本教程中,我们将学习如何在CentOS 6或者Red Hat 6中设置主从DNS。

因为我们在chroot中配置服务器,所以所有配置文件都在 /var/named/chroot

安装环境

包名:BIND版本9.8.2

[root@localhost ~]# rpm -qa|grep bind
bind-libs-9.8.2-0.17.rc1.el6_4.4.i686
bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686
bind-9.8.2-0.17.rc1.el6_4.4.i686
[root@localhost ~]#

操作系统:Red Hat 6.4和CentOS 6.4

主DNS服务器=192.168.122.9 ns1.example.com

从DNS服务器=192.168.122.10 ns2. example.com

IPTABLES禁用

SELINUX禁用

设置主DNS服务器

使用yum命令安装bind chroot,其他依赖项也会默认安装。

[root@localhost ~]# yum install bind-chroot

查看安装的bind文档

ls -l /usr/share/doc/bind-9.8.2/

设置主DNS服务器的FQDN

编辑/etc/hosts文件,设置ip地址和域名

vi /etc/hosts

192.168.122.9 ns1.example.com ns1

编辑 /etc/sysconfig/network并替换主机名

vi /etc/sysconfig/network

HOSTNAME=ns1

重启网络服务

/etc/init.d/network restart

现在检查主机名和FQDN是否正确。

注销并重新登录或者 重启服务器查看

[root@ns1 named]# hostname
ns1

[root@ns1 named]# hostname -f
ns1.example.com

编辑/etc/resolv.conf 文件

[root@ns1 named]# vi /etc/resolv.conf 

domain example.com
search example.com
nameserver 192.168.122.9
[root@ns1 named]#

创建named.conf文件

[root@ns1 named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
`/usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones' -> `/var/named/chroot/etc/named.conf'
[root@ns1 named]# 

[root@ns1 named]# vi /var/named/chroot/etc/named.conf

#######remove old contents and  paste the below given contents ########

include "/etc/rndc.key";

options {
        directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
        forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10
};


//Forward zone section for example.com

zone "example.com" IN {
        type master;
        file "example.com.forward-zone"; //forward zone files in /var/named
        allow-update { none; };
};

// Reverse Zone Section for example.com

zone "122.168.192.in-addr.arpa" IN {
        type master; // Declaring as DNS Master Server
        file "example.com.reverse-zone"; // reverse zone files in /var/named
        allow-update { none; };
};

创建正向区域和反向区域文件。

转发区域文件:

[root@ns1 ~]# cd /var/named/chroot/var/named

[root@localhost named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost .
`/usr/share/doc/bind-9.8.2/sample/var/named/named.localhost' -> `./named.localhost'
[root@localhost named]# ls -l
total 4
-rw-r--r-- 1 named named 152 Mar 29 04:18 named.localhost
[root@ns1 named]#

[root@ns1 named]# mv named.localhost example.com.forward-zone

[root@ns1 named]# vi  example.com.forward-zone 

;comment is given by symbol ; ,hence this line is commented
; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com
; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com."

$TTL 1D
@	IN SOA	ns1.example.com theitroad.example.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	IN	NS	ns1.example.com.
	IN	A	192.168.122.9
NS1	IN	A	192.168.122.9
www	IN	A	192.168.122.11

反向区域文件:

[root@ns1 ~]# cd /var/named/chroot/var/named

[root@ns1 named]# vi example.com.reverse-zone 
;Reverse Zone File for example.com
; do not forget to use period (.) at trailing end of FQDN

$TTL 1D

@       IN SOA  ns1.example.com theitroad.example.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS     ns1.example.com.
9    IN PTR  ns1.example.com.
11     IN PTR  www.example.com.

更改文件的所有权和组。

cd /var/named/chroot/var/named

chown named:named example.com.*

重启命名服务

当我们第一次重新启动命名服务时,将生成新的rndc.key文件。

[root@ns1 named]# /etc/init.d/named restart

测试

使用dig或者host命令检查DNS服务器是否能正常解析

dig和host命令需要安装bind-utils包

yum install bind-utils
[root@ns1 named]# host -l example.com
example.com name server ns1.example.com.
example.com has address 192.168.122.9
NS1.example.com has address 192.168.122.9
www.example.com has address 192.168.122.11
[root@ns1 named]# 

[root@ns1 named]# dig example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 642
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		86400	IN	A	192.168.122.9

;; AUTHORITY SECTION:
example.com.		86400	IN	NS	ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com.	86400	IN	A	192.168.122.9

;; Query time: 0 msec
;; SERVER: 192.168.56.101#53(192.168.122.9)
;; WHEN: Fri Jul 19 21:18:07 2013
;; MSG SIZE  rcvd: 79

[root@ns1 named]#

设置从DNS服务器

安装bind chroot和bind-utils包

yum install bind-chroot bind-utils

配置FQDN或者主机名

编辑/etc/hosts文件

vi /etc/hosts

192.168.122.10 ns2.example.com ns2

编辑 /etc/sysconfig/network并替换主机名值

vi /etc/sysconfig/network

HOSTNAME=ns2

重启网络服务

/etc/init.d/network restart

现在检查主机名和FQDN是否正确。

一旦注销并重新登录或者重新启动服务器

[root@localhost named]# hostname
ns2

[root@localhost named]# hostname -f
ns2.example.com

编辑/etc/resolv.conf 文件

[root@localhost named]# vi /etc/resolv.conf 

domain example.com
search example.com
nameserver 192.168.122.9
nameserver 192.168.122.10

创建named.conf文件

[root@ns2 ~]# vi /var/named/chroot/etc/named.conf 

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

####### New line Addition ########

include "/etc/rndc.key";

options {
        directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named .
        forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9
};


//Forward zone section for example.com

zone "example.com" IN {
        type slave;
        file "example.com.forward-zone"; //forward zone files
	  allow-transfer {192.168.122.9/32; };
	  masters {192.168.122.9; };
};

// Reverse Zone Section for example.com

zone "122.168.192.in-addr.arpa" IN {
        type slave; // Declaring as DNS Slave Server
        file "example.com.reverse-zone"; // reverse zone file
	  allow-transfer {192.168.122.9/32; };
	  masters {192.168.122.9; };
};

更改/var/named/chroot/var/named目录的权限。

默认情况下,当文件在区域中被重新启动时,该服务将被命名为ns2.

[root@ns2 ~]# chmod 770 /var/named/chroot/var/named

重启命名服务

/etc/init.d/named restart

现在检查所有区域文件默认传输到从DNS服务器

[root@ns2 ~]# ls -l /var/named/chroot/var/named/
total 40
drwxr-x--- 6 root  named 4096 Jul 18 23:23 chroot
drwxrwx--- 2 named named 4096 Mar 29 04:18 data
drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic
-rw-r--r-- 1 named named  378 Jul 20 16:58 example.com.forward-zone
-rw-r--r-- 1 named named  452 Jul 20 17:01 example.com.reverse-zone
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves
[root@ns2 ~]#

当我们在主DNS服务器中对区域文件进行任何更新时,请增加serial的值,否则从服务器将无法从主服务器获得更新。之后,使用命令 /etc/init.d/named restart重新启动命名服务。

请看反向区域文件中的serial。

[root@ns1 ~]# cat /var/named/chroot/var/named/example.com.reverse-zone 
$ORIGIN .
$TTL 86400	; 1 day
122.168.192.in-addr.arpa IN SOA	ns1.example.com.122.168.192.in-addr.arpa. theitroad.example.com. (
				2          ; serial
				86400      ; refresh (1 day)
				3600       ; retry (1 hour)
				604800     ; expire (1 week)
				10800      ; minimum (3 hours)
				)
			NS	ns1.example.com.
			NS	ns2.example.com.
$ORIGIN 122.168.192.in-addr.arpa.
10			PTR	ns2.example.com.
11			PTR	www.example.com.
9			PTR	ns1.example.com.
[root@ns1 ~]#