在CentOS 6或者Red Hat 6中安装主从BIND DNS
时间:2019-08-20 17:58:30 来源:igfitidea点击:
DNS是一个很大的概念,互联网世界正在运行它。
在本教程中,我们将学习如何在CentOS 6或者Red Hat 6中设置主从DNS。
因为我们在chroot中配置服务器,所以所有配置文件都在 /var/named/chroot中
安装环境
包名:BIND版本9.8.2
[root@localhost ~]# rpm -qa|grep bind bind-libs-9.8.2-0.17.rc1.el6_4.4.i686 bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686 bind-9.8.2-0.17.rc1.el6_4.4.i686 [root@localhost ~]#
操作系统:Red Hat 6.4和CentOS 6.4
主DNS服务器=192.168.122.9 ns1.example.com
从DNS服务器=192.168.122.10 ns2. example.com
IPTABLES禁用
SELINUX禁用
设置主DNS服务器
使用yum命令安装bind chroot,其他依赖项也会默认安装。
[root@localhost ~]# yum install bind-chroot
查看安装的bind文档
ls -l /usr/share/doc/bind-9.8.2/
设置主DNS服务器的FQDN
编辑/etc/hosts文件,设置ip地址和域名
vi /etc/hosts 192.168.122.9 ns1.example.com ns1
编辑 /etc/sysconfig/network并替换主机名
vi /etc/sysconfig/network HOSTNAME=ns1
重启网络服务
/etc/init.d/network restart
现在检查主机名和FQDN是否正确。
注销并重新登录或者 重启服务器查看
[root@ns1 named]# hostname ns1 [root@ns1 named]# hostname -f ns1.example.com
编辑/etc/resolv.conf 文件
[root@ns1 named]# vi /etc/resolv.conf domain example.com search example.com nameserver 192.168.122.9 [root@ns1 named]#
创建named.conf文件
[root@ns1 named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf `/usr/share/doc/bind-9.8.2/sample/etc/named.rfc1912.zones' -> `/var/named/chroot/etc/named.conf' [root@ns1 named]# [root@ns1 named]# vi /var/named/chroot/etc/named.conf #######remove old contents and paste the below given contents ######## include "/etc/rndc.key"; options { directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named . forwarders {192.168.122.10; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.122.10 }; //Forward zone section for example.com zone "example.com" IN { type master; file "example.com.forward-zone"; //forward zone files in /var/named allow-update { none; }; }; // Reverse Zone Section for example.com zone "122.168.192.in-addr.arpa" IN { type master; // Declaring as DNS Master Server file "example.com.reverse-zone"; // reverse zone files in /var/named allow-update { none; }; };
创建正向区域和反向区域文件。
转发区域文件:
[root@ns1 ~]# cd /var/named/chroot/var/named [root@localhost named]# cp -prvf /usr/share/doc/bind-9.8.2/sample/var/named/named.localhost . `/usr/share/doc/bind-9.8.2/sample/var/named/named.localhost' -> `./named.localhost' [root@localhost named]# ls -l total 4 -rw-r--r-- 1 named named 152 Mar 29 04:18 named.localhost [root@ns1 named]# [root@ns1 named]# mv named.localhost example.com.forward-zone [root@ns1 named]# vi example.com.forward-zone ;comment is given by symbol ; ,hence this line is commented ; IN SOA we give Start Of Authority email id in this pattern, username.domainname.tld eg. admin.example.com ; FQDN must have period (.) sign at trailing end,see given below "IN NS ns1.example.com." $TTL 1D @ IN SOA ns1.example.com theitroad.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.example.com. IN A 192.168.122.9 NS1 IN A 192.168.122.9 www IN A 192.168.122.11
反向区域文件:
[root@ns1 ~]# cd /var/named/chroot/var/named [root@ns1 named]# vi example.com.reverse-zone ;Reverse Zone File for example.com ; do not forget to use period (.) at trailing end of FQDN $TTL 1D @ IN SOA ns1.example.com theitroad.example.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.example.com. 9 IN PTR ns1.example.com. 11 IN PTR www.example.com.
更改文件的所有权和组。
cd /var/named/chroot/var/named chown named:named example.com.*
重启命名服务
当我们第一次重新启动命名服务时,将生成新的rndc.key文件。
[root@ns1 named]# /etc/init.d/named restart
测试
使用dig或者host命令检查DNS服务器是否能正常解析
dig和host命令需要安装bind-utils包
yum install bind-utils
[root@ns1 named]# host -l example.com example.com name server ns1.example.com. example.com has address 192.168.122.9 NS1.example.com has address 192.168.122.9 www.example.com has address 192.168.122.11 [root@ns1 named]# [root@ns1 named]# dig example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 642 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 86400 IN A 192.168.122.9 ;; AUTHORITY SECTION: example.com. 86400 IN NS ns1.example.com. ;; ADDITIONAL SECTION: ns1.example.com. 86400 IN A 192.168.122.9 ;; Query time: 0 msec ;; SERVER: 192.168.56.101#53(192.168.122.9) ;; WHEN: Fri Jul 19 21:18:07 2013 ;; MSG SIZE rcvd: 79 [root@ns1 named]#
设置从DNS服务器
安装bind chroot和bind-utils包
yum install bind-chroot bind-utils
配置FQDN或者主机名
编辑/etc/hosts文件
vi /etc/hosts 192.168.122.10 ns2.example.com ns2
编辑 /etc/sysconfig/network并替换主机名值
vi /etc/sysconfig/network HOSTNAME=ns2
重启网络服务
/etc/init.d/network restart
现在检查主机名和FQDN是否正确。
一旦注销并重新登录或者重新启动服务器
[root@localhost named]# hostname ns2 [root@localhost named]# hostname -f ns2.example.com
编辑/etc/resolv.conf 文件
[root@localhost named]# vi /etc/resolv.conf domain example.com search example.com nameserver 192.168.122.9 nameserver 192.168.122.10
创建named.conf文件
[root@ns2 ~]# vi /var/named/chroot/etc/named.conf // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // ####### New line Addition ######## include "/etc/rndc.key"; options { directory "/var/named"; // Zone files path i.e /var/named/chroot/var/named . forwarders {192.168.122.9; }; // In case the DNS query fails,request will go to next available DNS server i.e 192.168.56.122.9 }; //Forward zone section for example.com zone "example.com" IN { type slave; file "example.com.forward-zone"; //forward zone files allow-transfer {192.168.122.9/32; }; masters {192.168.122.9; }; }; // Reverse Zone Section for example.com zone "122.168.192.in-addr.arpa" IN { type slave; // Declaring as DNS Slave Server file "example.com.reverse-zone"; // reverse zone file allow-transfer {192.168.122.9/32; }; masters {192.168.122.9; }; };
更改/var/named/chroot/var/named目录的权限。
默认情况下,当文件在区域中被重新启动时,该服务将被命名为ns2.
[root@ns2 ~]# chmod 770 /var/named/chroot/var/named
重启命名服务
/etc/init.d/named restart
现在检查所有区域文件默认传输到从DNS服务器
[root@ns2 ~]# ls -l /var/named/chroot/var/named/ total 40 drwxr-x--- 6 root named 4096 Jul 18 23:23 chroot drwxrwx--- 2 named named 4096 Mar 29 04:18 data drwxrwx--- 2 named named 4096 Mar 29 04:18 dynamic -rw-r--r-- 1 named named 378 Jul 20 16:58 example.com.forward-zone -rw-r--r-- 1 named named 452 Jul 20 17:01 example.com.reverse-zone -rw-r----- 1 root named 1892 Feb 18 2008 named.ca -rw-r----- 1 root named 152 Dec 15 2009 named.empty -rw-r----- 1 root named 152 Jun 21 2007 named.localhost -rw-r----- 1 root named 168 Dec 15 2009 named.loopback drwxrwx--- 2 named named 4096 Mar 29 04:18 slaves [root@ns2 ~]#
当我们在主DNS服务器中对区域文件进行任何更新时,请增加serial的值,否则从服务器将无法从主服务器获得更新。之后,使用命令 /etc/init.d/named restart重新启动命名服务。
请看反向区域文件中的serial。
[root@ns1 ~]# cat /var/named/chroot/var/named/example.com.reverse-zone $ORIGIN . $TTL 86400 ; 1 day 122.168.192.in-addr.arpa IN SOA ns1.example.com.122.168.192.in-addr.arpa. theitroad.example.com. ( 2 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns1.example.com. NS ns2.example.com. $ORIGIN 122.168.192.in-addr.arpa. 10 PTR ns2.example.com. 11 PTR www.example.com. 9 PTR ns1.example.com. [root@ns1 ~]#