DNS服务器

实验环境虚拟机CentoS 6.5

IPADDR=192.168.1.223

 

安装:

两个包

bind 和bind-chroot

yum -y install bind bind-chroot

 

家目录chroot后位置是:

/var/name/chroot/

ls 结果:

dev  etc  usr  var

 

把原家目录里的文件复制到chroot下

cp -a /etc/named* /var/named/chroot/etc/

cd /var/named

cp -a data/ dynamic/ named.* slaves/ /var/namd/chroot/var/named/

 

配置文件位置:

vim /var/named/chroot/etc/named.conf

 

     listen-on port 53 { any; };    #改为any
        directory       "/var/named";   #指定目录
        allow-query     { any; };        #改为any

增加正向域:

zone "ltiaw.com" IN {


        type master;
        file "ltiaw.zone";
};

增加反向域:

zone "1.168.192.in-addr.arpa" IN {


        type master;
        file "ltiaw.arpa";
};
 

然后创建文件ltiaw.zone,ltiaw.arpa

cd var/named/chroot/var/named/

cp named.localhost ltiaw.zone

vim ltiaw.zone

修改内容如下:

$TTL 86400

@       IN      SOA     dns.ltiaw.com.  root    (    #固定格式
                                                20160319      #序列号,用于对比更新
                                                1D                 #刷新时间
                                                1H                 #重试时间
                                                1W                 #过期时间
                                                1H )               #缓存时间
@       IN      NS      dns.ltiaw.com.
dns     IN      A       192.168.1.223
www   IN      A       192.168.1.223                                                     

 

#注意dns.ltiaw.com.  最后一定要有“.”

cp ltiaw.zone ltiaw.arpa

vim ltiaw.arpa

$TTL 86400

@    IN SOA dns.ltiaw.com.    root(

                                                    20160319    

                                                    1D

                                                    1H

                                                    1W

                                                 1H )

     IN NS  dns.ltiaw.com.

223   IN PTR    dns

223   IN PTR    www

 

保存重启服务

/etc/init.d/named restart

开放端口

主从服务同步用TCP 53

客户端请求用UDP 53

iptables -I INPUT -p tcp --dport 53 -j ACCEPT

iptables -I INPUT -p udp --dport 53 -j ACCEPT

/etc/init.d/iptables save

 

编辑本机DNS为本服务器

vim /etc/resolv.conf

nameserver 127.0.0.1

保存

增加hosts

echo "127.0.0.1    ltiaw.com" >>/etc/hosts/

#永久保存可以改写ifcfg-eth0文件里的DNS

 

解释域:

host -l ltiaw.com

如下结果:

[root@ltiaw named]# host -l ltiaw.com

ltiaw.com name server dns.ltiaw.com.
dns.ltiaw.com has address 192.168.1.223
has address 192.168.1.223

 

查询反向域

host -l 1.168.192.IN-addr.arpa

如下结果:

host -l 1.168.192.IN-addr.arpa

1.168.192.in-addr.arpa name server dns.ltiaw.com.
223.1.168.192.in-addr.arpa domain name pointer .
223.1.168.192.in-addr.arpa domain name pointer dns.1.168.192.in-addr.arpa.

 

#以上就是最基本的DNS服务器搭建好了,下面继续DNS的主从同步

 搭建另一个虚拟机作为从服务器

CentOS 6.5

IPADDR=192.168.1.224

 

按以上步骤安装好DNS。下面进行配置

vim /var/named/chroot/etc/named.conf

 

listen-on port 53 { any; };    #改为any
        directory       "/var/named";   #指定目录
        allow-query     { any; };        #改为any

增加zone

 

zone "ltiaw.com" IN {

    type slave;

    file "slave/ltiaw.zone";

    masters { 192.168.1.223; };

};

 

zone "1.168.192.IN-addr.arpa" IN {

    type slave;

    file "slaves/ltiwa.arpa";            #注意结尾要有";"

    masters { 192.168.1.223; };

};

保存

/etc/init.d/named restart

 

#查看有更新到zone下来

ls /var/named/chroot/var/named/slaves

#改本机DNS

vim /etc/resolv.conf

nameserver=127.0.0.1

解释看看

host -l ltiaw.com

 [root@localhost var]# host -l ltiaw.com

ltiaw.com name server dns.ltiaw.com.
dns.ltiaw.com has address 192.168.1.223
has address 192.168.1.223

OK成功

#然后只要主服务器更新zone时,把序列号也改大。从服务器就会跟着更新!

 

如果想控制只给某个IP能作为从服务器,可以在主服务器named.conf 里options里加入

allow-transfer { 192.168.1.224; };

 

如果想更高安全性,可以用加密方式!

主服务器上:

 生成密钥

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST xx

cat Kxx.+157+40357.private 

结果。(这个是我11号时生成的,我就不再生成了)

Private-key-format: v1.3

Algorithm: 157 (HMAC_MD5)
Key: 1mi7zBg4m0Lc1rOZryoSvQ==
Bits: AAA=
Created: 20160311090952
Publish: 20160311090952
Activate: 20160311090952

 

然后更改named.conf

options里加入:allow-transfer { key xx; };

#然后新建的一行肉容如下不要包括进别的{}里

server  192.168.1.224 {

keys { xx; };

};

 

key xx {

       algorithm hmac-md5;

       secret "1mi7zBg4m0Lc1rOZryoSvQ==";

 }; 

 

 

controls {

      inet 127.0.0.1 port 953
     allow { 127.0.0.1; } keys { "xx"; };
};

 

保存重启

/etc/init.d/named restart 

 

从服务器更改named.conf 

加入以下

server 192.168.1.223 {

keys { xx; };

};

 

key xx {

       algorithm hmac-md5;

       secret "1mi7zBg4m0Lc1rOZryoSvQ==";

 };

保存

删掉刚才更新下来的两个zone

rm -rf /var/named/chroot/var/named/slaves/ltiaw.*

/etc/init.d/named restart

ls /var/named/chroot/var/named/slaves/

看到ltiaw.zone和ltiaw.arpa。成功

 

#如果想控制不同客户IP解析到不到的地址,可以用视图来设置!

首先编辑named.conf定义IP,把zone放入视图里.

acl aa { 192.168.1.224; };

acl bb { 192.168.1.5; };

view xx {                                      #xx视图控制aa

match-clients { "aa"; };

    zone "." IN {

        type hint;
        file "named.ca";
};

zone "ltiaw.com" IN {

        type master;
        file "ltiaw.zone";
};

zone "1.168.192.in-addr.arpa" IN {

        type master;
        file "ltiaw.arpa";
};

};

 

view yy {                              #视图yy控制bb

match-clients { "bb"; };

    zone "." IN {

        type hint;
        file "named.ca";
};

zone "ltiaw.com" IN {

        type master;
        file "ltiawyy.zone";
};

zone "1.168.192.in-addr.arpa" IN {

        type master;
        file "ltiawyy.arpa";
};

};

 

保存

创建ltiawyy.zone和ltiawyy.arpa两个文件

cd /var/named/chroot/var/named

cp ltiaw.zone ltiawyy.zone

cp ltiaw.arpa ltiawyy.arpa

然把ltiawyy.zone和ltiawyy.arpa 对应的IP改为200=www.ltiaw.com

/etc/init.d/named restart

 

bb对应的是我电脑windows IP192.168.1.5

cmd

nslookup

>server 192.168.1.223

>ltiaw.com

Server:  [192.168.1.200]

Address:  192.168.1.200

Name:    ltiaw.com

 

aa对应的是linux

/etc/init.d/named restart

host -l ltiaw.com

ltiaw.com name server dns.ltiaw.com.

dns.ltiaw.com has address 192.168.1.223
has address 192.168.1.223

 

父子域。

 父服务器IPADDR=192.168.1.223  主域:ltiaw.com

子服务器IPADDR=192.168.1.224   子域:aa.ltiaw.com

第一步:

编辑子服务器named.conf

增加zone aa.ltiaw.com

zone "aa.ltiaw.com" IN {

    type master;

    file aa.ltiaw.zone;

};

#查询不到的域名转发到父服务器里

options里加入

forward first;

forwarders { 192.168.1.223; };

保存

下面在新建aa.ltiaw.zone文件

vim /var/named/chroot/var/named/aa.ltiaw.zone

肉容如下:

$TTL 86400      

@                       IN SOA  dns.aa.ltiaw.com. root (

                                20160309   ; serial

                                86400      ; refresh (1 day)

                                3600       ; retry (1 hour)

                                604800     ; expire (1 week)

                                3600       ; minimum (1 hour)

                                )

@                       NS      dns.aa.ltiaw.com.

dns                     A       192.168.1.224

www                     A       192.168.1.224

保存。

/etc/init.d/named restart

host -l aa.ltiaw.com

结果如下:

[root@localhost named]# host -l aa.ltiaw.com

aa.ltiaw.com name server dns.aa.ltiaw.com.

dns.aa.ltiaw.com has address 192.168.1.224

www.aa.ltiaw.com has address 192.168.1.224

开放端口 

[root@localhost named]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT

[root@localhost named]# iptables -I INPUT -p udp --dport 53 -j ACCEPT

父服务器操作:

vim /var/named/chroot/var/named/ltiaw.zone

增加以下:

aa.ltiaw.com.       IN      NS      dns.aa.ltiaw.com.

dns.aa.ltiaw.com.   IN      A       192.168.1.224

/etc/init.d/named restart

解释成功: 

[root@ltiaw chroot]# host dns.aa.ltiaw.com

dns.aa.ltiaw.com has address 192.168.1.224

 子域上

dig -t A  @192.168.1.224

查询成功

父子域上都互访问成功 !