搭建DNS服务器(bind)
实验要求
实验一
搭建第一台DNS服务器chen6,并做正反向解析。
域名为https://www.wendangku.net/doc/c78487606.html,
实验二
搭建第二台DNS服务器chen7,作为第一台服务器的备份。并做正反向解析实验三
在第二台服务器上搭建另一个域名解析,并做正反向解析。
域名为https://www.wendangku.net/doc/c78487606.html,
并让DNS服务器chen6作为域名https://www.wendangku.net/doc/c78487606.html,的备份DNS服务器
实验准备
两台linux服务器:
配置yum源
linux6
#rm –f /etc/yum.repos.d/*
清空/etc/yum.repos.d/下所有文件
#vim /etc/yum.repos.d/local.repo
编写yum源配置文件/etc/yum.repos.d/local.repo
[local]
name=CentOS6-CDROM
baseurl=file:///mnt/
enable=1
gpgcheck=0
保存退出后清空yum缓存,并重新建立
#yum clean all
#yum makecache
linux7
#rm –f /etc/yum.repos.d/*
清空/etc/yum.repos.d/下所有文件
#vim /etc/yum.repos.d/local.repo
编写yum源配置文件/etc/yum.repos.d/local.repo [local]
name=CentOS6-CDROM
baseurl=file:///mnt/
enable=1
gpgcheck=0
保存退出后清空yum缓存,并重新建立
#yum clean all
#yum makecache
安装bind
#yum install bind
安装bind软件包
#yum install bind-chroot
安装bind-chroot软件包
这个两台都一样。就不重复了。
#rpm –ql bind
#rpm –ql bind-chroot
检查软件包安装是否完成。并获取软件的相关信息。关闭防火墙
Linux6
#service iptables stop
Linux7
#systemctl stop firewalld
实验过程
实验一
配置DNS环境
配置/etc/named.conf
将下面三行:
listen-on port 53 { 127.0.0.1; }; //仅侦听本机
listen-on-v6 port 53 { ::1; };//仅侦听本机
allow-query { localhost; };//仅回应本机
改为:
listen-on port 53 { any; };//侦听所有
listen-on-v6 port 53 { any; }; //侦听所有
allow-query { any; }; //回应所有请求
配置域名(https://www.wendangku.net/doc/c78487606.html,)正向解析
配置域名环境
配置/etc/named.rfc1912.zones
文件最后插入以下行:
zone "https://www.wendangku.net/doc/c78487606.html," IN {
type master;
file "https://www.wendangku.net/doc/c78487606.html,";
allow-update { none; };
};
配置域名参数
将一个已经存在的文件复制成https://www.wendangku.net/doc/c78487606.html,,源文件的属性不变
# cp -p /var/named/named.localhost /var/named/https://www.wendangku.net/doc/c78487606.html,
配置/var/named/https://www.wendangku.net/doc/c78487606.html,
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W 192.168.100 ; expire
3H ) ; minimum
NS @
A 192.168.100.6
www A 192.168.100.6
ftp A 192.168.100.6
MX 5 mail
mail A 192.168.100.6
配置域名(https://www.wendangku.net/doc/c78487606.html,)反向解析
配置域名环境
配置/etc/named.rfc1912.zones
最后插入以下行:
zone "100.168.192.in-addr.arpa" IN {
type master;
file "https://www.wendangku.net/doc/c78487606.html,.back";
allow-update { none; };
};
配置域名参数
配置/var/named/https://www.wendangku.net/doc/c78487606.html,.back
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
每个域名最后有个点,表示是完整的域名解析,这个在这里很重要,不能忘记。实验二
域名为https://www.wendangku.net/doc/c78487606.html,主域名服务器(chen6)上的设置
修改域名环境
配置/etc/named.rfc1912.zones
zone "https://www.wendangku.net/doc/c78487606.html," IN {
type master;
file "https://www.wendangku.net/doc/c78487606.html,";
allow-update { none; };
allow-transfer { 192.168.100.7; };
};
zone "100.168.192.in-addr.arpa" IN {
file "https://www.wendangku.net/doc/c78487606.html,.back";
allow-update { none; };
allow-transfer { 192.168.100.7; };
};
增加两行allow-transfer { 192.168.100.7;};。
修改域名参数
配置/var/named/https://www.wendangku.net/doc/c78487606.html,
$TTL 1D
@ IN SOA @ rname.invalid. (
20161030; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum NS @
A 192.168.100.6
www A 192.168.100.6
ftp A 192.168.100.6
MX 5 mail
mail A 192.168.100.6
bbs CNAME ftp
配置/var/named/https://www.wendangku.net/doc/c78487606.html,.back
$TTL 1D
@ IN SOA @ rname.invalid. (
20161030; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum NS https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
6 PTR https://www.wendangku.net/doc/c78487606.html,.
将serial那一行改成一个大数字就行
域名为https://www.wendangku.net/doc/c78487606.html,辅助域名服务器(chen7)上的设置配置DNS环境
配置/etc/named.conf
将下面三行:
listen-on port 53 { 127.0.0.1; }; //仅侦听本机
listen-on-v6 port 53 { ::1; };//仅侦听本机
allow-query { localhost; };//仅回应本机
改为:
listen-on port 53 { any; };//侦听所有
listen-on-v6 port 53 { any; }; //侦听所有
allow-query { any; }; //回应所有请求
配置域名环境
配置/etc/named.rfc1912.zones
增加以下几行:
zone "https://www.wendangku.net/doc/c78487606.html," IN {
type slave;
masters { 192.168.100.6; };
file "slaves/https://www.wendangku.net/doc/c78487606.html,.zone";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.6; };
file "slaves/https://www.wendangku.net/doc/c78487606.html,.back.zone";
allow-update { none; };
};
实验三
配置域名为https://www.wendangku.net/doc/c78487606.html,主域名服务器(chen7)配置域名环境
配置/etc/named.rfc1912.zones
文件最后插入以下行:
zone "https://www.wendangku.net/doc/c78487606.html," IN {
type master;
file "https://www.wendangku.net/doc/c78487606.html,";
allow-update { none; };
allow-transfer { 192.168.100.6; };
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "https://www.wendangku.net/doc/c78487606.html,";
allow-update { none; };
allow-transfer { 192.168.100.6; };
};
配置域名参数
将一个已经存在的文件复制成https://www.wendangku.net/doc/c78487606.html,,源文件的属性不变
# cp -p /var/named/named.localhost /var/named/https://www.wendangku.net/doc/c78487606.html,
配置/var/named/https://www.wendangku.net/doc/c78487606.html,
$TTL 1D
@ IN SOA @ rname.invalid. (
20161031 ; serial
1D ; refresh
1H ; retry
1W 192.168.100 ; expire
3H ) ; minimum
NS @
A 192.168.100.7
www A 192.168.100.7
ftp A 192.168.100.7
MX 5 mail
mail A 192.168.100.7
bbs CNAME ftp
7 PTR https://www.wendangku.net/doc/c78487606.html,.
7 PTR https://www.wendangku.net/doc/c78487606.html,.
7 PTR https://www.wendangku.net/doc/c78487606.html,.
7 PTR https://www.wendangku.net/doc/c78487606.html,.
7 PTR https://www.wendangku.net/doc/c78487606.html,.
配置域名为https://www.wendangku.net/doc/c78487606.html,辅助域名服务器(chen6)
配置域名环境
配置/etc/named.rfc1912.zones
增加以下几行:
zone "https://www.wendangku.net/doc/c78487606.html," IN {
type slave;
masters { 192.168.100.7; };
file "slaves/https://www.wendangku.net/doc/c78487606.html,.zone";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.7; };
file "slaves/https://www.wendangku.net/doc/c78487606.html,.zone";
allow-update { none; };
实验总结
1.正向解析与反向解析是可以放在一个文件里的,格式如同实验中文件
/var/named/https://www.wendangku.net/doc/c78487606.html,
2.一个域名服务器同时做两个或两个以上的反向解析,zone后面双引号内的字符串不能一
样。可以理解为,一个网段内只能有一台主反向域名解析服务器。