为Linux配置DNS服务(RHEL5U10 + named)
本文介绍如何为Linux服务器配置DNS服务的技术细节。
开始本文的前提是:
1.一台安装完好的Linux服务器
2.配置好YUM
当前,服务器的情况如下LOG所示:
终端:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[root@CenterServer ~]# hostname CenterServer [root@CenterServer ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:2E:4C:C8 inet addr:192.168.56.140 Bcast:192.168.56.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2e:4cc8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3493675 errors:0 dropped:0 overruns:0 frame:0 TX packets:4707 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:342300662 (326.4 MiB) TX bytes:796947 (778.2 KiB) [root@CenterServer ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost 192.168.56.140 CenterServer [root@CenterServer ~]# [root@CenterServer ~]# yum repolist Loaded plugins: product-id, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. repo id repo name status Cluster Cluster 32 ClusterStorage ClusterStorage 39 Server Server 3,358 VT VT 59 repolist: 3,488 [root@CenterServer ~]# [root@CenterServer ~]# service iptables status Firewall is stopped. [root@CenterServer ~]# sestatus SELinux status: disabled [root@CenterServer ~]# [root@CenterServer ~]# |
安装DNS相关的软件包
与DNS服务相关的软件包,包括:
bind
bind-chroot
caching-nameserver
Log:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
[root@CenterServer ~]# yum list | grep --color ^bind This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. bind-libs.x86_64 30:9.3.6-20.P1.el5_8.6 installed bind-utils.x86_64 30:9.3.6-20.P1.el5_8.6 installed bind.x86_64 30:9.3.6-20.P1.el5_8.6 Server bind-chroot.x86_64 30:9.3.6-20.P1.el5_8.6 Server bind-devel.i386 30:9.3.6-20.P1.el5_8.6 Server bind-devel.x86_64 30:9.3.6-20.P1.el5_8.6 Server bind-libbind-devel.i386 30:9.3.6-20.P1.el5_8.6 Server bind-libbind-devel.x86_64 30:9.3.6-20.P1.el5_8.6 Server bind-libs.i386 30:9.3.6-20.P1.el5_8.6 Server bind-sdb.x86_64 30:9.3.6-20.P1.el5_8.6 Server bind97.x86_64 32:9.7.0-17.P2.el5_9.2 Server bind97-chroot.x86_64 32:9.7.0-17.P2.el5_9.2 Server bind97-devel.i386 32:9.7.0-17.P2.el5_9.2 Server bind97-devel.x86_64 32:9.7.0-17.P2.el5_9.2 Server bind97-libs.i386 32:9.7.0-17.P2.el5_9.2 Server bind97-libs.x86_64 32:9.7.0-17.P2.el5_9.2 Server bind97-utils.x86_64 32:9.7.0-17.P2.el5_9.2 Server [root@CenterServer ~]# [root@CenterServer ~]# yum list | grep --color ^caching-nameserver This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. caching-nameserver.x86_64 30:9.3.6-20.P1.el5_8.6 Server [root@CenterServer ~]# //安装 [root@CenterServer ~]# yum install -y bind.x86_64 bind-chroot.x86_64 caching-nameserver.x86_64 Loaded plugins: product-id, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 30:9.3.6-20.P1.el5_8.6 set to be updated ---> Package bind-chroot.x86_64 30:9.3.6-20.P1.el5_8.6 set to be updated ---> Package caching-nameserver.x86_64 30:9.3.6-20.P1.el5_8.6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ======================================================================================= Package Arch Version Repository Size ======================================================================================= Installing: bind x86_64 30:9.3.6-20.P1.el5_8.6 Server 989 k bind-chroot x86_64 30:9.3.6-20.P1.el5_8.6 Server 47 k caching-nameserver x86_64 30:9.3.6-20.P1.el5_8.6 Server 64 k Transaction Summary ======================================================================================= Install 3 Package(s) Upgrade 0 Package(s) Total download size: 1.1 M Downloading Packages: --------------------------------------------------------------------------------------- Total 669 MB/s | 1.1 MB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : bind 1/3 Installing : bind-chroot 2/3 Installing : caching-nameserver 3/3 Installed: bind.x86_64 30:9.3.6-20.P1.el5_8.6 bind-chroot.x86_64 30:9.3.6-20.P1.el5_8.6 caching-nameserver.x86_64 30:9.3.6-20.P1.el5_8.6 Complete! [root@CenterServer ~]# [root@CenterServer ~]# rpm -qa | grep ^bind bind-chroot-9.3.6-20.P1.el5_8.6 bind-libs-9.3.6-20.P1.el5_8.6 bind-utils-9.3.6-20.P1.el5_8.6 bind-9.3.6-20.P1.el5_8.6 [root@CenterServer ~]# rpm -qa | grep ^caching-nameserver caching-nameserver-9.3.6-20.P1.el5_8.6 [root@CenterServer ~]# |
这样,就安装好了。
配置DNS服务。
DNS服务的主配置文件位于:/var/named/chroot/etc。
主配置文件为:named.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@CenterServer ~]# cd /var/named/chroot/etc/ [root@CenterServer etc]# ls localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@CenterServer etc]# ll total 16 -rw-r--r-- 1 root root 2819 Jul 28 2014 localtime -rw-r----- 1 root named 1230 Dec 10 2012 named.caching-nameserver.conf -rw-r----- 1 root named 955 Dec 10 2012 named.rfc1912.zones -rw-r----- 1 root named 113 Jul 28 07:18 rndc.key [root@CenterServer etc]# [root@CenterServer etc]# cp -p named.caching-nameserver.conf named.conf [root@CenterServer etc]# ll total 20 -rw-r--r-- 1 root root 2819 Jul 28 2014 localtime -rw-r----- 1 root named 1230 Dec 10 2012 named.caching-nameserver.conf -rw-r----- 1 root named 1230 Dec 10 2012 named.conf -rw-r----- 1 root named 955 Dec 10 2012 named.rfc1912.zones -rw-r----- 1 root named 113 Jul 28 07:18 rndc.key [root@CenterServer etc]# |
编辑“named.conf”文件内容,修改后的该文件内容如下所示:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
[root@CenterServer etc]# cat named.conf // // named.caching-nameserver.conf // // Provided by Red Hat caching-nameserver package to configure the // ISC BIND named(8) DNS server as a caching only nameserver // (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // DO NOT EDIT THIS FILE - use system-config-bind or an editor // to create named.conf - edits to this file will be lost on // caching-nameserver package upgrade. // options { listen-on port 53 { any; }; //Changed! listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { any; }; //Changed! allow-query-cache { any; }; //Changed! }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view adamhuan_resolver { //Changed! match-clients { any; }; //Changed! match-destinations { any; }; //Changed! recursion yes; include "/etc/named.adamhuan.zones"; //Changed! }; [root@CenterServer etc]# |
上面LOG中标注了“//Changed!”的地方为修改过的地方。
编辑区域文件:named.adamhuan.zones。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
[root@CenterServer etc]# ll total 20 -rw-r--r-- 1 root root 2819 Jul 28 2014 localtime -rw-r----- 1 root named 1230 Dec 10 2012 named.caching-nameserver.conf -rw-r----- 1 root named 1200 Jul 28 07:24 named.conf -rw-r----- 1 root named 955 Dec 10 2012 named.rfc1912.zones -rw-r----- 1 root named 113 Jul 28 07:18 rndc.key [root@CenterServer etc]# cp -p named.rfc1912.zones named.adamhuan.zones [root@CenterServer etc]# ll total 24 -rw-r--r-- 1 root root 2819 Jul 28 2014 localtime -rw-r----- 1 root named 955 Dec 10 2012 named.adamhuan.zones -rw-r----- 1 root named 1230 Dec 10 2012 named.caching-nameserver.conf -rw-r----- 1 root named 1200 Jul 28 07:24 named.conf -rw-r----- 1 root named 955 Dec 10 2012 named.rfc1912.zones -rw-r----- 1 root named 113 Jul 28 07:18 rndc.key [root@CenterServer etc]# //配置完成后,“named.adamhuan.zones”内容如下: [root@CenterServer etc]# cat named.adamhuan.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "." IN { type hint; file "named.ca"; }; zone "d-prototype.com" IN { //DNS正向解析 type master; //主DNS file "d-prototype.zone"; allow-update { none; }; }; zone "56.168.192.in-addr.arpa" IN { //DNS反向解析 type master; //主DNS file "56.168.192.local"; allow-update { none; }; }; [root@CenterServer etc]# |
配置DNS正向/反向解析文件
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
[root@CenterServer etc]# cd /var/named/chroot/var/named/ [root@CenterServer named]# ls data localhost.zone named.ca named.local slaves localdomain.zone named.broadcast named.ip6.local named.zero [root@CenterServer named]# ll total 36 drwxrwx--- 2 named named 4096 Aug 25 2004 data -rw-r----- 1 root named 198 Dec 10 2012 localdomain.zone -rw-r----- 1 root named 195 Dec 10 2012 localhost.zone -rw-r----- 1 root named 427 Dec 10 2012 named.broadcast -rw-r----- 1 root named 1892 Dec 10 2012 named.ca -rw-r----- 1 root named 424 Dec 10 2012 named.ip6.local -rw-r----- 1 root named 426 Dec 10 2012 named.local -rw-r----- 1 root named 427 Dec 10 2012 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves [root@CenterServer named]# [root@CenterServer named]# cp -p named.local d-prototype.zone [root@CenterServer named]# cp -p localhost.zone 56.168.192.local [root@CenterServer named]# ll -ltr total 44 drwxrwx--- 2 named named 4096 Jul 27 2004 slaves drwxrwx--- 2 named named 4096 Aug 25 2004 data -rw-r----- 1 root named 427 Dec 10 2012 named.zero -rw-r----- 1 root named 426 Dec 10 2012 named.local -rw-r----- 1 root named 424 Dec 10 2012 named.ip6.local -rw-r----- 1 root named 1892 Dec 10 2012 named.ca -rw-r----- 1 root named 427 Dec 10 2012 named.broadcast -rw-r----- 1 root named 195 Dec 10 2012 localhost.zone -rw-r----- 1 root named 198 Dec 10 2012 localdomain.zone -rw-r----- 1 root named 426 Dec 10 2012 d-prototype.zone -rw-r----- 1 root named 195 Dec 10 2012 56.168.192.local [root@CenterServer named]# |
正向解析:d-prototype.zone
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@CenterServer named]# cat d-prototype.zone $TTL 86400 @ IN SOA CenterServer. root.CenterServer. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS CenterServer. confluence IN A 192.168.56.137 CenterServer IN A 192.168.56.140 openfiler IN A 192.168.56.130 ora12c-node1 IN A 192.168.56.139 ora12c-node2 IN A 192.168.56.138 [root@CenterServer named]# |
反向解析:56.168.192.local
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@CenterServer named]# cat 56.168.192.local $TTL 86400 @ IN SOA CenterServer root.CenterServer ( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS CenterServer 137 IN PTR confluence.d-prototype.com. 140 IN PTR CenterServer.d-prototype.com. 130 IN PTR openfiler.d-prototype.com. 139 IN PTR ora12c-node1.d-prototype.com. 138 IN PTR ora12c-node2.d-prototype.com. [root@CenterServer named]# |
启动DNS服务:named
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@CenterServer named]# service named start Starting named: [ OK ] [root@CenterServer named]# [root@CenterServer named]# ps -ef | grep --color name named 4609 1 0 07:54 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot root 4630 3662 0 07:56 pts/1 00:00:00 grep --color name [root@CenterServer named]# [root@CenterServer named]# netstat -tupln | grep name Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.56.140:53 0.0.0.0:* LISTEN 4609/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4609/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4609/named tcp 0 0 ::1:53 :::* LISTEN 4609/named tcp 0 0 ::1:953 :::* LISTEN 4609/named udp 0 0 192.168.56.140:53 0.0.0.0:* 4609/named udp 0 0 127.0.0.1:53 0.0.0.0:* 4609/named udp 0 0 ::1:53 :::* 4609/named [root@CenterServer named]# |
与DNS相关的测试:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@CenterServer named]# nslookup > server Default server: 192.168.56.2 Address: 192.168.56.2#53 > > server 192.168.56.140 Default server: 192.168.56.140 Address: 192.168.56.140#53 > > confluence.d-prototype.com Server: 192.168.56.140 Address: 192.168.56.140#53 Name: confluence.d-prototype.com Address: 192.168.56.137 > > 192.168.56.138 Server: 192.168.56.140 Address: 192.168.56.140#53 138.56.168.192.in-addr.arpa name = ora12c-node2.d-prototype.com. > > 192.168.56.130 Server: 192.168.56.140 Address: 192.168.56.140#53 130.56.168.192.in-addr.arpa name = openfiler.d-prototype.com. > > exit [root@CenterServer named]# |
————————————————————
Ending。
