#dns配置——正解(域名转换成ip地址)
#serv01:dns服务器
#Serv02:测试用
--第一步,serv01安装bind
#安装bind
[root@serv01~]#
yum install bind* -y
--第二步,修改配置文件named.conf
[root@serv01~]# /etc/named.conf
#查询
[root@serv01~]# rpm -qa|grep bind
[root@serv01~]# rpm -ql bind|less
#编辑文件
[root@serv01~]# vim /etc/named.conf
options {
#监听端口 IP地址
#listen-onport 53 { 127.0.0.1; };
#监听任何IP地址
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
#指定根目录
directory "/var/named";
#对Cache进行备份
dump-file "/var/named/data/cache_dump.db";
#静态文件
statistics-file"/var/named/data/named_stats.txt";
#内存静态文件
memstatistics-file"/var/named/data/named_mem_stats.txt";
#允许查询的IP地址
#allow-query { localhost; };
#允许查询所有的IP地址进行查询
allow-query { any; };
#默认递归查询
recursion yes;
#安全相关的
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
#根域服务器
zone "." IN {
type hint;
file "named.ca";
};
#区域文件
include"/etc/named.rfc1912.zones";
[root@serv01~]# ls /var/named/
chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
#根域服务器的相关信息
[root@serv01~]# cat /var/named/named.ca
;<<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS .@a.root-servers.net
;; globaloptions: printcmd
;; Gotanswer:
;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420
;; flags:qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20
;; OPTPSEUDOSECTION:
; EDNS:version: 0, flags:; udp: 4096
;;QUESTION SECTION:
;. IN NS
;; ANSWERSECTION:
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
;;ADDITIONAL SECTION:
#13台根域服务器
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35
;; Querytime: 147 msec
;;SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN:Mon Feb 18 13:29:18 2008
;; MSGSIZE rcvd: 615
#本地域名的解析
[root@larrywen0808]# ping localhost.localdomain
PINGlocalhost (127.0.0.1) 56(84) bytes of data.
64 bytesfrom localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.024 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.026 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.025 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.027 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.026 ms
64 bytesfrom localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.026 ms
^C
---localhost ping statistics ---
6 packetstransmitted, 6 received, 0% packet loss, time 5624ms
rttmin/avg/max/mdev = 0.024/0.025/0.027/0.005 ms
--第三步,修改配置文件named.rfc1912.zones
[root@serv01~]# tail -n5 /etc/named.rfc1912.zones
zone"jb200.com" IN {
typemaster;
#域名和IP地址的对应关系的存放文件
file"jb200.com.zone";
#不允许更新
allow-update{none;};
};
#保持属性保持一致(所属组)
[root@serv01named]# cp named.localhost jb200.com.zone -a
[root@serv01named]# ll named.localhost jb200.com.zone
-rw-r-----.1 root named 152 Jun 21 2007jb200.com.zone
-rw-r-----.1 root named 152 Jun 21 2007 named.localhost
--第四步,拷贝文件,修改jb200.com.zone文件
$TTL 1D
#注意后面有点
@ IN SOA dns.jb200.com. root.jb200.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
#和前面的DNS保持一致
NS dns.jb200.com.
dns IN A 192.168.1.11
www IN A 192.168.1.88
#文件配置项解析
[root@serv01~]# cat /var/named/named.localhost
$TTL 1D
#@:域名 jb200.com
#rname.invalid:出了问题,
发送邮件地址
@ IN SOA @rname.invalid. (
#序列号,主从服务器更新需要。版本号,文件修改的次数
0 ;serial
#从服务器更新刷新的时间
1D ; refresh
#没有刷新成功,重试时间
1H ; retry
#如果还没成功,失效的时间
1W ; expire
#有效时间:三个小时
3H) ; minimum
#和前面保持一致
NS @
A 127.0.0.1
AAAA ::1
#最终配置结果
#/etc/named.conf配置文件
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
#/etc/named.rfc1912.zones配置
zone "jb200.com" IN {
type master;
file "jb200.com.zone";
allow-update {none;};
};
#/var/named/jb200.com.zone 配置
$TTL 1D
#注意后面有点
@ INSOA dns.jb200.com. root.jb200.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
#和前面的DNS保持一致
NS dns.jb200.com.
dns INA 192.168.1.11
www INA 192.168.1.88
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]
--第六步,使用dig测试,查看是否配置成功
[root@serv01 named]# dig www.jb200.com
; <<>> DiG9.7.3-
redhat-9.7.3-2.el6 <<>> www.jb200.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 61132
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.jb200.com. IN A
;; ANSWER SECTION:
www.jb200.com. 86400 IN A 192.168.1.88
;; AUTHORITY SECTION:
jb200.com. 86400 IN NS dns.jb200.com.
;; ADDITIONAL SECTION:
dns.jb200.com. 86400 IN A 192.168.1.11
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 8 18:40:12 2013
;; MSG SIZE rcvd: 82
#查看简短的信息
[root@serv01 named]# dig www.jb200.com+short
192.168.1.88
--第七步,serv01能ping通域名
#不能ping通
[root@serv01 named]# ping www.jb200.com
ping: unknown host www.jb200.com
#不能ping通
[root@serv01 named]# ping dns.jb200.com
ping: unknown host dns.jb200.com
#在resolv.conf文件中加入nameserver
[root@serv01 ~]# vim /etc/resolv.conf
[root@serv01 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
#现在可以ping了,可以解析对应的IP地址
[root@serv01 ~]# ping www.jb200.com
PING www.jb200.com (192.168.1.88) 56(84)bytes of data.
^C
--- www.jb200.com ping statistics ---
2 packets transmitted, 0 received, 100%packet loss, time 1161ms
#可以ping通dns服务器
[root@serv01 ~]# ping dns.jb200.com
PING dns.jb200.com (192.168.1.11) 56(84)bytes of data.
64 bytes from 192.168.1.11: icmp_seq=1 ttl=64time=0.020 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=64time=0.071 ms
64 bytes from 192.168.1.11: icmp_seq=3 ttl=64time=0.039 ms
64 bytes from 192.168.1.11: icmp_seq=4 ttl=64time=0.041 ms
^C
--- dns.jb200.com ping statistics ---
4 packets transmitted, 4 received, 0% packetloss, time 3316ms
rtt min/avg/max/mdev = 0.020/0.042/0.071/0.019ms
--第八步,server02测试
[root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
[root@serv02 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
[root@serv02 ~]# yum install bind-utils -y
[root@serv02 ~]# dig www.jb200.com +short
192.168.1.88
[root@serv02 ~]# nslookup www.jb200.com
Server: 192.168.1.11
Address: 192.168.1.11#53
Name: www.jb200.com
Address: 192.168.1.88
--第九步,增加其他的解析
[root@serv01 named]# vim/var/named/jb200.com.zone
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@serv01 named]# cat/var/named/jb200.com.zone
$TTL 1D
@ INSOA dns.jb200.com. root.jb200.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.jb200.com.
dns INA 192.168.1.11
www INA 192.168.1.88
ftp INA 192.168.1.89
#或者这样
ftp.hongiy.com. IN A 192.168.1.89
hongiy.com. INMX 5 mail
mail IN A 192.168.1.90
[root@serv01 named]# dig ftp.jb200.com+short
192.168.1.89
