linux服务管理之dns服务配置教程 第四部分
serv02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 slaves]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
[root@serv01 named]# yum install bind* -y>/dev/null 2>&1
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
-- listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
--allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
--第三步,修改named.rfc1912.zones 文件,修改如下
[root@serv02 named]# tail -n5/etc/named.rfc1912.zones
zone "xn.justdb.com" IN {
typemaster;
file"xn.justdb.com.zone";
allow-update{ none;};
};
--第四步,重启服务
[root@serv02 slaves]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]
实现功能
--第一步,serv01修改配置文件。添加如下两行
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.88
--xn.justdb.com. IN NS dns.xn.justdb.com.
dns.xn.justdb.com. IN A 192.168.1.12
--第二步,serv03安装bind-util
[root@serv03 ~]# yum install bind-util* -y> /dev/null 2>&1
--第三步,serv03修改resolv配置文件
[root@serv03 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
[root@serv03 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
--第四步,进行测试
[root@serv03 ~]# dig web.justdb.com +short
192.168.1.88
[root@serv03 ~]# dig web.hb.justdb.com +short
192.168.1.89
[root@serv03 ~]# dig web.xn.justdb.com +short
192.168.1.90
十一、DNS高级视图
应用场景:不同的IP访问相同的域名,转到各自运营商的服务器
网络拓扑结构图如图四
图四 DNS高级视图网络拓扑结构图
serv01配置
--第一步,IP地址配置如下
[root@serv01 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@serv01 ~]# ifconfig eth1|grep"inet addr"
inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv01 ~]# ifconfig |grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr00:0C:29:07:DD:45
inet addr:172.16.1.11 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv02 ~]# man named.conf
--第二步,安装bind
[root@serv01 named]# yum install bind* -y
[root@serv01 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
// server as a caching only nameserver (as alocalhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ forexample named configuration files.
//
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
#注释或者删除以下几行内容
#zone "." IN {
# typehint;
# file"named.ca";
#};
#如果这几行存在,重启服务会报如下错误:
Error in named configuration:
/etc/named.conf:35: when using 'view'statements, all zones must be in views
[FAILED]
#注释此行
#include"/etc/named.rfc1912.zones";
acl dx {
192.168.1.10;
192.168.1.11;
192.168.1.12;
192.168.1.13;
192.168.1.14;
};
acl wt {
172.16.1.10;
172.16.1.11;
172.16.1.12;
172.16.1.13;
172.16.1.14;
};
view dianxin {
match-clients{"dx";};
zone "." IN {
type hint;
file "named.ca";
};
#在此处进入命令模式,执行以下命令,将文件里的内容拷贝过来。
r !cat /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.dx";
allow-update{ none;};
};
};
view wangtong {
match-clients{"wt";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.wt";
allow-update{ none;};
};
};
--第三步,拷贝并编辑larrywen.com.zone.dx文件
[root@serv01 named]# cp named.localhost larrywen.com.zone.dx-a
[root@serv01 named]# vimlarrywen.com.zone.dx
[root@serv01 named]# catlarrywen.com.zone.dx
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 192.168.1.11
www IN A 192.168.1.88
--第四步,拷贝并编辑larrywen.com.zone.wt 文件
[root@serv01 named]# cp named.localhostlarrywen.com.zone.wt-a
[root@serv01 named]# vim larrywen.com.zone.wt
[root@serv01 named]# cat larrywen.com.zone.wt
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com.(
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 172.16.1.11
www IN A 172.16.1.88
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
serv02 测试
--第一步,配置IP
[root@serv02 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
--第二步,安装bind-utils工具
[root@serv02 ~]# yum install bind-utils-y
--第三步,配置DNS
[root@serv02 ~]# echo "nameserver192.168.1.11" > /etc/resolv.conf
--第四步,检测
[root@serv02 ~]# dig www.larrywen.com +short
192.168.1.88
[root@serv02 ~]# ifconfig|grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
serv03测试
--第一步,配置IP
[root@serv03 ~]# ifconfig eth0|grep"inet addr"
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
[root@serv03 ~]# ifconfig eth1|grep"inet addr"
inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
[root@serv03 ~]# ifconfig|grep -A 1 eth
eth0 Link encap:Ethernet HWaddr00:0C:29:BD:08:05
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr00:0C:29:BD:08:0F
inet addr:172.16.1.12 Bcast:172.16.1.255 Mask:255.255.255.0
--第二步,安装bind-utils工具
[root@serv02 ~]# yum install bind-utils-y
--第三步,配置DNS
[root@serv03 ~]# echo "nameserver172.16.1.11" > /etc/resolv.conf
--第四步,检测
[root@serv03 ~]# dig www.larrywen.com +short
172.16.1.88
十二、/etc/named.conf:41: open: /etc/named.acl.dx: file not found解决
chroot:笼环境,阻止因软件的漏洞而任意切换根目录
chroot:虚拟根目录
[root@serv01 etc]# ls -l /etc/named.conf/var/named/chroot/etc/named.conf -i
131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /etc/named.conf
131137 -rw-r-----. 1 root named 2563 Aug 1219:37 /var/named/chroot/etc/named.conf
--第一步,写到配置文件(named.conf)中
[root@serv01 etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS
// server as a caching only nameserver (as alocalhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ forexample named configuration files.
//
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
#zone "." IN {
# typehint;
# file"named.ca";
#};
#include "/etc/named.rfc1912.zones";
include"/etc/named.acl.dx";
include"/etc/named.acl.wt";
view dianxin {
match-clients{"dx";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.dx";
allow-update{ none;};
};
};
view wangtong {
match-clients{"wt";};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone "localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
zone "0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
zone "larrywen.com" {
typemaster;
file"larrywen.com.zone.wt";
allow-update{ none;};
};
};
--第二步,查看配置文件
[root@serv01 etc]# vim /etc/named.acl.dx
[root@serv01 etc]# cat /etc/named.acl.dx
acl dx {
192.168.1.10;
192.168.1.11;
192.168.1.12;
192.168.1.13;
192.168.1.14;
};
[root@serv01 etc]# vim /etc/named.acl.wt
[root@serv01 etc]# cat /etc/named.acl.wt
acl wt {
172.16.1.10;
172.16.1.11;
172.16.1.12;
172.16.1.13;
172.16.1.14;
};
--第三步,重启服务,发生错误
[root@serv01 etc]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:41: open: /etc/named.acl.dx:file not found
[FAILED]
--第四步,解决问题(将etc目录下的named文件拷贝到 /var/named/chroot/etc/)
[root@serv01 etc]# cd /var/named/
chroot/ dynamic/ larrywen.com.zone.wt named.empty named.loopback
data/ larrywen.com.zone.dx named.ca named.localhost slaves/
[root@serv01 etc]# cd /var/named/chroot/etc/
[root@serv01 etc]# ll
total 12
-rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
drwxr-x---. 2 root named 4096 Mar 28 2011 named
drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
[root@serv01 etc]# cp /etc/named* ./ -a
[root@serv01 etc]# ll
total 36
-rw-r--r--. 1 root root 389 Jul 23 00:57 localtime
drwxr-x---. 2 root named 4096 Mar 28 2011 named
-rw-r-----. 1 root named 123 Aug 12 19:49 named.acl.dx
-rw-r-----. 1 root named 118 Aug 12 19:50 named.acl.wt
-rw-r-----. 1 root named 2450 Aug 12 19:54named.conf
-rw-r--r--. 1 root named 2544 Mar 28 2011 named.iscdlv.key
-rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones
-rw-r--r--. 1 root named 487 Mar 28 2011 named.root.key
drwxr-xr-x. 3 root root 4096 Aug 12 18:27 pki
[root@serv01 etc]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
