問題描述:
公司注冊了DNS區域sankel.com,準備使用兩台RHEL5伺服器建構主、從域名系統,其中任何一台都能夠解析sankel.com域内的主機位址。
1.主DNS伺服器:svr5.sankel.com,192.168.4.5
2.從DNS伺服器:svr6.sankel.com,192.168.4.6
3.負責解析以下站點:
網站:www.sankel.com 192.168.4.100
郵件:mail.sankel.com 192.168.4.25
FTP:是www的别名
4.為*.sankel.com提供泛域名解析:192.168.4.100
搭建過程
[一]主DNS伺服器
1,配置主DNS伺服器ip位址,檢視有關軟體是否安裝
[root@localhost ~]# vim/etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit EthernetController (Copper)
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29:AE:8A:FF
ONBOOT=yes
IPADDR=192.168.4.5
NETMASK=255.255.255.0
~
[root@localhost ~]# servicenetwork restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@localhost ~]# rpm -qibind bind-chroot caching-nameserve
package bind is not installed
package bind-chroot is not installed
package caching-nameserve is not installed
2,挂載CD光牒安裝相關軟體
[root@localhost~]# cd /misc/cd/Server/
[root@localhostServer]# rpm -ivh
bind-9.3.6-20.P1.el5_8.5.x86_64.rpmbind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm
3,編輯主DNS伺服器的主配置檔案
編輯named.conf
[root@localhost ~]# cd /var/named/chroot/etc/……主配置檔案路徑
[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf……cp -p 保證檔案屬 性不變
[root@localhost etc]# vim named.conf
options {
listen-on port 53 { 192.168.4.5; };
……………
allow-query { any; };
allow-query-cache { any; };
};
logging {
channeldefault_debug {
file "data/named.run";
severity dynamic;
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
編輯named.rfc1912.zones
zone "sankel.com" IN {
typemaster;
file"sankel.com.zone";
zone "4.168.192.in-addr.arpa" IN {
file"192.168.4.arpa";
-- INSERT -- 58,22-29 Bot
4,檢查以上配置文法的正确性
[root@localhost etc]# named-checkconf named.conf
[root@localhost etc]# named-checkconfnamed.rfc1912.zones
5,配置區域檔案
[root@localhost ~]# cd /var/named/chroot/var/named……區域配置檔案路徑
[root@localhostnamed]# cp -p named.local sankel.com.zone……cp –p 保證檔案屬性不變
[root@localhostnamed]# vim sankel.com.zone
$TTL 86400
@ IN SOA sankel.com. root.sankel.com. (
2014030301 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum
IN NS svr5.sankel.com.
IN NS svr6.sankel.com.
svr5 IN A 192.168.4.5……主伺服器正向解析
svr6 IN A 192.168.4.6…….從伺服器正向解析
www IN A 192.168.4.100
mail IN A 192.168.4.25
ftp IN CNAME www
* IN A 192.168.4.100
[root@localhost named]# cp -p named.local192.168.4.arpa
[root@localhost named]# vim 192.168.4.arpa
IN NS svr5.sankel.com.
IN NS svr6.sankel.com.
5 IN PTR svr5.sankel.com…….主伺服器反向解析
6 IN PTR svr5.sankel.com…….從伺服器反向解析
100 IN PTR www.sankel.com.
25 IN PTR mail.sankel.com.
100 IN PTR ftp.sankel.com.
6,檢查區域檔案配置文法的正确性
[root@localhost named]# named-checkzone sankel.comsankel.com.zone
zone sankel.com/IN: loaded serial 2014030301
OK
[root@localhost named]# named-checkzone sankel.com192.168.4.arpa
7,啟動服務并設定開機自動開啟
[root@localhost ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@localhost ~]# chkconfig named on
8,驗證
[root@localhost ~]# vim/etc/resolv.conf
search sankel.com
nameserver192.168.4.5
[root@localhost ~]# host 192.168.4.5
5.4.168.192.in-addr.arpa domain name pointersvr5.sankel.com.
[root@localhost ~]# host www.sankel.com
www.sankel.com has address 192.168.4.100
[root@localhost ~]# host mail.sankel.com
mail.sankel.com has address 192.168.4.25
[root@localhost ~]# host aer.sankel.com
aer.sankel.com has address 192.168.4.100
[二]從DNS伺服器
1,在從DNS伺服器上安裝相應軟體
2,編輯主配置檔案
[root@localhost etc]# cp -p named.caching-nameserver.conf named.conf……cp -p 保證檔案屬性不變
listen-on port 53 { 192.168.4.6; };
[root@localhostetc]# vim named.rfc1912.zones
zone"sankel.com" IN {
type slave;
file"slaves/sankel.com.zone";
masters { 192.168.4.5; };
zone"4.168.192.in-addr.arpa" IN {
file "slaves/192.168.4.arpa";
masters { 192.168.4.5; };
3,檢查配置文法的正确性
4,在主DNS伺服器上授權可以下載下傳區域檔案的主機,并重新開機服務
[root@localhost etc]# vimnamed.conf
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-transfer {192.168.4.6; };……追加一條授權指令
Starting named: [ OK ]
4,驗證:在從伺服器上啟動DNS服務
[root@localhost named]# cd slaves/
[root@localhost slaves]# ls
[root@localhost slaves]# ……沒有檔案
[root@localhost etc]# servicenamed restart
192.168.4.arpa sankel.com.zone……下載下傳到區域檔案
5,在主DNS伺服器上檢視下載下傳日志
[root@localhost etc]# tail -f/var/log/messages
Mar 3 20:35:07localhost named[13147]: client 192.168.4.6#49561: view localhost_resolver:transfer of '4.168.192.in-addr.arpa/IN': AXFR started
Mar 3 20:35:07localhost named[13147]: client 192.168.4.6#49561: view localhost_resolver:transfer of '4.168.192.in-addr.arpa/IN': AXFR ended
Mar 3 20:35:07localhost named[13147]: client 192.168.4.6#17228: view localhost_resolver:received notify for zone '4.168.192.in-addr.arpa'
Mar 3 20:37:36localhost named[13147]: client 192.168.4.6#53969: view localhost_resolver:received notify for zone 'sankel.com'
Mar 3 20:37:36localhost named[13147]: client 192.168.4.6#2572:view localhost_resolver: received notify for zone '4.168.192.in-addr.arpa'