linux 下DNS的配置三 輔DNS的配置
接上一篇
實驗環境VMware 6.5.2 + RedHat Enterprise 5
已經建好了一個DNS的主要區域,這次試着做一個輔DNS
輔DNS隻是負責分流,防止主DNS 由于負載過重而導緻用戶端解析時間過長
一旦主DNS不存在了,那輔DNS 也就起不到解析的作用了,
首先 禁掉防火牆,配ip
[root@localhost ~]# setup
<a href="http://yuzeying.blog.51cto.com/attachment/200904/27/644976_1240831660sOcA.jpg"></a>
先選擇 防火牆配置 (使用tab鍵切換)
<a href="http://yuzeying.blog.51cto.com/attachment/200904/27/644976_1240831663Hx7a.jpg"></a>
用tab鍵切換 ,空格選擇 上下箭頭移動
[root@localhost ~]# vi /etc/resolv.conf
把dns指向自己
; generated by /sbin/dhclient-script
search router
nameserver 192.168.0.6
儲存退出
下一步 挂CD光牒 安裝DNS所需的四個rpm包
[root@localhost ~]# cd /mnt
[root@localhost mnt]# ls
cdrom hgfs
[root@localhost mnt]# mount /dev/cdrom /mnt/cdrom
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@localhost mnt]# cd /mnt/cdrom/Server
[root@localhost Server]#
[root@localhost Server]# rpm -ivh bind-
bind-9.3.3-10.el5.i386.rpm
bind-chroot-9.3.3-10.el5.i386.rpm
bind-devel-9.3.3-10.el5.i386.rpm
bind-libbind-devel-9.3.3-10.el5.i386.rpm
bind-libs-9.3.3-10.el5.i386.rpm
bind-sdb-9.3.3-10.el5.i386.rpm
bind-utils-9.3.3-10.el5.i386.rpm
[root@localhost Server]# rpm -ivh bind-9.3.3-10.el5.i386.rpm
warning: bind-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind ########################################### [100%]
[root@localhost Server]# rpm -ivh bind-utils-9.3.3-10.el5.i386.rpm
warning: bind-utils-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
package bind-utils-9.3.3-10.el5 is already installed
[root@localhost Server]# rpm -ivh cach
cachefilesd-0.8-2.el5.i386.rpm
caching-nameserver-9.3.3-10.el5.i386.rpm
[root@localhost Server]# rpm -ivh caching-nameserver-9.3.3-10.el5.i386.rpm
warning: caching-nameserver-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
1:caching-nameserver ########################################### [100%]
[root@localhost Server]# rpm -ivh bind-chroot-9.3.3-10.el5.i386.rpm
warning: bind-chroot-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
1:bind-chroot ########################################### [100%]
下一步 編輯配置檔案
[root@localhost Server]# cd /var/named/chroot/etc
[root@localhost etc]# ls
localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key
[root@localhost etc]# vi named.conf
關鍵部位配置檔案如下
// generated by named-bootconf.pl
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
zone "." IN {
type hint;
file "named.ca";
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
zone "0.0.127.in-addr.arpa" IN {
file "named.local";
zone "sina.com" IN {
type slave;
file "slaves/sina.zone";
masters { 192.168.0.5; };
zone "0.168.192.in-addr.arpa" IN {
file "slaves/sina.local";
zone "sohu.com" IN {
file "slaves/sohu.zone";
include "/etc/rndc.key";
-- INSERT --
這裡需要注意的是,建議源檔案盡量不要動,複制後在進行操作,注意标點符号(;)少了沒有
這裡類型 換成輔DNS (type slave;)
存儲位置 應該是(file "slaves/sina.zone";)
還有就是标明哪個是主DNS (masters { 192.168.0.5; };)注意裡面的空格
[root@localhost etc]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@localhost etc]#
重新開機服務
這時我們可以ping一下 看看網通不通
[root@localhost etc]# ping 192.168.0.5
PING 192.168.0.5 (192.168.0.5) 56(84) bytes of data.
64 bytes from 192.168.0.5: icmp_seq=1 ttl=64 time=1.20 ms
64 bytes from 192.168.0.5: icmp_seq=2 ttl=64 time=0.165 ms
64 bytes from 192.168.0.5: icmp_seq=3 ttl=64 time=0.164 ms
64 bytes from 192.168.0.5: icmp_seq=4 ttl=64 time=0.186 ms
64 bytes from 192.168.0.5: icmp_seq=5 ttl=64 time=0.180 ms
--- 192.168.0.5 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.164/0.380/1.205/0.412 ms
也可以 telnet一下他的53号端口
[root@localhost etc]# telnet 192.168.0.5 53
Trying 192.168.0.5...
Connected to [url]www.sina.com[/url] (192.168.0.5).
Escape character is '^]'.
^]
telnet&gt; quit
Connection closed.
(^])這個符号是按住ctrl + 右(]})的,之後選擇quit 退出
這時我們找到slaves目錄,看看他的下面有沒有把主DNS中的正向和反向區域檔案複制過來
[root@localhost etc]# cd /var/named/chroot/var/named
[root@localhost named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@localhost named]# cd slaves
[root@localhost slaves]# ls
sina.local sina.zone sohu.zone
[root@localhost slaves]#
檔案複制的沒有問題,接下來我們來測試一下
[root@localhost slaves]# nslookup [url]www.sina.com[/url]
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: [url]www.sina.com[/url]
Address: 192.168.0.5
[root@localhost slaves]# nslookup [url]www.sohu.com[/url]
Name: [url]www.sohu.com[/url]
[root@localhost slaves]# nslookup 192.168.0.5
5.0.168.192.in-addr.arpa name = [url]www.sohu.com.[/url]
5.0.168.192.in-addr.arpa name = [url]www.sina.com.[/url]
ok,正向和反向都沒有問題
成功解析
寫到最後,此次試驗如果不成功,首先檢查自己的拼寫錯誤,注意檔案名中的.和,的 差別
謹祝各位實驗順利
本文轉自 yuzeying1 51CTO部落格,原文連結:http://blog.51cto.com/yuzeying/153728
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)