操作系統版本:
[root@node named]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Linux下設置DNS的位置主要是,
1網卡設置配置文件里面DNS服務器地址設置,
2.系統默認DNS服務器地址設置。
3,hosts文件指定
生效順序是:
1 hosts文件
2 網卡配置文件DNS服務地址
3 /etc/resolv.conf
安裝DNS
yum install bind -y
1 [root@gs2node named]# cat /etc/named.conf 2 // 3 // named.conf 4 // 5 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS 6 // server as a caching only nameserver (as a localhost DNS resolver only). 7 // 8 // See /usr/share/doc/bind*/sample/ for example named configuration files. 9 // 10 11 options { 12 listen-on port 53 { any; }; 13 listen-on-v6 port 53 { ::1; }; 14 directory "/var/named"; 15 dump-file "/var/named/data/cache_dump.db"; 16 statistics-file "/var/named/data/named_stats.txt"; 17 memstatistics-file "/var/named/data/named_mem_stats.txt"; 18 allow-query { any; }; 19 recursion yes; 20 21 dnssec-enable yes; 22 dnssec-validation yes; 23 dnssec-lookaside auto; 24 25 /* Path to ISC DLV key */ 26 bindkeys-file "/etc/named.iscdlv.key"; 27 28 managed-keys-directory "/var/named/dynamic"; 29 }; 30 31 logging { 32 channel default_debug { 33 file "data/named.run"; 34 severity dynamic; 35 }; 36 }; 37 38 zone "." IN { 39 type hint; 40 file "named.ca"; 41 }; 42 43 include "/etc/named.rfc1912.zones"; 44 include "/etc/named.root.key";
1 [root@node named]# cat /etc/named.rfc1912.zones 2 // named.rfc1912.zones: 3 // 4 // Provided by Red Hat caching-nameserver package 5 // 6 // ISC BIND named zone configuration for zones recommended by 7 // RFC 1912 section 4.1 : localhost TLDs and address zones 8 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt 9 // (c)2007 R W Franks 10 // 11 // See /usr/share/doc/bind*/sample/ for example named configuration files. 12 // 13 14 zone "localhost.localdomain" IN { 15 type master; 16 file "named.localhost"; 17 allow-update { none; }; 18 }; 19 20 zone "localhost" IN { 21 type master; 22 file "named.localhost"; 23 allow-update { none; }; 24 }; 25 26 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { 27 type master; 28 file "named.loopback"; 29 allow-update { none; }; 30 }; 31 32 zone "1.0.0.127.in-addr.arpa" IN { 33 type master; 34 file "named.loopback"; 35 allow-update { none; }; 36 }; 37 38 zone "0.in-addr.arpa" IN { 39 type master; 40 file "named.empty"; 41 allow-update { none; }; 42 }; 43 44 zone "cbf.com" IN{ 45 type master; 46 file "cbf.com.zone"; 47 }; 48 49 zone "4.168.192.in-addr.arpa" IN { 50 type master; 51 file "4.168.192.zone"; 52 };
1 [root@node named]# pwd 2 /var/named 3 [root@node named]# cat 4.168.192.zone 4 $TTL 1D 5 @ IN SOA ns.cbf.com. root ( 6 0 ;serial 7 1D ;refresh 8 1H ;retry 9 1w ;expire 10 3H ) ;minimum 11 IN NS ns.cbf.com. 12 92 IN PTR www.cbf.com. 13 14 [root@node named]# cat cbf.com.zone 15 $TTL 1D 16 @ IN SOA ns.cbf.com. root ( 17 0 ;serial 18 1D ;refresh 19 1H ;retry 20 1w ;expire 21 3H ) ;minimum 22 NS ns.cbf.com. 23 MX 5 mail.cbf.com. 24 www IN A 192.168.4.92 25 ns IN A 192.168.4.92 26 mail IN A 192.168.4.92 27 smtp IN A 192.168.4.92 28 pop3 IN A 192.168.4.92 29 pop IN A 192.168.4.92
檢查防火牆狀態
1 [root@node named]# service iptables status 2 iptables: Firewall is not running.
[root@node named]# getenforce
Disabled
檢查53端口
1 [root@node named]# netstat -anlpe | grep named 2 tcp 0 0 192.168.1.70:53 0.0.0.0:* LISTEN 25 1291049098 17887/named 3 tcp 0 0 6.55.4.171:53 0.0.0.0:* LISTEN 25 1291049096 17887/named 4 tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 1291049094 17887/named 5 tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 1291049103 17887/named 6 tcp 0 0 ::1:53 :::* LISTEN 25 1291049100 17887/named 7 tcp 0 0 ::1:953 :::* LISTEN 25 1291049104 17887/named 8 udp 0 0 192.168.1.70:53 0.0.0.0:* 25 1291049097 17887/named 9 udp 0 0 6.55.4.171:53 0.0.0.0:* 25 1291049095 17887/named 10 udp 0 0 127.0.0.1:53 0.0.0.0:* 25 1291049093 17887/named 11 udp 0 0 ::1:53 :::* 25 1291049099 17887/named 12 unix 2 [ ] DGRAM 1291049077 17887/named
啟動DNS服務
service named start
==========================
本地測試
1 [root@node named]# service iptables status 2 iptables: Firewall is not running. 3 [root@node named]# getenforce 4 Disabled 5 [root@node named]# nslookup www.cbf.com 6 Server: 127.0.0.1 7 Address: 127.0.0.1#53 8 9 Name: www.cbf.com 10 Address: 192.168.4.92 11 12 [root@node named]# nslookup mail.cbf.com 13 Server: 127.0.0.1 14 Address: 127.0.0.1#53 15 16 Name: mail.cbf.com 17 Address: 192.168.4.92 18 19 [root@node named]# nslookup smtp.cbf.com 20 Server: 127.0.0.1 21 Address: 127.0.0.1#53 22 23 Name: smtp.cbf.com 24 Address: 192.168.4.92 25 26 [root@node named]# nslookup 192.168.4.92 27 Server: 127.0.0.1 28 Address: 127.0.0.1#53 29 30 92.4.168.192.in-addr.arpa name = www.cbf.com.
==========================
客戶端測試
1 [root@node2 ~]# cat /etc/resolv.conf 2 nameserver <node IP> 3 [root@node2 ~]# nslookup 192.168.4.92 4 Server: 16.155.14.171 5 Address: 16.155.14.171#53 6 7 92.4.168.192.in-addr.arpa name = www.cbf.com. 8 9 [root@node2 ~]# nslookup www.cbf.com 10 Server: 16.155.14.171 11 Address: 16.155.14.171#53 12 13 Name: www.cbf.com 14 Address: 192.168.4.92
問題一:
1 [root@node named]# cat gs.ct.com.zone 2 $TTL 1D 3 @ IN SOA ns.gs.ct.com. root ( 4 0 ;serial 5 1D ;refresh 6 1H ;retry 7 1w ;expire 8 3H ) ;minimum 9 10 @ IN NS ns.gs.ct.com. 11 IN MX 5 mail.gs.ct.com. 12 GS IN A 16.155.14.12
1 [root@node named]# service named restart 2 Stopping named: [ OK ] 3 Starting named: 4 Error in named configuration: 5 zone localhost.localdomain/IN: loaded serial 0 6 zone localhost/IN: loaded serial 0 7 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 8 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 9 zone 0.in-addr.arpa/IN: loaded serial 0 10 zone gs.ct.com/IN: NS 'ns.gs.ct.com' has no address records (A or AAAA) 11 zone gs.ct.com/IN: not loaded due to errors. 12 _default/gs.ct.com/IN: bad zone 13 zone 14.155.16.in-addr.arpa/IN: loaded serial 0 14 [FAILED]
解決方法:
修改/var/named/gs.ct.com.zone 文件
1 [root@node named]# cat gs.ct.com.zone 2 $TTL 1D 3 @ IN SOA ns.gs.ct.com. root ( 4 0 ;serial 5 1D ;refresh 6 1H ;retry 7 1w ;expire 8 3H ) ;minimum 9 10 @ IN NS GS.gs.ct.com. 11 IN MX 5 mail.gs.ct.com. 12 GS IN A 16.155.14.12
[root@node named]# service named restart Stopping named: [ OK ] Starting named: [ OK ] [root@node named]# nslookup 16.155.14.12 Server: 127.0.0.1 Address: 127.0.0.1#53 12.14.55.6.in-addr.arpa name = GS.gs.ct.com.