歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

BIND9私有DNS服務器小環境搭建實驗

BIND9私有DNS服務器小環境搭建實驗   1. 服務器基本配置   1) 主根服務器   192.168.56.101 2) 從根服務器    192.168.56.102 3) COM服務器   192.168.56.103 4) 解析服務器     192.168.56.104     2. 編譯及安裝BI11:01 2013-8-22ND9 1) # tar xvf bind-9.6.1.tar.gz # cd bind-9.6.1 #  ./configure --prefix=/usr/local/named  --enable-threads          //開啟多線程處理能力 # make && make install 2)  從rndc.conf文件中提取named.conf用的key # cd /usr/local/named # sbin/rndc-confgen > etc/rndc.conf #cd etc/ # tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf # cat named.conf   [plain] key "rndc-key" {           algorithm hmac-md5;           secret "wk7NzsvLaCobiCFxHB2LXQ==";    };        controls {           inet 127.0.0.1 port 953           allow { 127.0.0.1; } keys { "rndc-key"; };    };       以上環境安裝設置在每台服務器上是一樣的。     3. 配置主根服務器 在IP為192.168.56.101的服務器上 1) 打開named.conf, 添加如下內容 # vi named.conf [plain] key "rndc-key" {           algorithm hmac-md5;           secret "wk7NzsvLaCobiCFxHB2LXQ==";    };        controls {           inet 127.0.0.1 port 953                   allow { 127.0.0.1; } keys { "rndc-key"; };    };       options {           directory "/var/named/";           pid-file "/var/named/named.pid";           recursion no;   };       zone "." IN {           type master;           file "db.root";           allow-transfer {192.168.56.102;};   };           其中: recursion no; 關閉遞歸查詢。             allow-transfer {192.168.56.102;}; 允許區域傳送,且僅對給出的IP地址的服務器              有效。 這裡192.168.56.102是我們的從根服務器   2) 創建區配置文件 # cd /var  # mkdir named # cd named # touch db.root # vi db.root [plain] $TTL 86400   @ IN SOA @ root (           12169           1m           1m           1m           1m )       . IN NS root.ns.   root.ns. IN A 192.168.56.101   com. IN NS ns.com.   ns.com. IN A 192.168.56.103           其中: com. IN NS ns.com. 這裡必須要授權出去, 否則遞歸解析時,將找不到類似                            My.com 所對應的地址 3) 啟動BIND 並測試 #  cd /usr/local/named #  sbin/named -g & #  dig @192.168.56.101 . NS [plain] root@simba-1:/var/named# dig @192.168.56.101 . NS       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193   ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;.                              IN      NS       ;; ANSWER SECTION:   .                       86400   IN      NS      root.ns.       ;; ADDITIONAL SECTION:   root.ns.                86400   IN      A       192.168.56.101       ;; Query time: 19 msec   ;; SERVER: 192.168.56.101#53(192.168.56.101)   ;; WHEN: Wed Aug 21 07:15:38 2013   ;; MSG SIZE  rcvd: 64              # dig @192.168.56.101 com. NS  [plain] root@simba-1:/var/named# dig @192.168.56.101 com. NS       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443   ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;com.                           IN      NS       ;; AUTHORITY SECTION:   com.                    86400   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86400   IN      A       192.168.56.103       ;; Query time: 17 msec   ;; SERVER: 192.168.56.101#53(192.168.56.101)   ;; WHEN: Wed Aug 21 07:18:16 2013   ;; MSG SIZE  rcvd: 65                4. 配置從根服務器 在IP為192.168.56.102上 1) 打開named.conf, 添加如下內容 # vi named.conf [plain] key "rndc-key" {           algorithm hmac-md5;           secret "JaHjteR5sZxVrMWWcOne9g==";    };       controls {           inet 127.0.0.1 port 953                   allow { 127.0.0.1; } keys { "rndc-key"; };    };       options {           directory "/var/named";           pid-file "/var/run/named/named.pid";           transfer-format many-answers;           recursion no;   };       zone "." IN {           type slave;           file "db.root";           masters { 192.168.56.101; };   };         其中: recursion no; 關閉遞歸查詢。             masters  {192.168.56.101;};  指明主服務器地址,這樣就可以根據SOA中指定 的刷新時間去與主根同步   2) 創建區配置文件 # cd /var  # mkdir named 從服務器不需要手動建立 區域文件。因為從服務器會自動向主服務器更新。   3)  啟動BIND 並測試 #  cd /usr/local/named #  sbin/named -g &   等待一段時間,確定已經獲取到了區文件 # ls /var/named/   db.root   #  dig @192.168.56.102 . NS [plain] ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918   ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;.                              IN      NS       ;; ANSWER SECTION:   .                       86400   IN      NS      root.ns.       ;; ADDITIONAL SECTION:   root.ns.                86400   IN      A       192.168.56.101       ;; Query time: 12 msec   ;; SERVER: 192.168.56.102#53(192.168.56.102)   ;; WHEN: Wed Aug 21 07:27:18 2013   ;; MSG SIZE  rcvd: 64                  # dig @192.168.56.102 com. NS  [plain] root@simba-2:/usr/local/named/etc# dig @192.168.56.102 com. NS       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412   ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;com.                           IN      NS       ;; AUTHORITY SECTION:   com.                    86400   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86400   IN      A       192.168.56.103       ;; Query time: 19 msec   ;; SERVER: 192.168.56.102#53(192.168.56.102)   ;; WHEN: Wed Aug 21 07:35:10 2013   ;; MSG SIZE  rcvd: 65                5. 配置COM服務器 在服務器192.168.56.103上   1) 打開named.conf, 添加如下內容 # vi named.conf [plain] key "rndc-key" {           algorithm hmac-md5;           secret "kMOStrdGYC5WmE1obk7LJg==";    };        controls {           inet 127.0.0.1 port 953                   allow { 127.0.0.1; } keys { "rndc-key"; };    };       options {           directory "/var/named";           pid-file "/var/run/named/named.pid";           allow-query {any;};           recursion no;   };       zone "." IN {           type hint;           file "db.root";   };       zone "com." IN {           type master;           file "db.com";   };         其中: recursion no; 關閉遞歸查詢。                2) 創建區配置文件 # cd /var  # mkdir named # cd named # touch db.root # vi db.root [plain] $TTL 86000   @ IN SOA @ root (           1           1m           1m           1m           1m   )       . IN NS root.ns.   root.ns. IN A 192.168.56.101   com. IN NS  ns.com.   ns.com. IN A 192.168.56.103           其中: com. IN NS ns.com. 這裡必須要授權出去, 否則遞歸解析時,將找不到類似                            My.com 所對應的地址 該文件和主服務器上的db.root一樣     # vi db.com [plain]     $TTL 86400   @ IN SOA @ root (           2           1m           1m           1m           1m   )       com. IN NS ns.com.   ns.com. IN A 192.168.56.103   my.com. IN A 192.168.56.201           3) 啟動BIND 並測試 #  cd /usr/local/named #  sbin/named -g & #  dig @192.168.56.103 com. NS [plain]           root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097   ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;com.                           IN      NS       ;; ANSWER SECTION:   com.                    86400   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86400   IN      A       192.168.56.103       ;; Query time: 21 msec   ;; SERVER: 192.168.56.103#53(192.168.56.103)   ;; WHEN: Wed Aug 21 07:45:15 2013   ;; MSG SIZE  rcvd: 65         # dig @192.168.56.103  my.com.  A [plain] root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466   ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2   ;; WARNING: recursion requested but not available       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;my.com.                                IN      A       ;; ANSWER SECTION:   my.com.                 86400   IN      A       192.168.56.201       ;; AUTHORITY SECTION:   com.                    86400   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86400   IN      A       192.168.56.103       ;; Query time: 17 msec   ;; SERVER: 192.168.56.103#53(192.168.56.103)   ;; WHEN: Wed Aug 21 07:46:41 2013   ;; MSG SIZE  rcvd: 84               6. 配置解析服務器 在服務器 192.168.56.104上   1) 打開named.conf, 添加如下內容 # vi named.conf [plain] key "rndc-key" {           algorithm hmac-md5;           secret "kMOStrdGYC5WmE1obk7LJg==";    };        controls {           inet 127.0.0.1 port 953                   allow { 127.0.0.1; } keys { "rndc-key"; };    };       options {           directory "/var/named";           pid-file "/var/run/named/named.pid";           allow-query {any;};           recursion yes;           allow-recursion {any;};   };       zone "." IN {           type hint;           file "db.root";   };                 其中: recursion  yes; 打開遞歸查詢。             allow-recursion {any;};  也是打開遞歸查詢的另一個方法,具體區別再次不表。      2) 創建區配置文件 # cd /var  # mkdir named # cd named # touch db.root # vi db.root [plain] $TTL 8600   @ IN SOA @ root (           1           1m           1m           1m           1m   )       . IN NS root.ns.   root.ns. IN A 192.168.56.101         其中:  這裡只需給出根 的NS 和A 記錄即可      3) 啟動BIND 並測試 #  cd /usr/local/named #  sbin/named -g &   Dig 默認是發送遞歸查詢   #  dig @192.168.56.104 com. SOA   [plain]        root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;com.                           IN      SOA       ;; ANSWER SECTION:   com.                    86358   IN      SOA     com. root.com. 2 60 60 60 60       ;; AUTHORITY SECTION:   com.                    86354   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86354   IN      A       192.168.56.103       ;; Query time: 16 msec   ;; SERVER: 192.168.56.104#53(192.168.56.104)   ;; WHEN: Wed Aug 21 07:52:46 2013   ;; MSG SIZE  rcvd: 106         可以看出 ;; flags: qr rd ra; 此處沒有aa, 表明是非 權威查詢   # dig @192.168.56.104  my.com.  A [plain] root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A       ; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A   ; (1 server found)   ;; global options: +cmd   ;; Got answer:   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2       ;; OPT PSEUDOSECTION:   ; EDNS: version: 0, flags:; udp: 4096   ;; QUESTION SECTION:   ;my.com.                                IN      A       ;; ANSWER SECTION:   my.com.                 86286   IN      A       192.168.56.201       ;; AUTHORITY SECTION:   com.                    86259   IN      NS      ns.com.       ;; ADDITIONAL SECTION:   ns.com.                 86259   IN      A       192.168.56.103       ;; Query time: 15 msec   ;; SERVER: 192.168.56.104#53(192.168.56.104)   ;; WHEN: Wed Aug 21 07:54:21 2013   ;; MSG SIZE  rcvd: 84      
Copyright © Linux教程網 All Rights Reserved