您当前的位置: 首页 > 学无止境 > 心得笔记 网站首页心得笔记
马哥linux运维学习笔记-Bind97服务安装配置
发布时间:2018-12-09 10:34:59编辑:雪饮阅读()
bind97服务安装
首先确定自己系统中是否存在旧版的93版本的bind,若存在就卸载
[root@localhost ~]# rpm -qa | grep '^bind'
bind-utils-9.3.6-20.P1.el5
bind-libs-9.3.6-20.P1.el5
[root@localhost ~]# rpm -e bind-utils
[root@localhost ~]# rpm -e bind-libs
然后挂载系统安装光盘并找到光盘中bind97的rpm包
[root@localhost /]# mkdir test
[root@localhost /]# mount /dev/cdrom /test
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@localhost /]# cd /test/Server/
[root@localhost Server]# find -name 'bind97*'
./bind97-9.7.0-6.P2.el5_7.4.x86_64.rpm
./bind97-chroot-9.7.0-6.P2.el5_7.4.x86_64.rpm
./bind97-devel-9.7.0-6.P2.el5_7.4.x86_64.rpm
./bind97-devel-9.7.0-6.P2.el5_7.4.i386.rpm
./bind97-libs-9.7.0-6.P2.el5_7.4.x86_64.rpm
./bind97-libs-9.7.0-6.P2.el5_7.4.i386.rpm
./bind97-utils-9.7.0-6.P2.el5_7.4.x86_64.rpm
[root@localhost Server]# rpm -ivh bind97-libs-9.7.0-6.P2.el5_7.4.x86_64.rpm
warning: bind97-libs-9.7.0-6.P2.el5_7.4.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind97-libs ########################################### [100%]
[root@localhost Server]# rpm -ivh bind97-9.7.0-6.P2.el5_7.4.x86_64.rpm
warning: bind97-9.7.0-6.P2.el5_7.4.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind97 ########################################### [100%]
bind97配置
(1)配置一个缓存dns服务器
备份默认的配置文件
[root@localhost etc]# mv /etc/named.conf /etc/named.conf.orig
建立一个简洁的配置文件
[root@localhost etc]# vi /etc/named.conf
[root@localhost etc]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
为该配置文件授权
[root@localhost etc]# chown root:named /etc/named.conf
[root@localhost etc]# chmod 640 /etc/named.conf
服务开启
[root@localhost etc]# service named start
Starting named: [ OK ]
确保selinux状态为如下状态:
[root@localhost etc]# getenforce
Permissive
修改自己的dns服务器指向:
nameserver要设置成你当前系统的局域网ip
search有的是localdomain,而我的默认就是localhost也没有改,仍旧可以,这应该是和你系统当前主机名有关。
[root@localhost etc]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.43.165
search localhost
回到之前挂载的系统光盘中安装dig工具所在的rpm包
[root@localhost Server]# rpm -ivh bind97-utils-9.7.0-6.P2.el5_7.4.x86_64.rpm
warning: bind97-utils-9.7.0-6.P2.el5_7.4.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind97-utils ########################################### [100%]
接下来用dig工具测试下我们的缓存dns服务器,像如下一样有结果就是ok了
[root@localhost etc]# dig -t NS . @A.root-servers.net.
[root@localhost etc]# dig -t NS.@A.root-servers.net
;; Warning, ignoring invalid type NS.@A.root-servers.net
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t NS.@A.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63963
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS j.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS b.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 604800 IN A 198.41.0.4
a.root-servers.net. 604800 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 604800 IN A 199.9.14.201
b.root-servers.net. 604800 IN AAAA 2001:500:200::b
c.root-servers.net. 604800 IN A 192.33.4.12
c.root-servers.net. 604800 IN AAAA 2001:500:2::c
d.root-servers.net. 604800 IN A 199.7.91.13
d.root-servers.net. 604800 IN AAAA 2001:500:2d::d
e.root-servers.net. 604800 IN A 192.203.230.10
e.root-servers.net. 604800 IN AAAA 2001:500:a8::e
f.root-servers.net. 604800 IN A 192.5.5.241
f.root-servers.net. 604800 IN AAAA 2001:500:2f::f
g.root-servers.net. 604800 IN A 192.112.36.4
;; Query time: 280 msec
;; SERVER: 192.168.43.165#53(192.168.43.165)
;; WHEN: Sun Dec 9 01:16:44 2018
;; MSG SIZE rcvd: 508
(2)配置一个正向解析的正式dns服务器
ip规划:
mageedu.com 192.168.43.0/24
ns 192.168.43.165
www 192.168.43.165,192.168.43.3
mail 192.168.43.2
ftp www
编辑配置文件/etc/named.conf新增配置如下:
zone "mageedu.com" IN {
type master;
file "mageedu.com.zone";
};
建立新的正向域配置文件并授权
注意:
配置文件中第二行配置的括号中的参数分别是指:
序列号(可以理解为版本号,用于主辅dns服务器数据进行同步时做对比的)、刷新时间间隔、重试时间间隔、过期时间、否定回答ttl值
[root@localhost etc]# vi /var/named/mageedu.com.zone
[root@localhost etc]# cat /var/named/mageedu.com.zone
$TTL 600
mageedu.com. IN SOA ns1.mageedu.com. admin.mageedu.com. (
2013040101
1H
5M
2D
6H )
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.43.165
mail IN A 192.168.43.2
www IN A 192.168.43.165
www IN A 192.168.43.3
ftp IN CNAME www
[root@localhost etc]# chmod 640 /var/named/mageedu.com.zone
[root@localhost etc]# chown root:named /var/named/mageedu.com.zone
重启服务
[root@localhost etc]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
然后用dig工具测试查看www.mageedu.com这个域名的a记录解析
注意:结果中QUESTION SECTION是当前查询的问题,ANSWER SECTION是对于这个问题,dns服务器给予的答复。AUTHORITY SECTION是从ANSWER SECTION中筛选出的只属于当前dns服务器域中所找出来的权威答案(在本域内的答案称为权威答案),ADDITIONAL SECTION是附加答案
[root@localhost etc]# dig -t A www.mageedu.com
[root@localhost etc]# dig -t A www.mageedu.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A www.mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.mageedu.com. IN A
;; ANSWER SECTION:
www.mageedu.com. 600 IN A 192.168.43.165
www.mageedu.com. 600 IN A 192.168.43.3
;; AUTHORITY SECTION:
mageedu.com. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 192.168.43.165
;; Query time: 2 msec
;; SERVER: 192.168.43.165#53(192.168.43.165)
;; WHEN: Sun Dec 9 01:20:41 2018
;; MSG SIZE rcvd: 99
在linux中还可以用host命令来测试
[root@localhost etc]# host -t A www.mageedu.com
www.mageedu.com has address 192.168.43.3
www.mageedu.com has address 192.168.43.165
(3)配置一个反向解析的正式dns服务器
编辑/etc/named.conf新增如下配置:
zone "43.168.192.in-addr.arpa" IN {
type master;
file "192.168.43.zone";
};
同样的建立并授权后文件如下
[root@localhost named]# vi 192.168.43.zone
[root@localhost named]# cat /var/named/192.168.43.zone
$TTL 600
@ IN SOA ns1.mageedu.com. admin.mageedu.com. (
2018120801
1H
5M
2D
6H )
IN NS ns1.mageedu.com.
165 IN PTR ns1.mageedu.com.
165 IN PTR www.mageedu.com.
2 IN PTR mail.mageedu.com.
3 IN PTR www.mageedu.com.
[root@localhost named]# chown root:named /var/named/192.168.43.zone
[root@localhost named]# chown 644 /var/named/192.168.43.zone
重启服务
[root@localhost Server]# service named restart
Stopping named: [ OK ]
Starting named:
接着我们再来用dig测试反向解析哈
[root@localhost Server]# dig -x 192.168.43.165
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 192.168.43.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41608
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;165.43.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
165.43.168.192.in-addr.arpa. 600 IN PTR ns1.mageedu.com.
165.43.168.192.in-addr.arpa. 600 IN PTR www.mageedu.com.
;; AUTHORITY SECTION:
43.168.192.in-addr.arpa. 600 IN NS ns1.mageedu.com.
;; ADDITIONAL SECTION:
ns1.mageedu.com. 600 IN A 192.168.43.165
;; Query time: 2 msec
;; SERVER: 192.168.43.165#53(192.168.43.165)
;; WHEN: Sun Dec 9 02:21:16 2018
;; MSG SIZE rcvd: 122
关键字词:bind97,dns
下一篇:dns服务器泛解析的实现