BIND9私有DNS服务器小环境搭建实验
1. 服务器基本配置
1) # tar xvf bind-9.6.1.tar.gz
# ./configure --prefix=/usr/local/named --enable-threads
//开启多线程处理能力
# make && make install
2) 从rndc.conf文件中提取named.conf用的key
# cd /usr/local/named
# sbin/rndc-confgen > etc/rndc.conf
#cd etc/
# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf
# cat named.conf
[plain]
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
以上环境安装设置在每台服务器上是一样的。
3. 配置主根服务器 在IP为192.168.56.101的服务器上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {
algorithm hmac-md5;
secret "wk7NzsvLaCobiCFxHB2LXQ==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named/";
pid-file "/var/named/named.pid";
recursion no;
};
zone "." IN {
type master;
file "db.root";
allow-transfer {192.168.56.102;};
};
其中: recursion no; 关闭递归查询。
allow-transfer {192.168.56.102;}; 允许区域传送,且仅对给出的IP地址的服务器
有效。 这里192.168.56.102是我们的从根服务器
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 86400
@ IN SOA @ root (
12169
1m
1m
1m
1m )
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似
My.com 所对应的地址
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
# dig @192.168.56.101 . NS
[plain]
root@simba-1:/var/named# dig @192.168.56.101 . NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS root.ns.
;; ADDITIONAL SECTION:
root.ns. 86400 IN A 192.168.56.101
;; Query time: 19 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:15:38 2013
;; MSG SIZE rcvd: 64
# dig @192.168.56.101 com. NS
[plain]
root@simba-1:/var/named# dig @192.168.56.101 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 17 msec
;; SERVER: 192.168.56.101#53(192.168.56.101)
;; WHEN: Wed Aug 21 07:18:16 2013
;; MSG SIZE rcvd: 65
4. 配置从根服务器 在IP为192.168.56.102上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {
algorithm hmac-md5;
secret "JaHjteR5sZxVrMWWcOne9g==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
transfer-format many-answers;
recursion no;
};
zone "." IN {
type slave;
file "db.root";
masters { 192.168.56.101; };
};
其中: recursion no; 关闭递归查询。
masters {192.168.56.101;}; 指明主服务器地址,这样就可以根据SOA中指定
的刷新时间去与主根同步
2) 创建区配置文件
# cd /var
# mkdir named
从服务器不需要手动建立 区域文件。因为从服务器会自动向主服务器更新。
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
等待一段时间,确定已经获取到了区文件
# ls /var/named/
db.root
# dig @192.168.56.102 . NS
[plain]
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS root.ns.
;; ADDITIONAL SECTION:
root.ns. 86400 IN A 192.168.56.101
;; Query time: 12 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:27:18 2013
;; MSG SIZE rcvd: 64
# dig @192.168.56.102 com. NS
[plain]
root@simba-2:/usr/local/named/et c# dig @192.168.56.102 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 19 msec
;; SERVER: 192.168.56.102#53(192.168.56.102)
;; WHEN: Wed Aug 21 07:35:10 2013
;; MSG SIZE rcvd: 65
5. 配置COM服务器 在服务器192.168.56.103上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {
algorithm hmac-md5;
secret "kMOStrdGYC5WmE1obk7LJg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-query {any;};
recursion no;
};
zone "." IN {
type hint;
file "db.root";
};
zone "com." IN {
type master;
file "db.com";
};
其中: recursion no; 关闭递归查询。
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 86000
@ IN SOA @ root (
1
1m
1m
1m
1m
)
. IN NS root.ns.
root.ns. IN A 192.168.56.101
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似
My.com 所对应的地址
该文件和主服务器上的db.root一样
# vi db.com
[plain]
$TTL 86400
@ IN SOA @ root (
2
1m
1m
1m
1m
)
com. IN NS ns.com.
ns.com. IN A 192.168.56.103
my.com. IN A 192.168.56.201
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
# dig @192.168.56.103 com. NS
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; ANSWER SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 21 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:45:15 2013
;; MSG SIZE rcvd: 65
# dig @192.168.56.103 my.com. A
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com. IN A
;; ANSWER SECTION:
my.com. 86400 IN A 192.168.56.201
;; AUTHORITY SECTION:
com. 86400 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86400 IN A 192.168.56.103
;; Query time: 17 msec
;; SERVER: 192.168.56.103#53(192.168.56.103)
;; WHEN: Wed Aug 21 07:46:41 2013
;; MSG SIZE rcvd: 84
6. 配置解析服务器 在服务器 192.168.56.104上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {
algorithm hmac-md5;
secret "kMOStrdGYC5WmE1obk7LJg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-query {any;};
recursion yes;
allow-recursion {any;};
};
zone "." IN {
type hint;
file "db.root";
};
其中: recursion yes; 打开递归查询。
allow-recursion {any;}; 也是打开递归查询的另一个方法,具体区别再次不表。
2) 创建区配置文件
# cd /var
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 8600
@ IN SOA @ root (
1
1m
1m
1m
1m
)
. IN NS root.ns.
root.ns. IN A 192.168.56.101
其中: 这里只需给出根 的NS 和A 记录即可
3) 启动BIND 并测试
# cd /usr/local/named
# sbin/named -g &
Dig 默认是发送递归查询
# dig @192.168.56.104 com. SOA
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN SOA
;; ANSWER SECTION:
com. 86358 IN SOA com. root.com. 2 60 60 60 60
;; AUTHORITY SECTION:
com. 86354 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86354 IN A 192.168.56.103
;; Query time: 16 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:52:46 2013
;; MSG SIZE rcvd: 106
可以看出 ;; flags: qr rd ra; 此处没有aa, 表明是非 权威查询
# dig @192.168.56.104 my.com. A
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.com. IN A
;; ANSWER SECTION:
my.com. 86286 IN A 192.168.56.201
;; AUTHORITY SECTION:
com. 86259 IN NS ns.com.
;; ADDITIONAL SECTION:
ns.com. 86259 IN A 192.168.56.103
;; Query time: 15 msec
;; SERVER: 192.168.56.104#53(192.168.56.104)
;; WHEN: Wed Aug 21 07:54:21 2013
;; MSG SIZE rcvd: 84
查看更多关于BIND9私有DNS服务器小环境搭建实验 - Linux操作系统的详细内容...