用BIND配置区域委派DNS服务

来源：易妖游戏网

用BIND配置区域委派DNS服务

撰写者信息：Alin Fang (Fang Yunlin)

MSN: cst05001@hotmail.comG Talk: cst05001@gmail.comBlog: http://www.alinblog.cn/修改日期：30 Oct, 2008第1次修改

版权：GNU

声明：本人实验笔记，非权威文档。如有错误请告知。十分感谢！

正文：拓扑图实验环境：操作系统：Red Hat Enterprise Linux 5 update 2网络：

net: 192.168.200.128/25org: 192.168.200.0/25dns server root: eth0:192.168.200.126/25eth1:192.168.200.254/25dns server org:

eth0:192.168.200.125/25dns server net:

eth0:192.168.200.253/25

对root服务器进行操作在root机上安装bind以及相关组件：

[root@root-ns ~]# yum install -y bind bind-chroot caching-nameserver Loading \"security\" plugin Loading \"rhnplugin\" plugin

This system is not registered with RHN. RHN support will be disabled. Setting up Install Process

Parsing package install arguments Resolving Dependencies

--> Running transaction check

---> Package bind-chroot.i386 30:9.3.4-6.P1.el5 set to be updated

---> Package caching-nameserver.i386 30:9.3.4-6.P1.el5 set to be updated ---> Package bind.i386 30:9.3.4-6.P1.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved

============================================================================= Package Arch Version Repository Size ============================================================================= Installing:

bind-chroot i386 30:9.3.4-6.P1.el5 Server 41 k caching-nameserver i386 30:9.3.4-6.P1.el5 Server 58 k Installing for dependencies:

bind i386 30:9.3.4-6.P1.el5 Server 959 k Transaction Summary

============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s)

Total download size: 1.0 M Downloading Packages:

(1/3): bind-chroot-9.3.4- 100% |=========================| 41 kB 00:00 (2/3): bind-9.3.4-6.P1.el 100% |=========================| 959 kB 00:00 (3/3): caching-nameserver 100% |=========================| 58 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction

Installing: bind ######################### [1/3] Installing: bind-chroot ######################### [2/3] Installing: caching-nameserver ######################### [3/3]

Installed: bind-chroot.i386 30:9.3.4-6.P1.el5 caching-nameserver.i386 30:9.3.4-6.P1.el5 Dependency Installed: bind.i386 30:9.3.4-6.P1.el5 Complete!

[root@root-ns ~]#

BIND + bind-chroot + cachiing-namerserver之后，配置文件存放在这里

[root@root-ns ~]# cd /var/named/chroot/ [root@root-ns chroot]# pwd /var/named/chroot

[root@root-ns chroot]#

配置named.conf

[root@root-ns chroot]# cd etc/ [root@root-ns etc]# pwd /var/named/chroot/etc [root@root-ns etc]# ls

localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@root-ns etc]# mv named.caching-nameserver.conf named.conf [root@root-ns etc]# vim named.conf

这个是我的配置

acl \"org\" { 192.168.200.0/25; }; acl \"net\" { 192.168.200.128/25; };

options {

listen-on port 53 { 127.0.0.1; org; net; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\";

dump-file \"/var/named/data/cache_dump.db\"; statistics-file \"/var/named/data/named_stats.txt\";

memstatistics-file \"/var/named/data/named_mem_stats.txt\"; query-source port 53; query-source-v6 port 53;

allow-query { localhost; org; net; }; };

logging {

channel default_debug {

file \"data/named.run\"; severity dynamic; }; };

view my_resolver {

match-clients { localhost; org; net; }; match-destinations { localhost; }; recursion yes;

include \"/etc/named.zones\"; };

配置name.zones

[root@root-ns etc]# mv named.rfc1912.zones named.zones [root@root-ns etc]# vim named.zones

这个是我的配置

zone \".\" IN {

type hint;

file \"named.ca\";

};

zone \"localdomain\" IN {

type master;

file \"localdomain.zone\"; allow-update { none; };

};

zone \"localhost\" IN {

type master;

file \"localhost.zone\"; allow-update { none; };

};

zone \"0.0.127.in-addr.arpa\" IN {

type master;

file \"named.local\";

allow-update { none; };

};

zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;

file \"named.ip6.local\"; allow-update { none; };

};

zone \"255.in-addr.arpa\" IN {

type master;

file \"named.broadcast\"; allow-update { none; };

};

zone \"0.in-addr.arpa\" IN {

type master;

file \"named.zero\";

allow-update { none; };

};

zone \".\" IN {

type master;

file \"root.zone\";

allow-update { none; };

};

检查下配置的语法是否正确

[root@root-ns etc]# named-checkconf -t /var/named/chroot/ [root@root-ns etc]#

配置zone文件

[root@root-ns named]# ll total 36

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone -rw-r----- 1 root named 195 Feb 29 2008 localhost.zone -rw-r----- 1 root named 427 Feb 29 2008 named.broadcast -rw-r----- 1 root named 12 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local -rw-r----- 1 root named 426 Feb 29 2008 named.local -rw-r----- 1 root named 427 Feb 29 2008 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves [root@root-ns named]#

配置root.zone

这个是我的配置

$TTL 800

@ IN SOA @ root (

42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS @

org IN NS ns.org net IN NS ns.net IN A 127.0.0.1 IN AAAA ::1

ns.org. IN A 192.168.200.125 ns.net. IN A 192.168.200.253

检查文件权限以及语法是否正确

[root@root-ns named]# ll root.zone

-rw-r----- 1 root root 295 Oct 30 20:22 root.zone [root@root-ns named]# chown root.named root.zone [root@root-ns named]# named-checkzone root.zone

usage: named-checkzone [-djqvD] [-c class] [-o output] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] zonename filename

[root@root-ns named]# named-checkzone . root.zone zone ./IN: loaded serial 42 OK

[root@root-ns named]#

启动BIND

[root@root-ns named]# service named restart

Stopping named: [ OK ] Starting named: [ OK ] [root@root-ns named]# chkconfig --level 35 named on [root@root-ns named]#

BIND已经开始监听端口待命了

[root@root-ns named]# netstat -ntupal | grep named

tcp 0 0 192.168.200.254:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 192.168.200.126:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5416/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5416/named tcp 0 0 ::1:53 :::* LISTEN 5416/named tcp 0 0 ::1:953 :::* LISTEN 5416/named udp 0 0 0.0.0.0:53 0.0.0.0:* 5416/named udp 0 0 192.168.200.254:53 0.0.0.0:* 5416/named udp 0 0 192.168.200.126:53 0.0.0.0:* 5416/named udp 0 0 127.0.0.1:53 0.0.0.0:* 5416/named udp 0 0 :::53 :::* 5416/named udp 0 0 ::1:53 :::* 5416/named [root@root-ns named]#

在ns.org服务器上操作在ns.org机上安装bind以及相关组件

[root@org-ns ~]# yum install -y bind bind-chroot caching-nameserver > /dev/null This system is not registered with RHN. RHN support will be disabled.

[root@org-ns ~]# rpm -q bind bind-chroot caching-nameserver bind-9.3.4-6.P1.el5

bind-chroot-9.3.4-6.P1.el5

caching-nameserver-9.3.4-6.P1.el5 [root@org-ns ~]#

编辑named.conf配置

[root@org-ns ~]# cd /var/named/chroot/etc/ [root@org-ns etc]# ls

localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@org-ns etc]# vim named.conf

这个是我的配置

options {

listen-on port 53 { 127.0.0.1; 192.168.200.126/0; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\"; dump-file \"/var/named/data/cache_dump.db\";

statistics-file \"/var/named/data/named_stats.txt\";

memstatistics-file \"/var/named/data/named_mem_stats.txt\";

query-source port 53; query-source-v6 port 53;

allow-query { localhost; 192.168.200.126/0; };

};

logging {

channel default_debug {

file \"data/named.run\"; severity dynamic; }; };

view localhost_resolver {

match-clients { localhost; 192.168.200.126/0; }; match-destinations { localhost; }; recursion yes;

include \"/etc/named.zones\";

};

编辑named.zones

这个是我的配置

zone \".\" IN {

type hint;

file \"named.ca\";

};

zone \"localdomain\" IN {

type master;

file \"localdomain.zone\"; allow-update { none; };

};

zone \"localhost\" IN {

type master;

file \"localhost.zone\"; allow-update { none; };

};

zone \"0.0.127.in-addr.arpa\" IN {

type master;

file \"named.local\";

allow-update { none; };

};

zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;

file \"named.ip6.local\"; allow-update { none; };

};

zone \"255.in-addr.arpa\" IN {

type master;

file \"named.broadcast\"; allow-update { none; };

};

zone \"0.in-addr.arpa\" IN {

type master;

file \"named.zero\";

allow-update { none; };

};

zone \"org\" IN {

type master;

file \"org.zone\";

allow-update { none; };

};

检查配置的语法正确性

[root@org-ns etc]# named-checkconf -t /var/named/chroot/ [root@org-ns etc]#

编辑org.zone

这是我的配置

$TTL@

800

IN SOA@ root (

423H15M1W1D )

; serial (d. adams) ; refresh ; retry ; expiry ; minimum

IN NS IN A

127.0.0.1 nsIN AAAA

IN A::1

192.168.200.125 client1IN A192.168.200.2

修改文件权限

[root@org-ns named]# chown root.named org.zone [root@org-ns named]#

检查配置语法正确性

[root@org-ns named]# named-checkzone org org.zone zone org/IN: loaded serial 42 OK

启动BIND

[root@org-ns named]# service named restart

Stopping named: [ OK ] Starting named: [ OK ] [root@org-ns named]# chkconfig --level 35 named on [root@org-ns named]#

在ns.net上进行操作同配置ns.org的方法，配置ns.net。具体细节省略。这是我的配置文件

named.conf

options {

listen-on port 53 { 127.0.0.1; 192.168.200.254/0; }; listen-on-v6 port 53 { ::1; }; directory \"/var/named\"; dump-file \"/var/named/data/cache_dump.db\";

statistics-file \"/var/named/data/named_stats.txt\";

memstatistics-file \"/var/named/data/named_mem_stats.txt\";

query-source port 53; query-source-v6 port 53;

allow-query { localhost; 192.168.200.254/0; };

};

logging {

channel default_debug {

file \"data/named.run\"; severity dynamic; }; };

view localhost_resolver {

match-clients { localhost; 192.168.200.254/0; }; match-destinations { localhost; }; recursion yes;

include \"/etc/named.zones\";

};

named.zones

zone \".\" IN {

type hint;

file \"named.ca\";

};

zone \"localdomain\" IN {

type master;

file \"localdomain.zone\"; allow-update { none; };

};

zone \"localhost\" IN {

type master;

file \"localhost.zone\"; allow-update { none; };

};

zone \"0.0.127.in-addr.arpa\" IN {

type master;

file \"named.local\";

allow-update { none; };

};

zone \"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa\" IN { type master;

file \"named.ip6.local\"; allow-update { none; };

};

zone \"255.in-addr.arpa\" IN {

type master;

file \"named.broadcast\"; allow-update { none; };

};

zone \"0.in-addr.arpa\" IN {

type master;

file \"named.zero\";

allow-update { none; };

};

zone \"net\" IN {

type master;

file \"net.zone\";

allow-update { none; };

};

net.zone

$TTL@

800

IN SOA

@ root (

423H15M1W1D )

IN NS IN A

IN AAAA

nsIN Aclient1IN A

127.0.0.1 ::1

192.168.200.253; 192.168.200.130;

; serial (d. adams) ; refresh ; retry ; expiry ; minimum

在client1.org上进行操作指定客户端client1的DNS服务器

[root@localhost ~]# ifconfig eth0

eth0 Link encap:Ethernet HWaddr 00:16:3E:7A:58:AD

inet addr:192.168.200.2 Bcast:192.168.200.127 Mask:255.255.255.128 inet6 addr: fe80::216:3eff:fe7a:58ad/ Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:54 errors:0 dropped:0 overruns:0 frame:0 TX packets:108 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000

RX bytes:5447 (5.3 KiB) TX bytes:21214 (20.7 KiB) Interrupt:10 Base address:0x4000 [root@localhost ~]# vim /etc/resolv.conf

配置如下

nameserver 192.168.200.126

测试DNS服务

[root@localhost ~]# nslookup client1.org Server:192.168.200.126 Address:192.168.200.126#53 Non-authoritative answer: Name:client1.org Address: 192.168.200.2

[root@localhost ~]# nslookup client1.net Server:192.168.200.126 Address:192.168.200.126#53 Non-authoritative answer: Name:client1.net

Address: 192.168.200.130 [root@localhost ~]#

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文