RHRL6.0 DNS配置详解

RHRL6.0 DNS
系统环境:rhel6.x86-64 iptables off
host1:192.168.0.4

DNS 是域名系统(Domain Name System)的缩写,它是由解析器和域名服务器组成的。域名系统为 Internet 上的主机分配域名地址和 IP 地址。用户使用域名地址,该系统就会自动 把域名地址转为 IP 地址。域名服务是运行域名系统的Internet 工具。执行域名服务的服务器称之为 DNS 服务器,通过 DNS 服务器来应答域名服务的查 询。

DNS 工作模式:
递归查询:当 DNS 服务器接收到查询请求的时候,要么做出查询成功的响应,要么做出查询失败的响应.
迭代查询:又简单查询,当 DNS 服务器根据自己的高速缓存或区域的数据,给以最佳做答.
yum install bind bind-chroot bind-utils -y

/etc/init.d/named start #bind 启起后会在/var/named/chroot/中生成相应目录的服务文件
---->DNS 基本配置
vim /var/named/chroot/etc/named.conf
//acl blacklist { 192.168.0.2; };

options {
//listen-on port 53 { 127.0.0.1; }; #默认监听本地,监听所有端口则将其注释,监听远程,则地址指向目标机
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

//allow-query { localhost; }; #默认本地也可
recursion yes;
//also-notify { 192.168.0.2}; ;
blackhole { blasklist; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
....
#顶级域
zone "." IN {                                          #/etc/resolv.conf指向你的dns server
           type hint;
           file "named.ca";
};
#正向解析域
zone "linuxidc.com" IN {
type master;
file "linuxidc.com.zone";
// allow-transfer { 192.168.0.2; }; #指向辅助 DNS server ,备份 DNS 时用
// allow-update { 192.168.0.2; }; #允许在辅助 DNS server 上更新记录,用时使其生效
};

#反向解析域
zone "0.168.192.in-addr.arpa" IN {
type master;
file "linuxidc.com.local";
};
include "/etc/named.rfc1912.zones";

cd /var/named/chroot/var/named/
cp named.loopback linuxidc.com.zone -p
cp named.localback linuxidc.com.local -p

vim linuxidc.com.zone                                     #dig domain name
$TTL 1D
linuxidc.com              IN SOA  linuxidc.com. root. (
                                17         ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      linuxidc.com.
                        A       192.168.0.4
blog                    CNAME   www
mail                    CNAME   www
www                     A       192.168.0.4

vim linuxidc.com.local                                    #dig domain name
$TTL 1D
linuxidc.com              IN SOA  linuxidc.com. root. (
                                17         ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                        NS      linuxidc.com.
                        A       192.168.0.4
4                      PTR      linuxidc.com.
4                      PTR     

---->辅助 DNS 配置
server:192.168.0.2 rhel6.0-x86.64 iptables off

vim /etc/named.conf
....
zone "linuxidc.com" IN {                 #解析的域配置文件的备份
      type slave;         
      masters { 192.168.0.4; };        #指向主 DNS server
      file "slaves/linuxidc.com.zone";
};

####将辅助 DNS 启起来,将主 DNS restart 可在/var/named/chroot/var/named/slaves/生成正向解析
的域的配置文件,此处为 linuxidc.com.zone

---->SECURE-DDNS(DNS+DHCP)动态 DNS


####create key:
dnssec-keygen -a HMAC-MD5 -b 128 -n USER ddns
Kddns.+157+17770.key
Kddns.+157+17770.private

cat Kddns.+157+17770.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: heKy5HK2yl5pVTsMjvuYkw==
Bits: AAA=
Activate: 20120506081424

####configure /etc/named.conf like this:
vim /etc/named.conf
key ddns {
    algorithm hmac-md5;
    secret heKy5HK2yl5pVTsMjvuYkw==;
};

zone "linuxidc.com" IN {
      type master;
      file "linuxidc.com.zone";
      allow-update { key ddns; };
};

zone "0.168.192.in-addr.arpa" IN {
      type master;
      file "linuxidc.com.local";
      allow-update { key ddns; };
};

chmod 770 /var/named/chroot/var/named/

yum install dhcp -y
cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
option domain-name "linuxidc.com";
option domain-name-servers 192.168.0.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
log-facility local7;

key ddns {
    algorithm hmac-md5;
    secret heKy5HK2yl5pVTsMjvuYkw==;
}

zone linuxidc.com. {
     primary 192.168.0.4;
     key ddns;
}

zone 0.168.192.in-addr.arpa. {
     primary 192.168.0.4;
     key ddns;
}

subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.100 192.168.0.110;
}

/etc/init.d/dhcpd start

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/8014dec5154c2f1fb594df24a80f6301.html