RHRL6.0 DNS
系统环境:rhel6.x86-64 iptables off
host1:192.168.0.4
DNS 是域名系统(Domain Name System)的缩写,它是由解析器和域名服务器组成的。域名系统为 Internet 上的主机分配域名地址和 IP 地址。用户使用域名地址,该系统就会自动 把域名地址转为 IP 地址。域名服务是运行域名系统的Internet 工具。执行域名服务的服务器称之为 DNS 服务器,通过 DNS 服务器来应答域名服务的查 询。
DNS 工作模式:
递归查询:当 DNS 服务器接收到查询请求的时候,要么做出查询成功的响应,要么做出查询失败的响应.
迭代查询:又简单查询,当 DNS 服务器根据自己的高速缓存或区域的数据,给以最佳做答.
yum install bind bind-chroot bind-utils -y
/etc/init.d/named start #bind 启起后会在/var/named/chroot/中生成相应目录的服务文件
---->DNS 基本配置
vim /var/named/chroot/etc/named.conf
//acl blacklist { 192.168.0.2; };
options {
//listen-on port 53 { 127.0.0.1; }; #默认监听本地,监听所有端口则将其注释,监听远程,则地址指向目标机
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; }; #默认本地也可
recursion yes;
//also-notify { 192.168.0.2}; ;
blackhole { blasklist; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
....
#顶级域
zone "." IN { #/etc/resolv.conf指向你的dns server
type hint;
file "named.ca";
};
#正向解析域
zone "linuxidc.com" IN {
type master;
file "linuxidc.com.zone";
// allow-transfer { 192.168.0.2; }; #指向辅助 DNS server ,备份 DNS 时用
// allow-update { 192.168.0.2; }; #允许在辅助 DNS server 上更新记录,用时使其生效
};
#反向解析域
zone "0.168.192.in-addr.arpa" IN {
type master;
file "linuxidc.com.local";
};
include "/etc/named.rfc1912.zones";
cd /var/named/chroot/var/named/
cp named.loopback linuxidc.com.zone -p
cp named.localback linuxidc.com.local -p
vim linuxidc.com.zone #dig domain name
$TTL 1D
linuxidc.com IN SOA linuxidc.com. root. (
17 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS linuxidc.com.
A 192.168.0.4
blog CNAME www
mail CNAME www
www A 192.168.0.4
vim linuxidc.com.local #dig domain name
$TTL 1D
linuxidc.com IN SOA linuxidc.com. root. (
17 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS linuxidc.com.
A 192.168.0.4
4 PTR linuxidc.com.
4 PTR
---->辅助 DNS 配置
server:192.168.0.2 rhel6.0-x86.64 iptables off
vim /etc/named.conf
....
zone "linuxidc.com" IN { #解析的域配置文件的备份
type slave;
masters { 192.168.0.4; }; #指向主 DNS server
file "slaves/linuxidc.com.zone";
};
####将辅助 DNS 启起来,将主 DNS restart 可在/var/named/chroot/var/named/slaves/生成正向解析
的域的配置文件,此处为 linuxidc.com.zone
---->SECURE-DDNS(DNS+DHCP)动态 DNS
####create key:
dnssec-keygen -a HMAC-MD5 -b 128 -n USER ddns
Kddns.+157+17770.key
Kddns.+157+17770.private
cat Kddns.+157+17770.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: heKy5HK2yl5pVTsMjvuYkw==
Bits: AAA=
Activate: 20120506081424
####configure /etc/named.conf like this:
vim /etc/named.conf
key ddns {
algorithm hmac-md5;
secret heKy5HK2yl5pVTsMjvuYkw==;
};
zone "linuxidc.com" IN {
type master;
file "linuxidc.com.zone";
allow-update { key ddns; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "linuxidc.com.local";
allow-update { key ddns; };
};
chmod 770 /var/named/chroot/var/named/
yum install dhcp -y
cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
vim /etc/dhcp/dhcpd.conf
option domain-name "linuxidc.com";
option domain-name-servers 192.168.0.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
log-facility local7;
key ddns {
algorithm hmac-md5;
secret heKy5HK2yl5pVTsMjvuYkw==;
}
zone linuxidc.com. {
primary 192.168.0.4;
key ddns;
}
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.4;
key ddns;
}
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.110;
}
/etc/init.d/dhcpd start
RHRL6.0 DNS配置详解
内容版权声明:除非注明,否则皆为本站原创文章。
转载注明出处:http://www.heiqu.com/8014dec5154c2f1fb594df24a80f6301.html