网站地图    收藏   

主页 > 系统 > linux系统 >

BIND9私有DNS服务器小环境搭建实验 - Linux操作系统

来源:自学PHP网    时间:2015-04-14 11:12 作者: 阅读:

[导读] BIND9私有DNS服务器小环境搭建实验1. 服务器基本配置1) 主根服务器 192.168.56.1012) 从根服务器 192.168.56.1023) COM服务器 192.168.56.1034) 解析服务器 192.168.56.1042. 编译及安装BI1......

BIND9私有DNS服务器小环境搭建实验
 
1. 服务器基本配置
 
1) 主根服务器   192.168.56.101
2) 从根服务器    192.168.56.102
3) COM服务器   192.168.56.103
4) 解析服务器     192.168.56.104
 
 
2. 编译及安装BI11:01 2013-8-22ND9
1) # tar xvf bind-9.6.1.tar.gz
# cd bind-9.6.1
#  ./configure --prefix=/usr/local/named  --enable-threads
         //开启多线程处理能力
# make && make install
2)  从rndc.conf文件中提取named.conf用的key
# cd /usr/local/named
# sbin/rndc-confgen > etc/rndc.conf
#cd etc/
# tail -10 rndc.conf | head -9 | sed s/#\//g > named.conf
# cat named.conf
 
[plain]
key "rndc-key" {  
        algorithm hmac-md5;  
        secret "wk7NzsvLaCobiCFxHB2LXQ==";  
 };  
   
 controls {  
        inet 127.0.0.1 port 953  
        allow { 127.0.0.1; } keys { "rndc-key"; };  
 };  
 
 
以上环境安装设置在每台服务器上是一样的。
 
 
3. 配置主根服务器 在IP为192.168.56.101的服务器上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {  
        algorithm hmac-md5;  
        secret "wk7NzsvLaCobiCFxHB2LXQ==";  
 };  
   
 controls {  
        inet 127.0.0.1 port 953  
                allow { 127.0.0.1; } keys { "rndc-key"; };  
 };  
   
options {  
        directory "/var/named/";  
        pid-file "/var/named/named.pid";  
        recursion no;  
};  
   
zone "." IN {  
        type master;  
        file "db.root";  
        allow-transfer {192.168.56.102;};  
};  
   
 
 
其中: recursion no; 关闭递归查询。 
           allow-transfer {192.168.56.102;}; 允许区域传送,且仅对给出的IP地址的服务器  
           有效。 这里192.168.56.102是我们的从根服务器
 
2) 创建区配置文件
# cd /var 
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 86400  
@ IN SOA @ root (  
        12169  
        1m  
        1m  
        1m  
        1m )  
   
. IN NS root.ns.  
root.ns. IN A 192.168.56.101  
com. IN NS ns.com.  
ns.com. IN A 192.168.56.103  
 
 
 
 
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似 
                          My.com 所对应的地址
3) 启动BIND 并测试
#  cd /usr/local/named
#  sbin/named -g &
#  dig @192.168.56.101 . NS
[plain]
root@simba-1:/var/named# dig @192.168.56.101 . NS  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 . NS  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10193  
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;.                              IN      NS  
   
;; ANSWER SECTION:  
.                       86400   IN      NS      root.ns.  
   
;; ADDITIONAL SECTION:  
root.ns.                86400   IN      A       192.168.56.101  
   
;; Query time: 19 msec  
;; SERVER: 192.168.56.101#53(192.168.56.101)  
;; WHEN: Wed Aug 21 07:15:38 2013  
;; MSG SIZE  rcvd: 64  
 
 
    
 
# dig @192.168.56.101 com. NS 
[plain]
root@simba-1:/var/named# dig @192.168.56.101 com. NS  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.101 com. NS  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20443  
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;com.                           IN      NS  
   
;; AUTHORITY SECTION:  
com.                    86400   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86400   IN      A       192.168.56.103  
   
;; Query time: 17 msec  
;; SERVER: 192.168.56.101#53(192.168.56.101)  
;; WHEN: Wed Aug 21 07:18:16 2013  
;; MSG SIZE  rcvd: 65  
   
 
 
 
  
4. 配置从根服务器 在IP为192.168.56.102上
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {  
        algorithm hmac-md5;  
        secret "JaHjteR5sZxVrMWWcOne9g==";  
 };  
   
controls {  
        inet 127.0.0.1 port 953  
                allow { 127.0.0.1; } keys { "rndc-key"; };  
 };  
   
options {  
        directory "/var/named";  
        pid-file "/var/run/named/named.pid";  
        transfer-format many-answers;  
        recursion no;  
};  
   
zone "." IN {  
        type slave;  
        file "db.root";  
        masters { 192.168.56.101; };  
};  
 
 
 
其中: recursion no; 关闭递归查询。 
           masters  {192.168.56.101;};  指明主服务器地址,这样就可以根据SOA中指定
的刷新时间去与主根同步
 
2) 创建区配置文件
# cd /var 
# mkdir named
从服务器不需要手动建立 区域文件。因为从服务器会自动向主服务器更新。
 
3)  启动BIND 并测试
#  cd /usr/local/named
#  sbin/named -g &
 
等待一段时间,确定已经获取到了区文件
# ls /var/named/
  db.root
 
#  dig @192.168.56.102 . NS
[plain]
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 . NS  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18918  
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;.                              IN      NS  
   
;; ANSWER SECTION:  
.                       86400   IN      NS      root.ns.  
   
;; ADDITIONAL SECTION:  
root.ns.                86400   IN      A       192.168.56.101  
   
;; Query time: 12 msec  
;; SERVER: 192.168.56.102#53(192.168.56.102)  
;; WHEN: Wed Aug 21 07:27:18 2013  
;; MSG SIZE  rcvd: 64  
   
 
 
    
 
# dig @192.168.56.102 com. NS 
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.102 com. NS  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.102 com. NS  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17412  
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;com.                           IN      NS  
   
;; AUTHORITY SECTION:  
com.                    86400   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86400   IN      A       192.168.56.103  
   
;; Query time: 19 msec  
;; SERVER: 192.168.56.102#53(192.168.56.102)  
;; WHEN: Wed Aug 21 07:35:10 2013  
;; MSG SIZE  rcvd: 65  
   
 
 
 
  
5. 配置COM服务器 在服务器192.168.56.103上
 
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {  
        algorithm hmac-md5;  
        secret "kMOStrdGYC5WmE1obk7LJg==";  
 };  
   
 controls {  
        inet 127.0.0.1 port 953  
                allow { 127.0.0.1; } keys { "rndc-key"; };  
 };  
   
options {  
        directory "/var/named";  
        pid-file "/var/run/named/named.pid";  
        allow-query {any;};  
        recursion no;  
};  
   
zone "." IN {  
        type hint;  
        file "db.root";  
};  
   
zone "com." IN {  
        type master;  
        file "db.com";  
};  
 
 
 
其中: recursion no; 关闭递归查询。 
           
 
2) 创建区配置文件
# cd /var 
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 86000  
@ IN SOA @ root (  
        1  
        1m  
        1m  
        1m  
        1m  
)  
   
. IN NS root.ns.  
root.ns. IN A 192.168.56.101  
com. IN NS  ns.com.  
ns.com. IN A 192.168.56.103  
 
 
 
 
其中: com. IN NS ns.com. 这里必须要授权出去, 否则递归解析时,将找不到类似 
                          My.com 所对应的地址
该文件和主服务器上的db.root一样
 
 
# vi db.com
[plain]
   
$TTL 86400  
@ IN SOA @ root (  
        2  
        1m  
        1m  
        1m  
        1m  
)  
   
com. IN NS ns.com.  
ns.com. IN A 192.168.56.103  
my.com. IN A 192.168.56.201  
 
 
 
 
3) 启动BIND 并测试
#  cd /usr/local/named
#  sbin/named -g &
#  dig @192.168.56.103 com. NS
[plain]
   
     
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 com. NS  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 com. NS  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19097  
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;com.                           IN      NS  
   
;; ANSWER SECTION:  
com.                    86400   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86400   IN      A       192.168.56.103  
   
;; Query time: 21 msec  
;; SERVER: 192.168.56.103#53(192.168.56.103)  
;; WHEN: Wed Aug 21 07:45:15 2013  
;; MSG SIZE  rcvd: 65  
 
 
 
# dig @192.168.56.103  my.com.  A
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.103 my.com. A  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.103 my.com. A  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466  
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2  
;; WARNING: recursion requested but not available  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;my.com.                                IN      A  
   
;; ANSWER SECTION:  
my.com.                 86400   IN      A       192.168.56.201  
   
;; AUTHORITY SECTION:  
com.                    86400   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86400   IN      A       192.168.56.103  
   
;; Query time: 17 msec  
;; SERVER: 192.168.56.103#53(192.168.56.103)  
;; WHEN: Wed Aug 21 07:46:41 2013  
;; MSG SIZE  rcvd: 84  
   
 
 
 
 
6. 配置解析服务器 在服务器 192.168.56.104上
 
1) 打开named.conf, 添加如下内容
# vi named.conf
[plain]
key "rndc-key" {  
        algorithm hmac-md5;  
        secret "kMOStrdGYC5WmE1obk7LJg==";  
 };  
   
 controls {  
        inet 127.0.0.1 port 953  
                allow { 127.0.0.1; } keys { "rndc-key"; };  
 };  
   
options {  
        directory "/var/named";  
        pid-file "/var/run/named/named.pid";  
        allow-query {any;};  
        recursion yes;  
        allow-recursion {any;};  
};  
   
zone "." IN {  
        type hint;  
        file "db.root";  
};  
   
   
 
 
 
其中: recursion  yes; 打开递归查询。 
           allow-recursion {any;};  也是打开递归查询的另一个方法,具体区别再次不表。
    
2) 创建区配置文件
# cd /var 
# mkdir named
# cd named
# touch db.root
# vi db.root
[plain]
$TTL 8600  
@ IN SOA @ root (  
        1  
        1m  
        1m  
        1m  
        1m  
)  
   
. IN NS root.ns.  
root.ns. IN A 192.168.56.101  
 
 
 
其中:  这里只需给出根 的NS 和A 记录即可
 
  
3) 启动BIND 并测试
#  cd /usr/local/named
#  sbin/named -g &
 
Dig 默认是发送递归查询
 
#  dig @192.168.56.104 com. SOA
 
[plain]
      
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 com. SOA  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 com. SOA  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44824  
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;com.                           IN      SOA  
   
;; ANSWER SECTION:  
com.                    86358   IN      SOA     com. root.com. 2 60 60 60 60  
   
;; AUTHORITY SECTION:  
com.                    86354   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86354   IN      A       192.168.56.103  
   
;; Query time: 16 msec  
;; SERVER: 192.168.56.104#53(192.168.56.104)  
;; WHEN: Wed Aug 21 07:52:46 2013  
;; MSG SIZE  rcvd: 106  
 
 
 
可以看出 ;; flags: qr rd ra; 此处没有aa, 表明是非 权威查询
 
# dig @192.168.56.104  my.com.  A
[plain]
root@simba-2:/usr/local/named/etc# dig @192.168.56.104 my.com. A  
   
; <<>> DiG 9.9.2-P1 <<>> @192.168.56.104 my.com. A  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21228  
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2  
   
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;my.com.                                IN      A  
   
;; ANSWER SECTION:  
my.com.                 86286   IN      A       192.168.56.201  
   
;; AUTHORITY SECTION:  
com.                    86259   IN      NS      ns.com.  
   
;; ADDITIONAL SECTION:  
ns.com.                 86259   IN      A       192.168.56.103  
   
;; Query time: 15 msec  
;; SERVER: 192.168.56.104#53(192.168.56.104)  
;; WHEN: Wed Aug 21 07:54:21 2013  
;; MSG SIZE  rcvd: 84  
   

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论