RHEL5.3-DNS服務配置基礎

-----陳功磊 2009-6-9

說明：系統使用鏡像：Redhat.Enterprise.Linux.AS.V5.3-i386-dvd.iso

防火牆配置：

[root@ dns01 var]# setup

彈出一個對話框。我們要進行的是防火牆配置，步驟如下：

選擇“Firewall Configuration”---按 “Tab”鍵切換到“Run Tool”—回車—“Security Level”選項要在“Enabled”前面按一下“Tab”鍵---“SelLinux”選項要選“Disabled”—按一下“Tab”鍵---選中“Customize”---彈出新對話框---在“Other Port”欄目裏輸入“53:tcp 53:udp”—“OK”—返回上一個對話框—“OK”—對話框自動關閉。配置完成。

1．實驗環境：

[root@dns01 ~]# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 dns01 benet.com localhost # 主機名域名主機別名

::1 localhost6.localdomain6 localhost6

[root@dns01 ~]# cat /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=dns01

GATEWAY=192.168.7.1

[root@dns01 ~]#

[root@dns01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth0

BOOTPROTO=static

BROADCAST=192.168.7.255

HWADDR=00:0C:29:4A:45:6B

IPADDR=192.168.7.8 # dns服務器（本機）的ip

IPV6INIT=yes

IPV6_AUTOCONF=yes

NETMASK=255.255.255.0

NETWORK=192.168.7.0

ONBOOT=yes

[root@dns01 ~]#

[root@dns01 ~]# cat /etc/resolv.conf

nameserver 192.168.7.8 # dns服務器ip爲本機ip

[root@dns01 ~]#

2．安裝軟件包

主要檢查以下六個包是否有安裝：

bind-9.3.4-6.P1.el5.i386.rpm

bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm

bind-sdb-9.3.4-6.P1.el5.i386.rpm

bind-devel-9.3.4-6.P1.el5.i386.rpm

caching-nameserver-9.3.4-6.P1.el5.i386.rpm

bind-chroot-9.3.4-6.P1.el5.i386.rpm # 注意：bind-chroot軟件包最好最後一個安裝，否則可能報錯哈

安裝方式

[root@nis01 Server]# rpm -ivh bind-9.3.4-10.P1.el5.i386.rpm

warning: bind-9.3.4-10.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:bind ########################################### [100%]

[root@nis01 Server]#

[root@dns01 ~]# rpm -qa | grep bind # 安裝後的查詢情況

bind-utils-9.3.4-10.P1.el5

bind-libbind-devel-9.3.4-10.P1.el5

bind-libs-9.3.4-10.P1.el5

bind-9.3.4-10.P1.el5

bind-sdb-9.3.4-10.P1.el5

bind-devel-9.3.4-10.P1.el5

bind-chroot-9.3.4-10.P1.el5

ypbind-1.19-11.el5

[root@dns01 ~]#

3．修改配置文件

首先要進入目錄，由於安裝了chroot包（主要功能就不多介紹），所以主配置文件named.conf在/var/named/chroot/etc/下進行配置。命令如下：

[root@dns01 ~]# cd /var/named/chroot/etc/

[root@dns01 etc]# cp -p named.caching-nameserver.conf named.conf # -p要用哦

root@dns01 etc]# vi named.conf # 配置主配置文件，部分註釋已經去除

options {

listen-on port 53 { any; }; # 修改的地方

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source port 53;

// query-source-v6 port 53;

allow-query { any; }; # 修改的地方

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

view localhost_resolver {

match-clients { any; }; # 修改的地方

match-destinations { any; }; # 修改的地方

recursion yes;

include "/etc/named.rfc1912.zones";

};

[root@dns01 etc]# vi named.rfc1912.zones # 添加區域

// named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// See /usr/share/doc/bind*/sample/ for example named configuration files.

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

}; # 以上爲默認配置

zone "benet.com" IN { # 添加的正向解析區

type master;

file "benet.com.zone";

allow-update {none;};

};

zone "7.168.192.in-addr.arpa" IN { # 添加的方向解析區

type master;

file "7.168.192.rev";

allow-update {none;};

};

[root@nis01 etc]# named-checkconf named.conf # 檢查配置文件

[root@nis01 etc]# named-checkconf named.rfc1912.zones # 檢查配置文件

[root@nis01 etc]# # 沒有任何提示纔是正確的配置

4．配置正、反解文件

[root@dns01 etc]# cd /var/named/chroot/var/named/

[root@dns01 named]# cp -p localdomain.zone benet.com.zone # -p要加哦

[root@dns01 named]# cp -p named.local 7.168.192.rev # -p要加哦

[root@dns01 named]# vi benet.com.zone # 編輯正向文件

$TTL 86400

@ IN SOA dns01.benet.com. root.benet.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

@ IN NS dns01.benet.com. # dns服務器

dns01 IN A 192.168.7.8

apache IN A 192.168.7.2

www IN CNAME apache

"benet.com.zone" 13L, 271C

[root@dns01 named]# vi 7.168.192.rev # 配置反向文件

$TTL 86400

@ IN SOA dns01.benet.com. root.benet.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

@ IN NS dns01.benet.com. # dns服務器

2 IN PTR apache.benet.com.

8 IN PTR dns01.benet.com.

"7.168.192.rev" 12L, 475C

5．收尾工作

[root@dns01 named]# cat /etc/resolv.conf # 確保dns解析的ip爲本機dns服務器ip

nameserver 192.168.7.8

[root@dns01 named]#

[root@dns01 named]# named-checkconf /var/named/chroot/etc/named.conf # 檢查配置文件

[root@dns01 named]#

[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/benet.com.zone # 檢查正向配置

zone benet.com/IN: loaded serial 42

[root@dns01 named]# named-checkzone benet.com /var/named/chroot/var/named/7.168.192.rev # 檢查方向配置

zone benet.com/IN: loaded serial 1997022700

[root@dns01 named]# chmod 644 /var/named/chroot/etc/named.conf # 設置權限

[root@dns01 named]# chmod 644 /var/named/chroot/var/named/benet.com.zone # 設置權限

[root@dns01 named]# chmod 644 /var/named/chroot/var/named/7.168.192.rev # 設置權限

[root@killgoogle ~]# /etc/rc.d/init.d/named restart # 重啓服務

[root@dns01 named]# service named restart # 另一種重啓服務方式

Stopping named: [ OK ]

Starting named: [ OK ]

[root@dns01 named]#

[root@dns01 named]# tail -f /var/log/messages # 如果啓動失敗，可以使用命令查看原因

[root@nis01 named]# chkconfig --level 35 named on # 設置隨機啓動named服務

[root@nis01 named]# chkconfig --list named

named 0:off 1:off 2:off 3:on 4:off 5:on 6:off

[root@nis01 named]#

6．測試

[root@dns01 ~]# dig -t soa benet.com

; <<>> DiG 9.3.4-P1 <<>> -t soa benet.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50784

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;benet.com. IN SOA

;; ANSWER SECTION:

benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400

;; AUTHORITY SECTION:

benet.com. 86400 IN NS dns01.benet.com.

;; ADDITIONAL SECTION:

dns01.benet.com. 86400 IN A 192.168.7.8

;; Query time: 63 msec

;; SERVER: 192.168.7.8#53(192.168.7.8)

;; WHEN: Tue Jun 9 18:21:43 2009

;; MSG SIZE rcvd: 104

[root@dns01 ~]#

[root@dns01 ~]# dig -t mx benet.com

; <<>> DiG 9.3.4-P1 <<>> -t mx benet.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21559

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;benet.com. IN MX

;; AUTHORITY SECTION:

benet.com. 86400 IN SOA dns01.benet.com. root.benet.com. 42 10800 900 604800 86400

;; Query time: 6 msec

;; SERVER: 192.168.7.8#53(192.168.7.8)

;; WHEN: Tue Jun 9 18:22:16 2009

;; MSG SIZE rcvd: 74

[root@dns01 ~]#

[root@dns01 ~]# dig www.benet.com

; <<>> DiG 9.3.4-P1 <<>> www.benet.com

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2727

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.benet.com. IN A

;; ANSWER SECTION:

www.benet.com. 86400 IN CNAME apache.benet.com.

apache.benet.com. 86400 IN A 192.168.7.2

;; AUTHORITY SECTION:

benet.com. 86400 IN NS dns01.benet.com.

;; ADDITIONAL SECTION:

dns01.benet.com. 86400 IN A 192.168.7.8

;; Query time: 3 msec

;; SERVER: 192.168.7.8#53(192.168.7.8)

;; WHEN: Tue Jun 9 18:22:51 2009

;; MSG SIZE rcvd: 104

[root@dns01 ~]#

root@dns01 ~]# dig -x 192.168.7.8 # 方向解析

; <<>> DiG 9.3.4-P1 <<>> -x 192.168.7.8

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15896

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;8.7.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

8.7.168.192.in-addr.arpa. 86400 IN PTR dns01.benet.com.

;; AUTHORITY SECTION:

7.168.192.in-addr.arpa. 86400 IN NS dins01.benet.com.

;; Query time: 3 msec

;; SERVER: 192.168.7.8#53(192.168.7.8)

;; WHEN: Tue Jun 9 18:23:46 2009

;; MSG SIZE rcvd: 92

[root@dns01 ~]#

[root@dns01 ~]# nslookup # nslookup 檢查

> www.benet.com # 正向解析

Server: 192.168.7.8

Address: 192.168.7.8#53

www.benet.com canonical name = apache.benet.com.

Name: apache.benet.com

Address: 192.168.7.2

> 192.168.7.8 # 反向解析

Server: 192.168.7.8

Address: 192.168.7.8#53

8.7.168.192.in-addr.arpa name = dns01.benet.com.

完成基本DNS服務器配置

本文出自 “Gonglei Chen” 博客，轉載請與作者聯繫！

RHEL5.3-DNS服務配置基礎

網管經驗談:服務器維護之真知灼見

使用SNMP服務後的安全防範技術講解

Windows性能監視器

ERD Commander使用方法

ERD Commander 2005 Boot

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結