Php文档 Php问答行业资讯 Php论坛 Php手册 Php博客

游戏榜单

软件榜单

关闭导航

热搜榜

热门下载

热门标签

关闭搜索

php爱好者> php文档>DNS配置

DNS配置

时间：2006-02-13 来源：sataz

DNS安装手册

1. 安装前系统配置
配置两台服务器网卡IP地址

serverA：10.0.0.1/24，

serverB：10.0.0.2/24，网关：10.0.0.254

下载最新的bind和root.hint

www.interisc.org

2. 安装bind
在本机上装ftp server，Server-U

通过ftp传送bind到两台服务器

ftp 10.0.0.9(FTP服务器)

lcd /usr/local

bin

get bind-9.3.1rc1.tar.gz

tar –zxvf bind-9.3.1rc1.tar.gz

cd /usr

mkdir /bind

cd /usr/local/ bind-9.3.1rc1

./configure --prefix=/usr/bind --mandir=/usr/bind/share/man

Make

Make install

(在另一台DNS服务器上重复)

3. 配置master
在/var下创建named文件夹

cd /var

mkdir /named

cd /usr/bind/sbin

./rndc-confgen > /usr/bind/etc/rndc.conf

1) 配置所有的zone文件

a) db.local

$TTL 86400

@ IN SOA test1.test.cn. hostmaster.test.cn. (

20060101 ;Serial

3H ;Refresh

1H ;Retry

4W ;Expire

1D ) ;Minimum TTL

@ IN NS test1.test.cn.

1 IN PTR localhost.

b) db.0.0.10

$TTL 86400

@ IN SOA test1.test.cn. root.test.cn. (

20060101;Serial

3H; Refresh

1H; Retry

4W; Expire

1D); Minimum TTL

@ IN NS test1.test.cn.

100 IN PTR mail.test.cn.

c) db.0.168.192

$TTL 86400

@ IN SOA test.cn. root.test.cn. (

20060101;Serial

3H; Refresh

1H; Retry

4W; Expire

1D); Minimum TTL

@ IN NS test1.test.cn.

100 IN PTR mail.test.cn.

d) db.test-internal

$TTL 86400

@ IN SOA test1.test.cn root.test.cn. (

20060101;Serial

3H ;Refresh

1H ;Retry

4W ;Expire

1D ) ;Minimum TTL

@ IN NS test1.test.cn.

localhost IN A 127.0.0.1

test1 IN A 10.0.0.1

mail IN A 10.0.0.100

e) db.test-cernet

$TTL 86400

@ IN SOA test1.test.cn. root.test.cn. (

20060101 ;Serial

3H ;Refresh

1H ;Retry

4W ;Expire

1D ) ;Minimum TTL

@ IN NS test1.test.cn.

localhost IN A 127.0.0.1

mail IN A 192.168.0.100

将所有的zone配置文件copy至该目录下

2) 配置name.conf

named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "IZp9Lp4MfBKrbMUFM/GsKw==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/var/named";

pid-file "/var/run/named.pid";

allow-notify { 10.0.0.2; };

};

logging {

channel bind_log {

file "/var/log/bindall_log" versions 10 size 20m;

severity notice;

print-category yes;

print-time yes;

print-severity yes;

};

category default {

bind_log;

};

acl "inside-subnet" { 10.0.0.0/16; };

view "internal" {

match-clients { !key rndc-key;"inside-subnet";};

zone "." {

type hint;

file "root.hint";

};

zone "0.0.127.in-addr.arpa" {

type master;

file "db.local";

};

zone "test.cn" {

type master;

file "db.test-internal";

};

zone "0.0.10.in-addr.arpa" {

type master;

file "db.0.0.10";

};

view "cernet" {

match-clients { key rndc-key;any; };

server 10.0.0.1 { keys rndc-key; };

recursion no;

zone "." {

type hint;

file "root.hint";

};

zone "0.0.127.in-addr.arpa" {

type master;

file "db.local";

allow-transfer { 10.0.0.2; };

};

zone "test.cn" {

type master;

file "db.test-cernet";

allow-transfer { 10.0.0.2; };

};

zone "0.168.192.in-addr.arpa" {

type master;

file "db.0.168.192";

allow-transfer { 10.0.0.2; };

};

将named.conf和root.hint拷贝至/usr/bind/etc

cd /etc/bind/sbin

./named –g 启动named进程

3) 配置自启动

named

#!/bin/bash

# named This shell script takes care of starting and stopping

# named (BIND DNS server).

# chkconfig: - 55 45

# description: named (BIND) is a Domain Name Server (DNS) \

# that is used to resolve host names to IP addresses.

# probe: true

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network

RETVAL=0

prog="named"

# Check that networking is up.

[ "${NETWORKING}" = "no" ] && exit 0

[ -x /usr/bind/sbin/named ] || exit 0

[ -r /usr/bind/etc/named.conf ] || exit 0

start() {

# Start daemons.

if [ -n "`/sbin/pidof named`" ]; then

echo -n $"$prog: already running"

return 1

echo -n $"Starting $prog: "

conf_ok=0;

if [ -x /usr/bind/sbin/named-checkconf ] && /usr/bind/sbin/named-checkconf $ckcf_options; then

conf_ok=1;

else

RETVAL=$?;

if [ $conf_ok -eq 1 ]; then

daemon /usr/bind/sbin/named ;

RETVAL=$?;

else

named_err=`/usr/bind/sbin/named -g 2>&1 | sed s/\n/\\n/g`;

if [ `tty` != "/dev/console" ]; then

echo -e "\n$named_err";

echo -n "Error in configuration file /usr/bind/etc/named.conf : ";

fi;

failure $"Error in configuration file /usr/bind/etc/named.conf : $named_err";

echo

return $RETVAL;

fi;

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named

echo

return $RETVAL

}

stop() {

# Stop daemons.

echo -n $"Stopping $prog: "

/usr/bind/sbin/rndc stop >/dev/null 2>&1

RETVAL=$?

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named || {

killproc named

RETVAL=$?

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named

echo

return $RETVAL

}

success

echo

return $RETVAL

}

rhstatus() {

/usr/bind/sbin/rndc status

return $?

}

restart() {

stop

# wait a couple of seconds for the named to finish closing down

sleep 2

start

}

reload() {

echo -n $"Reloading $prog: "

p=`/sbin/pidof -o %PPID named`

RETVAL=$?

if [ "$RETVAL" -eq 0 ]; then

/usr/bind/sbin/rndc reload >/dev/null 2>&1 || /usr/bin/kill -HUP $p;

RETVAL=$?

[ "$RETVAL" -eq 0 ] && success $"$prog reload" || failure $"$prog reload"

echo

return $?

}

probe() {

# named knows how to reload intelligently; we don't want linuxconf

# to offer to restart every time

/usr/bind/sbin/rndc reload >/dev/null 2>&1 || echo start

return $?

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

status)

rhstatus

;;

restart)

restart

;;

condrestart)

if [ -e /var/lock/subsys/named ]; then restart; fi

;;

reload)

reload

;;

probe)

probe

;;

echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|probe}"

exit 1

esac

exit $?

ln -s /etc/init.d/named /sbin/named

ln -s /etc/init.d/named /etc/rc2.d/S55named

4) 调试命令

./rndc status

./rndc reload

more /var/log/bindall_log

ps –ef |grep named

rmp –qa |grep bind 查找原有安装的bind

rpm –d bind* 卸载

当主服务器更新后，需要重启主备服务器的named进程 named restart

4. 配置slave
1) 安装bind，第二节

2) 配置named.conf

key "rndc-key" {

algorithm hmac-md5;

secret "IZp9Lp4MfBKrbMUFM/GsKw==";

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { "rndc-key"; };

};

options {

directory "/var/named";

pid-file "/var/run/named.pid";

//allow-transfer { 10.0.0.1; };

};

logging {

channel bind_log {

file "/var/log/bindall_log" versions 10 size 20m;

severity notice;

print-category yes;

print-time yes;

print-severity yes;

};

category default {

bind_log;

};

acl "inside-subnet" { 10.0.0.0/16; };

view "internal" {

match-clients { !key rndc-key;"inside-subnet";};

recursion yes;

zone "." {

type hint;

file "root.hint";

};

zone "0.0.127.in-addr.arpa" {

type slave;

file "slave.db.local";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

notify no;

};

zone "test.cn" {

type slave;

file "slave.db.test-internal";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

};

zone "0.0.10.in-addr.arpa" {

type slave;

file "slave.db.0.0.10";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

};

view "cernet" {

match-clients { key rndc-key;any; };

server 10.0.0.1 { keys rndc-key; };

recursion no;

zone "." {

type hint;

file "root.hint";

};

zone "0.0.127.in-addr.arpa" {

type slave;

file "slave.db.local";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

notify no;

};

zone "test.cn" {

type slave;

file "slave.db.test-cernet";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

};

zone "0.168.192.in-addr.arpa" {

type slave;

file "slave.db.0.168.192";

masters { 10.0.0.1; };

allow-transfer { 10.0.0.1; };

};

3) 配置自启动，见master

4) 启动named进程，见master

slave会向master学习到所有的zone信息。