php centos java Firefox apache linux命令 开源 Ubuntu 程序员 Windows 微软 linux shell wordpress HTML5 google nginx Python mysql Android

linux bind dns 正向解析 详解

从老的服务器上,把dns搬到新的服务器上,新系统是CentOS 6.3 X86_64,以前配置过一次dns,正向反向都有。请参考:Linux dns服务器 安装配置详解,和上次配置有所不同是这次装的版本比较新9.8.2的,并且写法上也有所不同。

一,注册dns server

这一步不要忘了,不然你配置的在正确也不可能解析成功的。域名注册商的后台肯定有dns server注册的地方,如果没有,那肯定是天朝的小域名注册商的问题。

dns server regiter

先注册dns server,等dns server解析后,基本上dns server服务器上的配置就已经做好了。

二,安装bind

[root@linux ~]# yum -y install bind*  

在这里和以前安装有一点不同,就是caching-nameserver集成bind里面去了。

三,配置dns server

1,配置/etc/named.conf

[root@hatch etc]# cat /etc/named.conf |awk '{if($0 !~ /^$/ && $0 !~ /^#/) {print $0}}'  
//  
// named.conf  
//  
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS  
// server as a caching only nameserver (as a localhost DNS resolver only).  
//  
// See /usr/share/doc/bind*/sample/ for example named configuration files.  
//  
options {  
        listen-on port 53 { any; };         //把localhost改成any  
        directory       "/var/named";  
        dump-file       "/var/named/data/cache_dump.db";  
        statistics-file "/var/named/data/named_stats.txt";  
        memstatistics-file "/var/named/data/named_mem_stats.txt";  
        allow-query     { any; };          //把localhost改成any  
        recursion yes;  
        dnssec-enable yes;  
        dnssec-validation yes;  
        dnssec-lookaside auto;  
        /* Path to ISC DLV key */  
        bindkeys-file "/etc/named.iscdlv.key";  
        managed-keys-directory "/var/named/dynamic";  
};  
logging {  
        channel default_debug {  
                file "data/named.run";  
                severity dynamic;  
        };  
};  
zone "." IN {  
        type hint;  
        file "named.ca";  
};  
include "/etc/named.rfc1912.zones";  

2,配置/etc/named.rfc1912.zones

[root@hatch etc]# cat /etc/named.rfc1912.zones |awk '{if($0 !~ /^$/ && $0 !~ /^#/) {print $0}}'  
// named.rfc1912.zones:  
//  
// Provided by Red Hat caching-nameserver package  
//  
// ISC BIND named zone configuration for zones recommended by  
// RFC 1912 section 4.1 : localhost TLDs and address zones  
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt  
// (c)2007 R w Franks  
//  
// See /usr/share/doc/bind*/sample/ for example named configuration files.  
//  
zone "wigscwd.com.au" {  
        type master;  
        file "/var/named/wigscwd.com.au.hosts";  
        };  
zone "stagingserver.com.au" {      //该域名就是注册了,dns server的域名  
        type master;  
        file "/var/named/stagingserver.com.au.hosts";  
        };  
zone "nwayschina.com" {  
        type master;  
        file "/var/named/nwayschina.com.hosts";  
        };  

注册了dns server的域名,根其他zone文件,有一点不同,下面会说到。

3,配置zone文件。

注册dns server 域名的,zone文件

[root@hatch named]# cat /var/named/stagingserver.com.au.hosts  
$ttl 3600  
stagingserver.com.au.   IN      SOA     ns.stagingserver.com.au. ns1.stagingserver.com.au. (  
                        1275966886  
                        3600  
                        3600  
                        38400  
                        3600 )  
stagingserver.com.au.   IN      NS      ns.stagingserver.com.au.  
stagingserver.com.au.   IN      A       65.60.11.66  
*.stagingserver.com.au. IN      CNAME   stagingserver.com.au.  
stagingserver.com.au.   IN      NS      ns1.stagingserver.com.au.  
hatch.stagingserver.com.au.     IN      A       111.67.16.172         //比非dns server注册的域名多出A记录  
ns.stagingserver.com.au.        IN      A       111.67.16.172         //比非dns server注册的域名多出A记录  
ns1.stagingserver.com.au.       IN      A       111.67.16.173         //比非dns server注册的域名多出A记录  
。。。。。。。。。。。。以下省略。。。。。。。。。。。。。。。  

非注册dns server 域名的,zone文件

[root@hatch named]# cat /var/named/wigscwd.com.au.hosts  
$ttl 3600  
wigscwd.com.au. IN      SOA     ns.stagingserver.com.au. ns1.stagingserver.com.au. (  
                        1275576166  
                        10800  
                        3600  
                        604800  
                        38400 )  
wigscwd.com.au. IN      NS      ns.stagingserver.com.au.  
wigscwd.com.au. IN      NS      ns1.stagingserver.com.au.  
wigscwd.com.au. IN      A       111.67.16.172  
www.wigscwd.com.au.     IN      CNAME   wigscwd.com.au.  
mail.wigscwd.com.au.    IN      CNAME   ghs.google.com.  
test.wigscwd.com.au.    IN      A       111.67.16.172  

四,修改主机名,加hosts

加hosts,修改/etc/hosts

[root@hatch named]# cat /etc/hosts  
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4  
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6  
#111.67.16.172 vmx14420.hosting24.com.au  
#111.67.16.172 hatch.wigscwd.com.au hatch  
111.67.16.172 hatch.stagingserver.com.au hatch     //这是我加的  

修改network

[root@hatch named]# cat /etc/sysconfig/network  
NETWORKING=yes  
hostname=hatch.stagingserver.com.au               //这是我加的  
DOMAIN=stagingserver.com.au                     //这是我加的  
GATEWAY=111.67.19.254  

重启一下服务器,服务器的名字就会改过来,这一步,我觉得有必要做一下,因为机子太多,修改一下主机名,可以知道自己,当前是在哪台服务器上。

五,启动bind进程

[root@hatch named]# /etc/init.d/named start  

六,检查dns server是否安装成功

查看进程是否启动

[root@hatch ~]# netstat -tpnl |grep name  
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 111.67.16.173:53            0.0.0.0:*                   LISTEN      5956/named-sdb  
tcp        0      0 111.67.16.172:53            0.0.0.0:*                   LISTEN      5956/named-sdb  
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      5956/named-sdb  
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      5956/named-sdb  
tcp        0      0 ::1:953                     :::*                        LISTEN      5956/named-sdb  

如果进程没起来,肯定是dns server配置有问题。

查看一下log日志是不是有报错

Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone wigscwd.com.au/IN: loading from master file /var/named/wigscwd.com.au.hosts failed: permission denied  
Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone wigscwd.com.au/IN: not loaded due to errors.  
Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone captainsoft.com/IN: loading from master file /var/named/captainsoft.com.hosts failed: permission denied  
Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone captainsoft.com/IN: not loaded due to errors.  
Sep 24 14:07:06 vmx14420 named-sdb[13751]: managed-keys-zone ./IN: loaded serial 5  

这个错误是因为,zone文件的权限不够,解决办法:

[root@hatch ~]# cd /var/named/  
[root@hatch named]# chown root:named captainsoft.com.hosts wigscwd.com.au.hosts  

给新增的zone文件权限。

dig命令检测一下,配置好的域名,做为DNS SERVER的域名

[root@hatch ~]# dig @111.67.16.172 stagingserver.com.au  
  
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @111.67.16.172 stagingserver.com.au  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; -&gt&gtHEADER&lt&lt- opcode: QUERY, status: NOERROR, id: 23171  
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2  
  
;; QUESTION SECTION:  
;stagingserver.com.au.          IN      A  
  
;; ANSWER SECTION:  
stagingserver.com.au.   3600    IN      A       65.60.11.66  
  
;; AUTHORITY SECTION:  
stagingserver.com.au.   3600    IN      NS      ns1.stagingserver.com.au.  
stagingserver.com.au.   3600    IN      NS      ns.stagingserver.com.au.  
  
;; ADDITIONAL SECTION:  
ns.stagingserver.com.au. 3600   IN      A       111.67.16.172        //做为dns的A记录  
ns1.stagingserver.com.au. 3600  IN      A       111.67.16.173        //做为dns的A记录  
  
;; Query time: 1 msec  
;; SERVER: 111.67.16.172#53(111.67.16.172)  
;; WHEN: Tue Oct  8 11:19:29 2013  
;; MSG SIZE  rcvd: 121  

非dns server的域名

[root@hatch ~]# dig @111.67.16.172 wigscwd.com.au  
  
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @111.67.16.172 wigscwd.com.au  
; (1 server found)  
;; global options: +cmd  
;; Got answer:  
;; -&gt&gtHEADER&lt&lt- opcode: QUERY, status: NOERROR, id: 24447  
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2  
  
;; QUESTION SECTION:  
;wigscwd.com.au.                        IN      A  
  
;; ANSWER SECTION:  
wigscwd.com.au.         3600    IN      A       111.67.16.172  
  
;; AUTHORITY SECTION:  
wigscwd.com.au.         3600    IN      NS      ns.stagingserver.com.au.  
wigscwd.com.au.         3600    IN      NS      ns1.stagingserver.com.au.  
  
;; ADDITIONAL SECTION:  
ns.stagingserver.com.au. 3600   IN      A       111.67.16.172  
ns1.stagingserver.com.au. 3600  IN      A       111.67.16.173  
  
;; Query time: 0 msec  
;; SERVER: 111.67.16.172#53(111.67.16.172)  
;; WHEN: Tue Oct  8 11:19:16 2013  
;; MSG SIZE  rcvd: 129  

为什么检测说了这么多,因为DNS没有解析前,是不能通过url进行访问的,所以看不到效果,只能在服务器检测。如果进程已启动,log日志没有报错,dig检测也没有问题,基本上您的DNS安装配置成功了。

延伸阅读

评论