DNS构架.doc

centos5.3搭建DNS多域名解析服务器 2009-08-03 17:57:11标签：centos 5.3 dns 多域名推送到技术圈 centos5.3下搭建DNS服务器一、域名与域名解析网络中为了区别各个主机，必须为每台主机分配一个惟一的地址，这个地址即称为“IP 地址”。但这些数字难以记忆，所以就采用“域名”的方式来取代这些数字了。不过最终还是必须将域名转换为对应的IP 地址才能访问主机。DNS 服务，又叫域名解析服务，即提供域名与IP 地址的相互转换。域名的正向解析是将主机名转换成IP 地址的过程，域名的反向解析是将IP 地址转换成主机名的过程。通常我们很少需要将IP 地址转换成主机名，即反向解析。反向解析经常被一些后台程序使用，用户看不到。二、DNS 架构域的层次结构如同一棵倒立的树，层次结构非常清晰，如图所示。根域位于顶部，紧接着在根域的下面是几个顶级域，每个顶级域又可以进一步划分为不同的二级域，二级域再划分出子域，子域下面可以是主机也可以是再划分的子域，直到最后的主机。在Internet 中的域是由InterNIC负责管理的，域名的服务则由DNS 来实现。三、DNS 解析流程1、客户机请求解析的IP 地址，如果本地hosts文件中没有相关解析，则向本地DNS服务器发出解析请求；2、如果本地DNS服务器有该域名的解析信息，则直接返回给客户机；如果本地DNS 服务器没有该域名的解析信息，则本地DNS 服务器向根DNS服务器询问的IP地址；3、如果根DNS 服务器有该域名的解析信息，则直接返回信息给本地DNS 服务器，本地DNS 服务器再将解析信息返回给客户机；如果根DNS 服务器没有该域名的解析信息，则返回管辖.cn解析业务的DNS 服务器的IP 地址；4、本地DNS 服务器向管辖.cn的DNS 服务器询问的IP 地址；5、如果.cn 服务器有该域名的解析信息，则直接返回信息给本地DNS 服务器，本地DNS服务器再将解析信息返回给客户机；如果.cn DNS 服务器没有该域名的解析信息，则管辖.cn解析业务的DNS服务器告知.的DNS 服务器的IP地址；6、本地DNS 服务器向管辖.的DNS服务器询问的IP 地址；7、如果. 服务器有该域名的解析信息，则直接返回信息给本地DNS 服务器，本地DNS 服务器再将解析信息返回给客户机；如果. DNS 服务器没有该域名的解析信息，则管辖.解析业务的DNS 服务器告知.的DNS服务器的IP地址；8、本地DNS服务器向管辖.的DNS 服务器询问www. IP 地址；9、管辖.的DNS服务器告知的DNS服务器的IP地址；10、本地DNS服务器解析出的IP 地址，并传回给客户机。四、搭建centos5.3下的DNS多域解析服务器系统平台：centos5.3 内核版本：2.6.18-128.2.1.el5DNS 服务器IP ：10Web 服务器A： 81Mail服务器B： 82Web 服务器C： 83Mail服务器D： 851、安装bind相关软件包rootserver # yum -y install bind* caching-nameserver2、修改主配置文件rootserver # cd /var/named/chroot/etc/rootserver etc# cp p named.caching-nameserver.conf named.confrootserver etc# cp p named.rfc1912.zones named.rfc1912.zones.bak备注：cp 参数-p 除复制源文件的内容外，还将把其修改时间和访问权限也复制到新文件中。这里大多数配置文件的属主是root，组为named，如果只是cp，启动named 服务时会报错。rootserver etc# vi named.conf/ named.caching-nameserver.conf/ Provided by Red Hat caching-nameserver package to configure the/ ISC BIND named(8) DNS server as a caching only nameserver/ (as a localhost DNS resolver only)./ See /usr/share/doc/bind*/sample/ for example named configurationfiles./ DO NOT EDIT THIS FILE - use system-config-bind or an editor/ to create named.conf - edits to this file will be lost on/ caching-nameserver package upgrade./options listen-on port 53 any; ;listen-on-v6 port 53 :1; ;directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;memstatistics-file /var/named/data/named_mem_stats.txt;/ Those options should be used carefully because they disable port/ randomization/ query-source port 53;/ query-source-v6 port 53;allow-query any; ;logging channel default_debug file data/named.run;severity dynamic;view localhost_resolver match-clients any; ;match-destinations any; ;recursion yes;include /etc/named.rfc1912.zones;rootserver etc# vi named.rfc1912.zones/ named.rfc1912.zones:/ Provided by Red Hat caching-nameserver package/ ISC BIND named zone configuration for zones recommended by/ RFC 1912 section 4.1 : localhost TLDs and address zones/ See /usr/share/doc/bind*/sample/ for example named configurationfiles./zone . IN type hint;file named.ca; # 根DNS服务器配置文件；zone localdomain IN type master;file localdomain.zone;allow-update none; ; # 模板1；zone 0.0.127. IN type master;file named.local;allow-update none; ; # 模板2；zone IN type master;file .zone;allow-update none; ; # 模板1复制并修改后的；zone IN type master;file .zone;allow-update none; ; # 模板1复制并修改后的；zone 2.168.192. IN type master;file 2.168.192.in-addr.local;allow-update none; ; # 模板2 复制并修改后的；备注：蓝色字体是添加、修改过的；3、Zone配置文件rootserver etc# cd ./var/named/rootserver named# cp p localdomain.zone .zonerootserver named# cp p localdomain.zone .zonerootserver named# cp p named.local 2.168.192.in-addr.localrootserver named# vi .zone$TTL 86400 IN SOA localhost root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS .IN MX 10 .www IN A 81mail IN A 82rootserver named# vi .zone$TTL 86400 IN SOA localhost root (42 ; serial (d. adams)3H ; refresh15M ; retry1W ; expiry1D ) ; minimumIN NS .IN MX 10 .www IN A 83mail IN A 85rootserver named# vi 2.168.192.in-addr.local$TTL 86400 IN SOA localhost. root.localhost. (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS .IN NS .181 IN PTR .182 IN PTR .183 IN PTR .185 IN PTR .4、测试rootserver # nslookup Server: 10Address: 10#53Name: Address: 81 Server: 10Address: 10#53Name: Address: 82 Server: 10Address: 10#53Name: Address: 83 Server: 10Address: 10#53Name: Address: 85 81Server: 10Address: 10#5392. name = . 82Server: 10Address: 10#5392. name = . 83Server: 10Address: 10#5392. name = . 85Server: 10Address: 10#5392. name = .备注：蓝色为键盘输入五、结束资料转自互联网,仅供学习交流.本文出自 51CTO.COM技术博客用centos 5.2做智能DNS服务器 -2009-04-23 17:47:32标签：centos DNS 智能推送到技术圈 版权声明：原创作品，允许转载，转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。/172631/152703 1、安装openssltar -zxvf openssl-0.9.8d.tar.gzcd openssl-0.9.8d./config -prefix=/usr/local/opensslmake;make install2、安装bindtar -zxvf bind-9.5.1-P2.tar.gzcd bind-9.5.1-P2./configure -prefix=/usr/local/named/ -mandir=/usr/local/share/man/ -enable-threads -with-openssl=/usr/local/openssl/make;make installgroupadd -g 25 nameduseradd -u 25 -g 25 -d /usr/local/named -s /sbin/nologin namedmkdir /usr/local/named/namedb开始配置bind创建 rndc.conf文件，用bind自带程序生成cd /usr/local/named/sbin/rndc-confgen etc/rndc.conf把rndc.conf 中的key信息输出到 named.conf 中cd /etc/tail n10 rndc.conf | head -n9 | sed -e s/# /g ./named.conf编辑named.conf vi named.conf写入以下内容：options directory /usr/local/named; dump-file /usr/local/named/data/cache_dump.db; statistics-file /usr/local/named/data/named_stats.txt; version ; datasize 40M; allow-transfer trusted-lan; ; recursion yes; allow-notify trusted-lan; ; allow-recursion trusted-lan; ; auth-nxdomain no; forwarders 50; 8; ;logging channel warning file /usr/local/named/var/dns_warning versions 3 size 1240k; severity warning; print-category yes; print-severity yes; print-time yes; ; channel general_dns file /usr/local/named/var/dns_log versions 3 size 1240k; severity info; print-category yes; print-severity yes; print-time yes; ; category default warning; ; category queries general_dns; ;include cnc_acl.conf;include telecom_acl.conf;view view_cnc match-clients CNC; ; zone . type hint; file named.ca; ; include master/cnc.def;view view_telecom match-clients TELECOM; ; zone . type hint; file named.ca; ; include master/telecom.def;view view_any match-clients any; ; zone . type hint; file named.ca; ; include master/any.def;保存,退出。3、安装IP地址段查询工具Ripe-dbase-client-v3：下载软件包：wget url/apnic/dbase/tools/ripe-dbase-client-v3.tar.gz/urltar zxvf ripe-dbase-client-v3.tar.gzcd whois-3.1./configure -prefix=/usrmake;make install4、设置配置文件mkdir /usr/local/named/datamkdir /usr/local/named/masterwget url/domain/named.root/url -O /usr/local/named/named.ca配置ACL文件/usr/bin/whois3 -h -l -i mb MAINT-CNCGROUP | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl CNC print $1;ENDprint ; /usr/local/named/cnc_acl.conf/usr/bin/whois3 -h -l -i mb MAINT-CHINANET | grep descr | grep Reverse | awk -F for if ($2!=) print $2| sort -n | awk BEGINprint acl TELECOM print $1;ENDprint ; /usr/local/named/telecom_acl.conf增加域名解析配置文件设置网通解析配置文件：vi /usr/local/named/master/cnc.def=cnc.def begin=zone type master; file master/cnc/;allow-transfer 00 ; ; notify yes; also-notify 00 ; ;=cnc.def end= 设置电信解析配置文件：vi /usr/local/named/master/telecom.def=telecom.def begin=zone type master; file master/telecom/; allow-transfer 00 ; ; notify yes; also-notify 00 ; ;=telecom.def end=设置网通电信以外解析配置文件：vi /usr/local/named/master/any.def=any.def begin=zone type master; file master/any/; allow-transfer 00 ; ; notify yes; also-notify 00 ; ;=any.def end=增加域名定义文件设置网通域名定义文件：vi /usr/local/named/master/cnc/=cnc/ begin=$TTL 3600$ORIGIN . IN SOA . . ( 2009041701 ;Serial 3600 ;Refresh ( seconds ) 900 ;Retry ( seconds ) 68400 ;Expire ( seconds ) 15 ;Minimum TTL for Zone ( seconds ) ) IN NS ns.ki