冷博客

1.使用bind来安装DNS
    # yum install bind  服务器软件包
    # yum install bind-chroot  安全考虑 用来将bind与OS分离出来 虚拟的根
    # yum install caching-nameserver 模板

2.了解bind的目录结构
    # grep -v ^# /etc/sysconfig/named
    ROOTDIR=/var/named/chroot
    [root@stu254 chroot]# ls *
    dev:
    null  random  zero
    etc:
    localtime  named.caching-nameserver.conf  named.rfc1912.zones  rndc.key
    var:
    named  run  tmp
    [root@stu254 chroot]#

3.建立uplooking.com的正解与反解
    修改主配置文件
    [root@stu254 etc]# grep any named.caching-nameserver.conf
    listen-on port 53 { any; };
    allow-query     { any; };
    match-clients        { any; };
    match-destinations { any; };
    监听端口,查询地址,客户端和查询目的地址 都改成any
    [root@stu254 etc]#
    建立正反解查询
    [root@stu254 etc]# tail named.rfc1912.zones

    zone "uplooking.com" IN {
    type master;
    file "uplooking.com.zone.db";
    };

    zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "uplooking.com.arpa.db";
    };
    [root@stu254 etc]#
    建立正反解区域文件 从localhost.zone复制 修改
    [root@stu254 named]# pwd
    /var/named/chroot/var/named
    [root@stu254 named]# cat uplooking.com.zone.db
    $TTL    86400
    @        IN SOA  @       root (
                    2009060401        ; serial (d. adams)
                    3H        ; refresh
                    15M        ; retry
                    1W        ; expiry
                    1D )        ; minimum

            IN NS        dns.uplooking.com.
        IN MX 5        mail.uplooking.com.
    mail        IN A        10.10.10.30
    dns        IN A        192.168.1.31
    www        IN A        192.168.1.31
    [root@stu254 named]# cat uplooking.com.arpa.db
    $TTL    86400
    @        IN SOA  @       root (
                    2009060401        ; serial (d. adams)
                    3H        ; refresh
                    15M        ; retry
                    1W        ; expiry
                    1D )        ; minimum

            IN NS        dns.uplooking.com.
        IN MX    5    mail.uplooking.com.
    30        IN PTR        mail.uplooking.com.
    31        IN PTR        dns.uplooking.com.
    31        IN PTR        www.uplooking.com.
    [root@stu254 named]#
    修改区域文件的权限
    # chown :named /var/named/chroot/var/named/uplooking.com.*

    用语法检查工具检查配置
    # named-checkconf /var/named/chroot/etc/named.caching-nameserver.conf
    # named-checkzone uplooking.com /var/named/chroot/var/named/uplooking.com.*
    zone uplooking.com/IN: loaded serial 2009060401
    OK
    #
    没有问题 重新启动named
    service named restart
4.语法检查和测试工具
    DNS客户端修改成本机
    [root@stu254 named]# cat /etc/resolv.conf
    search uplooking.com
    nameserver 192.168.1.31
    [root@stu254 named]#
    [root@stu254 named]# host www.uplooking.com
    www.uplooking.com has address 192.168.1.31
    [root@stu254 named]# host mail.uplooking.com
    mail.uplooking.com has address 10.10.10.31
    mail.uplooking.com mail is handled by 5 mail.uplooking.com.
    [root@stu254 named]# host 192.168.1.31
    31.1.168.192.in-addr.arpa domain name pointer www.uplooking.com.
    [root@stu254 named]#

    [root@stu254 named]# nslookup
    > www.uplooking.com
    Server:        192.168.1.31
    Address:    192.168.1.31#53

    Name:    www.uplooking.com
    Address: 192.168.1.31
    > mail.uplooking.com
    Server:        192.168.1.31
    Address:    192.168.1.31#53

    Name:    mail.uplooking.com
    Address: 192.168.1.31
    > 192.168.1.31
    Server:        192.168.1.31
    Address:    192.168.1.31#53

    31.1.168.192.in-addr.arpa    name = www.uplooking.com.
    31.1.168.192.in-addr.arpa    name = mail.uplooking.com.
    > exit

    [root@stu254 named]#
5.负载均衡
    修改正解文件
    www      0       IN A            192.168.1.31
    www      0       IN A            192.168.1.30
    www      0       IN A            192.168.1.32
     其中 0 是生存时间 可以当做权值来使用

    用ping www测试 会每次显示不同IP

6.直接解析域名和连续域名解析和泛域名解析
    在正解文件中添加
    uplooking.com.  IN A            192.168.1.31
    # host uplooking.com
    uplooking.com has address 192.168.1.31
    连续域名解析,需要用$GENERATE函数 比如要解析1-254个循环的变量
    stu$ 是主机名 192.168.1.$ 是对应地址
    $GENERATE    1-254    stu$    IN A    192.168.1.$
    $GENERATE    1-254    $    IN PTR    stu$.uplooking.com.
    泛域名解析 一定要写在最后
    *               IN A            192.168.1.31
7.搭建主从服务器
    修改主机配置文件
    [root@stu31 named]#  tail -n 12 /var/named/chroot/etc/named.rfc1912.zones

    zone "uplooking.com" IN {
        type master;
        file "uplooking.com.zone.db";
        allow-transfer {192.168.1.32;};
    };

    zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "uplooking.com.arpa.db";
        allow-transfer {192.168.1.32;};
    };
    [root@stu31 named]#
    在主机的zone文件中加入从机做NS
    正解:
    dns             IN NS           dns.uplooking.com.
                    IN A            192.168.1.32
    反解:
    32              IN NS           dns.uplooking.com.
                    IN PTR          dns.uplooking.com.
    如不修改则只能向从机传递zone文件 从机不会随主机更新正解反解文件而更新

    修改从机配置文件 无需建立zone文件
    [root@stu32 named]# tail -n 12 /var/named/chroot/etc/named.rfc1912.zones

    zone "uplooking.com" IN {
            type slave;
            file "slaves/uplooking.com.zone.db";
            masters {192.168.1.31;};
    };

    zone "1.168.192.in-addr.arpa" IN {
            type slave;
            file "slaves/uplooking.com.arpa.db";
        masters {192.168.1.31;};
    };
    [root@stu32 named]#

    测试
    重新启动主从服务器,zone文件会自动复制过去
    再向主服务器中添加新的正反记录并修改版本号,重新启动主后,从即可更新记录

8.只缓冲服务器
    最主要的就是下面两项
    forward only； 指明这个服务器是缓存域名服务器
    forwarders  是转发dns请求到那个服务器

    *forward 值有first和only两项
    first 先查自定义的域,(但不查hint),查不到再转发到”forwarders”中的服务器,再查询hint.
    only是先查自定义的域,查不到再转发到 “转发服务器列表”中的服务器,不再查询hint
可以在options段中使用forwarders和forward指令设置DNS转发：
options {
    forwarders {
        192.168.1.110;
        192.168.1.112;
        };
    forward first;
};

forwarders { DNS_IP_1; DNS_IP_2; };
forwarders指令用于设置将DNS请求转发到哪个服务器，可以指定多个服务器的IP地址。