宜蘭縣教育支援平台 會員登入 會員註冊 我的i教書

« 上一篇 | 下一篇 »

因為最近打算把原本的 DNS Server 移到別台機器上,順便把系統和軟體做一下升級。所以先在 VM 中做一下測試及練習。
底下是安裝及設定步驟:

1. 安裝 DNS Server 軟體 bind
# yum install bind* -y

2. 修改設定檔
# vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.154.167;};                      ## Master DNS IP ##
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.154.0/24; };                      ## IP Range ##
        allow-transfer  { localhost; 192.168.154.201; };                        ## Slave DNS IP ##
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};
logging {
          channel default_debug {
          file "data/named.run";
          severity dynamic;
                                                    };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone    "test.com" IN {
        type master;
        file "db.test.com";
        allow-update { none; };
};
zone    "154.168.192.in-addr.arpa" IN {
        type master;
        file "db.154.168.192";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3. 建立正解和反解的設定檔
# vim /var/named/db.test.com

$TTL 86400
@       IN      SOA     m2k.test.com.   admin.m2k.test.com. (
                        2013111409      ; serial
                        86400           ; refresh
                        1800            ; retry
                        1728000         ; expire
                        1200            ; Negative Caching
                        )
      IN        NS      m2k.test.com.
m2k             IN      A       192.168.154.167
;@              IN      MX      0       mail.test.com.
test.com.       IN      A       192.168.154.167
;
;
;test.com.      IN      MX      10      m2k.test.com.
localhost               IN      A       127.0.0.1
loopback                IN      CNAME   localhost
;mail           IN      MX      1       m2k.test.com.
www            IN      A       192.168.154.1
ftp             IN      CNAME   ms1
proxy           IN      A       192.168.154.250
ms1             IN      A       192.168.154.2
bbs             IN      CNAME   ms1
m2k             IN      A       192.168.154.167

# vim /var/named/db.154.168.192

$TTL 86400
@       IN      SOA     m2k.test.com.   root.m2k.test.com. (
                        2013111409      ; serial
                        28800           ; refresh
                        14400           ; retry
                        720000          ; expire
                        86400           ; Negative Caching
                        )
@     IN        NS      localhost.localdomain.
;
167     IN      PTR     m2k.test.com.
1     IN        PTR     www.test.com.
2     IN        PTR     ms1.test.com.
250   IN        PTR     proxy.test.com.
4     IN        PTR     disk.test.com.

4. 改變檔案擁有者
# chown named:named /var/named/db.*

5. 檢查設定檔
# named-checkconf /etc/named.conf
# named-checkzone test.com /var/named/db.test.com
zone test.com/IN: loaded serial 2013111409
OK
# named-checkzone test.com /var/named/db.154.168.192
zone test.com/IN: loaded serial 2013111409
OK

4. 啟動 DNS Server
# service named start

5. 設定開機時啟動 DNS Server
# chkconfig --level 3 named on

測試 DNS Server
# dig m2k.test.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> m2k.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26409
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;m2k.test.com.                  IN      A

;; ANSWER SECTION:
m2k.test.com.           86400   IN      A       192.168.154.167

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      m2k.test.com.

;; ADDITIONAL SECTION:
m2k.test.com.           86400   IN      AAAA    2001:288:a229:1::167

;; Query time: 0 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:02 2013
;; MSG SIZE  rcvd: 88

# dig 192.168.154.167

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> 192.168.154.167
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.154.167.               IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2013111401 1800 900 604800 86400

;; Query time: 174 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:26 2013
;; MSG SIZE  rcvd: 108

# host free.test.com
free.test.com has address 192.168.154.100
free.test.com has IPv6 address 2001:288:a229:1::100

# host 192.168.154.100
100.154.168.192.in-addr.arpa domain name pointer free.test.com.




 
 
 
用LINE傳送

  1. Re: 在 CentOS 6.x 上架設 DNS Server

    這是一則悄悄話

    [回覆] 菜鳥 迴響於 02 七月, 2015 10:18

  2. Re: 在 CentOS 6.x 上架設 DNS Server

    您好:
    這個問題分成幾個部分,第一個可以檢查您的設定檔是否有問題。
    以 CentOS 6.x 為例
    # /usr/sbin/named-checkzone -d tces.ilc.edu.tw /var/named/chroot/var/named/db.tces.ilc.edu.tw
    loading "tces.ilc.edu.tw" from "/var/named/chroot/var/named/db.tces.ilc.edu.tw" class "IN"
    zone tces.ilc.edu.tw/IN: loaded serial 2014010301
    OK(要出現 OK)
    # /usr/sbin/named-checkconf /var/named/chroot/etc/named.conf
    (沒有出現任何訊息就是 OK)

    檢查是否有正常啟動 DNS Server
    # netstat -antulp | grep named
    tcp 0 0 192.168.1.3:53 0.0.0.0:* LISTEN 877/named
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 877/named
    tcp 0 0 ::1:953 :::* LISTEN 877/named
    udp 0 0 192.168.1.3:53 0.0.0.0:* 877/named

    接著測試自己的 DNS Server 是否能正常執行
    # host 192.168.1.100 DNS'Server
    # host st100.test.ilc.edu.tw DNS'Server

    再來是有沒有得到上一層 DNS Server 的授權,比如我服務的是中小學,就要得到上一層縣網 DNS Server 的授權。

    DNS Server 的設定非常繁瑣,設定檔的格式也有一定的要求,可能要找一下相關的資料來多進行了解。

    [回覆] 《未設定暱稱》 迴響於 02 七月, 2015 13:12

  3. Re: 在 CentOS 6.x 上架設 DNS Server

    謝謝您的回覆
    我再來研究一下,若有問題再請教您

    [回覆] 菜鳥 迴響於 02 七月, 2015 16:33

發表迴響

 暱稱 (必填)

 悄悄話

 標題

 個人網頁

 電子郵件

authimage 
 認證碼 (必填)