在 CentOS 6.x 上架設 DNS Server

星期五, 15th 十一月 2013

因為最近打算把原本的 DNS Server 移到別台機器上,順便把系統和軟體做一下升級。所以先在 VM 中做一下測試及練習。
底下是安裝及設定步驟:

1. 安裝 DNS Server 軟體 bind
# yum install bind* -y

2. 修改設定檔
# vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { 127.0.0.1; 192.168.154.167;};                      ## Master DNS IP ##
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.154.0/24; };                      ## IP Range ##
        allow-transfer  { localhost; 192.168.154.201; };                        ## Slave DNS IP ##
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};
logging {
          channel default_debug {
          file "data/named.run";
          severity dynamic;
                                                    };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone    "test.com" IN {
        type master;
        file "db.test.com";
        allow-update { none; };
};
zone    "154.168.192.in-addr.arpa" IN {
        type master;
        file "db.154.168.192";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

3. 建立正解和反解的設定檔
# vim /var/named/db.test.com

$TTL 86400
@       IN      SOA     m2k.test.com.   admin.m2k.test.com. (
                        2013111409      ; serial
                        86400           ; refresh
                        1800            ; retry
                        1728000         ; expire
                        1200            ; Negative Caching
                        )
      IN        NS      m2k.test.com.
m2k             IN      A       192.168.154.167
;@              IN      MX      0       mail.test.com.
test.com.       IN      A       192.168.154.167
;
;
;test.com.      IN      MX      10      m2k.test.com.
localhost               IN      A       127.0.0.1
loopback                IN      CNAME   localhost
;mail           IN      MX      1       m2k.test.com.
www            IN      A       192.168.154.1
ftp             IN      CNAME   ms1
proxy           IN      A       192.168.154.250
ms1             IN      A       192.168.154.2
bbs             IN      CNAME   ms1
m2k             IN      A       192.168.154.167

# vim /var/named/db.154.168.192

$TTL 86400
@       IN      SOA     m2k.test.com.   root.m2k.test.com. (
                        2013111409      ; serial
                        28800           ; refresh
                        14400           ; retry
                        720000          ; expire
                        86400           ; Negative Caching
                        )
@     IN        NS      localhost.localdomain.
;
167     IN      PTR     m2k.test.com.
1     IN        PTR     www.test.com.
2     IN        PTR     ms1.test.com.
250   IN        PTR     proxy.test.com.
4     IN        PTR     disk.test.com.

4. 改變檔案擁有者
# chown named:named /var/named/db.*

5. 檢查設定檔
# named-checkconf /etc/named.conf
# named-checkzone test.com /var/named/db.test.com
zone test.com/IN: loaded serial 2013111409
OK
# named-checkzone test.com /var/named/db.154.168.192
zone test.com/IN: loaded serial 2013111409
OK

4. 啟動 DNS Server
# service named start

5. 設定開機時啟動 DNS Server
# chkconfig --level 3 named on

測試 DNS Server
# dig m2k.test.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> m2k.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26409
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;m2k.test.com.                  IN      A

;; ANSWER SECTION:
m2k.test.com.           86400   IN      A       192.168.154.167

;; AUTHORITY SECTION:
test.com.               86400   IN      NS      m2k.test.com.

;; ADDITIONAL SECTION:
m2k.test.com.           86400   IN      AAAA    2001:288:a229:1::167

;; Query time: 0 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:02 2013
;; MSG SIZE  rcvd: 88

# dig 192.168.154.167

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> 192.168.154.167
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52234
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.154.167.               IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2013111401 1800 900 604800 86400

;; Query time: 174 msec
;; SERVER: 192.168.154.167#53(192.168.154.167)
;; WHEN: Fri Nov 15 10:03:26 2013
;; MSG SIZE  rcvd: 108

# host free.test.com
free.test.com has address 192.168.154.100
free.test.com has IPv6 address 2001:288:a229:1::100

# host 192.168.154.100
100.154.168.192.in-addr.arpa domain name pointer free.test.com.