第四章:DNS服务全攻略(二案例)

2010年02月03日 Linux服务器, Linux视频 评论 3 条 阅读 11,089 views 次

关于DNS的一些基础的知识,大家可以看上一篇文章
http://www.opsers.org/2010_02_587.html

【实例1】技术部所在域为“tech.org”,部门内有三台主机,主机名分别是client1.tech.org,client2.tech.org,client3.tech.org。现要求DNS服务器dns.tech.org可以解析3台主机名和IP地址的对应关系。
当前的目录为/var/named/chroot/etc

vim named.conf

options {
directory "/var/named" ;
};
zone "." {
type hint ;
file "named.ca" ;
};
zone "tech.org" {
type master ;
file "tech.org.zone" ;
};
zone "31.168.192.in-addr.arpa" {
type master ;
file "192.168.31.zone" ;
};

当前的目录为/var/named/chroot/var/named

vim tech.org.zone

$TTL 86400
@ IN SOA dns.tech.org. root (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.tech.org.
dns IN A 192.168.31.134
client1 IN A 192.168.31.135
client2 IN A 192.168.31.136
client3 IN A 192.168.31.137

当前的目录为/var/named/chroot/var/named

vim 192.168.31.zone

@ IN SOA dns.tech.org. root.tech.org. (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.tech.org.
134 IN PTR dns.tech.org.
135 IN PTR cilent1.tech.org.
136 IN PTR client2.tech.org.
137 IN PTR client3.tech.org.

【实例2】企业采用多个区域管理各部门网络,技术部属于“tech.boobooke”域,市场部属于“mart.boobooke”域,其他人员属于“freedom.boobooke”域。
技术部门共有100人,采用的IP地址为192.168.31.1-192.168.31.100。
市场部门共有100人,采用IP地址为192.168.32.1-192.168.32.100。
其他人员只有50人,采用IP地址为192.168.33.1-192.168.33.50。
现采用一台主机搭建DNS服务器,其IP地址为192.168.31.134,要求这台DNS服务器可以完成内网所有区域的正/反向解析,
并且所有员工均可以访问外网地址。

vim etc/named.conf

options {
directory "/var/named" ;
};
zone "." {
type hint ;
file "named.ca" ;
};
zone "tech.boobooke" {
type master ;
file "tech.boobooke.zone" ;
};
zone "31.168.192.in-addr.arpa" {
type master;
file "192.168.31.zone";
};
zone "mart.boobooke" {
type master;
file "mart.boobooke.zone";
};
zone "32.168.192.in-addr.arpa" {
type master;
file "192.168.32.zone";
};
zone "freedom.boobooke" {
type master;
file "freedom.boobooke.zone";
};
zone "33.168.192.in-addr.arpa" {
type master;
file "192.168.33.zone";
};

vim var/named/tech.boobooke.zone

$TTL 86400
@ IN SOA dns.tech.boobooke. root (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.tech.boobooke.
dns IN A 192.168.31.134
client1 IN A 192.168.31.1
client2 IN A 192.168.31.2
client3 IN A 192.168.31.3
client4 IN A 192.168.31.4
client5 IN A 192.168.31.5
client6 IN A 192.168.31.6
client7 IN A 192.168.31.7
client100 IN A 192.168.31.100

vim mart.boobooke.zone

$TTL 86400
@ IN SOA dns.mart.boobooke. root (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.mart.boobooke.
dns IN A 192.168.31.134
client1 IN A 192.168.32.1
client2 IN A 192.168.32.2
client3 IN A 192.168.32.3
client4 IN A 192.168.32.4
client5 IN A 192.168.32.5
client6 IN A 192.168.32.6
client7 IN A 192.168.32.7
client100 IN A 192.168.32.100

vim freedom.boobooke.zone

$TTL 86400
@ IN SOA dns.freedom.boobooke. root (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.freedom.boobooke.
dns IN A 192.168.31.134
client1 IN A 192.168.33.1
client2 IN A 192.168.33.2
client3 IN A 192.168.33.3
client4 IN A 192.168.33.4
client5 IN A 192.168.33.5
client6 IN A 192.168.33.6
client7 IN A 192.168.33.7
client50 IN A 192.168.33.50

vim 192.168.31.zone

@ IN SOA 31.168.192.in-addr.arpa. root.tech.boobooke. (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.tech.boobooke.
134 IN PTR dns.tech.boobooke.
1 IN PTR cilent1.tech.boobooke.
2 IN PTR client2.tech.boobooke.
3 IN PTR client3.tech.boobooke.
4 IN PTR client4.tech.boobooke.
5 IN PTR client5.tech.boobooke.
6 IN PTR client6.tech.boobooke.
7 IN PTR client7.tech.boobooke.
100 IN PTR client100.tech.boobooke.

vim 192.168.32.zone

@ IN SOA 31.168.192.in-addr.arpa. root.mart.boobooke. (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.mart.boobooke.
134 IN PTR dns.mart.boobooke.
1 IN PTR cilent1.mart.boobooke.
2 IN PTR client2.mart.boobooke.
3 IN PTR client3.mart.boobooke.
4 IN PTR client4.mart.boobooke.
5 IN PTR client5.mart.boobooke.
6 IN PTR client6.mart.boobooke.
7 IN PTR client7.mart.boobooke.
100 IN PTR client100.mart.boobooke.

vim 192.168.33.zone

@ IN SOA 31.168.192.in-addr.arpa. root.freedom.boobooke. (
2009070900
1H
15M
1W
1D
)
@ IN NS dns.freedom.boobooke.
134 IN PTR dns.freedom.boobooke.
1 IN PTR cilent1.freedom.boobooke.
2 IN PTR client2.freedom.boobooke.
3 IN PTR client3.freedom.boobooke.
4 IN PTR client4.freedom.boobooke.
5 IN PTR client5.freedom.boobooke.
6 IN PTR client6.freedom.boobooke.
7 IN PTR client7.freedom.boobooke.
50 IN PTR client50.freedom.boobooke.

chown root:named 192.168.31.zone
chown root:named 192.168.32.zone
chown root:named 192.168.33.zone
chown root:named tech.boobooke.zone
chown root:named mart.boobooke.zone
chown root:named freedom.boobooke.zone

【实例3】安装基于chroot的DNS服务器,并将其配置成缓存Cache-only服务器,然后将客户机的查询转发到202.100.138.68和202.100.128.68的DNS服务器上。

202.100.138.68和202.100.128.68的DNS服务器上。

options {
directory "/var/named" ;
forwarders {202.100.138.68;
202.100.128.68;
};
forward only;
};

【实例4】安装基于chroot的DNS服务器,并根据以下要求配置主要名称服务器。
(1)定义服务器的版本信息为“9.3.4”。
(2)设置根区域,以便DNS服务器在本地区域文件不能进行查询的解析时,能转到根DNS服务器查询。
(3)建立xyz.org主区域,设置允许区域复制的辅域名服务器的地址为192.168.31.134。
(4)建立以下A资源记录。
dns.xyz.org. IN A 192.168.31.1
www.xyz.org. IN A 192.168.31.2
mail.xyz.org. IN A 192.168.31.3
(5)建立以下别名CNAME资源记录。
bbs IN CNAME www
(6)建立以下邮件交换器MX资源记录
Xyz.org. IN MX 10 mail.xyz.org.
(7)建立反向解析区域31.168.192.in-addr.arpa,并为以上A资源记录建立对应的指针PTR资源记录。

vim etc/named.conf

options {
directory "/var/named" ;
version "9.3.4";
allow-transfer {192.168.31.132;};
};
zone "." {
type hint;
file "named.ca";
};
zone "xyz.org" {
type master;
file "xyz.org.zone";
};
zone "31.168.192.in-addr.arpa" {
type master;
file "192.168.31.zone";
};

vim var/named/xyz.org.zone

$TTL 86400
@ IN SOA dns.xyz.org. root (
2009071000
3H
1H
1W
0
)
@ IN NS dns
dns IN A 192.168.31.1
www IN A 192.168.31.2
mail IN A 192.168.31.3
bbs IN CNAME www
xyz.org. IN MX 10 mail.xyz.org.

vim var/named/192.168.31.zone

@ IN SOA 31.168.192.in-addr.arpa. root.xyz.org. (
2009071000
1H
15M
1W
0
)
@ IN NS dns.xyz.org.
1 IN PTR dns.xyz.org.
2 IN PTR www.xyz.org.
3 IN PTR mail.xyz.org.

【实例5】安装基于chroot的DNS服务器,并根据以下要求配置辅助名称服务器。
(1)建立xyz.org从区域,设置主要名称服务器的地址为192.168.31.132。
(2)建立反向解析从区域31.168.192.in-addr.arpa,设置主要名称服务器的地址为192.168.31.132。

options {
directory "/var/named";
};
zone "xyz.org" {
type slave;
masters { 192.168.31.134; };
file "slaves/xyz.org.zone";
};
zone "31.168.192.in-addr.arpa" {
type slave;
masters { 192.168.31.134; };
file "slaves/192.168.31.zone";
};

★★★★★★★★★★★★★★★★★视频观看地址★★★★★★★★★★★★★★★★★★
http://www.boobooke.com/v/bbk3235
http://www.boobooke.com/v/bbk3236
http://www.boobooke.com/v/bbk3237

3 条留言  访客:2 条  博主:1 条

  1. avatar 随风飘

    羽飞老师 怎么清除linux系统的dns缓存啊 只能是重启吗? 刚做完您上边的实验 反向解析的时候把原来的记录给调出来了 上网查了几个命令 都不好使

  2. avatar 随风飘

    晕~~原来是区域数据文件没改过来,太晚了,脑子不好使了,睡了

给我留言

Copyright © 羽飞博客 保留所有权利.   Ality主题 皖ICP备14013844号-1

用户登录