linux bind dns 正向解析 详解
从老的服务器上,把dns搬到新的服务器上,新系统是CentOS 6.3 X86_64,以前配置过一次dns,正向反向都有。请参考:linux dns服务器 安装配置详解,和上次配置有所不同是这次装的版本比较新9.8.2的,并且写法上也有所不同。
一,注册dns server
这一步不要忘了,不然你配置的在正确也不可能解析成功的。域名注册商的后台肯定有dns server注册的地方,如果没有,那肯定是天朝的小域名注册商的问题。
dns server regiter
先注册dns server,等dns server解析后,基本上dns server服务器上的配置就已经做好了。
二,安装bind
[root@linux ~]# yum -y install bind*
在这里和以前安装有一点不同,就是caching-nameserver集成bind里面去了。
三,配置dns server
1,配置/etc/named.conf
[root@hatch etc]# cat /etc/named.conf |awk '{if($0 !~ /^$/ && $0 !~ /^#/) {print $0}}' // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; //把localhost改成any directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; //把localhost改成any recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";
2,配置/etc/named.rfc1912.zones
[root@hatch etc]# cat /etc/named.rfc1912.zones |awk '{if($0 !~ /^$/ && $0 !~ /^#/) {print $0}}' // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "wigscwd.com.au" { type master; file "/var/named/wigscwd.com.au.hosts"; }; zone "stagingserver.com.au" { //该域名就是注册了,dns server的域名 type master; file "/var/named/stagingserver.com.au.hosts"; }; zone "nwayschina.com" { type master; file "/var/named/nwayschina.com.hosts"; };
注册了dns server的域名,根其他zone文件,有一点不同,下面会说到。
3,配置zone文件。
3.1,注册dns server 域名的,zone文件
[root@hatch named]# cat /var/named/stagingserver.com.au.hosts $ttl 3600 stagingserver.com.au. IN SOA ns.stagingserver.com.au. ns1.stagingserver.com.au. ( 1275966886 3600 3600 38400 3600 ) stagingserver.com.au. IN NS ns.stagingserver.com.au. stagingserver.com.au. IN A 65.60.11.66 *.stagingserver.com.au. IN CNAME stagingserver.com.au. stagingserver.com.au. IN NS ns1.stagingserver.com.au. hatch.stagingserver.com.au. IN A 111.67.16.172 //比非dns server注册的域名多出A记录 ns.stagingserver.com.au. IN A 111.67.16.172 //比非dns server注册的域名多出A记录 ns1.stagingserver.com.au. IN A 111.67.16.173 //比非dns server注册的域名多出A记录 。。。。。。。。。。。。以下省略。。。。。。。。。。。。。。。
3.2,非注册dns server 域名的,zone文件
[root@hatch named]# cat /var/named/wigscwd.com.au.hosts
$ttl 3600
wigscwd.com.au. IN SOA ns.stagingserver.com.au. ns1.stagingserver.com.au. (
1275576166
10800
3600
604800
38400 )
wigscwd.com.au. IN NS ns.stagingserver.com.au.
wigscwd.com.au. IN NS ns1.stagingserver.com.au.
wigscwd.com.au. IN A 111.67.16.172
www.wigscwd.com.au. IN CNAME wigscwd.com.au.
mail.wigscwd.com.au. IN CNAME ghs.google.com.
test.wigscwd.com.au. IN A 111.67.16.172
四,修改主机名,加hosts
1,加hosts,修改/etc/hosts
[root@hatch named]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #111.67.16.172 vmx14420.hosting24.com.au #111.67.16.172 hatch.wigscwd.com.au hatch 111.67.16.172 hatch.stagingserver.com.au hatch //这是我加的
2,修改network
[root@hatch named]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=hatch.stagingserver.com.au //这是我加的 DOMAIN=stagingserver.com.au //这是我加的 GATEWAY=111.67.19.254
重启一下服务器,服务器的名字就会改过来,这一步,我觉得有必要做一下,因为机子太多,修改一下主机名,可以知道自己,当前是在哪台服务器上。
五,启动bind进程
[root@hatch named]# /etc/init.d/named start
六,检查dns server是否安装成功
1,查看进程是否启动
[root@hatch ~]# netstat -tpnl |grep name Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 111.67.16.173:53 0.0.0.0:* LISTEN 5956/named-sdb tcp 0 0 111.67.16.172:53 0.0.0.0:* LISTEN 5956/named-sdb tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5956/named-sdb tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5956/named-sdb tcp 0 0 ::1:953 :::* LISTEN 5956/named-sdb
如果进程没起来,肯定是dns server配置有问题。
2,查看一下log日志是不是有报错
Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone wigscwd.com.au/IN: loading from master file /var/named/wigscwd.com.au.hosts failed: permission denied Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone wigscwd.com.au/IN: not loaded due to errors. Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone captainsoft.com/IN: loading from master file /var/named/captainsoft.com.hosts failed: permission denied Sep 24 14:07:06 vmx14420 named-sdb[13751]: zone captainsoft.com/IN: not loaded due to errors. Sep 24 14:07:06 vmx14420 named-sdb[13751]: managed-keys-zone ./IN: loaded serial 5
这个错误是因为,zone文件的权限不够,解决办法:
[root@hatch ~]# cd /var/named/ [root@hatch named]# chown root:named captainsoft.com.hosts wigscwd.com.au.hosts
给新增的zone文件权限。
3,用dig命令检测一下,配置好的域名
3.1,做为DNS SERVER的域名
[root@hatch ~]# dig @111.67.16.172 stagingserver.com.au ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @111.67.16.172 stagingserver.com.au ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23171 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;stagingserver.com.au. IN A ;; ANSWER SECTION: stagingserver.com.au. 3600 IN A 65.60.11.66 ;; AUTHORITY SECTION: stagingserver.com.au. 3600 IN NS ns1.stagingserver.com.au. stagingserver.com.au. 3600 IN NS ns.stagingserver.com.au. ;; ADDITIONAL SECTION: ns.stagingserver.com.au. 3600 IN A 111.67.16.172 //做为dns的A记录 ns1.stagingserver.com.au. 3600 IN A 111.67.16.173 //做为dns的A记录 ;; Query time: 1 msec ;; SERVER: 111.67.16.172#53(111.67.16.172) ;; WHEN: Tue Oct 8 11:19:29 2013 ;; MSG SIZE rcvd: 121
3.2,非dns server的域名
[root@hatch ~]# dig @111.67.16.172 wigscwd.com.au ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @111.67.16.172 wigscwd.com.au ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24447 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;wigscwd.com.au. IN A ;; ANSWER SECTION: wigscwd.com.au. 3600 IN A 111.67.16.172 ;; AUTHORITY SECTION: wigscwd.com.au. 3600 IN NS ns.stagingserver.com.au. wigscwd.com.au. 3600 IN NS ns1.stagingserver.com.au. ;; ADDITIONAL SECTION: ns.stagingserver.com.au. 3600 IN A 111.67.16.172 ns1.stagingserver.com.au. 3600 IN A 111.67.16.173 ;; Query time: 0 msec ;; SERVER: 111.67.16.172#53(111.67.16.172) ;; WHEN: Tue Oct 8 11:19:16 2013 ;; MSG SIZE rcvd: 129
为什么检测说了这么多,因为DNS没有解析前,是不能通过url进行访问的,所以看不到效果,只能在服务器检测。如果进程已启动,log日志没有报错,dig检测也没有问题,基本上您的DNS安装配置成功了。
