1.dns服务器,是为了解决复杂的ip地址和常用的域名之间的转换问题
2.在centos5.5中安装dns服务器
1 yum install bind* -y 2 yum install caching-nameserver -y
2.修改配置文件
2.1修改主配置文件
1 cd /var/named/chroot/etc/ 2 cp -p named.caching-nameserver.conf named.conf 3 vim named.conf 4 options { 5 listen-on port 53 { 127.0.0.1; }; //将127.0.0.1改成any 监听所有地址 6 listen-on-v6 port 53 { ::1; }; 7 directory "/var/named"; 8 dump-file "/var/named/data/cache_dump.db"; 9 statistics-file "/var/named/data/named_stats.txt"; 10 memstatistics-file "/var/named/data/named_mem_stats.txt"; 11 allow-query { localhost; }; //将locahost 改成any 12 allow-query-cache { localhost; }; //将locahost 改成any 13 }; 14 logging { 15 channel default_debug { 16 file "data/named.run"; 17 severity dynamic; 18 }; 19 }; 20 view localhost_resolver { 21 match-clients { localhost; }; //将locahost 改成any 22 match-destinations { localhost; }; //将locahost 改成any 23 recursion yes; 24 include "/etc/named.rfc1912.zones"; 25 };
2.2修改域配置文件
1 vim named.rfc1912.zones 2 zone "sangmu2.com" IN { //正向解析文件 3 type master; 4 file "sangmu2.com.zone"; 5 allow-update { none; }; 6 }; 7 zone "10.168.192.in-addr.arpa" IN{ //反向解析文件,ip地址段需要反过来写 8 type master; 9 file "snagmu2.com.arpa"; 10 allow-update { none; }; 11 }; 12 zone "10.168.192.in-addr.arpa" IN{ //从服务器配置文件 13 type slave; 14 file "slaves/sangmu.com.arpa"; 15 allow-update { none; }; 16 masters { 192.168.10.15; }; //从服务器地址 17 }; 18 zone "ziyu.sangmu.com" IN { //子域服务器配置文件 19 type master; 20 file "ziyu.sangmu.com.zone"; 21 allow-update { none; }; 22 };
2.3.1修改域名正向解析配置文件
1 cp -p localhost.zone sangmu2.com.zone 2 [root@test4 named]# vim sangmu2.com.zone 3 $TTL 86400 4 @ IN SOA test4.sangmu.com. root ( 5 42 ; serial (d. adams) 6 3H ; refresh 7 15M ; retry 8 1W ; expiry 9 1D ) ; minimum 10 IN NS test4.sangmu2.com. 11 test4 IN A 192.168.10.14 12 www IN A 192.168.10.14
2.3.2修改域名反向解析配置文件
1 [root@test4 named]# cp -p sangmu2.com.zone sangmu2.com.arpa 2 [root@test4 named]# vim sangmu2.com.arpa 3 $TTL 86400 4 @ IN SOA test4.sangmu.com. root ( 5 42 ; serial (d. adams) 6 3H ; refresh 7 15M ; retry 8 1W ; expiry 9 1D ) ; minimum 10 IN NS test4.sangmu2.com. 11 14 IN A test4.sangmu2.com. 12 14 IN A www
2.3.3配置主从服务器的时候,需要主服务器允许读取数据
1 allow-transfer { any; };
2.3.4配置子域委派的时候,需要在父域解析文件中配置子服务器的地址
1 [root@test4 named]# vim sangmu2.com.zone 2 ziyu 3 $TTL 86400 4 @ IN SOA test4.sangmu.com. root ( 5 42 ; serial (d. adams) 6 3H ; refresh 7 15M ; retry 8 1W ; expiry 9 1D ) ; minimum 10 IN NS test4.sangmu2.com. 11 ziyu.test4 IN NS ziyu.test4.sangmu2.com. 12 ziyu.test4 IN PTR 192.168.10.14 13 test4 IN PTR 192.168.10.14 14 www IN PTR 192.168.10.14
如果父服务器想要解析子域服务器的域名,需要配置转发 forward
1 forwarders { 192.168.10.1;}; 2//或者 3 zone "ziyu.sangmu.com" IN { 4 type forward; 5 forwarders { 192.168.10.1; }; 6 forward only|first; // only 仅仅只是转发。first 先转发 没查询到则自己接着查询。 7 }
3.acl访问控制使用
1 acl sangmu { 192.168.10.1; }; 2 acl sangmu { 192.168.10.0/24; 192.168.10.1; };//应用的时候 直接使用 命名 sangmu 如 allow-transfer { sangmu; };