centos minimal Bind 主從伺服器部署

請先參考

win 7 virtualbox 安裝 centos 6.3 minimal

win7 virtualbox4.2.18 vdi 克隆 導入

準備好實驗環境

實驗環境

兩台虛拟機BindM和BindS,裝的系統都是centos6.3 minimal

IP位址	主機名hostname
主DNS伺服器	192.168.137.102	bindm.cas.cn
從DNS伺服器	192.168.137.103	binds.cas.cn
主機win7	218.241.119.9

安裝bind(針對bindm,binds)

1.讓yum安裝包保留在伺服器上

[[email protected] grid]# vi /etc/yum.conf

2.使用yum 安裝Bind （主DNS）伺服器；

[[email protected] grid]# yum -y install bind  bind-utils  bind-chroot

（注：新版本CentOS 6.x 已将chroot所需使用的目錄，透過mount --bind的功能進行目錄 連結了，故在CentOS 6.x中，根本無須切換到/var/named/chroot/了，隻需按正常目錄操 作 即可！）請cat /etc/sysconfig/named目錄，其下是不是有“ROOTDIR="/var/named/chroot”

3.修改resovl.conf解析和hosts

目的是為了提高域名解析效率，需要将主從DNS的位址寫入到/etc/hosts，同時在/etc/resolv.conf檔案中指定主從DNS位址。

 [[email protected] etc]# vi resolv.conf

[[email protected] etc]# vi hosts

3、配置主DNS伺服器

設定Bind配置檔案

(1)設定主配置檔案named.conf,其主要是設定DNS伺服器能管理哪些區域（zone）以及對應檔案名和存儲路徑；

[[email protected] etc]# vi /etc/named.conf

listen-on port 53 { any; };

登出listen-on-v6

allow-query     { any; };

注意:name.conf檔案最後include 兩個檔案 :

修改named.rfc1912.zones

[[email protected] etc]# vi named.rfc1912.zones

添加:

zone "cas.cn" IN {
        type master;
        file "cas.cn";
        allow-transfer  {192.168.137.103;};
};

zone "137.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.137.rev";
        allow-transfer  {192.168.137.103;};
};
           

檢查:[[email protected] etc]# named-checkconf

(2)建立區域檔案,依據named.conf檔案中指定的路徑來建立區域檔案，此檔案主要記錄該區域内的資料記錄；

 //正向解析配置檔案: 

//檢查正向區域配置檔案:

[[email protected] named]# named-checkzone cas.cn. /var/named/cas.cn

 //反向解析配置檔案:   

[[email protected] named]# vi 192.168.137.rev

//檢查反向區域配置檔案:  

[[email protected] named]# named-checkzone 137.168.192.in-addr.arpa. /var/named/192.168.137.rev

（3）重新加載配置檔案或重新開機named服務使用配置生效

[[email protected] named]# chkconfig --list named

[[email protected] named]# chkconfig named on

[[email protected] named]# chkconfig --list named

[[email protected] named]# chkconfig --add named

[[email protected] named]# service named restart

驗證能否解析

[[email protected] ~]# service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
[[email protected] ~]# nslookup 
> 192.168.137.102
Server:         192.168.137.102
Address:        192.168.137.102#53

102.137.168.192.in-addr.arpa    name = bindm.cas.cn.
102.137.168.192.in-addr.arpa    name = mail.cas.cn.
102.137.168.192.in-addr.arpa    name = www.cas.cn.
> bindm.cas.cn
Server:         192.168.137.102
Address:        192.168.137.102#53

Name:   bindm.cas.cn
Address: 192.168.137.102
> mail.cas.cn
Server:         192.168.137.102
Address:        192.168.137.102#53

Name:   mail.cas.cn
Address: 192.168.137.102
> www.cas.cn
Server:         192.168.137.102
Address:        192.168.137.102#53

Name:   www.cas.cn
Address: 192.168.137.102
           

防火牆配置

關閉防火牆

[[email protected] etc]# service iptables stop

設定為開機不啟動防火牆chkconfig iptables off

[[email protected] sysconfig]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[[email protected] sysconfig]# service iptables status
iptables: Firewall is not running.
[[email protected] sysconfig]# chkconfig iptables off
[[email protected] sysconfig]# 
           

4.配置從DNS伺服器

修改主配置檔案named.conf

主要設定DNS伺服器能管理哪些區域（zone）以及對應檔案名和存儲路徑；

[[email protected] etc]# vi /etc/named.conf

修改named.rfc1912.zones

[[email protected] etc]# vi named.rfc1912.zones

在檔案最後添加以下内容:

zone "cas.cn"   IN      {
        type slave;
        masters {192.168.137.102;};
        file "slaves/cas.cn";
};

zone "137.168.192.in-addr.arpa" IN {
        type slave;
        masters {192.168.137.102;};
        file "slaves/192.168.137.rev";
};
           

檢查并重新開機服務 :

[[email protected] etc]# chkconfig --list named

[[email protected] etc]# chkconfig named on

[[email protected] etc]# chkconfig --list named

[[email protected] etc]# chkconfig --add named

[[email protected] etc]# service named restart

 資料同步測試

經過上面重新開機從域名伺服器named服務，使其與主域名伺服器資料同步，成功後，在系統日志檔案中可以看到下載下傳區域資料庫檔案的記錄，在"/var/named/chroot/var/named/slaves/” (/var/named/slaves/)目錄中也可以看到自動儲存的區域資料庫檔案。

動态跟蹤日志記錄:

 [[email protected] ~]# tail -f /var/log/messages

//用ll 檢視/var/named/slaves/下，是否有自動儲存的區域資料庫檔案

 驗證從域名伺服器

dig測試

[[email protected] ~]# dig @localhost www.cas.cn

[[email protected] ~]# dig @localhost mail.cas.cn

 遇到問題

問題1：none:0: open: /etc/rndc.key: permission denied

解決方法:主從伺服器執行指令(賦予rndc.key讀取權限)

[[email protected] etc]# chmod +r rndc.key

問題2:service named restart時, 停滞在Generating /etc/rndc.key,沒有反應

解決方法:執行指令[[email protected] etc]# rndc-confgen -r /dev/urandom -a,再重新執行service named restart即可.