DNS服务搭建

公司内部网络有很多日常开发或运维要用到的服务器,每次访问特定的服务时总得在浏览器中输入ip地址或者在本地计算机绑定host,总是显的十分的不方便。并且也不便于日后的维护。于是就有在公司内部搭建一台DNS服务器的必要了,并且还可以作为缓存服务器加速网络的访问,何乐而不为。经几天的折腾终于把DNS服务搭建好了,用到了两台服务器,一主一从,配置是这样的:
主DNS配置:
options配置/etc/named.conf

options {
listen-on port 53 { any; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
allow-query-cache { any; };
allow-transfer  { 192.168.1.12; };
allow-update { none; };
recursion yes;
forwarders      { 101.226.1.43; 202.101.172.35; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
};

logging配置/etc/named.conf

logging {
        channel default_log{
                file "data/bind.log" versions 3 size 256m;
                #severity warning;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category default{
                default_log;
        };

        channel query_log{
                file "data/query.log" versions 3 size 256m;
                #severity warning;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category queries{
                query_log;
        };
};

zone配置/etc/named.rfc1912.zones

zone "hd.com" IN {
type master;
file "hd.com.zone";
allow-transfer { 192.168.1.12; };
notify yes;
also-notify { 192.168.1.12; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-transfer { 192.168.1.12; };
notify yes;
also-notify { 192.168.1.12; };
};

主DNS的zone文件详细信息
正向解析zone文件/var/named/hd.com.zone

$TTL 86400
@       IN SOA  ns1.hd.com. root (
20140220
28800   ; refresh
14400   ; retry
3600000 ; expire
86400 ) ; minimum
@       IN NS   ns1.hd.com.
@       IN NS   ns2.hd.com.
ns1     IN A    192.168.1.13
ns2     IN A    192.168.1.12
pan     IN A    192.168.1.13
bbs     IN A    192.168.1.13

反方向解析zone文件/var/named/192.168.1.zone

$TTL 86400
@       IN SOA  ns1.hd.com. root (
20140221
28800   ; refresh
14400   ; retry
3600000 ; expire
86400 ) ; minimum
@       IN NS   ns.hd.com.
13      IN PTR  pan.hd.com.
13      IN PTR  bbs.hd.com.
13      IN PTR  ns1.hd.com.
12      IN PTR  ns2.hd.com.

从DNS配置
option配置/etc/named.conf

options {
listen-on port 53 { any; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
allow-query-cache { any; };
recursion yes;
forwarders      { 101.226.1.43; 202.101.172.35; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
};

zone配置/etc/named.rfc1912.zones

zone "hd.com" IN {
type slave;
file "hd.com.zone";
masters { 192.168.1.13; };
notify  yes;
allow-notify { 192.168.1.13; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "192.168.1.zone";
masters { 192.168.1.13; };
notify  yes;
allow-notify { 192.168.1.13; };
};

从DNS的zone文件不需要手动设置,会自动从主DNS上同步下来。如果每次更改主服务器的zone文件后,还要更改zone的ID,一般增大就好。只有这样在主DNS上执行 service named reload 从上的zone文件才会同步更新。
转载请注明出处 http://www.xiaomastack.com/2014/06/28/linux-server-dns/ 谢谢!

发表评论:

你的电子邮件地址将不会被公开.

84 ÷ = 12