Linux系统下DNS服务多域配置详解

2021-02-12 18:54:14 8151

前言：搭建域名解析服务是为了公司的几套系统做测试，很久以前配置过的多域环境以及master-slave的应用配置，由于一直没有做整理导致这次配置遇到点小问题现汇总下问题原因并做解析，给自己以后留个备份，现只解析其配置文件，共两个安装包bind-9.3.3-7.e15.i386.rpm #都bind主程序安装包 caching-namerserver #配置文件安装包，如果能熟记bind服务的配置文件可以不需要安装该包，安装方法，可以用rpm 、源码、或者yun install bind，这里不做解析，可参考前文http://qianluo.com/news1/shownews.php?lang=cn&id=83

----------------------------------------------------------------------------------

[root@mail named]# vim /etc/named. #DNS两个主要配置文件

named.caching-nameserver.conf named.rfc1912.zones

[root@mail named]# vim /etc/named.caching-nameserver.conf #主配置文件

// named.caching-nameserver.conf

// Provided by Red Hat caching-nameserver package to configure the

// ISC BIND named(8) DNS server as a caching only nameserver

// (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

// DO NOT EDIT THIS FILE - use system-config-bind or an editor

// to create named.conf - edits to this file will be lost on

// caching-nameserver package upgrade.

options {

listen-on port 53 { 192.168.0.55; };

// listen-on-v6 port 53 { ::1; };

directory "/var/named"

dump-file "/var/named/data/cache_dump.db"

statistics-file "/var/named/data/named_stats.txt"

memstatistics-file "/var/named/data/named_mem_stats.txt"

// Those options should be used carefully because they disable port

// randomization

query-source port 53;

// query-source-v6 port 53;

allow-query { any; };

// allow-query-cache { localhost; };

forward only;

forwarders {8.8.8.8;}; //此处配置DNS转发，当本域解析不了时候启用

};

logging {

channel default_debug {

file "data/named.run"

severity dynamic;

};

view localhost_resolver {

// match-clients { localhost; };

// match-destinations { localhost; };

recursion yes;

include "/etc/named.rfc1912.zones"

};

"/etc/named.caching-nameserver.conf" 43L, 1278C

[root@mail named]# vim /etc/named.rfc1912.zones #域名解析配置文件

#此处文件对应目录 /var/named/目录下的*.local 或者*.zone

# “//”为注释，zone为正向解析记录，local为反向解析记录

#“//”后几行注释掉的为我之前配置错误的文件，在启动named的时候会有报错信息提示，因为反向解析记录可以配置在同一个配置文件里，而正向解析记录必须一个域名配置一个zone的解析记录

/ named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// See /usr/share/doc/bind*/sample/ for example named configuration files.

zone "." IN {

type hint;

file "named.ca"

};

zone "localdomain" IN {

type master;

file "localdomain.zone"

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone"

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local"

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local"

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast"

allow-update { none; };

zone "0.in-addr.arpa" IN {

type master;

file "named.zero"

allow-update { none; };

};

zone "tutengit.com" IN {

type master;

file "tutengit.zone" #

allow-update { none; };

};

zone "0.168.192.in-addr.arpa" IN {

type master;

file "tutengit.local" #

allow-update { none; };

};

zone "q1w2e3r4.com" IN {

type master;

file "q1w2e3r4.zone" #对应/var/named/q1w2e3r4.zone

allow-update { none; };

};

zone "testserver.com" IN {

type master;

file "testserver.zone" #对应/var/named/testserver.zone文件

allow-update { none; };

};

zone "domain.com" IN {

type master;

file "domain.zone" #同上对应

allow-update { none; };

};

//zone "0.168.192.in-addr.arpa" IN {

// type master;

// file "q1w2e3r4.local"

// allow-update { none; };

//};

//zone "0.168.192.in-addr.arpa" IN {

// type master;

// file "q1w2e3r4.local"

// allow-update { none; };

//};

//zone "0.168.192.in-addr.arpa" IN {

// type master;

// file "testserver.local"

// allow-update { none; };

//};

[root@mail named]# pwd

/var/named

[root@mail named]# vim tutengit.zone #正向解析文件, 其他几个*.zone正解文件都是类似这样配置即可，可以按照自己的解析需求和对应ip来配置

$TTL 86400

@ IN SOA tutengit.com. root.tutengit.com. (

42 ; serial (d. adams)

3H refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS ns.tutengit.com.

IN A 192.168.0.55

ns IN A 192.168.0.55

www IN A 192.168.0.55

mail IN A 192.168.0.55

IN MX 10 mail.tutengit.com.

pop3 IN A 192.168.0.55

smtp IN A 192.168.0.55

需要给予/var/named/*.zone 和反解.local文件赋予named用户所有权限

Chown named,named –R /var/named/*

[root@mail named]# pwd

/var/named

[root@mail named]# ls

chroot localdomain.zone named.ca named.zero testserver.zone tutengit.local.bk

data localhost.zone named.ip6.local q1w2e3r4.zone tutengit.local tutengit.zone

domain.zone named.broadcast named.local slaves tutengit.local.b

[root@mail named]# ls -l

total 68

drwxr-x--- 5 root named 4096 Mar 15 16:08 chroot

drwxrwx--- 2 named named 4096 Mar 16 10:25 data

-rw-r----- 1 named named 549 Mar 19 16:23 domain.zone

-rw-r----- 1 named named 198 Feb 23 2011 localdomain.zone

-rw-r----- 1 named named 195 Feb 23 2011 localhost.zone

-rw-r----- 1 root named 427 Feb 23 2011 named.broadcast

-rw-r----- 1 root named 1892 Feb 23 2011 named.ca

-rw-r----- 1 named named 424 Feb 23 2011 named.ip6.local

-rw-r----- 1 named named 426 Feb 23 2011 named.local

-rw-r----- 1 root named 427 Feb 23 2011 named.zero

-rw-r----- 1 named named 481 Mar 19 16:17 q1w2e3r4.zone

drwxrwx--- 2 named named 4096 Feb 23 2011 slaves

-rw-r----- 1 named named 486 Mar 19 16:17 testserver.zone

-rw-r----- 1 named named 556 Mar 19 16:50 tutengit.local

-rw-r----- 1 root root 625 Mar 19 16:39 tutengit.local.b

-rw-r----- 1 named named 471 Mar 19 16:39 tutengit.local.bk

-rw-r----- 1 named named 601 Mar 19 16:22 tutengit.zone

[root@mail named]#

启动namedServer报错：

[root@mail named]# /etc/init.d/named start

Starting named:

Error in named configuration:

zone localdomain/IN: loaded serial 42

zone localhost/IN: loaded serial 42

zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700

zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700

zone 255.in-addr.arpa/IN: loaded serial 42

zone 0.in-addr.arpa/IN: loaded serial 42

zone tutengit.com/IN: loaded serial 42

tutengit.local:16: unknown RR type 'PRT'

zone 0.168.192.in-addr.arpa/IN: loading master file tutengit.local: unknown class/type

localhost_resolver/0.168.192.in-addr.arpa/IN: unknown class/type

zone q1w2e3r4.com/IN: loaded serial 42

zone testserver.com/IN: loaded serial 42

zone domain.com/IN: loaded serial 42

[FAILED]

[root@mail named]#

根据报错log可以看出我的/var/named/tutengit.local 文件报错，该文件为DNSServer 反向解析文件。此错误在网上有很多朋友有遇到，都没有直接的解决方法，这里可以直接查看tutengit.local文件，发现反解配置了多条NS解析记录

------------------------------------------------------

[root@mail named]# cat tutengit.local

$TTL 86400

@ IN SOA tutengit.com. root.tutengit.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS ns.tutengit.com.

55 IN PTR tutengit.com.

55 IN PTR mail.tutengit.com.

IN NS ns.q1w2e3r4.com.

56 IN PTR mgs.q1w2e3r4.com.

IN NS testserver.com.

54 IN PRT mbs.testserver.com.

IN NS domain.com.

53 IN PTR mail.domain.com.

于是删除多余的NS解析记录，再次查看该文件，并启动namedserver

[root@mail named]# vim tutengit.local

$TTL 86400

@ IN SOA tutengit.com. root.tutengit.com. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS ns.tutengit.com.

55 IN PTR tutengit.com.

55 IN PTR mail.tutengit.com.

56 IN PTR mgs.q1w2e3r4.com.

54 IN PTR mbs.testserver.com.

53 IN PTR mail.domain.com.

[root@mail named]# /etc/init.d/named start

Starting named: [ OK ]

另配置/etc/resolv.conf DNS 指向nameserver

[root@mail named]# cat /etc/resolv.conf

#nameserver 8.8.8.8

nameserver 192.168.0.55

此时，所有域名都可以正、反向解析，如果需要增加域名直接复制named.zone文件修改对应ip解析记录，并在tutengit.local 文件中修改反解记录即可对应解析。

供技术交流，转载需注明出处，By 风雨小默！

上一篇：linux怎么修改系统时间下一篇：DNS (Domain Name Server)域名解析系统详解