環境:
主DNS伺服器 192.168.1.110 hostname=dns.costa.org DHCP伺服器 192.168.1.110 從DNS伺服器 192.168.1.120 hostname=dns1.costa.org client linux DHCP獲得 hostname=redhat.costa.org 一:安裝主DNS伺服器以及DHCP伺服器
安裝DNS和DHCP伺服器
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
yum -y install dhcp
二:配置動態dns (ddns)及加密驗證DNS
cd /var/named/chroot
dnssec-keygen -a HMAC-MD5 -b 128 -n USER costyleddns \\-a 加密方式 -b 加密的位數 -n user
dnssec-keygen -a HMAC-MD5 -b 128 -n USER rndc-key
查看ddns key密碼和rndc-key密碼
cat /var/named/chroot/Kcostyleddns.+157+61304.key
cat /var/named/chroot/Krndc-key.+157+20386.key
三:配置DHCP伺服器
編輯/etc/dhcp.conf
ddns-update-style interim; \\更新ddns方式
ignore client-updates; \\不允許用戶端更新DNS
max-lease-time 604800; \\最大釋放時間 單位S
default-lease-time 86400; \\默認釋放時間 單位S
key costyleddns { \\更新DNS的key 語法為 key user {
algorithm HMAC-MD5; \\ algorithm HMAC-MD5;
secret qVdXEom1piP3PlBFc2gArA==; \\ secret ;
}; \\};
zone costa.org. { 要更新的zone
primary 192.168.1.110;
key costyleddns;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.110;
key costyleddns;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.125 192.168.1.150;
# — default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
# — option nis-domain domain.org
option domain-name costa.org
option domain-name-servers 192.168.1.110,192.168.1.120;
}
四. 開啟DHCP服務以及設置其開機啟動
service dhcpd start | stop | restart
chkconfig dhcpd on | off on 開機自動啟動dhcpd服務
五 配置主DNS1.編輯全局配置文件
vi /etc/named.conf
options {
listen-on port 53 { any; }; \\修改地方1
listen-on-v6 port 53 { ::1; };
directory /var/named
dump-file /var/named/data/cache_dump.db
statistics-file /var/named/data/named_stats.txt
memstatistics-file /var/named/data/named_mem_stats.txt
// Those options should be used carefully because they disable port
// randomization
query-source port 53;
query-source-v6 port 53;
allow-transfer { 192.168.1.110; }; \\設定主dns伺服器的ip允許輔dns伺服器轉送
allow-query { any; }; \\修改地方2
# allow-query-cache { localhost; };
# forwarders {8.8.8.8; };
# forward first;
};
key costyletransfer { \\設定允許轉送rndc key
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
server 192.168.1.110 { \\設定主伺服器轉送的key
keys {costyletransfer; };
};
key costyleddns { \\設定DDNS的key
algorithm hmac-md5;
secret qVdXEom1piP3PlBFc2gArA==;
};
logging {
channel default_debug {
file data/named.run
severity dynamic;
};
};
view lan_resolver {
match-clients { 192.168.1.0/24; };
match-destinations { any; };
recursion yes;
include /etc/named_lan.zones
};
#view wan_resolver {
# match-clients { any; };
# match-destinations { any; };
# recursion yes;
# include /etc/named_wan.zones
#};
/var/named/chroot/etc/named.conf 65L, 1664C
2.配置 主配置文件
zone . IN {
type hint;
file named.ca
};
zone costa.org IN {
type master; ***
file costa.org.lan.zero ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
zone 1.168.192.in-addr.arpa IN {
type master; ***
file 1.168.192.local ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
3.配置區域配置文件:
cd /var/named/chroot/var/named/costa.org.lan.zero \\對應主配置文件的路徑
vi costa.org.lan.zero
$ORIGIN .
$TTL 86400 ; 1 day
costa.org IN SOA dns.costa.com. root.costa.org. (
43 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.costa.org.
MX 10 dns.costa.org.
$ORIGIN costa.org.
dns A 192.168.1.110
dns1 A 192.168.1.120
mail CNAME dns
$TTL 43200 ; 12 hours
redhat A 192.168.1.150 \\動態更新的DDNS
TXT 0075cad590578303201026362886ab527d
$TTL 86400 ; 1 day
www CNAME dns
~
六:啟動DNS服務設置DNS服務自啟動,并給予/var/named/chroot/var/named/
1.設置dns服務啟動以及開機啟動
service named start | stop | restart
chkconfig named on | off
2.關閉iptables 和 selinux 服務
service iptables stop
vi /etc/selinux/config 設置 selinux為disable狀態 并重啟機器
3.設置群組權限并允許區域寫入
chown -R named.named /var/named/chroot/var/named/
chmod -R 640 /var/named/chroot/var/named
vi /etc/sysconfig/named
ENABLE_ZONE_WRITE=yes
七:安裝及配置從DNS伺服器
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
關閉防火牆和selinux
配置/var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; }; \\
listen-on-v6 port 53 { ::1; };
directory /var/named
dump-file /var/named/data/cache_dump.db
statistics-file /var/named/data/named_stats.txt
memstatistics-file /var/named/data/named_mem_stats.txt
//
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; \\
allow-query-cache { any; }; \\
};
logging {
channel default_debug {
file data/named.run
severity dynamic;
};
};
\\
key costyletransfer{
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
\\
server 192.168.1.110{
keys {costyletransfer;};
};
view costa_lan_resolver {
match-clients { 192.168.1.0/24; }; \\
match-destinations { any; };
recursion yes;
include /etc/costa_lan.zones
};
編輯主配置文件/var/named/chroot/etc/costa_lan.zones
zone . IN {
type hint;
file named.ca
};
zone costa.org IN {
type slave; \\設定為從DNS伺服器
masters {192.168.1.110; }; \\設定主DNS伺服器的IP
file slaves/costa.org.zero \\設定正向解析文件路徑
};
zone 1.168.192.in-addr.arpa IN {
type slave; \\設定為從DNS伺服器
masters {192.168.1.110; }; \\設定主DNS伺服器的IP
file slaves/1.168.192.local \\設定反向解析文件路徑
};
4.啟動dns服務及開機自啟動
# service named start
# chkconfig named on
八:測試
在客戶機上添加dhclient.conf文件
end fqdn.fqdn test //test为本机的hostname
send fqdn.encoded on;
send fqdn.server-update off;
重啟即可生效
nslookup 192.168.1.110 查找靜態IP地址
nslookup redhat DHCP動態分配ip地址
九:DDNS成功后會自動在/var/named/chroot/var/named/下建立 jul的文件十:常見錯誤1./etc/named.conf file not found在/etc下缺少這個文件解決方法 設定軟連接ln -s /var/named/chroot/etc/named.conf /etc/named.conf2.permission denied錯誤此類錯誤多為權限不足造成的 A: /var/named/chroot/var/named/ 設定歸屬為named.named 權限為 640B: /var/naemd/chroot/etc/ 設定歸屬為named.named 權限為 640chown -R named.named /var/named/chroot/var/named/
chmod -R 640 /var/named/chroot/var/named/
3.语法错误 缺少标点符号
此类错误比较好判断
通过 # named -gc /var/named/chroot/etc/named.conf 可以发现哪里的问题 或折 # named-checkconf命令,没有任何提示时表明正常
你所缺少的部分,也早已被我用想像的画笔填满。
