Chinaunix

标题: Linux多DNS服务 [打印本页]

作者: SMEWL 时间: 2009-06-29 18:55
标题: Linux多DNS服务

Linux多DNS服务
一、          实验目标
一台Linux服务器提供多个DNS服务。
二、          实验环境
Linux服务器版本为Red Hat Enterprise Linux Server release 5.2 (Tikanga)，内核版本号2.6.18-92.el5；两台客户端主机。
三、          实施步骤
1、  安装bind软件包
放入安装光盘，并切换到软件包所在目录，执行下列命令安装相应软件包：
rpm -ivh bind-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-chroot-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-devel-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-libbind-devel-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-libs-9.3.4-6.P1.el5.i386.rpm
rpm -ivh bind-sdb-9.3.4-6.P1.el5.i386.rpm
rpm -ihv bind-utils-9.3.4-6.P1.el5.i386.rpm
rpm -ivh caching-nameserver-9.3.4-6.P1.el5.i386.rpm
2、  创建、修改配置文件
1）  创建第二个DNS服务的相关配置文件
[root@server ~]#  cp -a /var/named /var/dns    注：-a参数保留目录及其以下文件属性
对链接文件重新链接到正确的目标文件。把/var/dns/chroot/var/named目录更名为/var/dns/chroot/var/dns
2）  第一个DNS服务修改后的内容如下：
[root@server ~]# cat /var/named/chroot/etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
      listen-on port 53 { 192.168.13.11; };
      listen-on-v6 port 53 { ::1; };
      directory    "/var/named";
      dump-file    "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      query-source port 53;
      query-source-v6 port 53;
};
logging {
      channel default_debug {
            file "data/named.run";
            severity dynamic;
      };
};
view localhost_resolver {
      recursion yes;
      include "/etc/named.rfc1912.zones";
};
[root@server ~]# cat /var/named/chroot/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "." IN {
      type hint;
      file "named.ca";
};

zone "localdomain" IN {
      type master;
      file "localdomain.zone";
      allow-update { none; };
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
      type master;
      file "named.local";
      allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
      type master;
      file "named.ip6.local";
      allow-update { none; };
};

zone "255.in-addr.arpa" IN {
      type master;
      file "named.broadcast";
      allow-update { none; };
};

zone "0.in-addr.arpa" IN {
      type master;
      file "named.zero";
      allow-update { none; };
};

zone "china.test" IN {
  type master;
  file "china.test.zone";
  allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
  type master;
  file "china.test.arpa";
  allow-update { none; };
};
3）  第二个DNS服务的主配置文件内容如下：
[root@server ~]# cat /var/dns/chroot/etc/dns.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
      listen-on port 54 { 192.168.13.11; };
      listen-on-v6 port 54 { ::1; };
      directory    "/var/dns";
      dump-file    "/var/dns/data/cache_dump.db";
      statistics-file "/var/dns/data/named_stats.txt";
      memstatistics-file "/var/dns/data/named_mem_stats.txt";
      query-source port 54;
      query-source-v6 port 54;
};
logging {
      channel default_debug {
            file "data/named.run";
            severity dynamic;
      };
};

zone "." IN {
      type hint;
      file "named.ca";
};

zone "localdomain" IN {
      type master;
      file "localdomain.zone";
      allow-update { none; };
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
      type master;
      file "named.local";
      allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
      type master;
      file "named.ip6.local";
      allow-update { none; };
};

zone "255.in-addr.arpa" IN {
      type master;
      file "named.broadcast";
      allow-update { none; };
};

zone "0.in-addr.arpa" IN {
      type master;
      file "named.zero";
      allow-update { none; };
};

zone "china.test" IN {
  type master;
  file "china.test.zone";
  allow-update { none; };
};
zone "13.168.192.in-addr.arpa" IN {
  type master;
  file "china.test.arpa";
  allow-update { none; };
};
4）  第一个DNS服务的域文件内容如下：
[root@server ~]# cat /var/named/chroot/var/named/china.test.zone
$TTL 86400
@    IN    SOA    server.china.test.    admin.china.test. (
                     2009062100
                     28800
                     14400
                     360000
                     86400
                     )
            NS    server.china.test.
server       IN A 192.168.13.11
client       IN A 192.168.13.24
HT08126       IN A 192.168.13.23
[root@server ~]# cat /var/named/chroot/var/named/china.test.arpa
$TTL 86400
@             IN    SOA    server.china.test.    admin.china.test. (
                     2009062100
                     28800
                     14400
                     360000
                     86400
                     )
@    NS    server.china.test.
11    IN PTR  server.china.test.
23    IN PTR  HT08126.china.test.
24    IN PTR  client.china.test.
5）  第二个DNS服务的域名文件内容如下：
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.zone
$TTL 86400
@    IN    SOA    server.china.test.    admin.china.test. (
                     2009062100
                     28800
                     14400
                     360000
                     86400
                     )
            NS    server.china.test.
server       IN A 192.168.13.11
client       IN A 192.168.13.14
HT08126       IN A 192.168.13.13
[root@server ~]# cat /var/dns/chroot/var/dns/china.test.arpa
$TTL 86400
@             IN    SOA    server.china.test.    admin.china.test. (
                     2009062100
                     28800
                     14400
                     360000
                     86400
                     )
@    NS    server.china.test.
11    IN PTR  server.china.test.
13    IN PTR  HT08126.china.test.
14    IN PTR  client.china.test.

3、  开启DNS服务
/usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot/
/usr/sbin/named -u named -c /etc/dns.conf -t /var/dns/chroot/
4、  配置防火墙，使不同的客户端得到不同的解析结果。
iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
5、  制作启动脚本，内容如下：
[root@server init.d]# cat dns
#!/bin/bash

NAMED_CONF="/etc/named.conf"
NAMED_CHROOT="/var/named/chroot/"
DNS_CONF="/etc/dns.conf"
DNS_CHROOT="/var/dns/chroot/"

start()
{
  echo -n $"Starting named:  "
  if [ -r ${NAMED_CHROOT}${NAMED_CONF} ]; then
/usr/sbin/named -u named -c ${NAMED_CONF} -t ${NAMED_CHROOT}
if [ "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${NAMED_CHROOT}/var/run/named/named.pid`" ]
then
   echo -e "       [ \033[;32m OK  \033[;37m ]"
else
   echo -e "       [ \033[;31mFiled\033[;37m ]"
fi
  else
echo "${NAMED_CHROOT}${NAMED_CONF} cound not open! please check...."
  fi
  echo -n $"Starting dns: "
  if [ -r ${DNS_CHROOT}${DNS_CONF} ]; then
/usr/sbin/named -u named -c ${DNS_CONF} -t ${DNS_CHROOT}
if [ "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" = "`cat ${DNS_CHROOT}/var/run/named/named.pid`" ]
then
   iptables -t nat -N PREDNS
   iptables -t nat -F PREDNS
   iptables -t nat -A PREDNS -p udp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
   iptables -t nat -A PREDNS -p tcp --dport 53 -s 192.168.13.24 -j REDIRECT --to 54
   until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
   do
      iptables -t nat -D PREROUTING -j PREDNS
   done
   iptables -t nat -I PREROUTING -j PREDNS
   echo -e "       [ \033[;32m OK  \033[;37m ]"
else
   echo -e "       [ \033[;31mFiled\033[;37m ]"
fi
  else
echo "${DNS_CHROOT}${DNS_CONF} cound cont open! please check...."
  fi
}

stop()
{
  if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
  then
echo -e "Stopping named:          [ \033[;31mFiled\033[;37m ]"
  else
kill -9 `ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping named:          [ \033[;32m OK  \033[;37m ]"
  fi
  if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
  then
echo -e "Stopping dns:             [ \033[;31mFiled\033[;37m ]"
  else
until [ -z "`iptables -t nat -L PREROUTING -vn | grep PREDNS`" ]
do
   iptables -t nat -D PREROUTING -j PREDNS
done
iptables -t nat -F PREDNS
iptables -t nat -X PREDNS
kill -9 `ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`
echo -e "Stopping dns:             [ \033[;32m OK  \033[;37m ]"
  fi
}

restart()
{
      stop
      sleep 2
      start
}

status()
{
  if [ -z "`ps aux | grep "$NAMED_CONF" | grep -v "grep" | awk '{print $2}'`" ]
  then
echo -e "\033[;31m named stopping... \033[;37m"
  else
echo -e "\033[;32m named running... \033[;37m"
  fi
  if [ -z "`ps aux | grep "$DNS_CONF" | grep -v "grep" | awk '{print $2}'`" ]
  then
echo -e "\033[;31m dns stopping... \033[;37m"
  else
echo -e "\033[;32m dns running... \033[;37m"
  fi
}

case "$1" in
      start)
            start
            ;;
      stop)
            stop
            ;;
      restart)
            restart
            ;;
      status)
            status
            ;;
      *)
            echo $"Usage: $0 {start|stop|status|restart}"
            exit 2
esac
6、  设置脚本可执行，并添加到/usr/sbin目录
[root@server ~]# chmod +x /etc/init.d/dns
[root@server ~]# cp /etc/init.d/dns /usr/sbin/dns
7、  设置自启动
[root@server ~]# echo "/usr/sbin/dns start" >> /etc/rc.d/rc.local
四、          测试与结论
主机A的测试结果如下：
C:\>ipconfig/all

Ethernet adapter lonet1:

      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Microsoft Loopback Adapter #2
      Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
      Dhcp Enabled. . . . . . . . . . . : No
      IP Address. . . . . . . . . . . . : 192.168.13.12
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . :
      DNS Servers . . . . . . . . . . . : 192.168.13.11

C:\>nslookup client.china.test
Server:  server.china.test
Address:  192.168.13.11

Name: client.china.test
Address:  192.168.13.24

主机B的测试结果如下：
[root@client ~]# ifconfig eth0
eth0    Link encap:Ethernet  HWaddr 00:0C:29:71:C6:09
      inet addr:192.168.13.24  Bcast:192.168.13.255  Mask:255.255.255.0
      inet6 addr: fe80::20c:29ff:fe71:c609/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:2674 errors:0 dropped:0 overruns:0 frame:0
      TX packets:779 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:219817 (214.6 KiB)  TX bytes:105427 (102.9 KiB)
      Interrupt:169 Base address:0x2000

[root@client ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search china.test
nameserver 192.168.13.11

[root@client init.d]# ping client.china.test
PING client.china.test (192.168.13.14) 56(84) bytes of data.

结论：实现了实验目标。

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/83566/showart_1981038.html

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)