- 论坛徽章:
- 0
|
linux 下DNS的配置三 辅DNS的配置 接上一篇 实验环境VMware 6.5.2 + RedHat Enterprise 5 已经建好了一个DNS的主要区域,这次试着做一个辅DNS 辅DNS只是负责分流,防止主DNS 由于负载过重而导致客户端解析时间过长 一旦主DNS不存在了,那辅DNS 也就起不到解析的作用了, 首先 禁掉防火墙,配ip [root@localhost ~]# setup
![]()
先选择 防火墙配置 (使用tab键切换)
![]()
用tab键切换 ,空格选择 上下箭头移动
![]()
![]()
![]()
![]()
![]()
[root@localhost ~]# vi /etc/resolv.conf 把dns指向自己 ; generated by /sbin/dhclient-script search router nameserver 192.168.0.6 保存退出 下一步 挂光盘 安装DNS所需的四个rpm包 [root@localhost ~]# cd /mnt [root@localhost mnt]# ls cdrom hgfs [root@localhost mnt]# mount /dev/cdrom /mnt/cdrom mount: block device /dev/cdrom is write-protected, mounting read-only [root@localhost mnt]# cd /mnt/cdrom/Server [root@localhost Server]# [root@localhost Server]# rpm -ivh bind- bind-9.3.3-10.el5.i386.rpm bind-chroot-9.3.3-10.el5.i386.rpm bind-devel-9.3.3-10.el5.i386.rpm bind-libbind-devel-9.3.3-10.el5.i386.rpm bind-libs-9.3.3-10.el5.i386.rpm bind-sdb-9.3.3-10.el5.i386.rpm bind-utils-9.3.3-10.el5.i386.rpm [root@localhost Server]# rpm -ivh bind-9.3.3-10.el5.i386.rpm warning: bind-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:bind ########################################### [100%] [root@localhost Server]# rpm -ivh bind-utils-9.3.3-10.el5.i386.rpm warning: bind-utils-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] package bind-utils-9.3.3-10.el5 is already installed [root@localhost Server]# rpm -ivh cach cachefilesd-0.8-2.el5.i386.rpm caching-nameserver-9.3.3-10.el5.i386.rpm [root@localhost Server]# rpm -ivh caching-nameserver-9.3.3-10.el5.i386.rpm warning: caching-nameserver-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:caching-nameserver ########################################### [100%] [root@localhost Server]# rpm -ivh bind-chroot-9.3.3-10.el5.i386.rpm warning: bind-chroot-9.3.3-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] 1:bind-chroot ########################################### [100%] [root@localhost Server]# 下一步 编辑配置文件 [root@localhost Server]# cd /var/named/chroot/etc [root@localhost etc]# ls localtime named.caching-nameserver.conf named.rfc1912.zones rndc.key [root@localhost etc]# vi named.conf 关键部位配置文件如下 // generated by named-bootconf.pl options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "sina.com" IN { type slave; file "slaves/sina.zone"; masters { 192.168.0.5; }; }; zone "0.168.192.in-addr.arpa" IN { type slave; file "slaves/sina.local"; masters { 192.168.0.5; }; }; zone "sohu.com" IN { type slave; file "slaves/sohu.zone"; masters { 192.168.0.5; }; }; include "/etc/rndc.key"; -- INSERT -- 保存退出 这里需要注意的是,建议源文件尽量不要动,复制后在进行操作,注意标点符号(;)少了没有 这里类型 换成辅DNS (type slave;) 存储位置 应该是(file "slaves/sina.zone";) 还有就是标明哪个是主DNS (masters { 192.168.0.5; };)注意里面的空格 [root@localhost etc]# service network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] [root@localhost etc]# 重启服务 这时我们可以ping一下 看看网通不通 [root@localhost etc]# ping 192.168.0.5 PING 192.168.0.5 (192.168.0.5) 56(84) bytes of data. 64 bytes from 192.168.0.5: icmp_seq=1 ttl=64 time=1.20 ms 64 bytes from 192.168.0.5: icmp_seq=2 ttl=64 time=0.165 ms 64 bytes from 192.168.0.5: icmp_seq=3 ttl=64 time=0.164 ms 64 bytes from 192.168.0.5: icmp_seq=4 ttl=64 time=0.186 ms 64 bytes from 192.168.0.5: icmp_seq=5 ttl=64 time=0.180 ms --- 192.168.0.5 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4000ms rtt min/avg/max/mdev = 0.164/0.380/1.205/0.412 ms [root@localhost etc]# 也可以 telnet一下他的53号端口 [root@localhost etc]# telnet 192.168.0.5 53 Trying 192.168.0.5... Connected to
www.sina.com
(192.168.0.5). Escape character is '^]'. ^] telnet> quit Connection closed. [root@localhost etc]# (^])这个符号是按住ctrl + 右(]})的,之后选择quit 退出 这时我们找到slaves目录,看看他的下面有没有把主DNS中的正向和反向区域文件复制过来 [root@localhost etc]# cd /var/named/chroot/var/named [root@localhost named]# ls data localhost.zone named.ca named.local slaves localdomain.zone named.broadcast named.ip6.local named.zero [root@localhost named]# cd slaves [root@localhost slaves]# ls sina.local sina.zone sohu.zone [root@localhost slaves]# 文件复制的没有问题,接下来我们来测试一下 [root@localhost slaves]# nslookup
www.sina.com
Server: 127.0.0.1 Address: 127.0.0.1#53 Name:
www.sina.com
Address: 192.168.0.5 [root@localhost slaves]# nslookup
www.sohu.com
Server: 127.0.0.1 Address: 127.0.0.1#53 Name:
www.sohu.com
Address: 192.168.0.5 [root@localhost slaves]# nslookup 192.168.0.5 Server: 127.0.0.1 Address: 127.0.0.1#53 5.0.168.192.in-addr.arpa name =
www.sohu.com.
5.0.168.192.in-addr.arpa name =
www.sina.com.
[root@localhost slaves]# ok,正向和反向都没有问题 成功解析 写到最后,此次试验如果不成功,首先检查自己的拼写错误,注意文件名中的.和,的 区别 谨祝各位实验顺利
http://yuzeying.blog.51cto.com/644976/153728
[/url]
本文来自ChinaUnix博客,如果查看原文请点:[url]http://blog.chinaunix.net/u3/93926/showart_1966664.html |
|
免费注册
发表于 2009-06-17 09:32
