環境:
主DNS伺服器 192.168.1.110 hostname=dns.costa.org DHCP伺服器 192.168.1.110從DNS伺服器 192.168.1.120 hostname=dns1.costa.org client linux DHCP獲得 hostname=redhat.costa.org 一:安裝主DNS伺服器以及DHCP伺服器
安裝DNS和DHCP伺服器
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
yum -y install dhcp
cd /var/named/chroot
dnssec-keygen -a HMAC-MD5 -b 128 -n USER costyleddns \\-a 加密方式 -b 加密的位數 -n user
dnssec-keygen -a HMAC-MD5 -b 128 -n USER rndc-key
查看ddns key密碼和rndc-key密碼
cat /var/named/chroot/Kcostyleddns.+157+61304.key
cat /var/named/chroot/Krndc-key.+157+20386.key
編輯/etc/dhcp.conf
ddns-update-style interim; \\更新ddns方式
ignore client-updates; \\不允許用戶端更新DNS
max-lease-time 604800; \\最大釋放時間 單位S
default-lease-time 86400; \\默認釋放時間 單位S
key costyleddns { \\更新DNS的key 語法為 key user {
algorithm HMAC-MD5; \\ algorithm HMAC-MD5;
secret qVdXEom1piP3PlBFc2gArA==; \\ secret ;
}; \\};
zone costa.org. { 要更新的zone
primary 192.168.1.110;
key costyleddns;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.110;
key costyleddns;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.125 192.168.1.150;
# --- default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
# --- option nis-domain "domain.org";
option domain-name "costa.org";
option domain-name-servers 192.168.1.110,192.168.1.120;
}
service dhcpd start | stop | restart
chkconfig dhcpd on | off on 開機自動啟動dhcpd服務
vi /etc/named.conf
options {
listen-on port 53 { any; }; \\修改地方1
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
query-source port 53;
query-source-v6 port 53;
allow-transfer { 192.168.1.110; }; \\設定主dns伺服器的ip允許輔dns伺服器轉送
allow-query { any; }; \\修改地方2
# allow-query-cache { localhost; };
# forwarders {8.8.8.8; };
# forward first;
};
key costyletransfer { \\設定允許轉送rndc key
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
server 192.168.1.110 { \\設定主伺服器轉送的key
keys {costyletransfer; };
};
key costyleddns { \\設定DDNS的key
algorithm hmac-md5;
secret qVdXEom1piP3PlBFc2gArA==;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view lan_resolver {
match-clients { 192.168.1.0/24; };
match-destinations { any; };
recursion yes;
include "/etc/named_lan.zones";
};
#view wan_resolver {
# match-clients { any; };
# match-destinations { any; };
# recursion yes;
# include "/etc/named_wan.zones";
#};
"/var/named/chroot/etc/named.conf" 65L, 1664C
2.配置 主配置文件
zone "." IN {
type hint;
file "named.ca";
};
zone "costa.org" IN {
type master; ***
file "costa.org.lan.zero"; ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
zone "1.168.192.in-addr.arpa" IN {
type master; ***
file "1.168.192.local"; ***
allow-update { key costyleddns; }; ***
allow-transfer { key costyletransfer; }; ***
};
3.配置區域配置文件:
cd /var/named/chroot/var/named/costa.org.lan.zero \\對應主配置文件的路徑
vi costa.org.lan.zero
$ORIGIN .
$TTL 86400 ; 1 day
costa.org IN SOA dns.costa.com. root.costa.org. (
43 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.costa.org.
MX 10 dns.costa.org.
$ORIGIN costa.org.
dns A 192.168.1.110
dns1 A 192.168.1.120
mail CNAME dns
$TTL 43200 ; 12 hours
redhat A 192.168.1.150 \\動態更新的DDNS
TXT "0075cad590578303201026362886ab527d"
$TTL 86400 ; 1 day
www CNAME dns
~
1.設置dns服務啟動以及開機啟動
service named start | stop | restart
chkconfig named on | off
2.關閉iptables 和 selinux 服務
service iptables stop
vi /etc/selinux/config 設置 selinux為disable狀態 并重啟機器
3.設置群組權限并允許區域寫入
chown -R named.named /var/named/chroot/var/named/
chmod -R 640 /var/named/chroot/var/named
vi /etc/sysconfig/named
ENABLE_ZONE_WRITE=yes
rpm -ivh bind-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-libs-9.3.6-20.P1.el5.x86_64.rpm
rpm -ivh bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
關閉防火牆和selinux
配置/var/named/chroot/etc/named.conf
options {
listen-on port 53 { any; }; \\
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; }; \\
allow-query-cache { any; }; \\
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
\\
key costyletransfer{
algorithm hmac-md5;
secret HYPqYO8y7cheP4nAjBbxDg==;
};
\\
server 192.168.1.110{
keys {costyletransfer;};
};
view costa_lan_resolver {
match-clients { 192.168.1.0/24; }; \\
match-destinations { any; };
recursion yes;
include "/etc/costa_lan.zones";
};
編輯主配置文件/var/named/chroot/etc/costa_lan.zones
zone "." IN {
type hint;
file "named.ca";
};
zone "costa.org" IN {
type slave; \\設定為從DNS伺服器
masters {192.168.1.110; }; \\設定主DNS伺服器的IP
file "slaves/costa.org.zero"; \\設定正向解析文件路徑
};
zone "1.168.192.in-addr.arpa" IN {
type slave; \\設定為從DNS伺服器
masters {192.168.1.110; }; \\設定主DNS伺服器的IP
file "slaves/1.168.192.local"; \\設定反向解析文件路徑
};
4.啟動dns服務及開機自啟動
# service named start
# chkconfig named on
在客戶機上添加dhclient.conf文件
end fqdn.fqdn "test"; //test为本机的hostname
send fqdn.encoded on;
send fqdn.server-update off;
重啟即可生效
nslookup 192.168.1.110 查找靜態IP地址
nslookup redhat DHCP動態分配ip地址
2.permission denied錯誤此類錯誤多為權限不足造成的 A: /var/named/chroot/var/named/ 設定歸屬為named.named 權限為 640B: /var/naemd/chroot/etc/ 設定歸屬為named.named 權限為 640
chown -R named.named /var/named/chroot/var/named/
chmod -R 640 /var/named/chroot/var/named/
3.语法错误 缺少标点符号
此类错误比较好判断
通过 # named -gc /var/named/chroot/etc/named.conf 可以发现哪里的问题 或折 # named-checkconf命令,没有任何提示时表明正常