Giới thiệu
Domain Name System (DNS) chuyển đổi hostnames hoặc URLs sang địa chỉ IP. Vì địa chỉ IP rất khó nhớ và không có thẩm mĩ 😀 nên chúng ta cần tới các Server DNS để chuyển đổi hostnames sang IP. Ví dụ: google.com.vn -> 173.194.127.55.
Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 server
Hostname : masterdns.lab.com
IP Address : 192.168.1.100/24
Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.5 server
Hostname : secondarydns.lab.com
IP Address : 192.168.1.101/24
Client Details:
Operating System : CentOS 6.5 Desktop
Hostname : client.lab.com
IP Address : 192.168.1.102/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
Cấu hình DNS Server
[root@masterdns ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.1.100; }; #Master DNS IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;192.168.1.0/24; }; #Ip range
allow-transfer {localhost;192.168.1.101; } #Slave DNS IP
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "lab.com" IN {
type master;
file "forward.lab";
allow-update {none; }
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.lab";
allow-update {none; }
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
:wq #lưu lại
Tạo Zone Forward và Reverse đã đề cập trong file /etc/named.conf
Tạo Forward Zone
[root@masterdns ~]# vi /var/named/forward.lab
$TTL 86400
@ IN SOA masterdns.lab.com. root.lab.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.lab.com.
@ IN NS secondarydns.lab.com.
@ IN A 192.168.1.100
@ IN A 192.168.1.101
@ IN A 192.168.1.102
masterdns IN A 192.168.1.100
secondarydns IN A 192.168.1.101
client IN A 192.168.1.102
:wq #lưu lại
Tạo Reverse Zone
[root@masterdns ~]# vi /var/named/reverse.lab
$TTL 86400
@ IN SOA masterdns.lab.com. root.lab.com. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS masterdns.lab.com.
@ IN NS secondarydns.lab.com.
@ IN PTR unixmen.local.
masterdns IN A 192.168.1.100
secondarydns IN A 192.168.1.101
client IN A 192.168.1.102
100 IN PTR masterdns.lab.com.
101 IN PTR secondarydns.lab.com.
102 IN PTR client.lab.com.
:wq #lưu lại
Start dịch vụ DNS
[root@masterdns ~]# service named start
[root@masterdns ~]# chkconfig named on
Sửa iptables để cho phép DNS server
[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
#nfs
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
#portmapper
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
#mountd
-A INPUT -m state --state NEW -m tcp -p tcp --dport 48192 -j ACCEPT
#rquotad
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
#DNS
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq #lưu lại
Restart iptables
[root@masterdns ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Kiểm tra các file cấu hình và file zone có bị lỗi cú pháp hay không
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkzone lab.com /var/named/forward.lab
zone lab.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone lab.com /var/named/reverse.lab
zone lab.com/IN: loaded serial 2011071001
OK
Test DNS server
[root@masterdns ~]# dig masterdns.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> masterdns.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;masterdns.lab.com. IN A
;; ANSWER SECTION:
masterdns.lab.com. 5 IN A 176.74.176.178
;; Query time: 2246 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Thu Jul 31 19:21:22 2014
;; MSG SIZE rcvd: 51
[root@masterdns ~]# nslookup lab.com
Server: 192.168.8.2
Address: 192.168.8.2#53
Non-authoritative answer:
Name: lab.com
Address: 176.74.176.178
Vậy là đã hoàn thành cấu hình trên Primary DNS server
Setup Secondary(Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
Configure Slave DNS Server
[root@secondarydns ~]# vi /etc/named.conf//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "lab.com" IN {
type slave;
file "slaves/lab.fwd";
masters { 192.168.1.100; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/lab.rev";
masters {192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
:wq #lưu lại
Start the DNS Service
[root@secondarydns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@secondarydns ~]# chkconfig named on
Bây giờ forward và reverse zones được sao chép tự động từ Master DNS server vào /var/named/slaves/ trong Secondary DNS server .
[root@secondarydns ~]# ls /var/named/slaves/
lab.fwd lab.rev
[root@secondarydns ~]# cat /var/named/slaves/lab.fwd
$ORIGIN .
$TTL 86400 ; 1 day
lab.com IN SOA masterdns.lab.com. root.lab.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.lab.com.
NS secondarydns.lab.com.
A 192.168.1.100
A 192.168.1.101
A 192.168.1.102
$ORIGIN lab.com.
client A 192.168.1.102
masterdns A 192.168.1.100
secondarydns A 192.168.1.101
[root@secondarydns ~]# cat /var/named/slaves/lab.rev
$ORIGIN .
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA masterdns.lab.com. root.lab.com. (
2011071001 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS masterdns.lab.com.
NS secondarydns.lab.com.
PTR unixmen.local.
$ORIGIN 1.168.192.in-addr.arpa.
100 PTR masterdns.lab.com.
101 PTR secondarydns.lab.com.
102 PTR client.lab.com.
client A 192.168.1.102
masterdns A 192.168.1.100
secondarydns A 192.168.1.101
Add the DNS Server details to all systems
[root@secondarydns ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search lab.com
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8
Test DNS server
[root@secondarydns ~]# dig masterdns.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> masterdns.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43129
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.lab.com. IN A
;; ANSWER SECTION:
masterdns.lab.com. 86400 IN A 192.168.1.100
;; AUTHORITY SECTION:
lab.com. 86400 IN NS masterdns.lab.com.
lab.com. 86400 IN NS secondarydns.lab.com.
;; ADDITIONAL SECTION:
secondarydns.lab.com. 86400 IN A 192.168.1.101
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Jul 31 20:31:07 2014
;; MSG SIZE rcvd: 108
[root@secondarydns ~]# dig secondarydns.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> secondarydns.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1003
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.lab.com. IN A
;; ANSWER SECTION:
secondarydns.lab.com. 86400 IN A 192.168.1.101
;; AUTHORITY SECTION:
lab.com. 86400 IN NS secondarydns.lab.com.
lab.com. 86400 IN NS masterdns.lab.com.
;; ADDITIONAL SECTION:
masterdns.lab.com. 86400 IN A 192.168.1.100
;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Jul 31 20:32:02 2014
;; MSG SIZE rcvd: 108
[root@secondarydns ~]# nslookup lab.com
Server: 192.168.1.100
Address: 192.168.1.100#53
Name: lab.com
Address: 192.168.1.102
Name: lab.com
Address: 192.168.1.100
Name: lab.com
Address: 192.168.1.101
Cấu hình trên Client
Thêm DNS server details trong file /etc/resolv.conf và tất cả máy Client
[root@client ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search lab.com
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8
:wq # lưu lại
Test DNS
[root@client ~]# dig masterdns.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> masterdns.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17253
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.lab.com. IN A
;; ANSWER SECTION:
masterdns.lab.com. 86400 IN A 192.168.1.100
;; AUTHORITY SECTION:
lab.com. 86400 IN NS secondarydns.lab.com.
lab.com. 86400 IN NS masterdns.lab.com.
;; ADDITIONAL SECTION:
secondarydns.lab.com. 86400 IN A 192.168.1.101
;; Query time: 18 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Jul 31 21:08:24 2014
;; MSG SIZE rcvd: 108
[root@client ~]# dig secondarydns.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> secondarydns.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31050
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.lab.com. IN A
;; ANSWER SECTION:
secondarydns.lab.com. 86400 IN A 192.168.1.101
;; AUTHORITY SECTION:
lab.com. 86400 IN NS masterdns.lab.com.
lab.com. 86400 IN NS secondarydns.lab.com.
;; ADDITIONAL SECTION:
masterdns.lab.com. 86400 IN A 192.168.1.100
;; Query time: 15 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Jul 31 21:08:58 2014
;; MSG SIZE rcvd: 108
[root@client ~]# dig client.lab.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> client.lab.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7176
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;client.lab.com. IN A
;; ANSWER SECTION:
client.lab.com. 86400 IN A 192.168.1.102
;; AUTHORITY SECTION:
lab.com. 86400 IN NS secondarydns.lab.com.
lab.com. 86400 IN NS masterdns.lab.com.
;; ADDITIONAL SECTION:
masterdns.lab.com. 86400 IN A 192.168.1.100
secondarydns.lab.com. 86400 IN A 192.168.1.101
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Jul 31 21:09:33 2014
;; MSG SIZE rcvd: 131
[root@client ~]# nslookup lab.com
Server: 192.168.1.100
Address: 192.168.1.100#53
Name: lab.com
Address: 192.168.1.100
Name: lab.com
Address: 192.168.1.101
Name: lab.com
Address: 192.168.1.102
Vậy là Primary và Secondary DNS server đã sẵn sàng hoạt động.
Chúc các bạn thành công! 🙂