2014年8月16日 星期六

RedHat/Fedora/CentOs Linux 中啟動及設定IPv6


RedHat/Fedora/CentOs Linux 中啟動及設定IPv6
在RedHat/Fedora/CentOs Linux 核心>=2.6 以後已經將IPv6編譯入核心,2008年以後出的Linux 版本內建IPv6是開啟的,所以只需少少的設定就能使用 IPv6。
一、啟動 IPv6
檢視IPv6模組是否已經掛進系統,如果預設沒啟動IPv6,則修改 /etc/modprobe.conf ,加入:
alias net-pf-10 ipv6
如果有這兩行,把他移除
alias ipv6 off
alias net-pf-10 off
請重新開機。
二、讓網卡介面中的 IPv6 設定生效
步驟一已經能正常使用IPv6,但如果網卡要設定 IPv6 屬性,則要修改 /etc/sysconfig/network,加入這行:
NETWORKING_IPV6=yes
修改網卡介面,vi /etc/sysconfig/network-scripts/ifcfg-eth0
IPV6ADDR=2001:288:5400:1::12/64
IPV6_DEFAULTGW=2001:288:5400::ff
IPV6INIT=yes
重啟網卡 /etc/init.d/network restart 或 service network restart
三、測試
測試模組是否加入
modprobe -c | grep ipv6
要有這行 alias net-pf-10 ipv6
測試自己
$ ping6 ::1
測試 GW
$ ping6 2001:288:5400:1::ff
測試外部
$ping6 2001:288:5400:2::1
其他
1. 關閉IPv6
修改 /etc/modprobe.conf ,移除 alias net-pf-10 ipv6
加入這兩行
alias ipv6 off
alias net-pf-10 off
重新開機
2. 關閉防火牆
$ service ip6tables stop
3. 設定DNS on IPv6
要加入 IPv6 DNS,可修改 /etc/resolv.conf 最後加入這行,這個 IP 是中縣網的 DNSv6
nameserver      2001:288:5400::1
nameserver      2001:288:5400::2

資料來源:http://note.tc.edu.tw/462.html

IPV6設定
張貼者: 沒有留言:

CentOS IP設定

若只有一張網路卡,則網路設定檔位於
  /etc/sysconfig/netwotk-scripts/ifcfg-eth0
通常系統安裝完成預設為DHCP模式,以下為設定檔內容範例:
DEVICE="eth0"//網路卡代號
BOOTPROTO="dhcp"  //若為固定IP則為BOOTPROTO="none"
HWADDR="00:0C:29:73:E4:76"
IPV6INIT="yes"//是否使用ipv6
NM_CONTROLLED="yes" //網管軟體相關
ONBOOT="yes" //安裝完成網路預設為不啟動,ONBOOT="no",用以避免駭客入侵
TYPE="Ethernet"
UUID="b5f711d7-743a-44ae-baae-10dffe1f1d5e"
備註:指令啟用/關閉網路卡
         啟用:ifup 網路卡代號 或
                  ifup 網路卡代號 up
         關閉:ifup 網路卡代號 down

若須設定固定IP,假設條件如下:
            IP:192.168.2.168
            網路遮罩:255.255.255.0
            預設閘道:192.168.2.1
            DNS伺服器:168.95.1.1
                              8.8.8.8
則檔案修改如下:
DEVICE="eth0"
BOOTPROTO="none"
HWADDR="00:0C:29:73:E4:76"
IPV6INIT="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="b5f711d7-743a-44ae-baae-10dffe1f1d5e"
IPADDR=192.168.2.168
NETMASK=255.255.255.0
GATEWAY=192.168.2.1
DNS1=168.95.1.1
DNS2=8.8.8.8
修改存檔後重新啟動網路設定
service network restart
/etc/init.d/network restart



資料來源:http://kirby86a.pixnet.net/blog/post/98811821-centos-6.4%E5%BF%AB%E9%80%9F%E8%A8%AD%E5%AE%9A%E5%9B%BA%E5%AE%9Aip
張貼者: 沒有留言:

CentOS DNS安裝設定參考

IPv6 DNS Server修正與設定

在CentOS5系統中,IPv6 DNS Server的修正與設定,算是複雜度比較高的項目之一。以下的文件整理,僅針對已建立完成的DNS Server作修正,因為DNS Server本身的複雜度就很高,若參考完本整理文件,也許會抓不著頭緒,敬請參考這幾年的研習講義,再來看這篇整理文件,也許就會瞭解比較多一點!
注意:這個文件僅僅是修正的整理筆記,您將無法獲得完整的操作資訊!
照例,我還是喜歡用快速檢測法來看看,我們家的DNS Server到底有沒有開啟IPv6的功能。
netstat -an | grep :53
tcp        0      0 163.32.225.1:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
udp        0      0 163.32.225.1:53         0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
看到這四行連線的狀態,就知道果然是還沒有開啟IPv6的功能。
首先,我們要先確認一下,目前bind的版本是否支援IPv6功能,若不支援,就要昇級版本了!
#  rpm  -qa  |  grep   bind
ypbind-1.19-12.el5
bind-libs-9.3.6-4.P1.el5_4.2
bind-9.3.6-4.P1.el5_4.2
bind-utils-9.3.6-4.P1.el5_4.2
bind-chroot-9.3.6-4.P1.el5_4.2
版本號碼是 9.3.6,還好是支援IPv6的。
(補充說明:bind是在4.9.5 及 8.1 版以後,就支援IPv6的AAAA記錄;9版以後,更支援一些進階的設定方式。)
在修改設定檔之前,要先將這台主機設定成IPv4/IPv6的的網路環境,並使用固定IPv6位址,完成後,再來修定named的設定檔。
第二個重點,要先蒐集並確認下列幾項IP資料:
DNS IPv6 IP ==>2001:288:82xx:1::1/64
校內網段==> 2001:288:82xx:1::/64 , 2001:288:82xx:5::/64 , 2001:288:82xx:6::/64
上層DNS IP ==> 163.28.136.14 , 2001:288:8201:1::14 , 163.28.136.2 , 2001:288:8201:1::2 , 163.28.136.10 , 2001:288:8201:1::10
接下來我們就依照設定檔的順序,一一地來修改DNS的設定檔,讓DNS Server可以支援IPv6功能。
1.named.conf的修定:設定檔在 /var/named/chroot/etc/named.conf
1-1.ACL描述部份:
1-1-1.acl secondaries 描述中,新增三筆上層DNS主機的IPv6位址。
acl secondaries {
localhost;
163.28.136.14/32;
163.28.136.10/32;
163.28.136.2/32;
2001:288:8201:1::14/128;
2001:288:8201:1::2/128;
2001:288:8201:1::10/128;
};
1-1-2.trusted 描述中,新增校內所有IPv6網段。
acl trusted {
localnets;
163.32.225.0/24;
192.168.100.0/24;
192.168.101.0/24;
2001:288:82xx:1::/64;
2001:288:82xx:5::/64;
2001:288:82xx:6::/64;
};
1-2.option描述中,新增IPv6的功能:在 allow-transfer 描述之前,新增下列兩行,以同時開啟IPv4/IPv6 DNS功能。
listen-on {any; };
listen-on-v6 {any; };
2.新增IPv6反解表(zone)設定:為求完整的IPv6正反解環境,必須在設定檔裡新增學校IPv6網段的反解表設定。
這個設定檔的位置,因各校設定方式而異;在named.conf中有設定view描述的,可能會用include方式引入類似named.zone.xx的zone設定檔,或沒設view描述的,就直接放在named.conf檔中。)
(檔案位置:/var/named/chroot/etc/named.conf 或 /var/named/chroot/etc/named.zone.xx)
zone “[domain].kh.edu.tw"{
type master;
file “master/named.[domain].in";
};
zone “???.32.163.in-addr.arpa"{
type master;
file “master/named.???.arpa.in";
};
zone “???.168.192.in-addr.arpa"{
type master;
file “master/named.nat???.arpa";
};
zone “???.168.192.in-addr.arpa"{
type master;
file “master/named.nat???.arpa";
};
zone “x.x.2.8.8.8.2.0.1.0.0.2.ip6.arpa" {
type master;
file “master/named.xxxxip6.arpa";
};
3.在原有正解表中,加入IPv6的AAAA紀錄。
(檔案位置:/var/named/chroot/var/named/master/named.[domain].xx)
$TTL          86400
@        IN    SOA    [domain].kh.edu.tw.    root. [domain].kh.edu.tw. (
2001101201 ; serial
1H ; refresh
15 ; retry
14D ; expire
12H ; Minimum
)
@        IN    MX    5    mail.[domain].kh.edu.tw.
@        IN    NS    [domain].kh.edu.tw.
@        IN    NS    dns.[domain].kh.edu.tw.
@        IN    A    163.32.???.1
@        IN    AAAA   2001:288:82xx:1::1
dns        IN    CNAME    [domain].kh.edu.tw.
dns.ipv6    IN    AAAA    2001:288:82xx:1::1
proxy        IN    A    192.168.???.2
mail        IN    A    163.32.???.3
IN    AAAA  2001:288:82xx:1::4
IN    MX    0    mail.[domain].kh.edu.tw.
www        IN    A    163.32.???.4
IN    AAAA    2001:288:82xx:1::6
www.ipv6   IN    AAAA    2001:288:82xx:1::6
ftp        IN    CNAME    www
vlmcs._tcp     IN      SRV     0 0 1688        ap24.kh.edu.tw.
4.新增一個IPv6反解表檔案:
(檔案位置:/var/named/chroot/var/named/master/named.xxxxip6.arpa)
; IPv6 reverse lookup zone for 2001:288:82xx::/48
@               IN      SOA     dns.[domain].kh.edu.tw.     root.dns.[domain].kh.edu.tw. (
2010042101 ; serial
28800 ; refresh
7200 ; retry
129600 ; expire
86400 ; default_ttl
)
@               IN      NS      dns.[domain].kh.edu.tw.
; for 2001:288:82xx::/48
$ORIGIN x.x.2.8.8.8.2.0.1.0.0.2.ip6.arpa.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0         IN      PTR     [domain].kh.edu.tw.
; for 2001:288:82xx:1::/64
$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.x.x.2.8.8.8.2.0.1.0.0.2.ip6.arpa.
1.0.0.0         IN      PTR     dns.[domain].kh.edu.tw.
4.0.0.0         IN      PTR     mail.[domain].kh.edu.tw.
; for 2001:288:82xx:5::/64
$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.x.x.2.8.8.8.2.0.1.0.0.2.ip6.arpa.
6.0.0.0         IN      PTR     blog.[domain].kh.edu.tw.
7.0.0.0         IN      PTR     student.[domain].kh.edu.tw.
1.5.0.0         IN      PTR     sql.[domain].kh.edu.tw.
5.重新下載named.cache檔案:下載DNS 13個Root的主機紀錄檔,以更新原有IPv4/IPv6正反解主機狀態。
#  cd   /var/named/chroot/var/named/master/
#  wget ftp://ftp.rs.internic.net/domain/named.cache
#  cp  -f  named.cache   root.cache
6.重新啟動DNS Service:
#  service   named   restart
7.記得檢查IPv6的防火牆設定,tcp/udp 53 port若沒有開,請重新設定防火牆,並重新啟動。
service  ip6tables  status
表格: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all      ::/0                 ::/0
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all      ::/0                 ::/0
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all      ::/0                 ::/0
2    ACCEPT     icmpv6    ::/0                 ::/0
3    ACCEPT     esp      ::/0                 ::/0
4    ACCEPT     ah       ::/0                 ::/0
5    ACCEPT     udp      ::/0                 ff02::fb/128       udp dpt:5353
6    ACCEPT     udp      ::/0                 ::/0               udp dpt:631
7    ACCEPT     tcp      ::/0                 ::/0               tcp dpt:631
8    ACCEPT     udp      ::/0                 ::/0               udp dpts:32768:61000
9    ACCEPT     tcp      ::/0                 ::/0               tcp dpts:32768:61000 flags:!0×16/0×02
10   ACCEPT     tcp      ::/0                 ::/0               tcp dpt:53
11   ACCEPT     udp      ::/0                 ::/0               udp dpt:53
12   ACCEPT     tcp      ::/0                 ::/0               tcp dpt:22
13   REJECT     all      ::/0                 ::/0               reject-with icmp6-adm-prohibited
8.再用快速檢查法,查看一下DNS Service是否開啟IPv6功能:
#  netstat   -an | grep   :53
tcp        0      0 163.32.225.1:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 :::53                   :::*                    LISTEN
udp        0      0 163.32.225.1:53         0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 :::53                   :::*
當您看到有 :::53 的狀態,就表示您的DNS Service已經支援IPv6功能了!


資料來源:http://blog.hmes.kh.edu.tw/wordpress/jang/2010/04/22/ipv6-dns-server%E4%BF%AE%E6%AD%A3%E8%88%87%E8%A8%AD%E5%AE%9A/
張貼者: 沒有留言:

DNS反解設定


台中市IPv6 DNS反解設定--Bind9
台中市的IPv6 反解已於4/1全部設定完畢,學校端只要依照下面的範例設定即可設定IPv6的反解,接下來以豐南國中作為設定的範例:
豐南國中設定參數:
  name server(NS): dns.fnjh.tc.edu.tw.
  manager email: admin.dns.fnjh.tc.edu.tw.
  IPv6 網段: 2001:288:542F::/48
  反解區域: F.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa
修改 named.conf,加入設定檔的位置:
zone "F.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa" {
       type master;
       file "../master/2001.288.542F.rev";
};
上面的檔案路徑請依貴伺服器狀態設定,反解檔設定名稱為 2001.288.542F.rev
2001.288.542F.rev 內容為:
$ttl 38400
@   IN  SOA dns.fnjh.tc.edu.tw. admin.dns.fnjh.tc.edu.tw. (
        1165291452
        10800
        3600
        604800
        38400 )
@   IN  NS  dns.fnjh.tc.edu.tw.
; 2001:288:542F:0:0:0:0:X
$ORIGIN 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.F.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa.
1.0.0.0     IN  PTR dns.fnjh.tc.edu.tw.
; 以下學校依自己狀況設定
2.0.0.0     IN  PTR www.fnjh.tc.edu.tw.
0.1.0.0     IN  PTR rest.fnkj.tc.edu.tw.
重啟 named 並測試:
# dig -x 2001:288:542F::1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -x 2001:288:542F::1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30073
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa. 38400 IN PTR dns.fnjh.tc.edu.tw.

;; AUTHORITY SECTION:
f.2.4.5.8.8.2.0.1.0.0.2.ip6.arpa. 38400 IN NS   dns.fnjh.tc.edu.tw.

;; ADDITIONAL SECTION:
dns.fnjh.tc.edu.tw.     15918   IN      A       163.17.43.1

;; Query time: 3 msec
;; SERVER: 163.17.40.3#53(163.17.40.3)
;; WHEN: Mon Apr  9 10:28:09 2012
;; MSG SIZE  rcvd: 152
如果看到 ANSWER 有顯示正確的內容,代表設定正確了!


資料來源:http://note.tc.edu.tw/755.html
張貼者: 沒有留言:

CentOS6 DNS 安裝

[A] Primary(Master) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : masterdns.ostechnix.com
IP Address           : 192.168.1.200/24

[B] Secondary(Slave) DNS Server Details:

Operating System     : CentOS 6.5 32 bit (Minimal Server)
Hostname             : slavedns.ostechnix.com
IP Address           : 192.168.1.201/24  

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server

The main configuration of the DNS will look like below. Edit and add the entries below which were marked as bold in this configuration files.
[root@masterdns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.200;};                      ## Master DNS IP ##
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                      ## IP Range ##
allow-transfer{ localhost; 192.168.1.201; };                        ## Slave DNS IP ##  
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type master;
file "fwd.ostechnix.com";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev.ostechnix.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Now we should create forward and reverse zone files which we mentioned in the‘/etc/named.conf file.

[A] Create Forward Zone

Create fwd.ostechnix.com file in the ‘/var/named’ directory and add the entries for forward zone as shown below.
[root@masterdns ~]# vi /var/named/fwd.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS     slavedns.ostechnix.com.masterdns     IN  A    192.168.1.200
slavedns     IN  A   192.168.1.201

[B] Create Reverse Zone

Create rev.ostechnix.com file in the ‘/var/named’ directory and add the entries for reverse zone as shown below.
[root@masterdns ~]# vi /var/named/rev.ostechnix.com 
$TTL 86400
@   IN  SOA     masterdns.ostechnix.com. root.ostechnix.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@IN  NS      masterdns.ostechnix.com.
@IN  NS      slavedns.ostechnix.com.
masterdnsIN  A   192.168.1.200
slavedns IN  A   192.168.1.201
200       IN  PTR     masterdns.ostechnix.com.
201      IN  PTR    slavedns.ostechnix.com.

3. Start the bind service

[root@masterdns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

4. Allow DNS Server through iptables

Add the lines shown in bold letters in ‘/etc/sysconfig/iptables’ file. This will allow all clients to access the DNS server.
[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables to save the changes

[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test syntax errors of DNS configuration and zone files

[A] Check DNS Config file

[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkconf /etc/named.rfc1912.zones

[B] Check zone files

[root@masterdns ~]# named-checkzone ostechnix.com /var/named/fwd.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone ostechnix.com /var/named/rev.ostechnix.com 
zone ostechnix.com/IN: loaded serial 2011071001
OK
[root@masterdns ~]#

7. Test DNS Server

Method A:

[root@masterdns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 5 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:48:35 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@masterdns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 12:49:53 2013
;; MSG SIZE  rcvd: 150

Method C:

[root@masterdns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200
Thats it. Now the Primary DNS server is ready

Setup Secondary(Slave) DNS Server

[root@slavedns ~]# yum install bind* -y

1. Configure Slave DNS Server

Open the main configuration file ‘/etc/named.conf and add the lines as shown in bold letters.
[root@slavedns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.201; };                    ## Slve DNS IP ##      
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };                     ## IP Range ##   
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"ostechnix.com" IN {
type slave;
file "slaves/ostechnix.fwd";
masters { 192.168.1.200; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/ostechnix.rev";
masters { 192.168.1.200; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

[root@slavedns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@slavedns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to Slave DNS server.
To verify, goto DNS database location(i.e ‘/var/named/slaves’) and use command ‘ls’.
[root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ls
ostechnix.fwd  ostechnix.rev
The forward and reverse zones are automatically replicated from Master DNS. Now check the zone files whether the correct zone files are replicated or not.

[A] Check Forward zone:

[root@slavedns slaves]# cat ostechnix.fwd 
$ORIGIN .
$TTL 86400; 1 day
ostechnix.comIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

[B] Check Reverse zone:

[root@slavedns slaves]# cat ostechnix.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.ostechnix.com. root.ostechnix.com. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NSmasterdns.ostechnix.com.
NSslavedns.ostechnix.com.
$ORIGIN 1.168.192.in-addr.arpa.
200PTRmasterdns.ostechnix.com.
201PTRslavedns.ostechnix.com.
masterdnsA192.168.1.200
slavedns A192.168.1.201

3. Add the DNS Server details to all systems

[root@slavedns ~]# vi /etc/resolv.conf 
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.200
nameserver 192.168.1.201
nameserver 8.8.8.8

4. Test DNS Server

Method A:

[root@slavedns ~]# dig slavedns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> slavedns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;slavedns.ostechnix.com.INA
;; ANSWER SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; Query time: 7 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:00:17 2013
;; MSG SIZE  rcvd: 110

Method B:

[root@slavedns ~]# dig masterdns.ostechnix.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.ostechnix.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.ostechnix.com.INA
;; ANSWER SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
;; AUTHORITY SECTION:
ostechnix.com.86400INNSmasterdns.ostechnix.com.
ostechnix.com.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 13 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:01:02 2013
;; MSG SIZE  rcvd: 110

Method C:

[root@slavedns ~]# nslookup slavedns
Server:192.168.1.200
Address:192.168.1.200#53
Name:slavedns.ostechnix.com
Address: 192.168.1.201

Method D:

[root@slavedns ~]# nslookup masterdns
Server:192.168.1.200
Address:192.168.1.200#53
Name:masterdns.ostechnix.com
Address: 192.168.1.200

Method E:

[root@slavedns ~]# dig -x 192.168.1.201
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56991
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;201.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
201.1.168.192.in-addr.arpa. 86400 INPTRslavedns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 6 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:03:39 2013
;; MSG SIZE  rcvd: 150

Method F:

[root@slavedns ~]# dig -x 192.168.1.200
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> -x 192.168.1.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42968
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;200.1.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
200.1.168.192.in-addr.arpa. 86400 INPTRmasterdns.ostechnix.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa.86400INNSslavedns.ostechnix.com.
1.168.192.in-addr.arpa.86400INNSmasterdns.ostechnix.com.
;; ADDITIONAL SECTION:
masterdns.ostechnix.com. 86400INA192.168.1.200
slavedns.ostechnix.com.86400INA192.168.1.201
;; Query time: 4 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Sun Mar  3 13:04:15 2013
;; MSG SIZE  rcvd: 150
資料來源:http://ostechnix.wordpress.com/2013/12/15/setup-dns-server-step-by-step-in-centos-6-3-rhel-6-3-scientific-linux-6-3-3/
張貼者: 沒有留言:
訂閱: 意見 (Atom)