..........

一台CentOS 6.0 服务器：IP:192.168.5.1
服务器名：master.haitian.com 主DNS服务器

一台CentOS 5.5 服务器：IP:192.168.5.2
服务器名：slave.haitian.com 从DNS服务器

一台windows xp 客户机 ip:192.168.5.7 

Master dns (P.S      叮嚀:更改檔案後，務必更新序號)

一、安装软件包；

1、让yum安装包保留在服务器上

[root@proxy ~]# vi
/etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
#修改此处，让其保留yum内容；
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5

2、使用yum 安装Bind （主DNS CentOS 6.0）服务器；

[root@master ~# yum -y install bind bind-chroot bind-libs
bind-devel

3、配置主DNS服务器
3.1
修改resovl.conf解析和hosts,目的是为了提高域名解析效率，需要将主从DNS的地址写入到/etc/hosts，同时在/etc/resolv.conf文件中指定主从DNS地址。
[root@master named]# vi
/etc/resolv.conf
nameserver 192.168.5.1
nameserver 192.168.5.2

[root@master named]# vi /etc/hosts
127.0.0.1
localhost localhost.localdomain localhost4
localhost4.localdomain4
1::1 localhost localhost.localdomain
localhost6 localhost6.localdomain6
192.168.5.1
master.haitian.com
192.168.5.2 slave.haitian.com

[root@master ~]# vi /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=master.haitian.com
#设置主机名
GATEWAY=192.168.5.254

3.2、设置Bind配置文件

#[root@master ~]# vi /etc/nanmed.conf

加入以下内容：options {

listen-on port 53 { any;
}; #将127.0.0.1 改为 any;
listen-on-v6
port 53 { ::1; };
directory "/var/named";

dump-file "/var/named/da ta/cache_dump.db";
statistics-file
"/var/named/da ta/named_stats.txt";
memstatistics-file
"/var/named/da ta/named_mem_stats.txt";
allow-query { any; }; #将localhost 改为
any;
recursion yes;

dnssec-enable yes;
dnssec-validation
yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug
{
file "da ta/named.run";
severity
dynamic;
};
};

zone "." IN {
type hint;
file
"named.ca";
};

##
新增加的内容###
zone "haitian.com" IN
{ ##设置正向DNS区域名称
type
master; ##区域类型为主域
file
"/etc/named/named.haitian.com"; ##正向区域的地址数据库文件名
allow-transfer {
192.168.5.2; }; ##设置允许下载区域数据库信息的从域名服务器地址
allow-update { none;
}; ##设置允许动态更新的客户端地址为禁止
};

zone "htsprings.com.cn" IN {
type
master;
file "/etc/named/named.htsprings.com.cn";

allow-transfer { 192.168.5.2; };
allow-update { none;
};
};

##反向解析
zone "5.168.192.in-addr.arpa" IN
{ ##设置反向DNS区域名称
type
master; ##区域类型为主域
file
"/etc/named/named.haitian.com.rev"; ##反向区域的地址数据库文件名
allow-transfer {
192.168.5.2; }; ##设置允许下载区域数据库信息的从域名服务器地址
allow-update {
none; }; ##设置允许动态更新的客户端地址为禁止
};

include "/etc/named.rfc1912.zones";

3.3、设置正反向解析数据库

可以复制模版进行修改

#[root@master ~]# cp /var/named/named.localhost
/etc/named/named.haitian.com

正向数据库如下：

#[root@master ~]# vi
/etc/named/named.haitian.com

$TTL 1D
@ IN SOA haitian.com admin.haitian.com.
(#设置SOA标记、域名、域管理邮箱
2011081200 ; serial
##更新序列号，用于标记地址数据库的变化，可以是10位以内的整数
1D ;
refresh #刷新时间
1H ;
retry #从域名服务器更新该地址数据库文件的间隔时间
1W
; expire #失效时间，超过该时间(1
Week)仍无法更新地址数据库，则不再尝试
3H ) ; minimum
#设置无效地址解析记录的默认缓存时间(1 Day)

IN NS haitian.com.
#NS为域名服务器记录，用于设置当前域的DNS服务器的域名地址，注意名称后都有"."
@ IN NS
master.haitian.com.
@ IN NS slave.haitian.com.

IN MX 5 mail.haitian.com.
#MX邮件交换记录，用于设置当前域的邮件服务器域名地址，数字表优先级，越大越低

master.haitian.com. IN A 192.168.5.1
#A地址记录，用于记录正向域名解析
slave.haitian.com. IN A 192.168.5.2
ftp IN
NS 192.168.5.1
www IN NS 192.168.5.1 #WWW
此处假设一个域名对应多个IP，可以实现基于DNS解析的负载均衡
www IN NS
192.168.5.2
vpn IN NS 192.168.5.2
gz IN CNAME
www #CNAME别名记录，表示gz.haitain.com是www.haitian.com的别名，可以通过nslookup

:wq
修改完成后保存退出

#[root@master ~]#vi /etc/named/named.haitian.com
$TTL
1D
@ IN SOA @ admin.haitian.com. (

2011081200 ; serial
1D ;
refresh
1H ;
retry
1W ;
expire
3H ) ; minimum

@ IN NS master.haitian.com.
#注意名称后有"."
@ IN NS slave.haitian.com.
1 IN
PTR www.haitian.com. #PTR指针记录，第一列为主机地址
1 IN PTR ftp.haitian.com. #此处对应正向区域数据库中的假设一个域名对应多个IP
2 IN PTR
vpn.haitian.com.

:wq
修改完成后保存退

重新启动DNS服务
[root@master named]# service named
restart
Stopping named: [ OK
]
Starting named: [ OK
]

[root@mster ~]# chkconfig --level 35 named on
#将named服务设为开机自启 动

使用named -g 查错
[root@localhost etc]# named -g
Jun 13 11:18:01.227
starting BIND 9.2.4rc6 -g
Jun 13 11:18:01.227 using 1 CPU
Jun 13
11:18:01.233 loading configuration from '/etc/named.conf'
Jun 13
11:18:01.241 no IPv6 interfaces found
Jun 13 11:18:01.242 listening on IPv4
interface lo, 127.0.0.1#53
Jun 13 11:18:01.243 binding TCP socket: address
in use
Jun 13 11:18:01.243 listening on IPv4 interface eth0, 150.31.3.251#53

Jun 13 11:18:01.244 binding TCP socket: address in use
Jun 13
11:18:01.249 /etc/named.conf:19: couldn't add command channel 127.0.0.1#953:
address in use
Jun 13 11:18:01.250 ignoring config file logging statement
due to -g option
Jun 13 11:18:01.250 couldn't open pid file
'/var/run/named/named.pid': Permission denied
Jun 13 11:18:01.250 exiting
(due to early fatal error)

named.pid permission denied

如果出现以上错误，解决方法如下：
[root@master named]# chown root:named /var/run/named

检查主机
[root@master named]#
named-checkzone zonename named.haitian.com
named.haitian.com:12:
ignoring out-of-zone da ta (master.haitian.com)
named.haitian.com:13:
ignoring out-of-zone da ta (slave.haitian.com)
named.haitian.com:14: NS
record '192.168.5.1' appears to be an address
named.haitian.com:15: NS record
'192.168.5.1' appears to be an address
named.haitian.com:16: NS record
'192.168.5.2' appears to be an address
zone zonename/IN: ftp.zonename/NS '192.168.5.1.zonename'
has no address records (A or AAAA)
zone zonename/IN: vpn.zonename/NS
'192.168.5.2.zonename' has no address records (A or AAAA)
zone zonename/IN:
www.zonename/NS
'192.168.5.1.zonename' has no address records (A or AAAA)
zone zonename/IN:
loaded serial 2011081200
OK
[root@master named]#
named-checkzone zonename named.haitian.com.rev
zone zonename/IN:
loaded serial 2011081200
OK
[root@master
named]#

四、安装配置Slave DNS(从DNS)服务器
1、安装Slave DNS
Server必备的软件；CentOS5.5需要多安装一个包caching-nameserver
[root@slave ~]# yum -y
install bind bind-chroot bind-libs bind-devel caching-nameserver

2、配置从DNS服务器
2.1、从DNS相关配置
修改resovl.conf解析和hosts,目的是为了提高域名解析效率,和配置主DNS相同；
[root@slave~]#
vi /etc/resolv.conf
nameserver 192.168.5.1
nameserver
192.168.5.2

[root@slave~]# vi /etc/hosts
127.0.0.1 localhost
localhost.localdomain localhost4 localhost4.localdomain4
1::1
localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.5.1 master.haitian.com
192.168.5.2
slave.haitian.com

[root@slave~]# vi /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=slave.haitian.com
#设置主机名
GATEWAY=192.168.5.254

2.2、配置slave DNS服务器，CentOS 5.5
yum安装bind在/etc/下没有named目录，也没有named.conf配置文件，需要从模版中复制出来，或者自己创建
复制配置文件，记得后面要加参数-p，让权限保持一致；
[root@slave
etc]# cp -p mv named.caching-nameserver.conf
named.conf
具体内容如下;
[root@slave etc]# vim named.conf
options
{
listen-on port 53 { any; }; #修改为any
#
listen-on-v6 port 53 { ::1; };
directory
"/var/named";
dump-file
"/var/named/da ta/cache_dump.db";
statistics-file
"/var/named/da ta/named_stats.txt";
memstatistics-file
"/var/named/da ta/named_mem_stats.txt";

// Those options should be used carefully because
they disable port
// randomization
// query-source port
53;
// query-source-v6 port 53;

allow-query { any; };
#修改为any
allow-query-cache { any; }; #修改为any
};
logging
{
channel default_debug {
file
"da ta/named.run";
severity dynamic;
};
};
view
localhost_resolver {
match-clients { any; };
#修改为any
match-destinations { any; }; #修改为any
recursion
yes;
include "/etc/named.rfc1912.zones";

##以下是手工配置内容#####
zone "haitian.com" IN {

type slave;
masters { 192.168.5.1; };
file
"slaves/slave.haitian.com";
};

zone "htsprings.com.cn" IN {
type
slave;
masters { 192.168.5.1; };
file
"slaves/slave.htsprings.com.cn";
};

zone "5.168.192.in-addr.arpa" IN {
type
slave;
masters { 192.168.5.1; };
file
"slaves/slave.haitian.com.rev";
};

};

:wq
保存退出;

重新启动DNS服务
[root@master named]# service named
restart
Stopping named: [ OK
]
Starting named: [ OK
]

将named服务设为开机自启动
[root@slave slaves]# chkconfig
--level 35 named on

查看/var/named/slaves/有没有更新NDS数据库，如果没有使用以下方法

使用named -g 查错
[root@localhost etc]# named -g

15-Aug-2011 08:10:27.264 starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
-g
15-Aug-2011 08:10:27.264 adjusted limit on open files from 1024 to
1048576
15-Aug-2011 08:10:27.265 found 1 CPU, using 1 worker
thread
15-Aug-2011 08:10:27.265 using up to 4096 sockets
15-Aug-2011
08:10:27.269 loading configuration from '/etc/named.conf'
15-Aug-2011
08:10:27.270 using default UDP/IPv4 port range: [1024, 65535]
15-Aug-2011
08:10:27.271 using default UDP/IPv6 port range: [1024, 65535]
15-Aug-2011
08:10:27.272 listening on IPv6 interface lo, ::1#53
15-Aug-2011 08:10:27.273
binding TCP socket: address in use
15-Aug-2011 08:10:27.273 listening on IPv4
interface lo, 127.0.0.1#53
15-Aug-2011 08:10:27.273 binding TCP socket:
address in use
15-Aug-2011 08:10:27.273 listening on IPv4 interface eth0,
192.168.5.2#53
15-Aug-2011 08:10:27.273 binding TCP socket: address in
use
15-Aug-2011 08:10:27.275 couldn't add command channel 127.0.0.1#953:
address in use
15-Aug-2011 08:10:27.275 couldn't add command channel ::1#953:
address in use
15-Aug-2011 08:10:27.275 ignoring config file logging
statement due to -g option
15-Aug-2011 08:10:27.293 zone
0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
15-Aug-2011
08:10:27.293 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial
1997022700
15-Aug-2011 08:10:27.293 zone
255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
15-Aug-2011
08:10:27.293 zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700
15-Aug-2011 08:10:27.294 zone
localdomain/IN/localhost_resolver: loaded serial 42
15-Aug-2011 08:10:27.294
zone localhost/IN/localhost_resolver: loaded serial 42
15-Aug-2011
08:10:27.294 running
15-Aug-2011 08:10:27.296 zone
haitian.com/IN/localhost_resolver: Transfer started.
15-Aug-2011 08:10:27.297
transfer of 'haitian.com/IN' from 192.168.5.1#53: connected using
192.168.5.2#44746
15-Aug-2011 08:10:27.298 dumping master file:
slaves/tmp-lHqJkXyrSb: open: permission denied
15-Aug-2011 08:10:27.299
transfer of 'haitian.com/IN' from 192.168.5.1#53: failed while receiving
responses: permission denied
15-Aug-2011 08:10:27.299 transfer of
'haitian.com/IN' from 192.168.5.1#53: end of transfer
15-Aug-2011
08:10:28.121 zone 5.168.192.in-addr.arpa/IN/localhost_resolver: Transfer
started.
15-Aug-2011 08:10:28.122 transfer of '5.168.192.in-addr.arpa/IN'
from 192.168.5.1#53: connected using 192.168.5.2#46494
15-Aug-2011
08:10:28.124 dumping master file: slaves/tmp-SXUfvOpQou: open: permission
denied
15-Aug-2011 08:10:28.124 transfer of '5.168.192.in-addr.arpa/IN' from
192.168.5.1#53: failed while receiving responses: permission
denied
15-Aug-2011 08:10:28.124 transfer of '5.168.192.in-addr.arpa/IN' from
192.168.5.1#53: end of transfer
15-Aug-2011 08:11:06.353 shutting
down
15-Aug-2011 08:11:06.353 no longer listening on ::1#53
15-Aug-2011
08:11:06.354 no longer listening on 127.0.0.1#53
15-Aug-2011 08:11:06.354 no
longer listening on 192.168.5.2#53
出现"transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while receiving
responses: permission denied"的解决办法
解决办法:
[root@slave slaves]#
chown root:named /var/named/slaves/

[root@slave slaves]# named
[root@slave slaves]#
ls
slave.haitian.com slave.haitian.com.rev
slave.htsprings.com.cn
出现以上三个文件，说明slave DNS从Master
DNS复制成功！

[root@slave slaves]# tail -f
/var/log/messages
Aug 15 13:00:52 slave
named[4165]: zone htsprings.com.cn/IN/localhost_resolver: Transfer
started.
Aug 15 13:00:52 slave named[4165]: transfer of 'htsprings.com.cn/IN'
from 192.168.5.1#53: connected using 192.168.5.2#56580
Aug 15 13:00:52 slave
named[4165]: zone htsprings.com.cn/IN/localhost_resolver: transferred serial
2011081200
Aug 15 13:00:52 slave named[4165]: transfer of
'htsprings.com.cn/IN' from 192.168.5.1#53: end of transfer
Aug 15 13:00:53
slave named[4165]: zone haitian.com/IN/localhost_resolver: Transfer
started.
Aug 15 13:00:53 slave named[4165]: zone
5.168.192.in-addr.arpa/IN/localhost_resolver: Transfer started.
Aug 15
13:00:53 slave named[4165]: transfer of '5.168.192.in-addr.arpa/IN' from
192.168.5.1#53: connected using 192.168.5.2#60612
Aug 15 13:00:53 slave
named[4165]: transfer of 'haitian.com/IN' from 192.168.5.1#53: connected using
192.168.5.2#58178
Aug 15 13:00:53 slave named[4165]: zone
5.168.192.in-addr.arpa/IN/localhost_resolver: transferred serial 0
Aug 15
13:00:53 slave named[4165]: transfer of '5.168.192.in-addr.arpa/IN' from
192.168.5.1#53: end of transfer
Aug 15 13:00:53 slave named[4165]: zone
5.168.192.in-addr.arpa/IN/localhost_resolver: sending notifies (serial 0)
Aug
15 13:00:53 slave named[4165]: zone haitian.com/IN/localhost_resolver:
transferred serial 2011081200
Aug 15 13:00:53 slave named[4165]: transfer of
'haitian.com/IN' from 192.168.5.1#53: end of transfer
Aug 15 13:00:53 slave
named[4165]: zone haitian.com/IN/localhost_resolver: sending notifies (serial
2011081200)
Aug 15 13:00:53 slave named[4165]: client 192.168.5.2#36784: view
localhost_resolver: received notify for zone 'haitian.com'
Aug 15 13:00:53
slave named[4165]: zone haitian.com/IN/localhost_resolver: refused notify from
non-master: 192.168.5.2#36784

在winxp下将网卡的DNS指向192.168.5.2，测试DNS
C:\>nslookup
Default Server: vpn.haitian.com
Address:
192.168.5.2

> 192.168.5.1
Server: vpn.haitian.com
Address:
192.168.5.2

Name: ftp.haitian.com
Address:
192.168.5.1

> 192.168.5.2
Server: vpn.haitian.com
Address:
192.168.5.2

Name: vpn.haitian.com
Address:
192.168.5.2

> haitian.com
Server: vpn.haitian.com
Address:
192.168.5.2

Name: haitian.com
Addresses: 192.168.5.1,
192.168.5.2

> htsprings.com.cn
Server:
vpn.haitian.com
Address: 192.168.5.2

Name: htsprings.com.cn
Address:
192.168.5.1

说明主、从DNS配置成功！到此完成！