实验须知:
192.168.1.11作为实验主机1,
192.168.1.12作为实验主机2
1. 缓存服务器的配置
(1) 首先安装bind
(2) 在主配置文件/etc/named.conf注释相应内容(如dnssec相关的)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#yum install bind –y
#service named start
#ss–tnlp | grep :53
# cp /etc/named.conf{,.bak}
#vim /etc/named.conf
options{
listen-on port 53 { 127.0.0.1; 192.168.1.11;};
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
#service named restart
[iyunv@node1named]# ss -tnlp | grep 53
LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4968,20))
……
|
到这里我们的缓存服务器就配置完成了
2. 配置主DNS服务器(正向、反向)
方法: (1) 在缓存服务器的基础上,在主配置文件中/etc/named.rfc1912.zone添加区域zone
(2) 在/var/named/目录中给定义的域添加区域解析库文件
(1)正向区域的配置 具体实现步骤: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| [iyunv@node1 ~]# vim /etc/named.rfc1912.zones
……
//添加区域:
zone"tanjie.com." IN {
type master;
file "tanjie.com.zone";
};
[iyunv@node1 ~]#cd /var/named/
[iyunv@node1 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[iyunv@node1 named]# vim tanjie.com.zone
$TTL 1D
@ IN SOA ns1.tanjie.com. admin.tanjie.com(
2015081501
2H
5M
3D
2D
)
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.1.11
ns2 IN A 192.168.1.12
mx1 IN A 192.168.1.13
mx2 IN A 192.168.1.14
www IN CNAME ns1
ftp IN CNAME ns2
[iyunv@node1named]# named-checkconf
[iyunv@node1 named]# named-checkzone"tanjie.com" /var/named/tanjie.com.zone
zone tanjie.com/IN: loaded serial 2015081501
OK
[iyunv@node1 named]# chmod 640 tanjie.com.zone
[iyunv@node1 named]# chown :named tanjie.com.zone
[iyunv@node1 named]# service named restart
[iyunv@node1 named]# rndc reload
|
到这里我们的主DNS服务器正向区域的就配置好了,下面对其进行3个测试:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| [iyunv@node1named]# dig -t A ns1.tanjie.com @192.168.1.11
……….
;; QUESTION SECTION:
;ns1.tanjie.com. IN A
;; ANSWER SECTION:
ns1.tanjie.com. 86400 IN A 192.168.1.11
………
[iyunv@node1 named]# dig -t A ns2.tanjie.com@192.168.1.11
………………
;; QUESTION SECTION:
;ns2.tanjie.com. IN A
;; ANSWER SECTION:
ns2.tanjie.com. 86400 IN A 192.168.1.12
……………….
[iyunv@node1 named]# dig -t CNAME www.tanjie.com @192.168.1.11
………………..
;; QUESTION SECTION:
;www.tanjie.com. IN CNAME
;; ANSWER SECTION:
www.tanjie.com. 86400 IN CNAME ns1.tanjie.com
…………………
|
都测试成功了
(2)反向区域的配置 【注意:反向区域的名称一定要网络地址反写.in-addr.arpa.】 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| 具体实现步骤:
[iyunv@node1 named]# vim /etc/named.rfc1912.zones
…..添加……
zone"1.168.192.in-addr.arpa." IN {
type master;
file "192.168.1.zone";
};
[iyunv@node1 named]# cd /var/named/
[iyunv@node1 named]# vim 192.168.1.zone
$TTL 1D
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.tanjie.com. admin.tanjie.com. (
2015081511
5H
5M
4D
3D
)
IN NS ns1.tanjie.com.
IN NS ns2.tanjie.com.
11 IN PTR ns1.tanjie.com.
13 IN PTR stu.tanjie.com.
12 IN PTR www.tanjie.com.
12 IN PTR ns2.tanjie.com.
[iyunv@node1 named]# chmod 640 192.168.1.zone
[iyunv@node1 named]# chown :named 192.168.1.zone
[iyunv@node1 named]# named-checkconf
[iyunv@node1 named]# named-checkzone"1.168.192.in-addr.arpa." 192.168.1.zone
zone 1.168.192.in-addr.arpa/IN: loaded serial2015081511
OK
[iyunv@node1 named]# rndc reload
server reload successful
到此我们的DNS服务器反向解析就配置好了,下面对配置完成的进行测试
[iyunv@node1 named]# dig -x 192.168.1.13 @192.168.1.11
……………..
;; QUESTION SECTION:
;13.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
13.1.168.192.in-addr.arpa. 86400 IN PTR stu.tanjie.com.
………………
[iyunv@node1 named]# dig -x 192.168.1.13 @192.168.1.11
……………..
;; QUESTION SECTION:
;13.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
13.1.168.192.in-addr.arpa. 86400 IN PTR stu.tanjie.com
…………………….
|
测试成功!!!
(3)泛域名解析配置 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| [iyunv@node1 named]#vim tanjie.com.zone
……添加一项………..
* IN A 192.168.1.10
[iyunv@node1 named]# rndcreload
server reloadsuccessful
下面对配置的进行测试
[iyunv@node1 named]# dig -tA SS.tanjie.com @192.168.1.11
; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A SS.tanjie.com@192.168.1.11
;; global options: +cmd
;; Got answer:
;;->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26642
;; flags: qr aa rd ra;QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;SS.tanjie.com. IN A
;; ANSWER SECTION:
SS.tanjie.com. 86400 IN A 192.168.1.10
………
|
测试成功!!!
3. 定义DNS主从复制(这里从服务器地址为192.168.1.12,主服务器为192.168.1.11)
方法: (1) 主服务器区域解析库文件中必须有1条NS记录指向从服务器
(2) 从服务器只需要定义区域,无需定义区域解析库文件。同步以后解析库文件放在/var/named/slaves/目录下,
1
2
3
4
5
6
| 定义从区域的方法:
zone "ZONE_NAME" IN {
typeslave;
masters{ MASTER_IP; };
file"slaves/ZONE_NAME.zone";
};
|
(1) 定义正向区域主从复制
具体步骤: - 1. 在主服务器192.168.1.11的区域解析库文件中已经有一条NS记录指向192.168.1.12了,所以就先不定义了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| #yum install bind -y
#vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;192.168.12; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
};
#service namedrestart
#ss -tnl
检查53号端口
#ss -unl
检查53号端口
[iyunv@node2 ~]# vim/etc/named.rfc1912.zones
[iyunv@node2 ~]#named-checkconf
[iyunv@node2 ~]#rndc reload
server reloadsuccessful
|
到这里正向主从复制就定义完成了,下面对定义好了进行检验: 1
2
3
4
5
| [iyunv@node2 ~]#cd /var/named/
data/ dynamic/ named.ca named.empty named.localhost named.loopback slaves/
[iyunv@node2 ~]#cd /var/named/slaves/
[iyunv@node2slaves]# ls
tanjie.com.zone
|
可以发现slaves目录下多了个区域文件tanjie.com.zone ,就是从主服务器里面传送过来的
(2) 定义反向区域主从复制
1. 首先保证主服务器192.168.1.11的反向解析文件的NS记录有1条指向192.168.1.12。
1
2
3
4
5
6
7
8
| [iyunv@node1 named]# vim/var/named/192.168.1.zone
………………….
IN NS ns1.tanjie.com.
IN NS ns2.tanjie.com.
11 IN PTR ns1.tanjie.com.
13 IN PTR stu.tanjie.com.
12 IN PTR www.tanjie.com.
12 IN PTR ns2.tanjie.com.
|
2. 在从服务器192.168.1.12中配置文件添加区域
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@node2 slaves]# vim/etc/named.rfc1912.zones
…….添加一个区域…………..
zone"1.168.192.in-addr.arpa." IN {
type slave;
masters { 192.168.1.11; };
file "slaves/192.168.1.zone";
};
[iyunv@node2 slaves]#named-checkconf
[iyunv@node2 slaves]# rndcreload
server reload successful
配置完成,进行后续检验:
[iyunv@node2 slaves]# ls
192.168.1.zone tanjie.com.zone
|
发现多了个192.168.1.zone,是从主服务器中同步过来的。
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2015-8-17 09:21:50
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡