|
|
1、切换至root用户
2、两台服务器分布安装bind
3、对比两台服务器bind版本
4、修改主配置文件信息,建议将主配置文件备份后在进行修改。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| cp /etc/named.conf /etc/named.conf.bak
vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; }; //只监听本机53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; //只允许本机递归查询
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
|
默认只监听本机的53端口,若要提供服务,最少应增加一个外网地址53端口的监听,并允许所有用户进行递归查询。并且注释所有的dnssec。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| vi /etc/named.conf
options {
listen-on port 53 { 192.168.0.15; 127.0.0.1; }; //增加监听地址,此处添加本机外网地址即可
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //允许所有
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
//
// managed-keys-directory "/var/named/dynamic";
};
|
5、查看本服务器53端口的监听情况
1
2
3
4
5
6
7
| [iyunv@localhost ~]# ss -tunlp | grep :53
udp UNCONN 0 0 192.168.0.15:53 *:* users:(("named",4387,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",4387,512))
udp UNCONN 0 0 ::1:53 :::* users:(("named",4387,514))
tcp LISTEN 0 3 ::1:53 :::* users:(("named",4387,22))
tcp LISTEN 0 3 192.168.0.15:53 *:* users:(("named",4387,21))
tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4387,20))
|
以上操作针对主从两台服务器配置相同。
6、主DNS服务器配置:
定义区域:
1
2
3
4
5
6
7
8
9
10
11
| [iyunv@localhost ~]# cat /etc/named.rfc1912.zones
zone "armo.com" IN {
type master;
file "armo.com.zone";
}; //正向区域
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
}; //反向区域
|
定义区域解析库文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [iyunv@localhost ~]# cat /var/named/armo.com.zone
$TTL 1d
@ IN SOA ns1.armo.com. admin.armo.com(
2016020301
1H
5M
7D
1D)
IN NS ns1.armo.com.
IN NS ns2.armo.com.
IN MX 10 mx1.armo.com.
IN MX 20 mx2.armo.com.
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.17
mx1 IN A 192.168.0.4
mx2 IN A 192.168.0.1
www IN A 192.168.0.17 //正向解析库文件
[iyunv@localhost ~]# cat /var/named/192.168.0.zone
$TTL 1d
$ORIGIN 0.168.192.in-addr.arpa.
@ IN SOA ns1.armo.com. admin.armo.com.(
2016020301
1H
5M
7D
1D)
IN NS ns1.armo.com.
IN NS ns2.armo.com.
1 IN PTR ns1.armo.com.
17 IN PTR www.armo.com.
4 IN PTR mx1.armo.com.
1 IN PTR mx2.armo.com.
17 IN PTR ns2.armo.com. //反向解析库文件
|
检查是否有语法错误
1
2
| name-checkconf //检查主配置文件是否有语法错误
named-checkzone "armo.com" /var/named/armo.com.zone //检查区域配置文件
|
更改文件权限及属组
1
2
3
4
5
| [iyunv@localhost named]# chmod 640 armo.com.zone
[iyunv@localhost named]# chown :named armo.com.zone //正向
[iyunv@localhost named]# chmod 640 192.168.0.zone
[iyunv@localhost named]# chown :named 192.168.0.zone //反向
|
测试主DNS服务器解析:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| [iyunv@localhost ~]# dig -t A www.armo.com @192.168.0.15
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t A www.armo.com @192.168.0.15
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52591
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.armo.com. IN A
;; ANSWER SECTION:
www.armo.com. 86400 IN A 192.168.0.17
;; AUTHORITY SECTION:
armo.com. 86400 IN NS ns2.armo.com.
armo.com. 86400 IN NS ns1.armo.com.
;; ADDITIONAL SECTION:
ns1.armo.com. 86400 IN A 192.168.0.1
ns2.armo.com. 86400 IN A 192.168.0.17
;; Query time: 2 msec
;; SERVER: 192.168.0.15#53(192.168.0.15)
;; WHEN: Wed Feb 3 06:01:38 2016
;; MSG SIZE rcvd: 114 //正向
[iyunv@localhost ~]# dig -x 192.168.0.4 @192.168.216.231
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x 192.168.0.4 @192.168.216.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63940
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;4.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
4.0.168.192.in-addr.arpa. 86400 IN PTR localhost.
;; Query time: 29 msec
;; SERVER: 192.168.216.231#53(192.168.216.231)
;; WHEN: Wed Feb 3 06:03:42 2016
;; MSG SIZE rcvd: 65 //反向
|
7、从DNS服务器配置
测试与主DNS服务器的区域传送
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| [iyunv@localhost ~]# dig -t axfr armo.com @192.168.0.15
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t axfr armo.com @192.168.0.15
;; global options: +cmd
armo.com. 86400 IN SOA ns1.armo.com. admin.armo.com.armo.com. 2016020301 3600 300 604800 86400
armo.com. 86400 IN NS ns1.armo.com.
armo.com. 86400 IN NS ns2.armo.com.
armo.com. 86400 IN MX 10 mx1.armo.com.
armo.com. 86400 IN MX 20 mx2.armo.com.
mx1.armo.com. 86400 IN A 192.168.0.4
mx2.armo.com. 86400 IN A 192.168.0.1
ns1.armo.com. 86400 IN A 192.168.0.1
ns2.armo.com. 86400 IN A 192.168.0.17
www.armo.com. 86400 IN A 192.168.0.17
armo.com. 86400 IN SOA ns1.armo.com. admin.armo.com.armo.com. 2016020301 3600 300 604800 86400
;; Query time: 21 msec
;; SERVER: 192.168.0.15#53(192.168.0.15)
;; WHEN: Wed Feb 3 06:04:40 2016
;; XFR size: 11 records (messages 1, bytes 273)
|
定义区域
1
2
3
4
5
6
| [iyunv@localhost ~]# cat /etc/named.rfc1912.zones
zone "armo.com" IN {
type slave;
masters {192.168.0.15;};
file "slave/armo.com.zone";
}
|
启动服务
查看同步信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [iyunv@localhost ~]# tail /var/log/messages
Feb 3 06:20:42 localhost named[15085]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: zone localhost.localdomain/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: zone localhost/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: managed-keys-zone ./IN: loaded serial 2
Feb 3 06:20:42 localhost named[15085]: running
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: Transfer started.
Feb 3 06:20:42 localhost named[15085]: transfer of 'armo.com/IN' from 192.168.0.15#53: connected using 192.168.0.17#43758
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: transferred serial 2016020301
Feb 3 06:20:42 localhost named[15085]: transfer of 'armo.com/IN' from 192.168.0.15#53: Transfer completed: 1 messages, 11 records, 273 bytes, 0.001 secs (273000 bytes/sec)
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: sending notifies (serial 2016020301)
[iyunv@localhost ~]# cat /var/named/slaves/armo.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
armo.com IN SOA ns1.armo.com. admin.armo.com.armo.com. (
2016020301 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.armo.com.
NS ns2.armo.com.
MX 10 mx1.armo.com.
MX 20 mx2.armo.com.
$ORIGIN armo.com.
mx1 A 192.168.0.4
mx2 A 192.168.0.1
ns1 A 192.168.0.1
ns2 A 192.168.0.17
www A 192.168.0.17
[iyunv@localhost ~]#
|
至此DNS主从服务器建设完毕。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-2-4 08:26:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡