测试环境
准备2台虚拟机,一台为主DNS,IP地址为:192.168.103.161。另一台为从DNS,IP地址为:192.168.103.162
两台都装好bind,所需包有:bind,bind-utils,bind-libs 主DNS的配置文件
配置主文件/etc/named.conf,如下所示 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
|
编辑/etc/named.rfc1912.zones文件,如下所示 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
| // named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-dra ... -local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "evan.org.cn" IN { #正向解析
type master; #类型为主DNS
file "evan.org.cn.zone"; #正向解析文件位置
allow-update { none; }; #允许自动更新
};
zone "103.168.192.in-addr.arpa" IN { #反向解析
type master; #类型为主DNS
file "192.168.103.zone"; #反向解析文件位置
allow-update { none; }; #允许自动更新
};
|
在/var/named/目录中添加正反向解析文件
添加正向解析文件:evan.org.cn.zone 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| $TTL 86440
@ IN SOA ns1.evan.org.cn. admin.evan.org.cn ( #SOA字段
2016040502 #版本号,同步一次+1
1H #更新时间
2M #更新失败,重试更新时间
3D #更新失败多长时间后此DNS失效时间
1D #解析不到请求不予回复的时间
)
IN NS ns1.evan.org.cn. #有两个域名服务器
IN NS ns2.evan.org.cn.
IN MX 10 mx1.evan.org.cn. #定义邮件服务器,10指优先级 0-99数字越小优先级越高
IN MX 20 mx2.evan.org.cn.
ns1 IN A 192.168.103.161 #ns1域名服务器的ip地址
ns2 IN A 192.168.103.162 #ns2域名服务器的ip地址
mx1 IN A 192.168.103.161 #mx1邮件服务器的ip地址
mx2 IN A 192.168.103.162 #mx2邮件服务器的ip地址
www IN A 192.168.103.161 #www.evan.org.cn的ip地址
ftp IN CNAME www #ftp的正式名字是www
|
添加反向解析文件:192.168.103.zone 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| $TTL 86440
@ IN SOA ns1.evan.org.cn. admin.evan.org.cn (
2016040501
1H
2M
2D
1D
)
IN NS ns1.evan.org.cn.
IN NS ns2.evan.org.cn.
161 IN PTR ns1.evan.org.cn. #反向解析PTR格式
162 IN PTR ns2.evan.org.cn.
161 IN PTR mx1.evan.org.cn.
162 IN PTR mx2.evan.org.cn.
161 IN PTR www.evan.org.cn.
162 IN PTR www.evan.org.cn.
|
检查语法错误 1
2
3
4
5
6
7
| [iyunv@www named]# named-checkconf
[iyunv@www named]# named-checkzone "192.168.103.zone" /var/named/192.168.103.zone
zone 192.168.103.zone/IN: loaded serial 2016040501
OK
[iyunv@www named]# named-checkzone "evan.org.cn.zone" /var/named/evan.org.cn.zone
zone evan.org.cn.zone/IN: loaded serial 2016040501
OK
|
更改两个自定义区域文件的权限640及属组为named 1
2
3
| [iyunv@www named]# chmod 640 evan.org.cn.zone 192.168.103.zone
[iyunv@www named]# chown :named evan.org.cn.zone
[iyunv@www named]# chown :named 192.168.103.zone
|
重启主DNS,然后进行正反向解析测试 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| [iyunv@www named]# dig -t A www.evan.org.cn @192.168.103.161 #正向解析测试
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -t A www.evan.org.cn @192.168.103.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4306
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.evan.org.cn. IN A
;; ANSWER SECTION:
www.evan.org.cn. 86440 IN A 192.168.103.161
;; AUTHORITY SECTION:
evan.org.cn. 86440 IN NS ns2.evan.org.cn.
evan.org.cn. 86440 IN NS ns1.evan.org.cn.
;; ADDITIONAL SECTION:
ns1.evan.org.cn. 86440 IN A 192.168.103.161
ns2.evan.org.cn. 86440 IN A 192.168.103.162
;; Query time: 0 msec
;; SERVER: 192.168.103.161#53(192.168.103.161)
;; WHEN: Wed Apr 6 22:28:58 2016
;; MSG SIZE rcvd: 117
[iyunv@www named]# dig -x 192.168.103.161 @192.168.103.161 #反向解析测试
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -x 192.168.103.161 @192.168.103.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50415
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;161.103.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
161.103.168.192.in-addr.arpa. 86440 IN PTR www.evan.org.cn.
161.103.168.192.in-addr.arpa. 86440 IN PTR ns1.evan.org.cn.
161.103.168.192.in-addr.arpa. 86440 IN PTR mx1.evan.org.cn.
;; AUTHORITY SECTION:
103.168.192.in-addr.arpa. 86440 IN NS ns1.evan.org.cn.
103.168.192.in-addr.arpa. 86440 IN NS ns2.evan.org.cn.
;; ADDITIONAL SECTION:
ns1.evan.org.cn. 86440 IN A 192.168.103.161
ns2.evan.org.cn. 86440 IN A 192.168.103.162
;; Query time: 1 msec
;; SERVER: 192.168.103.161#53(192.168.103.161)
;; WHEN: Wed Apr 6 22:32:53 2016
;; MSG SIZE rcvd: 175
|
从DNS的配置文件
/etc/named.conf和主DNS配置一样
编辑区域文件/etc/named.rf1912.zones,紧接着添加正反解析,如下所示: 1
2
3
4
5
6
7
8
9
10
11
12
13
| zone "evan.org.cn" IN { #正向解析
type slave; #类型从DNS
masters { 192.168.103.161; }; #主DNS ip地址
file "slaves/evan.org.cn.zone"; #evan.org.cn.zone拷贝到slaves目录下
allow-update { none; }; #允许自动更新
};
zone "103.168.192.in-addr.arpa" IN { #反向解析
type slave; #类型从DNS
masters { 192.168.103.161; }; #主DNS ip地址
file "slaves/192.168.103.zone"; #192.168.103.zone拷贝到slaves目录下
allow-update { none; }; #允许自动更新
};
|
重启从DNS,查看/var/named/slaves/目录,会出现192.168.103.zone和evan.org.cn.zone两个文件
测试正向解析 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| [iyunv@ns2 ~]# dig -t NS evan.org.cn @192.168.103.161
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -t NS evan.org.cn @192.168.103.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18709
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;evan.org.cn. IN NS
;; ANSWER SECTION:
evan.org.cn. 86440 IN NS ns1.evan.org.cn.
evan.org.cn. 86440 IN NS ns2.evan.org.cn.
;; ADDITIONAL SECTION:
ns1.evan.org.cn. 86440 IN A 192.168.103.161
ns2.evan.org.cn. 86440 IN A 192.168.103.162
;; Query time: 2 msec
;; SERVER: 192.168.103.161#53(192.168.103.161)
;; WHEN: Wed Apr 6 22:45:02 2016
;; MSG SIZE rcvd: 97
|
主从同步
在主DNS /var/named/evan.org.cn.zone 中加一条A记录 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| $TTL 86440
@ IN SOA ns1.evan.org.cn. admin.evan.org.cn (
2016040502 #版本号+1
1H
2M
3D
1D )
IN NS ns1.evan.org.cn.
IN NS ns2.evan.org.cn.
IN MX 10 mx1.evan.org.cn.
IN MX 20 mx2.evan.org.cn.
ns1 IN A 192.168.103.161
ns2 IN A 192.168.103.162
mx1 IN A 192.168.103.161
mx2 IN A 192.168.103.162
www IN A 192.168.103.161
ftp IN CNAME www
img IN A 192.168.103.161 #添加的新纪录
|
主DNS重读配置文件 1
2
| [iyunv@www named]# service named reload
Reloading named: [ OK ]
|
到从DNS上查看是否同步复制过来 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| $ORIGIN .
$TTL 86440 ; 1 day 40 seconds
evan.org.cn IN SOA ns1.evan.org.cn. admin.evan.org.cn.evan.org.cn. (
2016040502 ; serial #版本号也随着更新了
3600 ; refresh (1 hour)
120 ; retry (2 minutes)
259200 ; expire (3 days)
86400 ; minimum (1 day)
)
NS ns1.evan.org.cn.
NS ns2.evan.org.cn.
MX 10 mx1.evan.org.cn.
MX 20 mx2.evan.org.cn.
$ORIGIN evan.org.cn.
ftp CNAME www
img A 192.168.103.163 #新增加的A记录
mx1 A 192.168.103.161
mx2 A 192.168.103.162
ns1 A 192.168.103.161
ns2 A 192.168.103.162
www A 192.168.103.161
A 192.168.103.162
|
到这里,基于BIND实现的DNS正反解析及主从DNS的配置已经结束了。如果有不足之处,敬请见谅!
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-9-14 08:53:10
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡