(1)节点信息

console01 主DNS 192.168.80.3 192.168.10.3
console02 从DNS 192.168.80.4 192.168.10.4

(2)环境部署

# yum -y install bind bind-chroot bind-util bind-libs

# service iptables stop

# setenforce 0

(3)配置主DNS

1.编辑DNS主配置文件/etc/named.conf

# vim /etc/named.conf

  1. options {
  2.     listen-on port 53 { 192.168.10.3; };
  3.     listen-on-v6 port 53 { ::1; };
  4.     directory   "/var/named";
  5.     dump-file   "/var/named/data/cache_dump.db";
  6.         statistics-file "/var/named/data/named_stats.txt";
  7.         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8.     allow-query     { any; };
  9.     recursion yes;
  11.     dnssec-enable yes;
  12.     dnssec-validation yes;
  13.     dnssec-lookaside auto;
  14.         /* Path to ISC DLV key */
  15.     bindkeys-file "/etc/named.iscdlv.key";
  17.     managed-keys-directory "/var/named/dynamic";
  18. };
  19. logging {
  20.         channel default_debug {
  21.                 file "data/named.run";
  22.                 severity dynamic;
  23.         };
  24. };
  26. zone "." IN {
  27.     type hint;
  28.     file "named.ca";
  29. };
  31. include "/etc/named.rfc1912.zones";
  32. include "/etc/named.root.key";

2.编辑区域配置文件/etc/name.rfc1912.zones

# vim /etc/name.rfc1912.zones

在最后添加以下内容:

  1. zone "liwanliang.com" IN {
  2.     type master;
  3.     file "liwanliang.com.zone";
  4.     notify yes;
  5.     also-notify { 192.168.10.4; };
  6.     allow-transfer { 192.168.10.4; };
  7. };
  8. zone "10.168.192.in-addr.arpa." IN {
  9.     type master;
  10.     file "192.168.10.3.zone";
  11.     notify yes;
  12.     also-notify { 192.168.10.4; };
  13.     allow-transfer { 192.168.10.4; };
  14. };

3.编辑区域文件的资源记录

# cd /var/named

# vim liwanliang.com.zone

添加如下内容:

  1. $TTL 600
  2. @       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (
  3.                     2017070713  ;serial
  4.                     2H  ;refresh
  5.                     4M  ;retry
  6.                     1D  ;expire
  7.                     2D )    ;minumum
  8. @       IN  NS      ns1.liwanliang.com.
  9. @       IN  NS      ns2.liwanliang.com.
  10. @       IN  MX 10   mail.liwanliang.com.
  11. ns1     IN  A       192.168.10.3
  12. ns2     IN  A       192.168.10.4
  13. mail    IN  A       192.168.10.3
  14. www     IN  A       192.168.10.3
  15. ftp     IN  A       192.168.10.3
  16. dhcp    IN  A       192.168.10.3

# vim 192.168.10.3.zone

添加以下内容:

  1. $TTL 600
  2. @       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (
  3.                     2017070713  ;serial
  4.                     2H  ;refresh
  5.                     4M  ;retry
  6.                     1D  ;expire
  7.                     2D )    ;minimum
  8. @   IN      NS      ns1.liwanliang.com.
  9. @   IN      NS      ns2.liwanliang.com.
  10. @   IN      MX 10   mail.liwanliang.com.
  11. 3   IN      PTR     ns1.liwanliang.com.
  12. 4   IN      PTR     ns2.liwanliang.com.
  13. 3   IN      PTR     mail.liwanliang.com.
  14. 3   IN      PTR     www.liwanliang.com.
  15. 3   IN      PTR     ftp.liwanliang.com.
  16. 3   IN      PTR     dhcp.liwanliang.com.

4.修改目录文件权限

DNS运行的系统用户为named。因此需要保证/var/named目录下文件的权限正确。因为采用了chroot(yum -y install bind-chroot)安全配置,所有DNS所有的配置,通过回环挂载的模式,即:配置了/var/named下的配置 ,实际上上配置了/var/named/chroot/var/named下的配置。

这是通过mount --bind方式实现,通过mount命令可以查看

  1. /var/named on /var/named/chroot/var/named type none (rw,bind)
  2. /etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)
  3. /etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)
  4. /etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)
  5. /usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
  6. /etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
  7. /etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)
  8. /etc/services on /var/named/chroot/etc/services type none (rw,bind)
  9. /etc/protocols on /var/named/chroot/etc/protocols type none (rw,bind)
  10. /lib64/libnss_files-2.12.so on /var/named/chroot/lib64/libnss_files.so.2 type none (rw,bind)

# chown -R root.named /var/named/chroot

# chown -R root.named /var/named/slaves

5.检查配置文件是否正确

# named-checkzone "liwanliang.com" liwanliang.com.zone

# named-checkconf

# service named configtest

5.开启并检测DNS服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

6.验证主DNS正反向解析

假如配置了主机的DNS指向:

echo "DNS1=192.168.10.3" >> /etc/sysconfig/network-scripts/ifcfg-eth0

service network restart

则采用以下命令即可:

# dig -t A www.liwanliang.com

假如未配置主机的DNS指向,通过@DNS的IP进行检测:

# dig -t A www.liwanliang.com @192.168.10.3

  1. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.3
  2. ;; global options: +cmd
  3. ;; Got answer:
  4. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42299
  5. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
  7. ;; QUESTION SECTION:
  8. ;www.liwanliang.com.        IN    A
  10. ;; ANSWER SECTION:
  11. www.liwanliang.com.    600    IN    A    192.168.10.3
  13. ;; AUTHORITY SECTION:
  14. liwanliang.com.        600    IN    NS    ns2.liwanliang.com.
  15. liwanliang.com.        600    IN    NS    ns1.liwanliang.com.
  17. ;; ADDITIONAL SECTION:
  18. ns1.liwanliang.com.    600    IN    A    192.168.10.3
  19. ns2.liwanliang.com.    600    IN    A    192.168.10.4
  21. ;; Query time: 0 msec
  22. ;; SERVER: 192.168.10.3#53(192.168.10.3)
  23. ;; WHEN: Sat Jul  8 21:34:46 2017
  24. ;; MSG SIZE  rcvd: 120

反向解析:

# dig -x 192.168.10.3 @192.168.10.3

  1. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.3
  2. ;; global options: +cmd
  3. ;; Got answer:
  4. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23601
  5. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
  7. ;; QUESTION SECTION:
  8. ;3.10.168.192.in-addr.arpa.    IN    PTR
  10. ;; ANSWER SECTION:
  11. 3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.
  12. 3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.
  13. 3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.
  14. 3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.
  15. 3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.
  17. ;; AUTHORITY SECTION:
  18. 10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.
  19. 10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.
  21. ;; ADDITIONAL SECTION:
  22. ns1.liwanliang.com.    600    IN    A    192.168.10.3
  23. ns2.liwanliang.com.    600    IN    A    192.168.10.4
  25. ;; Query time: 0 msec
  26. ;; SERVER: 192.168.10.3#53(192.168.10.3)
  27. ;; WHEN: Sat Jul  8 21:49:50 2017
  28. ;; MSG SIZE  rcvd: 213

至此,主DNS配置和验证完成

(4)从DNS配置

1.基础环境

# yum -y install bind bind-chroot bind-utils bind-libs

2.编辑主配置文件

# vim /etc/named.conf

  1. options {
  2.     listen-on port 53 { 192.168.10.4; };
  3.     listen-on-v6 port 53 { ::1; };
  4.     directory   "/var/named";
  5.     dump-file   "/var/named/data/cache_dump.db";
  6.         statistics-file "/var/named/data/named_stats.txt";
  7.         memstatistics-file "/var/named/data/named_mem_stats.txt";
  8.     allow-query     { any; };
  9.     recursion yes;
  11.     dnssec-enable yes;
  12.     dnssec-validation yes;
  13.     dnssec-lookaside    auto;
  15.     /* Path to ISC DLV key */
  16.     bindkeys-file "/etc/named.iscdlv.key";
  18.     managed-keys-directory "/var/named/dynamic";
  19. };
  21. logging {
  22.         channel default_debug {
  23.                 file "data/named.run";
  24.                 severity dynamic;
  25.         };
  26. };
  27. zone "." IN {
  28.     type hint;
  29.     file "named.ca";
  30. };
  32. include "/etc/named.rfc1912.zones";
  33. include "/etc/named.root.key";

3.编辑区域配置文件

# vim /etc/named.rfc1912.zones

在最后添加一下内容:

  1. zone "liwanliang.com" IN {
  2.     type slave;
  3.     masters { 192.168.10.3; };
  4.     allow-update { none; };
  5.     file "slaves/liwanliang.com.zone";
  6. };
  7. zone "10.168.192.in-addr.arpa" IN {
  8.     type slave;
  9.     masters { 192.168.10.3; };
  10.     allow-update { none; };
  11.     file "slaves/192.168.10.3.zone";
  12. };

4.查看并修改目录文件权限

# ls -l /var/named/chroot

# chown -R root.named /var/named/chroot

5.检查配置文件正确性

# named-checkconf

# service named configtest

6.启动named服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

7.检查文件同步结果

# ls -l /var/named/slaves

  1. total 8
  2. -rw-r--r-- 1 named named 601 Jul  8 20:58 192.168.10.3.zone
  3. -rw-r--r-- 1 named named 528 Jul  8 20:58 liwanliang.com.zone

8.从DNS正反解析验证

正向解析验证:

# dig -t A www.liwanliang.com @192.168.10.4

  1. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.4
  2. ;; global options: +cmd
  3. ;; Got answer:
  4. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2955
  5. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
  7. ;; QUESTION SECTION:
  8. ;www.liwanliang.com.        IN    A
  10. ;; ANSWER SECTION:
  11. www.liwanliang.com.    600    IN    A    192.168.10.3
  13. ;; AUTHORITY SECTION:
  14. liwanliang.com.        600    IN    NS    ns1.liwanliang.com.
  15. liwanliang.com.        600    IN    NS    ns2.liwanliang.com.
  17. ;; ADDITIONAL SECTION:
  18. ns1.liwanliang.com.    600    IN    A    192.168.10.3
  19. ns2.liwanliang.com.    600    IN    A    192.168.10.4
  21. ;; Query time: 0 msec
  22. ;; SERVER: 192.168.10.4#53(192.168.10.4)
  23. ;; WHEN: Sat Jul  8 22:08:17 2017
  24. ;; MSG SIZE  rcvd: 120

反向解析验证:

# dig -x 192.168.10.3 @192.168.10.4

  1. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.4
  2. ;; global options: +cmd
  3. ;; Got answer:
  4. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29194
  5. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2
  7. ;; QUESTION SECTION:
  8. ;3.10.168.192.in-addr.arpa.    IN    PTR
  10. ;; ANSWER SECTION:
  11. 3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.
  12. 3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.
  13. 3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.
  14. 3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.
  15. 3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.
  17. ;; AUTHORITY SECTION:
  18. 10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.
  19. 10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.
  21. ;; ADDITIONAL SECTION:
  22. ns1.liwanliang.com.    600    IN    A    192.168.10.3
  23. ns2.liwanliang.com.    600    IN    A    192.168.10.4
  25. ;; Query time: 0 msec
  26. ;; SERVER: 192.168.10.4#53(192.168.10.4)
  27. ;; WHEN: Sat Jul  8 22:09:32 2017
  28. ;; MSG SIZE  rcvd: 213

DNS主从服务部署的更多相关文章

  1. Linux的DNS主从服务器部署

    下面的部署是在Linux的DNS正向解析部署上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS主从服务器> 环境描述: 192.168.196 ...

  2. DNS主从服务,子域授权,view视图,日志系统,压力测试

    DNS主从服务,子域授权,view视图,日志系统,压力测试 DNS性能测试工具queryperfDNS查询过程: DNS主从建立: 环境: 主服务器:10.140.165.93 从服务器:10.140 ...

  3. Redis主从服务部署

    Redis__WindowsServer主从服务部署及调用实例       一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解压缩后文件内容为:   ...

  4. Redis__WindowsServer主从服务部署及调用实例

    本文转自:http://www.cnblogs.com/gossip/p/4898653.html 一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解 ...

  5. DNS主从同步部署

    DNS 主从同步原理 主从同步:主每次修改配置文件需要修改一下序列号,主从同步主要 根据序列号的变化. 从DNS:从可以单独修改,主从不会报错.但从修改后,主端同步给从后 从端修改数据会丢失 主从原理 ...

  6. Centos下内网DNS主从环境部署记录

    一.DNS是什么?DNS(Domain Name System),即域名系统.它使用层次结构的命名系统,将域名和IP地址相互映射,形成一个分布式数据库系统. DNS采用C-S架构,服务器端工作在UDP ...

  7. DNS_主从服务_详细搭建&&配置

    DNS主从 安装环境: 三台dns服务器如下: 系统:均为centos7 dns_master:192.168.169.194 dns_slave-1:192.168.169.195 dns_slav ...

  8. Linux的DNS反向解析部署

    下面的部署是在Linux的DNS正向解析示例上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS反向解析> 工具:虚拟机 centos7 配置: ...

  9. Linux的DNS正向解析部署

    前面介绍了DNS的作用及其相关的结果.Linux服务之DNS介绍 下面开始有关DNS的服务部署.<DNS正向解析示例> 工具:虚拟机 centos7 配置:Linux   IP 192.1 ...

随机推荐

  1. vim格式化代码

    在命令模式下,按键盘gg=G 命令含义: gg:到达文件头=:缩进G:直到文件尾

  2. mongodb 常用的命令

    mongodb 常用的命令 对数据库的操作,以及登录 1 进入数据库 use admin 2 增加或修改密码 db.addUser('wsc', '123') 3查看用户列表 db.system.us ...

  3. 使用Gateway-Worker实现多人分组实时聊天 结合第三方tp

    一.基础知识1.Workerman是一款纯PHP开发的开源高性能的PHP socket 服务器框架.被广泛的用于手机app.移动通讯等领域的开发. 支持TCP长连接,支持Websocket.HTTP等 ...

  4. js中如何在一个函数里面执行另一个函数

    1.js中如何在函数a里面执行函数b function a(参数c){ b(); } function b(参数c){ } 方法2: <script type="text/javasc ...

  5. 【京东详情页】——原生js爬坑之放大镜

    一.引言 在商城的详情页中,放大镜的功能是很常见的.这里京东详情页就要做一个仿放大镜的效果,预览如下: 二.实现原理 实际上,放大镜的实现是单纯用几个div,鼠标移入其中一个小图div,触发事件显示另 ...

  6. 翻译:MariaDB ALTER TABLE语句

    */ .hljs { display: block; overflow-x: auto; padding: 0.5em; color: #333; background: #f8f8f8; } .hl ...

  7. Java 制作证书的工具keytool用法总结

    一.keytool的概念 keytool 是个密钥和证书管理工具.它使用户能够管理自己的公钥/私钥对及相关证书,用于(通过数字签名)自我认证(用户向别的用户/服务认证自己)或数据完整性以及认证服务.在 ...

  8. css常用属性2

    1  浮动和清除浮动 在上篇的第十一节--定位中说道: CSS 有三种基本的定位机制:普通流.浮动和绝对定位. 普通流和绝对定位已经说完,接下来就是浮动了. 什么是浮动? CSS 的 Float(浮动 ...

  9. 【POJ】3090 Visible Lattice Points(欧拉函数)

    Visible Lattice Points Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 7705   Accepted: ...

  10. 线段树专题—ZOJ1610 Count the Colors(涂区间,直接tag标记)

    Painting some colored segments on a line, some previously painted segments may be covered by some th ...