(1)节点信息

console01 主DNS 192.168.80.3 192.168.10.3
console02 从DNS 192.168.80.4 192.168.10.4

(2)环境部署

# yum -y install bind bind-chroot bind-util bind-libs

# service iptables stop

# setenforce 0

(3)配置主DNS

1.编辑DNS主配置文件/etc/named.conf

# vim /etc/named.conf

options {

    listen-on port 53 { 192.168.10.3; };

    listen-on-v6 port 53 { ::1; };

    directory   "/var/named";

    dump-file   "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { any; };

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;

        /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

2.编辑区域配置文件/etc/name.rfc1912.zones

# vim /etc/name.rfc1912.zones

在最后添加以下内容:

zone "liwanliang.com" IN {

    type master;

    file "liwanliang.com.zone";

    notify yes;

    also-notify { 192.168.10.4; };

    allow-transfer { 192.168.10.4; };

};

zone "10.168.192.in-addr.arpa." IN {

    type master;

    file "192.168.10.3.zone";

    notify yes;

    also-notify { 192.168.10.4; };

    allow-transfer { 192.168.10.4; };

};

3.编辑区域文件的资源记录

# cd /var/named

# vim liwanliang.com.zone

添加如下内容:

$TTL 600

@       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (

                    2017070713  ;serial

                    2H  ;refresh

                    4M  ;retry

                    1D  ;expire

                    2D )    ;minumum

@       IN  NS      ns1.liwanliang.com.

@       IN  NS      ns2.liwanliang.com.

@       IN  MX 10   mail.liwanliang.com.

ns1     IN  A       192.168.10.3

ns2     IN  A       192.168.10.4

mail    IN  A       192.168.10.3

www     IN  A       192.168.10.3

ftp     IN  A       192.168.10.3

dhcp    IN  A       192.168.10.3

# vim 192.168.10.3.zone

添加以下内容:

$TTL 600

@       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (

                    2017070713  ;serial

                    2H  ;refresh

                    4M  ;retry

                    1D  ;expire

                    2D )    ;minimum

@   IN      NS      ns1.liwanliang.com.

@   IN      NS      ns2.liwanliang.com.

@   IN      MX 10   mail.liwanliang.com.

3   IN      PTR     ns1.liwanliang.com.

4   IN      PTR     ns2.liwanliang.com.

3   IN      PTR     mail.liwanliang.com.

3   IN      PTR     www.liwanliang.com.

3   IN      PTR     ftp.liwanliang.com.

3   IN      PTR     dhcp.liwanliang.com.

4.修改目录文件权限

DNS运行的系统用户为named。因此需要保证/var/named目录下文件的权限正确。因为采用了chroot(yum -y install bind-chroot)安全配置,所有DNS所有的配置,通过回环挂载的模式,即:配置了/var/named下的配置 ,实际上上配置了/var/named/chroot/var/named下的配置。

这是通过mount --bind方式实现,通过mount命令可以查看

/var/named on /var/named/chroot/var/named type none (rw,bind)

/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)

/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)

/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)

/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)

/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)

/etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)

/etc/services on /var/named/chroot/etc/services type none (rw,bind)

/etc/protocols on /var/named/chroot/etc/protocols type none (rw,bind)

/lib64/libnss_files-2.12.so on /var/named/chroot/lib64/libnss_files.so.2 type none (rw,bind)

# chown -R root.named /var/named/chroot

# chown -R root.named /var/named/slaves

5.检查配置文件是否正确

# named-checkzone "liwanliang.com" liwanliang.com.zone

# named-checkconf

# service named configtest

5.开启并检测DNS服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

6.验证主DNS正反向解析

假如配置了主机的DNS指向:

echo "DNS1=192.168.10.3" >> /etc/sysconfig/network-scripts/ifcfg-eth0

service network restart

则采用以下命令即可:

# dig -t A www.liwanliang.com

假如未配置主机的DNS指向,通过@DNS的IP进行检测:

# dig -t A www.liwanliang.com @192.168.10.3

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.3

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42299

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.liwanliang.com.        IN    A

;; ANSWER SECTION:

www.liwanliang.com.    600    IN    A    192.168.10.3

;; AUTHORITY SECTION:

liwanliang.com.        600    IN    NS    ns2.liwanliang.com.

liwanliang.com.        600    IN    NS    ns1.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.3#53(192.168.10.3)

;; WHEN: Sat Jul  8 21:34:46 2017

;; MSG SIZE  rcvd: 120

反向解析:

# dig -x 192.168.10.3 @192.168.10.3

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.3

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23601

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;3.10.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:

3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.

;; AUTHORITY SECTION:

10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.

10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.3#53(192.168.10.3)

;; WHEN: Sat Jul  8 21:49:50 2017

;; MSG SIZE  rcvd: 213

至此,主DNS配置和验证完成

(4)从DNS配置

1.基础环境

# yum -y install bind bind-chroot bind-utils bind-libs

2.编辑主配置文件

# vim /etc/named.conf

options {

    listen-on port 53 { 192.168.10.4; };

    listen-on-v6 port 53 { ::1; };

    directory   "/var/named";

    dump-file   "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { any; };

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside    auto;

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

3.编辑区域配置文件

# vim /etc/named.rfc1912.zones

在最后添加一下内容:

zone "liwanliang.com" IN {

    type slave;

    masters { 192.168.10.3; };

    allow-update { none; };

    file "slaves/liwanliang.com.zone";

};

zone "10.168.192.in-addr.arpa" IN {

    type slave;

    masters { 192.168.10.3; };

    allow-update { none; };

    file "slaves/192.168.10.3.zone";

};

4.查看并修改目录文件权限

# ls -l /var/named/chroot

# chown -R root.named /var/named/chroot

5.检查配置文件正确性

# named-checkconf

# service named configtest

6.启动named服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

7.检查文件同步结果

# ls -l /var/named/slaves

total 8

-rw-r--r-- 1 named named 601 Jul  8 20:58 192.168.10.3.zone

-rw-r--r-- 1 named named 528 Jul  8 20:58 liwanliang.com.zone

8.从DNS正反解析验证

正向解析验证:

# dig -t A www.liwanliang.com @192.168.10.4

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.4

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2955

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.liwanliang.com.        IN    A

;; ANSWER SECTION:

www.liwanliang.com.    600    IN    A    192.168.10.3

;; AUTHORITY SECTION:

liwanliang.com.        600    IN    NS    ns1.liwanliang.com.

liwanliang.com.        600    IN    NS    ns2.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.4#53(192.168.10.4)

;; WHEN: Sat Jul  8 22:08:17 2017

;; MSG SIZE  rcvd: 120

反向解析验证:

# dig -x 192.168.10.3 @192.168.10.4

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.4

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29194

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;3.10.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:

3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.

;; AUTHORITY SECTION:

10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.

10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.4#53(192.168.10.4)

;; WHEN: Sat Jul  8 22:09:32 2017

;; MSG SIZE  rcvd: 213

DNS主从服务部署的更多相关文章

  1. Linux的DNS主从服务器部署

    下面的部署是在Linux的DNS正向解析部署上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS主从服务器> 环境描述: 192.168.196 ...

  2. DNS主从服务,子域授权,view视图,日志系统,压力测试

    DNS主从服务,子域授权,view视图,日志系统,压力测试 DNS性能测试工具queryperfDNS查询过程: DNS主从建立: 环境: 主服务器:10.140.165.93 从服务器:10.140 ...

  3. Redis主从服务部署

    Redis__WindowsServer主从服务部署及调用实例       一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解压缩后文件内容为:   ...

  4. Redis__WindowsServer主从服务部署及调用实例

    本文转自:http://www.cnblogs.com/gossip/p/4898653.html 一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解 ...

  5. DNS主从同步部署

    DNS 主从同步原理 主从同步:主每次修改配置文件需要修改一下序列号,主从同步主要 根据序列号的变化. 从DNS:从可以单独修改,主从不会报错.但从修改后,主端同步给从后 从端修改数据会丢失 主从原理 ...

  6. Centos下内网DNS主从环境部署记录

    一.DNS是什么?DNS(Domain Name System),即域名系统.它使用层次结构的命名系统,将域名和IP地址相互映射,形成一个分布式数据库系统. DNS采用C-S架构,服务器端工作在UDP ...

  7. DNS_主从服务_详细搭建&&配置

    DNS主从 安装环境: 三台dns服务器如下: 系统:均为centos7 dns_master:192.168.169.194 dns_slave-1:192.168.169.195 dns_slav ...

  8. Linux的DNS反向解析部署

    下面的部署是在Linux的DNS正向解析示例上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS反向解析> 工具:虚拟机 centos7 配置: ...

  9. Linux的DNS正向解析部署

    前面介绍了DNS的作用及其相关的结果.Linux服务之DNS介绍 下面开始有关DNS的服务部署.<DNS正向解析示例> 工具:虚拟机 centos7 配置:Linux   IP 192.1 ...

随机推荐

  1. 二叉树终极教程--BinarySearchTree

    BinarySearchTreeMap 的 实现 public interface Map<K extends Comparable<K>, V> { void put(K k ...

  2. 双击打开Jar文件

    最近发现个诡异的问题,java环境变量明明配好了.但是双击xx.jar文件,就是不能直接打开运行. 先想到了第一个解决办法: 运行cmd.exe,cd到jar目录,执行 javaw -jar xxx. ...

  3. IBAction&IBOutlet

    IB:Interface Builder 1>IBAction 需要操作,例如按钮的点击 2> IBOutlet 需要获得.修改该属性 然后就可以与Storyboard建立起联系

  4. 指定路径下建立Access数据库并插入数据

    今天刚刚开通博客,想要把我这几天完成小任务的过程,记录下来.我从事软件开发的时间不到1年,写的不足之处,还请前辈们多多指教. 上周四也就是2016-04-14号上午,部门领导交给我一个小任务,概括来讲 ...

  5. URL编码解决

    与其他系统对接时遇到的问题URL中传递认证码,URL默认只允许传递ASCII码中的数据,所以浏览器默认会进行一次编码将%等特殊符号转义后台web服务器收到URL中的参数,会默认进行一次解码,但遇到的问 ...

  6. Max Sum of Max-K-sub-sequence hdu3415

    Max Sum of Max-K-sub-sequence Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K ...

  7. 关于离线底图和离线shp文件的加载

    首先底图是我自己用百度地图18级别的瓦片图在armap中制作的TPK文件,shp图层是我用同样的百度地图18级别的瓦片图矢量化的,二者在arcmap中的空间参考是一致的,所以我以为在移动端加入的时候二 ...

  8. jP61 2.15

    import java.util.Scanner; public class Distance { public static void main(String[] args) {    Scanne ...

  9. javascript特效300例----抄书喽

    -javascript300例- #body_div { background-color: #202425; color: white; margin: 0 auto; border: 5px gr ...

  10. 扩展jquery.validate自定义验证,自定义提示,本地化

    <!DOCTYPE html> <html> <head> <meta name="viewport" content="wid ...