基于CentOS6的主从DNS
服务器搭建
1.切换到根用户
2.bind以分布式方式安装在两台服务器上。
yum install bind
3.比较两个服务器的绑定版本。
4.修改主配置文件信息。建议修改前备份主配置文件。
cp /etc/named.conf /etc/named.conf.bak
vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; }; //只监听本机53端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; }; //只允许本机递归查询
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
默认情况下,仅监控本地计算机的端口53。为了提供服务,至少应该监控外部网络地址的一个端口53,并且应该允许所有用户进行递归查询。并注释所有dnssec。
vi /etc/named.conf
options {
listen-on port 53 { 192.168.0.15; 127.0.0.1; }; //增加监听地址,此处添加本机外网地址即可
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; //允许所有
recursion yes;
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file "/etc/named.iscdlv.key";
//
//managed-keys-directory "/var/named/dynamic";
};
5.检查该服务器53端口的监控状态
[root@localhost ~]# ss -tunlp | grep :53
udp UNCONN 0 0 192.168.0.15:53 *:* users:(("named",4387,513))
udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",4387,512))
udp UNCONN 0 0 ::1:53 :::* users:(("named",4387,514))
tcp LISTEN 0 3 ::1:53 :::* users:(("named",4387,22))
tcp LISTEN 0 3 192.168.0.15:53 *:* users:(("named",4387,21))
tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",4387,20))
对于主服务器和从服务器,上述 *** 作是相同的。
6.主DNS服务器配置:
定义:
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "armo.com" IN {
type master;
file "armo.com.zone";
}; //正向区域
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
}; //反向区域
定义区域解析库文件:
[root@localhost ~]# cat /var/named/armo.com.zone
$TTL 1d
@INSOAns1.armo.com.admin.armo.com(
2016020301
1H
5M
7D
1D)
INNSns1.armo.com.
INNSns2.armo.com.
INMX10mx1.armo.com.
INMX20mx2.armo.com.
ns1INA192.168.0.1
ns2INA192.168.0.17
mx1INA192.168.0.4
mx2INA192.168.0.1
wwwINA192.168.0.17 //正向解析库文件
[root@localhost ~]# cat /var/named/192.168.0.zone
$TTL 1d
$ORIGIN 0.168.192.in-addr.arpa.
@INSOAns1.armo.com.admin.armo.com.(
2016020301
1H
5M
7D
1D)
INNSns1.armo.com.
INNSns2.armo.com.
1INPTRns1.armo.com.
17INPTRwww.armo.com.
4INPTRmx1.armo.com.
1INPTRmx2.armo.com.
17INPTRns2.armo.com. //反向解析库文件
检查语法错误
name-checkconf //检查主配置文件是否有语法错误
named-checkzone "armo.com" /var/named/armo.com.zone //检查区域配置文件
更改文件权限和组
[root@localhost named]# chmod 640 armo.com.zone
[root@localhost named]# chown :named armo.com.zone //正向
[root@localhost named]# chmod 640 192.168.0.zone
[root@localhost named]# chown :named 192.168.0.zone //反向
测试主DNS服务器解析:
[root@localhost ~]# dig -t A www.armo.com @192.168.0.15
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t A www.armo.com @192.168.0.15
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52591
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.armo.com.INA
;; ANSWER SECTION:
www.armo.com.86400INA192.168.0.17
;; AUTHORITY SECTION:
armo.com.86400INNSns2.armo.com.
armo.com.86400INNSns1.armo.com.
;; ADDITIONAL SECTION:
ns1.armo.com.86400INA192.168.0.1
ns2.armo.com.86400INA192.168.0.17
;; Query time: 2 msec
;; SERVER: 192.168.0.15#53(192.168.0.15)
;; WHEN: Wed Feb 3 06:01:38 2016
;; MSG SIZE rcvd: 114 //正向
[root@localhost ~]# dig -x 192.168.0.4 @192.168.216.231
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x 192.168.0.4 @192.168.216.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63940
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;4.0.168.192.in-addr.arpa.INPTR
;; ANSWER SECTION:
4.0.168.192.in-addr.arpa. 86400INPTRlocalhost.
;; Query time: 29 msec
;; SERVER: 192.168.216.231#53(192.168.216.231)
;; WHEN: Wed Feb 3 06:03:42 2016
;; MSG SIZE rcvd: 65 //反向
7.从DNS服务器配置
使用主DNS服务器进行测试区域传送
[root@localhost ~]# dig -t axfr armo.com @192.168.0.15
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t axfr armo.com @192.168.0.15
;; global options: +cmd
armo.com.86400INSOAns1.armo.com. admin.armo.com.armo.com. 2016020301 3600 300 604800 86400
armo.com.86400INNSns1.armo.com.
armo.com.86400INNSns2.armo.com.
armo.com.86400INMX10 mx1.armo.com.
armo.com.86400INMX20 mx2.armo.com.
mx1.armo.com.86400INA192.168.0.4
mx2.armo.com.86400INA192.168.0.1
ns1.armo.com.86400INA192.168.0.1
ns2.armo.com.86400INA192.168.0.17
www.armo.com.86400INA192.168.0.17
armo.com.86400INSOAns1.armo.com. admin.armo.com.armo.com. 2016020301 3600 300 604800 86400
;; Query time: 21 msec
;; SERVER: 192.168.0.15#53(192.168.0.15)
;; WHEN: Wed Feb 3 06:04:40 2016
;; XFR size: 11 records (messages 1, bytes 273)
定义区域
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "armo.com" IN {
type slave;
masters {192.168.0.15;};
file "slave/armo.com.zone";
}
启动服务
service named start
检查同步信息
[root@localhost ~]# tail /var/log/messages
Feb 3 06:20:42 localhost named[15085]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: zone localhost.localdomain/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: zone localhost/IN: loaded serial 0
Feb 3 06:20:42 localhost named[15085]: managed-keys-zone ./IN: loaded serial 2
Feb 3 06:20:42 localhost named[15085]: running
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: Transfer started.
Feb 3 06:20:42 localhost named[15085]: transfer of 'armo.com/IN' from 192.168.0.15#53: connected using 192.168.0.17#43758
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: transferred serial 2016020301
Feb 3 06:20:42 localhost named[15085]: transfer of 'armo.com/IN' from 192.168.0.15#53: Transfer completed: 1 messages, 11 records, 273 bytes, 0.001 secs (273000 bytes/sec)
Feb 3 06:20:42 localhost named[15085]: zone armo.com/IN: sending notifies (serial 2016020301)
[root@localhost ~]# cat /var/named/slaves/armo.com.zone
$ORIGIN .
$TTL 86400; 1 day
armo.comIN SOAns1.armo.com. admin.armo.com.armo.com. (
2016020301 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NSns1.armo.com.
NSns2.armo.com.
MX10 mx1.armo.com.
MX20 mx2.armo.com.
$ORIGIN armo.com.
mx1A192.168.0.4
mx2A192.168.0.1
ns1A192.168.0.1
ns2A192.168.0.17
wwwA192.168.0.17
[root@localhost ~]#
至此,DNS主从服务器已经搭建完成。
评论列表(0条)