1、切換至root用戶
2、兩台服務器分布安裝bind
yuminstallbind
3、對比兩台服務器bind版本
4、修改主配置文件信息,建議將主配置文件備份後在進行修改。
cp/etc/named.conf/etc/named.conf.bak vi/etc/named.conf options{ listen-onport53{127.0.0.1;};//只監聽本機53端口 listen-on-v6port53{::1;}; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query{localhost;};//只允許本機遞歸查詢 recursionyes; dnssec-enableyes; dnssec-validationyes; dnssec-lookasideauto; /*PathtoISCDLVkey*/ bindkeys-file"/etc/named.iscdlv.key"; managed-keys-directory"/var/named/dynamic"; };
默認只監聽本機的53端口,若要提供服務,最少應增加一個外網地址53端口的監聽,並允許所有用戶進行遞歸查詢。並且注釋所有的dnssec。
vi/etc/named.conf options{ listen-onport53{192.168.0.15;127.0.0.1;};//增加監聽地址,此處添加本機外網地址即可 listen-on-v6port53{::1;}; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file"/var/named/data/named_stats.txt"; memstatistics-file"/var/named/data/named_mem_stats.txt"; allow-query{any;};//允許所有 recursionyes; // dnssec-enableyes; // dnssec-validationyes; // dnssec-lookasideauto; /*PathtoISCDLVkey*/ // bindkeys-file"/etc/named.iscdlv.key"; // // managed-keys-directory"/var/named/dynamic"; };
5、查看本服務器53端口的監聽情況
[root@localhost~]#ss-tunlp|grep:53 udpUNCONN00192.168.0.15:53*:*users:(("named",4387,513)) udpUNCONN00127.0.0.1:53*:*users:(("named",4387,512)) udpUNCONN00::1:53:::*users:(("named",4387,514)) tcpLISTEN03::1:53:::*users:(("named",4387,22)) tcpLISTEN03192.168.0.15:53*:*users:(("named",4387,21)) tcpLISTEN03127.0.0.1:53*:*users:(("named",4387,20))
以上操作針對主從兩台服務器配置相同。
6、主DNS服務器配置:
定義區域:
[root@localhost~]#cat/etc/named.rfc1912.zones zone"armo.com"IN{ typemaster; file"armo.com.zone"; };//正向區域 zone"0.168.192.in-addr.arpa"IN{ typemaster; file"192.168.0.zone"; };//反向區域
定義區域解析庫文件:
[root@localhost~]#cat/var/named/armo.com.zone $TTL1d @ IN SOA ns1.armo.com. admin.armo.com( 2016020301 1H 5M 7D 1D) IN NS ns1.armo.com. IN NS ns2.armo.com. IN MX 10 mx1.armo.com. IN MX 20 mx2.armo.com. ns1 IN A 192.168.0.1 ns2 IN A 192.168.0.17 mx1 IN A 192.168.0.4 mx2 IN A 192.168.0.1 www IN A 192.168.0.17//正向解析庫文件 [root@localhost~]#cat/var/named/192.168.0.zone $TTL1d $ORIGIN0.168.192.in-addr.arpa. @ IN SOA ns1.armo.com. admin.armo.com.( 2016020301 1H 5M 7D 1D) IN NS ns1.armo.com. IN NS ns2.armo.com. 1 IN PTR ns1.armo.com. 17 IN PTR www.armo.com. 4 IN PTR mx1.armo.com. 1 IN PTR mx2.armo.com. 17 IN PTR ns2.armo.com. //反向解析庫文件
檢查是否有語法錯誤
name-checkconf//檢查主配置文件是否有語法錯誤 named-checkzone"armo.com"/var/named/armo.com.zone//檢查區域配置文件
更改文件權限及屬組
[root@localhostnamed]#chmod640armo.com.zone [root@localhostnamed]#chown:namedarmo.com.zone//正向 [root@localhostnamed]#chmod640192.168.0.zone [root@localhostnamed]#chown:named192.168.0.zone//反向
測試主DNS服務器解析:
[root@localhost~]#[email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd ;;Gotanswer: ;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:52591 ;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:2,ADDITIONAL:2 ;;QUESTIONSECTION: ;www.armo.com. IN A ;;ANSWERSECTION: www.armo.com. 86400 IN A 192.168.0.17 ;;AUTHORITYSECTION: armo.com. 86400 IN NS ns2.armo.com. armo.com. 86400 IN NS ns1.armo.com. ;;ADDITIONALSECTION: ns1.armo.com. 86400 IN A 192.168.0.1 ns2.armo.com. 86400 IN A 192.168.0.17 ;;Querytime:2msec ;;SERVER:192.168.0.15#53(192.168.0.15) ;;WHEN:WedFeb306:01:382016 ;;MSGSIZErcvd:114//正向 [root@localhost~]#[email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd ;;Gotanswer: ;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:63940 ;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:0,ADDITIONAL:0 ;;QUESTIONSECTION: ;4.0.168.192.in-addr.arpa. IN PTR ;;ANSWERSECTION: 4.0.168.192.in-addr.arpa.86400 IN PTR localhost. ;;Querytime:29msec ;;SERVER:192.168.216.231#53(192.168.216.231) ;;WHEN:WedFeb306:03:422016 ;;MSGSIZErcvd:65//反向
7、從DNS服務器配置
測試與主DNS服務器的區域傳送
[root@localhost~]#[email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd armo.com. 86400 IN SOA ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400 armo.com. 86400 IN NS ns1.armo.com. armo.com. 86400 IN NS ns2.armo.com. armo.com. 86400 IN MX 10mx1.armo.com. armo.com. 86400 IN MX 20mx2.armo.com. mx1.armo.com. 86400 IN A 192.168.0.4 mx2.armo.com. 86400 IN A 192.168.0.1 ns1.armo.com. 86400 IN A 192.168.0.1 ns2.armo.com. 86400 IN A 192.168.0.17 www.armo.com. 86400 IN A 192.168.0.17 armo.com. 86400 IN SOA ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400 ;;Querytime:21msec ;;SERVER:192.168.0.15#53(192.168.0.15) ;;WHEN:WedFeb306:04:402016 ;;XFRsize:11records(messages1,bytes273)
定義區域
[root@localhost~]#cat/etc/named.rfc1912.zones zone"armo.com"IN{ typeslave; masters{192.168.0.15;}; file"slave/armo.com.zone"; }
啟動服務
servicenamedstart
查看同步信息
[root@localhost~]#tail/var/log/messages Feb306:20:42localhostnamed[15085]:zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:zonelocalhost.localdomain/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:zonelocalhost/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:managed-keys-zone./IN:loadedserial2 Feb306:20:42localhostnamed[15085]:running Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:Transferstarted. Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:connectedusing192.168.0.17#43758 Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:transferredserial2016020301 Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:Transfercompleted:1messages,11records,273bytes,0.001secs(273000bytes/sec) Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:sendingnotifies(serial2016020301) [root@localhost~]#cat/var/named/slaves/armo.com.zone $ORIGIN. $TTL86400 ;1day armo.com INSOA ns1.armo.com.admin.armo.com.armo.com.( 2016020301;serial 3600;refresh(1hour) 300;retry(5minutes) 604800;expire(1week) 86400;minimum(1day) ) NS ns1.armo.com. NS ns2.armo.com. MX 10mx1.armo.com. MX 20mx2.armo.com. $ORIGINarmo.com. mx1 A 192.168.0.4 mx2 A 192.168.0.1 ns1 A 192.168.0.1 ns2 A 192.168.0.17 www A 192.168.0.17 [root@localhost~]#
至此DNS主從服務器建設完畢。