歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

基於CentOS 6的主從DNS服務器搭建

1、切換至root用戶

2、兩台服務器分布安裝bind

yuminstallbind

3、對比兩台服務器bind版本

 

4、修改主配置文件信息,建議將主配置文件備份後在進行修改。

cp/etc/named.conf/etc/named.conf.bak
vi/etc/named.conf
options{
	listen-onport53{127.0.0.1;};//只監聽本機53端口
	listen-on-v6port53{::1;};
	directory	"/var/named";
	dump-file	"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
	allow-query{localhost;};//只允許本機遞歸查詢
	recursionyes;

	dnssec-enableyes;
	dnssec-validationyes;
	dnssec-lookasideauto;

	/*PathtoISCDLVkey*/
	bindkeys-file"/etc/named.iscdlv.key";

	managed-keys-directory"/var/named/dynamic";
};

默認只監聽本機的53端口,若要提供服務,最少應增加一個外網地址53端口的監聽,並允許所有用戶進行遞歸查詢。並且注釋所有的dnssec。

vi/etc/named.conf
options{
	listen-onport53{192.168.0.15;127.0.0.1;};//增加監聽地址,此處添加本機外網地址即可
	listen-on-v6port53{::1;};
	directory	"/var/named";
	dump-file	"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
	allow-query{any;};//允許所有
	recursionyes;

//	dnssec-enableyes;
//	dnssec-validationyes;
//	dnssec-lookasideauto;

	/*PathtoISCDLVkey*/
//	bindkeys-file"/etc/named.iscdlv.key";
//
//	managed-keys-directory"/var/named/dynamic";
};

5、查看本服務器53端口的監聽情況

[root@localhost~]#ss-tunlp|grep:53
udpUNCONN00192.168.0.15:53*:*users:(("named",4387,513))
udpUNCONN00127.0.0.1:53*:*users:(("named",4387,512))
udpUNCONN00::1:53:::*users:(("named",4387,514))
tcpLISTEN03::1:53:::*users:(("named",4387,22))
tcpLISTEN03192.168.0.15:53*:*users:(("named",4387,21))
tcpLISTEN03127.0.0.1:53*:*users:(("named",4387,20))

以上操作針對主從兩台服務器配置相同。

6、主DNS服務器配置:

定義區域:

[root@localhost~]#cat/etc/named.rfc1912.zones

zone"armo.com"IN{
	typemaster;
	file"armo.com.zone";
};//正向區域

zone"0.168.192.in-addr.arpa"IN{
	typemaster;
	file"192.168.0.zone";
};//反向區域

定義區域解析庫文件:

[root@localhost~]#cat/var/named/armo.com.zone
$TTL1d
@	IN	SOA	ns1.armo.com.	admin.armo.com(
			2016020301
			1H
			5M
			7D
			1D)
	IN	NS	ns1.armo.com.
	IN	NS	ns2.armo.com.
	IN	MX	10	mx1.armo.com.
	IN	MX	20	mx2.armo.com.
ns1	IN	A	192.168.0.1
ns2	IN	A	192.168.0.17
mx1	IN	A	192.168.0.4
mx2	IN	A	192.168.0.1
www	IN	A	192.168.0.17//正向解析庫文件

[root@localhost~]#cat/var/named/192.168.0.zone
$TTL1d
$ORIGIN0.168.192.in-addr.arpa.
@	IN	SOA	ns1.armo.com.	admin.armo.com.(
			2016020301
			1H
			5M
			7D
			1D)
	IN	NS	ns1.armo.com.
	IN	NS	ns2.armo.com.
1	IN	PTR	ns1.armo.com.
17	IN	PTR	www.armo.com.
4	IN	PTR	mx1.armo.com.
1	IN	PTR	mx2.armo.com.
17	IN	PTR	ns2.armo.com.	//反向解析庫文件

檢查是否有語法錯誤

name-checkconf//檢查主配置文件是否有語法錯誤
named-checkzone"armo.com"/var/named/armo.com.zone//檢查區域配置文件

更改文件權限及屬組

[root@localhostnamed]#chmod640armo.com.zone
[root@localhostnamed]#chown:namedarmo.com.zone//正向

[root@localhostnamed]#chmod640192.168.0.zone
[root@localhostnamed]#chown:named192.168.0.zone//反向

測試主DNS服務器解析:

[root@localhost~]#[email protected]

;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected]
;;globaloptions:+cmd
;;Gotanswer:
;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:52591
;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:2,ADDITIONAL:2

;;QUESTIONSECTION:
;www.armo.com.			IN	A

;;ANSWERSECTION:
www.armo.com.		86400	IN	A	192.168.0.17

;;AUTHORITYSECTION:
armo.com.		86400	IN	NS	ns2.armo.com.
armo.com.		86400	IN	NS	ns1.armo.com.

;;ADDITIONALSECTION:
ns1.armo.com.		86400	IN	A	192.168.0.1
ns2.armo.com.		86400	IN	A	192.168.0.17

;;Querytime:2msec
;;SERVER:192.168.0.15#53(192.168.0.15)
;;WHEN:WedFeb306:01:382016
;;MSGSIZErcvd:114//正向

[root@localhost~]#[email protected]

;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected]
;;globaloptions:+cmd
;;Gotanswer:
;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:63940
;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:0,ADDITIONAL:0

;;QUESTIONSECTION:
;4.0.168.192.in-addr.arpa.	IN	PTR

;;ANSWERSECTION:
4.0.168.192.in-addr.arpa.86400	IN	PTR	localhost.

;;Querytime:29msec
;;SERVER:192.168.216.231#53(192.168.216.231)
;;WHEN:WedFeb306:03:422016
;;MSGSIZErcvd:65//反向

7、從DNS服務器配置

測試與主DNS服務器的區域傳送

[root@localhost~]#[email protected]

;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected]
;;globaloptions:+cmd
armo.com.		86400	IN	SOA	ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400
armo.com.		86400	IN	NS	ns1.armo.com.
armo.com.		86400	IN	NS	ns2.armo.com.
armo.com.		86400	IN	MX	10mx1.armo.com.
armo.com.		86400	IN	MX	20mx2.armo.com.
mx1.armo.com.		86400	IN	A	192.168.0.4
mx2.armo.com.		86400	IN	A	192.168.0.1
ns1.armo.com.		86400	IN	A	192.168.0.1
ns2.armo.com.		86400	IN	A	192.168.0.17
www.armo.com.		86400	IN	A	192.168.0.17
armo.com.		86400	IN	SOA	ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400
;;Querytime:21msec
;;SERVER:192.168.0.15#53(192.168.0.15)
;;WHEN:WedFeb306:04:402016
;;XFRsize:11records(messages1,bytes273)

定義區域

[root@localhost~]#cat/etc/named.rfc1912.zones
zone"armo.com"IN{
typeslave;
masters{192.168.0.15;};
file"slave/armo.com.zone";
}

啟動服務

servicenamedstart

查看同步信息

[root@localhost~]#tail/var/log/messages
Feb306:20:42localhostnamed[15085]:zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0
Feb306:20:42localhostnamed[15085]:zonelocalhost.localdomain/IN:loadedserial0
Feb306:20:42localhostnamed[15085]:zonelocalhost/IN:loadedserial0
Feb306:20:42localhostnamed[15085]:managed-keys-zone./IN:loadedserial2
Feb306:20:42localhostnamed[15085]:running
Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:Transferstarted.
Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:connectedusing192.168.0.17#43758
Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:transferredserial2016020301
Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:Transfercompleted:1messages,11records,273bytes,0.001secs(273000bytes/sec)
Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:sendingnotifies(serial2016020301)


[root@localhost~]#cat/var/named/slaves/armo.com.zone
$ORIGIN.
$TTL86400	;1day
armo.com		INSOA	ns1.armo.com.admin.armo.com.armo.com.(
				2016020301;serial
				3600;refresh(1hour)
				300;retry(5minutes)
				604800;expire(1week)
				86400;minimum(1day)
				)
			NS	ns1.armo.com.
			NS	ns2.armo.com.
			MX	10mx1.armo.com.
			MX	20mx2.armo.com.
$ORIGINarmo.com.
mx1			A	192.168.0.4
mx2			A	192.168.0.1
ns1			A	192.168.0.1
ns2			A	192.168.0.17
www			A	192.168.0.17
[root@localhost~]#

至此DNS主從服務器建設完畢。

Copyright © Linux教程網 All Rights Reserved