参考网址:http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/  

DNS(Domain Name System) 将主机名或者URLS翻译成IP地址。

例如:如果在浏览器输入网址 "www.unixmen.com"

DNS server 将把这个域名翻译成和他关联的IP地址。

就是说:DNS servers 用于将类似 www.unixmen.com 这样的名称 翻译成 173.xxx.xxx.xxx 这样是为了方便人们记住域名,而不是IP地址。

方案

主(primary/master) DNS Server
环境配置:

操作系统 : CentOS 6.5 server

主机名 : masterdns.unixmen.local

IP地址 : 192.168.1.100/

从(secondary/slave) DNS Server
环境配置:

操作系统 : CentOS 6.5 server

主机名 : secondarydns.unixmen.local

IP地址 : 192.168.1.101/

客户端环境:

操作系统 : CentOS 6.5 Desktop

主机名 : Client.unixmen.local

IP地址 : 192.168.1.102/

安装主(primary/master) DNS Server
[root@masterdns ~]# yum install bind* -y
1.配置DNS Server
添加如下所示行到/etc/named.conf文件中
[root@masterdns ~]# vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port  { 127.0.0.1; 192.168.1.100; }; ### 主DNS 的 IP地址 ###

listen-on-v6 port  { ::; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 192.168.1.0/; }; ### 允许访问网络的IP范围 ,末尾的 / 是网络掩码的缩写表示(在本例中为 255.255.255.0)###

allow-transfer{ localhost; 192.168.1.101; }; ### 从 DNS IP ###

recursion yes;   ###是否允许递归,有建议说应设置为no,为了是防止DDOS攻击###

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

//自定义的正向和反向解析

zone"unixmen.local" IN {

type master;

file "forward.unixmen"; //正向解析文件名

allow-update { none; };

};

zone"1.168.192.in-addr.arpa" IN {

type master;

file "reverse.unixmen";//反向解析文件名

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

2.创建zone文件
以下文件已经在/etc/named.conf中定义

2.1 创建正向Zone
创建forward.unixmen 文件在 /var/named 目录下
[root@masterdns ~]# vi /var/named/forward.unixmen

$TTL

@ IN SOA masterdns.unixmen.local. root.unixmen.local. (

 ;Serial

 ;Refresh

 ;Retry

 ;Expire

 ;Minimum TTL

)

@ IN NS masterdns.unixmen.local.

@ IN NS secondarydns.unixmen.local.

@ IN A 192.168.1.100

@ IN A 192.168.1.101

@ IN A 192.168.1.102

masterdns IN A 192.168.1.100

secondarydns IN A 192.168.1.101

client IN A 192.168.1.102

2.2创建反向Zone
创建reverse.unixmen 文件在 /var/named 目录下
[root@masterdns ~]# vi /var/named/reverse.unixmen

$TTL

@ IN SOA masterdns.unixmen.local. root.unixmen.local. (

 ;Serial

 ;Refresh

 ;Retry

 ;Expire

 ;Minimum TTL

)

@ IN NS masterdns.unixmen.local.

@ IN NS secondarydns.unixmen.local.

@ IN PTR unixmen.local.

masterdns IN A 192.168.1.100

secondarydns IN A 192.168.1.101

client IN A 192.168.1.102

 IN PTR masterdns.unixmen.local.

 IN PTR secondarydns.unixmen.local.

 IN PTR client.unixmen.local.

3.启动DNS服务
[root@masterdns ~]# service named start
Starting named: [ OK ]
[root@masterdns ~]# chkconfig named on

4.调整防火墙允许DNS Server 访问外部网络
添加以下内容到 /etc/sysconfig/iptables 文件中
[root@masterdns ~]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [:]

:FORWARD ACCEPT [:]

:OUTPUT ACCEPT [:]

#添加DNS Server

-A INPUT -p udp -m state --state NEW --dport  -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport  -j ACCEPT

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport  -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

5.重启防火墙
[root@masterdns ~]# service iptables restart

iptables: Flushing firewall rules: [ OK ]

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

6.设置当前的DNS服务器
添加以下内容到 /etc/resolv.conf 文件中
[root@masterdns ~]# vim /etc/resolv.conf
nameserver 192.168.1.131

7.测试DNS配置和zone文件是否有语法错误
[root@masterdns ~]# named-checkconf /etc/named.conf
[root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen
zone unixmen.local/IN: loaded serial 2011071001
OK

8.测试DNS Server
[root@masterdns ~]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6_3. <<>> masterdns.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;masterdns.unixmen.local.INA

;; ANSWER SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSsecondarydns.unixmen.local.

unixmen.local.86400INNSmasterdns.unixmen.local.

;; ADDITIONAL SECTION:

secondarydns.unixmen.local.  INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd:

[root@masterdns ~]# nslookup unixmen.local

Server:192.168.1.100

Address:192.168.1.100#

Name:unixmen.local

Address: 192.168.1.102

Name:unixmen.local

Address: 192.168.1.100

Name:unixmen.local

Address: 192.168.1.101

现在主DNS Server 已经可以使用了

安装从(Secondary/Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
1.配置从DNS Server
添加如下所示行到/etc/named.conf文件中
[root@secondarydns ~]# vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

listen-on port  { 127.0.0.1; 192.168.1.101; };

listen-on-v6 port  { ::; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 192.168.1.0/; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone"unixmen.local" IN {

type slave;

file "slaves/unixmen.fwd";

masters { 192.168.1.100; };

};

zone"1.168.192.in-addr.arpa" IN {

type slave;

file "slaves/unixmen.rev";

masters { 192.168.1.100; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

2.启动DNS服务
[root@secondarydns ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@secondarydns ~]# chkconfig named on

现在主DNS server上的正向和反向zone文件,被自动复制到了从 DNS Server 的 /var/named/slaves/ 目录下
[root@secondarydns ~]# ls /var/named/slaves/
unixmen.fwd unixmen.rev

[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd

$ORIGIN .

$TTL ;  day

unixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. (

 ; serial

 ; refresh ( hour)

 ; retry ( minutes)

 ; expire ( week)

 ; minimum ( day)

)

NS masterdns.unixmen.local.

NS secondarydns.unixmen.local.

A192.168.1.

A192.168.1.

A192.168.1.

$ORIGIN unixmen.local.

clientA192.168.1.

masterdnsA192.168.1.

secondarydnsA192.168.1.

[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev

$ORIGIN .

$TTL ;  day

1.168..in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. (

 ; serial

 ; refresh ( hour)

 ; retry ( minutes)

 ; expire ( week)

 ; minimum ( day)

)

NS masterdns.unixmen.local.

NS secondarydns.unixmen.local.

PTRunixmen.local.

$ORIGIN 1.168..in-addr.arpa.

100PTRmasterdns.unixmen.local.

101PTRsecondarydns.unixmen.local.

102PTRclient.unixmen.local.

clientA192.168.1.

masterdnsA192.168.1.

secondarydnsA192.168.1.

3.添加DNS Server到所有系统中
[root@secondarydns ~]# vi /etc/resolv.conf

# Generated by NetworkManager

search ostechnix.com

nameserver 192.168.1.100

nameserver 192.168.1.101

nameserver 8.8.8.8

4.测试DNS Server
[root@secondarydns ~]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6_3. <<>> masterdns.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;masterdns.unixmen.local.INA

;; ANSWER SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSmasterdns.unixmen.local.

unixmen.local.86400INNSsecondarydns.unixmen.local.

;; ADDITIONAL SECTION:

secondarydns.unixmen.local.  INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd:

[root@secondarydns ~]# dig secondarydns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6_3. <<>> secondarydns.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;secondarydns.unixmen.local.INA

;; ANSWER SECTION:

secondarydns.unixmen.local.  INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSmasterdns.unixmen.local.

unixmen.local.86400INNSsecondarydns.unixmen.local.

;; ADDITIONAL SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd: 

[root@secondarydns ~]# nslookup unixmen.local

Server:192.168.1.100

Address:192.168.1.100#

Name:unixmen.local

Address: 192.168.1.101

Name:unixmen.local

Address: 192.168.1.102

Name:unixmen.local

Address: 192.168.1.100

client配置
添加DNS Server到所有客户端的 /etc/resolv.conf 文件中
[root@client unixmen]# vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

测试DNS Server

[root@client unixmen]# dig masterdns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6 <<>> masterdns.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;masterdns.unixmen.local.INA

;; ANSWER SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSmasterdns.unixmen.local.

unixmen.local.86400INNSsecondarydns.unixmen.local.

;; ADDITIONAL SECTION:

secondarydns.unixmen.local.  INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd:

[root@client unixmen]# dig secondarydns.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6 <<>> secondarydns.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;secondarydns.unixmen.local.INA

;; ANSWER SECTION:

secondarydns.unixmen.local.  INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSsecondarydns.unixmen.local.

unixmen.local.86400INNSmasterdns.unixmen.local.

;; ADDITIONAL SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd:

[root@client unixmen]# dig client.unixmen.local

; <<>> DiG 9.8.2rc1-RedHat-9.8.-0.10.rc1.el6 <<>> client.unixmen.local

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:

;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL:

;; QUESTION SECTION:

;client.unixmen.local.INA

;; ANSWER SECTION:

client.unixmen.local.86400INA192.168.1.

;; AUTHORITY SECTION:

unixmen.local.86400INNSmasterdns.unixmen.local.

unixmen.local.86400INNSsecondarydns.unixmen.local.

;; ADDITIONAL SECTION:

masterdns.unixmen.local. 86400INA192.168.1.

secondarydns.unixmen.local.  INA192.168.1.

;; Query time:  msec

;; SERVER: 192.168.1.100#(192.168.1.100)

;; WHEN: Thu Mar  ::

;; MSG SIZE rcvd:

[root@client unixmen]# nslookup unixmen.local

Server:192.168.1.100

Address:192.168.1.100#

Name:unixmen.local

Address: 192.168.1.102

Name:unixmen.local

Address: 192.168.1.100

Name:unixmen.local

Address: 192.168.1.101

现在主从DNS Server已经可以使用了

使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建的更多相关文章

  1. 使用BIND安装智能DNS服务器(二)---配置rndc远程控制

    首先两个BIND DNS服务器要正常运行.       主DNS服务器IP:192.168.1.100 客户机DNS服务器IP:192.168.1.101 1 主DNS端配置: cd /etc/ 生成 ...

  2. 基于Bind实现的DNS正反向解析及主从DNS的配置

    一.什么是DNS? 1.1 简单的理解,Domain Name System,是互联网一项核心的服务,他作为一个桥梁可以将域名和IP地址相互因素的一个分布式数据库,能够使人更加方便的访问互联网,而不用 ...

  3. 使用BIND安装智能DNS服务器(三)---添加view和acl配置

    智能DNS的配置主要修改named.conf文件,利用view和acl来实现. acl文件内容,这里只列出一部分,具体详细的可以参考这个网址 纯真IP库,给出了十分详细的IP地址,下载安装后,打开软件 ...

  4. 使用bind实现主从DNS服务器数据同步

    一.bind简介 Linux中通常使用bind来实现DNS服务器的架设,bind软件由isc(www.isc.org)维护.在yum仓库中可以找到软件,配置好yum源,直接使用命令yum instal ...

  5. centos7 dns(bind)安装配置

    yum install -y bind bind-chroot bind-utils chroot是通过相关文件封装在一个伪根目录内,已达到安全防护的目的,一旦程序被攻破,将只能访问伪根目录内的内容, ...

  6. 架构师成长之路6.4 DNS服务器搭建(部署主从DNS)

    点击返回架构师成长之路 架构师成长之路6.3 DNS服务器搭建(部署主从DNS)  部署主DNS : 点击 部署从DNS : 如下步骤 1.与主DNS一样,安装bind yum -y install ...

  7. BIND的进程一:DNS简单配置与的主从配置

    DNS的简单配置和DNS的主从配置   摘要:DNS(Domain-Name Server) ,DNS的服务起到的作用就是名称解析,在网络通讯来说计算机与计算机是通过IP地址相互通信的, 当是IP地址 ...

  8. Bind安装配置及应用

    Bind安装配置及应用 BIND:Berkeley Internet Name Domain ,ISC.org     DNS服务的实现:     监听端口:53/UDP , 53/TCP     程 ...

  9. 主从DNS服务器的搭建

    一.DNS主从的理解 主从服务器,在一开始的理解中,以为是主的dns服务器挂掉后,(dns服务自动转向辅助dns服务器),客户端还能继续解析.事实貌似不是这样的.当我把主dns停掉的时候,客户端只设一 ...

随机推荐

  1. String代码示例

    package lianxi; public class lianxi0112 { public static void main(String[] args) { // TODO 自动生成的方法存根 ...

  2. springcloud和kubernetes对比

    由于这两个都不熟,所以在考虑学哪个. 先说结论:都要学,但是重点学k8s,k8s是一个更加完善的解决方案,springcloud被淘汰只是时间的问题. 从自己的经历和网上的文章两方面分析 个人经历: ...

  3. Intellij IDEA创建的Web项目配置Tomcat并启动Maven项目(转)

    大部分是直接上图哦. 点击如图所示的地方,进行添加Tomcat配置页面 弹出页面后,按照如图顺序找到,点击+号 tomcat Service -> Local 注意,这里不要选错了哦,还有一个T ...

  4. Linux- Linux自带定时调度Crontab使用详解

    Linux自带定时调度Crontab使用详解 在Linux当中,有一个自带的任务调度功能crontab,它是针对每个用户,每个用户都可以调度自己的任务. 示例:每分钟执行一次,将时间写入到指定文件当中 ...

  5. BZOJ 1660 [Usaco2006 Nov]Bad Hair Day 乱发节:单调栈

    题目链接:http://www.lydsy.com/JudgeOnline/problem.php?id=1660 题意: 有n头牛,身高分别为h[i]. 它们排成一排,面向右边.第i头牛可以看见在它 ...

  6. 关于跨域获取cookie问题的解决

    需求是有2个域名:www.a.com和www.b.com,b.com需要获取a.com中的cookie,解决方法是这样的: 在a.com编写一个设置cookie的页面:set_cookie.php 代 ...

  7. python3 - 写一个生成双色球号码的一个程序,生成的号码写到文件里面

    写一个生成双色球号码的一个程序,生成的号码写到文件里面 # 中奖号码由6个红色球号码和1个蓝色球号码组成 # 篮球范围:01-16 # 红球范围:01-33 def swq(num): random. ...

  8. 【boost】ptree 读写中文的问题

    最经项目中使用到了boost property_tree,却在中文问题上遇到大问题. 直接使用ptree读写存储于窄字符(如string)类型的中文字符串时,程序可以运行,但由于XML默认使用UTF- ...

  9. 结合Mysql和kettle邮件发送日常报表_20161001

    十一假期 参加婚礼 稍晚点发博 整体流程步骤是: 写SQL-导出到excel设定excel模板调整格式-设置kettle转换--设置kettle邮件作业--完成 第一.写SQL 保持最近12个周的数据 ...

  10. P2463 [SDOI2008]Sandy的卡片[差分+串拼接后缀数组]

    P2463 [SDOI2008]Sandy的卡片 套路都差不多,都是差分后二分答案找lcp.只是这题要把多个串拼接起来成为一个大串,中间用某些值域中没有的数字相隔(最好间隔符都不一样想想为什么),排序 ...