(1)节点信息

console01 主DNS 192.168.80.3 192.168.10.3
console02 从DNS 192.168.80.4 192.168.10.4

(2)环境部署

# yum -y install bind bind-chroot bind-util bind-libs

# service iptables stop

# setenforce 0

(3)配置主DNS

1.编辑DNS主配置文件/etc/named.conf

# vim /etc/named.conf

options {

    listen-on port 53 { 192.168.10.3; };

    listen-on-v6 port 53 { ::1; };

    directory   "/var/named";

    dump-file   "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { any; };

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;

        /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

2.编辑区域配置文件/etc/name.rfc1912.zones

# vim /etc/name.rfc1912.zones

在最后添加以下内容:

zone "liwanliang.com" IN {

    type master;

    file "liwanliang.com.zone";

    notify yes;

    also-notify { 192.168.10.4; };

    allow-transfer { 192.168.10.4; };

};

zone "10.168.192.in-addr.arpa." IN {

    type master;

    file "192.168.10.3.zone";

    notify yes;

    also-notify { 192.168.10.4; };

    allow-transfer { 192.168.10.4; };

};

3.编辑区域文件的资源记录

# cd /var/named

# vim liwanliang.com.zone

添加如下内容:

$TTL 600

@       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (

                    2017070713  ;serial

                    2H  ;refresh

                    4M  ;retry

                    1D  ;expire

                    2D )    ;minumum

@       IN  NS      ns1.liwanliang.com.

@       IN  NS      ns2.liwanliang.com.

@       IN  MX 10   mail.liwanliang.com.

ns1     IN  A       192.168.10.3

ns2     IN  A       192.168.10.4

mail    IN  A       192.168.10.3

www     IN  A       192.168.10.3

ftp     IN  A       192.168.10.3

dhcp    IN  A       192.168.10.3

# vim 192.168.10.3.zone

添加以下内容:

$TTL 600

@       IN  SOA     ns1.liwanliang.com mail.liwanliang.com (

                    2017070713  ;serial

                    2H  ;refresh

                    4M  ;retry

                    1D  ;expire

                    2D )    ;minimum

@   IN      NS      ns1.liwanliang.com.

@   IN      NS      ns2.liwanliang.com.

@   IN      MX 10   mail.liwanliang.com.

3   IN      PTR     ns1.liwanliang.com.

4   IN      PTR     ns2.liwanliang.com.

3   IN      PTR     mail.liwanliang.com.

3   IN      PTR     www.liwanliang.com.

3   IN      PTR     ftp.liwanliang.com.

3   IN      PTR     dhcp.liwanliang.com.

4.修改目录文件权限

DNS运行的系统用户为named。因此需要保证/var/named目录下文件的权限正确。因为采用了chroot(yum -y install bind-chroot)安全配置,所有DNS所有的配置,通过回环挂载的模式,即:配置了/var/named下的配置 ,实际上上配置了/var/named/chroot/var/named下的配置。

这是通过mount --bind方式实现,通过mount命令可以查看

/var/named on /var/named/chroot/var/named type none (rw,bind)

/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)

/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)

/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)

/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)

/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)

/etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)

/etc/services on /var/named/chroot/etc/services type none (rw,bind)

/etc/protocols on /var/named/chroot/etc/protocols type none (rw,bind)

/lib64/libnss_files-2.12.so on /var/named/chroot/lib64/libnss_files.so.2 type none (rw,bind)

# chown -R root.named /var/named/chroot

# chown -R root.named /var/named/slaves

5.检查配置文件是否正确

# named-checkzone "liwanliang.com" liwanliang.com.zone

# named-checkconf

# service named configtest

5.开启并检测DNS服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

6.验证主DNS正反向解析

假如配置了主机的DNS指向:

echo "DNS1=192.168.10.3" >> /etc/sysconfig/network-scripts/ifcfg-eth0

service network restart

则采用以下命令即可:

# dig -t A www.liwanliang.com

假如未配置主机的DNS指向,通过@DNS的IP进行检测:

# dig -t A www.liwanliang.com @192.168.10.3

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.3

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42299

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.liwanliang.com.        IN    A

;; ANSWER SECTION:

www.liwanliang.com.    600    IN    A    192.168.10.3

;; AUTHORITY SECTION:

liwanliang.com.        600    IN    NS    ns2.liwanliang.com.

liwanliang.com.        600    IN    NS    ns1.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.3#53(192.168.10.3)

;; WHEN: Sat Jul  8 21:34:46 2017

;; MSG SIZE  rcvd: 120

反向解析:

# dig -x 192.168.10.3 @192.168.10.3

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.3

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23601

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;3.10.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:

3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.

;; AUTHORITY SECTION:

10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.

10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.3#53(192.168.10.3)

;; WHEN: Sat Jul  8 21:49:50 2017

;; MSG SIZE  rcvd: 213

至此,主DNS配置和验证完成

(4)从DNS配置

1.基础环境

# yum -y install bind bind-chroot bind-utils bind-libs

2.编辑主配置文件

# vim /etc/named.conf

options {

    listen-on port 53 { 192.168.10.4; };

    listen-on-v6 port 53 { ::1; };

    directory   "/var/named";

    dump-file   "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { any; };

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside    auto;

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

    type hint;

    file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

3.编辑区域配置文件

# vim /etc/named.rfc1912.zones

在最后添加一下内容:

zone "liwanliang.com" IN {

    type slave;

    masters { 192.168.10.3; };

    allow-update { none; };

    file "slaves/liwanliang.com.zone";

};

zone "10.168.192.in-addr.arpa" IN {

    type slave;

    masters { 192.168.10.3; };

    allow-update { none; };

    file "slaves/192.168.10.3.zone";

};

4.查看并修改目录文件权限

# ls -l /var/named/chroot

# chown -R root.named /var/named/chroot

5.检查配置文件正确性

# named-checkconf

# service named configtest

6.启动named服务

# service named start

# ps -ef | grep named

# netstat -tupln | grep named

7.检查文件同步结果

# ls -l /var/named/slaves

total 8

-rw-r--r-- 1 named named 601 Jul  8 20:58 192.168.10.3.zone

-rw-r--r-- 1 named named 528 Jul  8 20:58 liwanliang.com.zone

8.从DNS正反解析验证

正向解析验证:

# dig -t A www.liwanliang.com @192.168.10.4

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A www.liwanliang.com @192.168.10.4

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2955

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;www.liwanliang.com.        IN    A

;; ANSWER SECTION:

www.liwanliang.com.    600    IN    A    192.168.10.3

;; AUTHORITY SECTION:

liwanliang.com.        600    IN    NS    ns1.liwanliang.com.

liwanliang.com.        600    IN    NS    ns2.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.4#53(192.168.10.4)

;; WHEN: Sat Jul  8 22:08:17 2017

;; MSG SIZE  rcvd: 120

反向解析验证:

# dig -x 192.168.10.3 @192.168.10.4

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.10.3 @192.168.10.4

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29194

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;3.10.168.192.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:

3.10.168.192.in-addr.arpa. 600    IN    PTR    mail.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    www.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ftp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    dhcp.liwanliang.com.

3.10.168.192.in-addr.arpa. 600    IN    PTR    ns1.liwanliang.com.

;; AUTHORITY SECTION:

10.168.192.in-addr.arpa. 600    IN    NS    ns2.liwanliang.com.

10.168.192.in-addr.arpa. 600    IN    NS    ns1.liwanliang.com.

;; ADDITIONAL SECTION:

ns1.liwanliang.com.    600    IN    A    192.168.10.3

ns2.liwanliang.com.    600    IN    A    192.168.10.4

;; Query time: 0 msec

;; SERVER: 192.168.10.4#53(192.168.10.4)

;; WHEN: Sat Jul  8 22:09:32 2017

;; MSG SIZE  rcvd: 213

DNS主从服务部署的更多相关文章

  1. Linux的DNS主从服务器部署

    下面的部署是在Linux的DNS正向解析部署上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS主从服务器> 环境描述: 192.168.196 ...

  2. DNS主从服务,子域授权,view视图,日志系统,压力测试

    DNS主从服务,子域授权,view视图,日志系统,压力测试 DNS性能测试工具queryperfDNS查询过程: DNS主从建立: 环境: 主服务器:10.140.165.93 从服务器:10.140 ...

  3. Redis主从服务部署

    Redis__WindowsServer主从服务部署及调用实例       一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解压缩后文件内容为:   ...

  4. Redis__WindowsServer主从服务部署及调用实例

    本文转自:http://www.cnblogs.com/gossip/p/4898653.html 一.先谈谈单个Redis服务的安装         使用的redis是2.8.17版本,从官网下载解 ...

  5. DNS主从同步部署

    DNS 主从同步原理 主从同步:主每次修改配置文件需要修改一下序列号,主从同步主要 根据序列号的变化. 从DNS:从可以单独修改,主从不会报错.但从修改后,主端同步给从后 从端修改数据会丢失 主从原理 ...

  6. Centos下内网DNS主从环境部署记录

    一.DNS是什么?DNS(Domain Name System),即域名系统.它使用层次结构的命名系统,将域名和IP地址相互映射,形成一个分布式数据库系统. DNS采用C-S架构,服务器端工作在UDP ...

  7. DNS_主从服务_详细搭建&&配置

    DNS主从 安装环境: 三台dns服务器如下: 系统:均为centos7 dns_master:192.168.169.194 dns_slave-1:192.168.169.195 dns_slav ...

  8. Linux的DNS反向解析部署

    下面的部署是在Linux的DNS正向解析示例上进行修改的. 如果有什么问题或者错误,可以访问上篇帖子 下面开始有关DNS的服务部署.<DNS反向解析> 工具:虚拟机 centos7 配置: ...

  9. Linux的DNS正向解析部署

    前面介绍了DNS的作用及其相关的结果.Linux服务之DNS介绍 下面开始有关DNS的服务部署.<DNS正向解析示例> 工具:虚拟机 centos7 配置:Linux   IP 192.1 ...

随机推荐

  1. mongoDB rs和sh关键字的作用

    rs是一个全局变量,其其中定义了很多分片操作的辅助函数, 可以sh.help()查看使用的辅助函数 这些是rs和sh所有函数 在mongoDB中有两种方法表示 例 sh.enableSharding( ...

  2. vue.js项目构建

    这里构建的vue.js项目依赖node服务器运行. 项目搭建完整步骤: 安装node.js ,转至nodeJs网站http://nodejs.cn/ 下载nodeJs进行安装. 安装完毕检查nodeJ ...

  3. jsonp其实很简单【ajax跨域请求】

    js便签笔记(13)——jsonp其实很简单[ajax跨域请求] 前两天被问到ajax跨域如何解决,还真被问住了,光知道有个什么jsonp,迷迷糊糊的没有说上来.抱着有问题必须解决的态度,我看了许多资 ...

  4. Java 数组扩容

    在添加数据到达数组的上限的时候数组进行扩容: public void resizeArrayCaptcity(){ if(size>=arr.length){ Emp [] arr2=new   ...

  5. httpd2.2配置文件详解

    httpd2.2官方配置手册:http://httpd.apache.org/docs/2.2/ 注意:关闭防火墙,iptables规则 vim /etc/sysconfig/selinux SELI ...

  6. Robberies hdu 2955 01背包

    Robberies Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total S ...

  7. JS表单提交的几种方式

    第一种方式 : 表单提交,在 form 标签中增加 onsubmit 事件来判断表单是否提交成功 <script type="text/javascript"> fun ...

  8. Python实战之实现简单的登陆系统-作业

    #!usr/bin/env Python3 # -*-coding:utf-8-*- #编写登陆接口 #输入用户名密码 #认证成功后显示欢迎信息 #输错三次后锁定 __author__="W ...

  9. DotNetCore跨平台~配置文件与配置代码如何共存

    回到目录 古人云<一山不容二虎>,而进行dotnet core时代之后,我们可以看到这样的一些官方的DEMO,它将数据连接串和其它配置项都直接硬编码在代码里,即在startup中进行定义, ...

  10. Linux上mysql的安装与配置

    前言 在我们使用Linux的过程中,可能会使用到数据库.那么,数据库的安装与配置就是我们需要掌握的了~所以呢,这篇博客小编就来给大家唠唠数据库的安装与配置. 说到编译安装,小编脑海里浮现的第一个方法就 ...