#######################################################
DNS协议运行在UDP协议之上,使用端口号53。
安装DNS软件bind
yum install bind bind-utils bind-devel bind-chroot -y
所有节点配置dns
vim /etc/resolf.conf
nameserver 192.168.56.100
nameserver 192.168.56.101
#######################################################
bind-chroot为牢笼,我们是内部dns,为了方便不用设置
修改配置文件
vim /etc/named.conf
options {
listen-on port 53 { any; };#定义监听的端口及ip地址
listen-on-v6 port 53 { ::1; };#定义监听的ipv6地址
directory "/var/named";#全局目录
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };#允许查询的ip地址
forwarder{ 114.114.114.114;); #转发本地没有的记录
recursion yes; #是否允许递归查询
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
添加域
vim /etc/named.rfc1912.zones
zone "test.com" IN
{
type master;
file "test.com.zone";
allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };
};
检查语法是否正确,没有提示错误就是正确的
named-checkconf
创建正向解析文件
vim /var/named/test.com.zone
$TTL 300;
@ IN SOA dns1.test.com admin.test.com(
2017032800 ; Serial #序列号,通常为日期
300 ; Refresh #刷新时间,即每隔多久到主服务器检查一
1800 ; Retry #重试时间,?
604800 ; Expire #过期时间,
300 ; TTL #主服务器挂后,从服务器至多工作的时间?
)
;
IN NS dns1
IN NS dns2
dns1 IN A 192.168.56.100
dns2 IN A 192.168.56.20
检查语法
named-checkzone test.com /var/named/test.com.zone
更改文件的组为named
chown root:named test.com.zone
启动服务
systemctl start named.service
配置反向解析区域
vim /etc/named.rfc1912.zones
zone "56.168.192.in-addr.arpa" IN {
type master;
file "56.168.192.in-addr-arpa";
allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };
};
配置反向解析文件
vim /var/named/56.168.192.in-addr-arpa
$TTL 43200;
@ 86400 IN SOA dns1.test.com. admin.test.com.(
201411;
1h;
5m;
7d;
1d;
)
IN NS dns1.test.com.
100 IN PTR dns1.test.com.
20 IN PTR dns2.test.com.
检查配置文件
named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr-arpa
更改文件的组为named
chown root:named 56.168.192.in-addr-arpa
重启服务
systemctl restart named.service
测试反向解析
dig -x 192.168.56.100
#######################################################
配置从DNS服务器
yum install bind bind-utils bind-devel bind-chroot -y
启动服务
systemctl restart named.service
复制主dns /etc/named.conf 到从DNS
#######################################################
修改配置文件
vim /etc/named.rfc1912.zones
zone "test.com" IN
{
type slave;
masters { 192.168.56.100; };
file "slaves/test.com.zone";
allow-transfer{ none; };
};
zone "56.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.56.100; };
file "slaves/56.168.192.in-addr-arpa";
allow-transfer{ none; };
};
#######################################################
修改主DNS正向解析文件,序列有+1并添加IN NS dns2
vim /var/named/test.com.zone
IN NS dns2
dns2 IN A 192.168.56.20
修改DNS反向解析文件,序列号+1并添加dns2.test.com.
vim /var/named/56.168.192.in-addr-arpa
IN NS dns2.test.com.
重启主DNS服务后从DNS就回多两个文件
systemctl restart named.service
#######################################################
测试从DNS
关闭主DNS服务
systemctl stop named.service
两个节点ping dns1.test.com都能ping通,说明从DNS开始公示