DNS配置

 

[root@Client ~]# cat /etc/hosts        //本地hosts文件,与windows的类似

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4

::1        localhost localhost.localdomain localhost6 localhost6.localdomain6

 

[root@Client ~]# cat /etc/resolv.conf               //查看域名服务器

nameserver 114.114.114.114

 

[root@Client ~]# yum list |grep bind

[root@Client ~]# yum install -y bind

[root@Client ~]# vim /etc/named.conf          //查看配置文件

 

[root@Client ~]# vim /var/named/named.ca                  //查看根域文件

 

[root@Client ~]# cat/var/named/named.localhost

$TTL 1D (生存周期)

@      IN SOA  @ rname.invalid. (

(域名)(IN)(记录授权)(主机名)(管理员邮箱)     0      ; serial

                                        1D      ; refresh(刷新时间主与从)

                                        1H      ; retry(失败后1h,后再同步)

                                        1W      ; expire(一周后失效)

                                        3H)    ; minimum(缓存3H)

       NS      @

       A       127.0.0.1

       AAAA    ::1

 

 

[root@Client ~]# cat /etc/named.conf

[root@Client ~]# cat/etc/named.rfc1912.zones               //查看域名zones文件

[root@Client ~]# /etc/init.d/named start

[root@Client ~]# dig @127.0.0.1 localhost          //测试域名localhost,解析成127.0.0.1

localhost.              86400   IN     A       127.0.0.1

 

[root@Client ~]# cat/var/named/named.loopback          //查看反向解析文件

$TTL 1D

@      IN SOA  @ rname.invalid. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

       NS      @

       A       127.0.0.1

       AAAA    ::1

       PTR     localhost.

 

 

[root@Client ~]# dig @127.0.0.1 -x127.0.0.1                  

1.0.0.127.in-addr.arpa. 86400   IN     PTR     localhost.

//反向解析测试,127.0.0.1解析为localhost

 

 

自定义一个域

[root@Client ~]# vim /etc/named.conf

zone "123.com"IN {

    type master;

    file "123.com.zone";

};

//末行加以上配置

 

[root@Client ~]# named-checkconf            //检测主配置文件有无错误

 

[root@Client ~]# cat/var/named/named.localhost

[root@Client ~]#  vim /var/named/123.com.zone

$TTL 1D

@      IN SOA  @ admin.123.com. (

                                       20150723      ; serial

                                        1D      ; refresh

                                        1H      ;retry

                                        1W      ; expire

                                        3H)    ; minimum

       IN    NS       ns.123.com.

ns     IN    A        192.168.137.23

www    IN    A        11.11.11.11

       IN    MX   5   mail.123.com.

mail   IN    A        192.168.137.23

 

 

[root@Client ~]# named-checkzone"123.com" /var/named/123.com.zone

zone 123.com/IN: loaded serial 20150723

OK

//检测配置文件无错误

 

 

 

 

 

[root@Client ~]# vim /etc/named.conf

listen-on port 53 { 127.0.0.1;192.168.137.23; };

//添加一个监听的主机

[root@Client ~]# /etc/init.d/named restart

[root@Client ~]# dig @192.168.137.23mail.123.com

mail.123.com.           86400   IN     A       192.168.137.23

[root@Client ~]# dig @192.168.137.23www.123.com

www.123.com.            86400  IN      A       11.11.11.11

//可被解析出

 

 

 

 

做反向解析配置

[root@Client ~]# vim /etc/named.conf

zone "123.com" IN {

   type master;

   file "123.com.zone";

};

 

zone"137.168.192.in-addr.arpa" IN {

    type master;

    file "137.168.192.zone";

};

 

 

 

 

 

 

 

[root@Client ~]# vim/var/named/137.168.192.zone

$TTL 1D

@      IN SOA  @ admin.123.com. (

                                       20150723      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H)    ; minimum

       IN    NS       ns.123.com.

23     IN    RPT      ns.123.com.

23     IN    RPT      mail.123.com.

 

[root@Client ~]# named-checkconf

[root@Client ~]# named-checkzone"123.com" /var/named/123.com.zone

zone 123.com/IN: loaded serial 20150723

OK

[root@Client ~]# named-checkzone"137.168.192.in-addr.arpa" /var/named/137.168.192.zone

zone 137.168.192.in-addr.arpa/IN: loaded serial20150723

OK

[root@Client ~]# /etc/init.d/named restart

 

[root@Client ~]# dig @192.168.137.23-x192.168.137.23

23.137.168.192.in-addr.arpa. 86400 IN   PTR    ns.123.com.

23.137.168.192.in-addr.arpa. 86400 IN   PTR    mail.123.com.

//反解析成功

 

 

 

 

 

 

 

 

DNS主从配置

另开一台虚拟机

从上:

[root@client ~]# ifconfig

eth0  inet addr:192.168.137.21

[root@client ~]# yum install -y bind

[root@client ~]# vim /etc/named.conf

//      listen-on port 53 {127.0.0.1; };                   //注释了默认注释所有地址

//      listen-on-v6 port 53 {::1; };

 

 

zone "123.com"IN {

    type slave;

    file "slaves/123.com.zone";

    masters { 192.168.137.23; };

};

 

zone"137.168.192.in-addr.arpa" IN {

    type slave;

    file "slaves/137.168.192.zone";

    masters { 192.168.137.23; };

};

 

[root@client ~]# /etc/init.d/named start

 

[root@client ~]# ls /var/named/slaves/                 //查看有无文件生成,已产生

123.com.zone  137.168.192.zone

[root@client ~]# cat/var/named/slaves/123.com.zone

$ORIGIN .

$TTL 86400      ; 1 day

123.com                 IN SOA  123.com. admin.123.com. (

                                20150723   ; serial

                                86400      ; refresh (1 day)

                                3600       ; retry (1 hour)

                                604800     ; expire (1 week)

                                10800      ; minimum (3 hours)

                                )

                        NS      ns.123.com.

$ORIGIN 123.com.

mail                    A       192.168.137.23

ns                      A       192.168.137.23

www                     A       11.11.11.11

                        MX      5 mail

//查看该文件为从主上自动同步过来

 

 

 

 

 

 

主上:

[root@Client ~]# vim/var/named/123.com.zone         

20150723改成20150725                            

//没发生改变,该值会加1.从上以此判断有无改变

wang    IN   A        111.111.111.111             //增加一条记录

 

 

 

[root@Client ~]# vim /etc/named.conf

zone "123.com" IN {

   type master;

   file "123.com.zone";

    notify yes;

    also-notify { 192.168.137.21; };

 

};

 

 

zone "137.168.192.in-addr.arpa"IN {

   type master;

   file "137.168.192.zone";

    notify yes;

    also-notify { 192.168.137.21; };

};

 

 

[root@Client ~]# named-checkconf

[root@Client ~]# /etc/init.d/named restart

[root@Client ~]# dig @192.168.137.23wang.123.com

wang.123.com.           86400   IN     A       111.111.111.111

 

 

 

从上:

[root@client ~]# dig @192.168.137.21wang.123.com

wang.123.com.           86400   IN     A       111.111.111.111

[root@client ~]# cat/var/named/slaves/123.com.zone

$ORIGIN .

$TTL 86400      ; 1 day

123.com                 IN SOA  123.com. admin.123.com. (

                                20150725   ;serial

                                86400      ; refresh (1 day)

                                3600       ; retry (1 hour)

                                604800     ; expire (1 week)

                                10800      ; minimum (3 hours)

                                )

                        NS      ns.123.com.

$ORIGIN 123.com.

mail                    A       192.168.137.23

ns                      A       192.168.137.23

wang                    A       111.111.111.111

www                     A       11.11.11.11

                        MX      5 mail

 

//已自动同步

 

 

 

 

 

 

 

 

配置参考

主上:

[root@Client ~]# vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS

// server as a caching only nameserver (asa localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ forexample named configuration files.

//

 

options {

       listen-on port 53 { 127.0.0.1;192.168.137.23; };

       listen-on-v6 port 53 { ::1; };

       directory      "/var/named";

       dump-file      "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

       allow-query     { localhost; };

       recursion yes;

 

       dnssec-enable yes;

       dnssec-validation yes;

       dnssec-lookaside auto;

 

       /* Path to ISC DLV key */

       bindkeys-file "/etc/named.iscdlv.key";

 

       managed-keys-directory "/var/named/dynamic";

};

 

logging {

       channel default_debug {

                file"data/named.run";

                severity dynamic;

       };

};

 

zone "." IN {

       type hint;

       file "named.ca";

};

include"/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

zone "123.com" IN {

   type master;

   file "123.com.zone";

   notify yes;

   also-notify { 192.168.137.21; };

 

};

 

 

zone "137.168.192.in-addr.arpa"IN {

   type master;

   file "137.168.192.zone";

   notify yes;

   also-notify { 192.168.137.21; };

};

 

 

 

 

[root@Client ~]# vim/var/named/123.com.zone

$TTL 1D

@      IN SOA  @ admin.123.com. (

                                       20150725      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

       IN    NS       ns.123.com.

ns     IN    A        192.168.137.23

www    IN    A        11.11.11.11

       IN    MX   5  mail.123.com.

mail   IN    A        192.168.137.23

wang   IN    A        111.111.111.111

 

 

 

 

 

 

 

 

 

[root@Client ~]# vim/var/named/137.168.192.zone

$TTL 1D

@      IN SOA  @ admin.123.com. (

                                       20150723      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H)    ; minimum

       IN    NS       ns.123.com.

23     IN    PTR      ns.123.com.

23     IN    PTR     mail.123.com.

 

 

从上配置:

[root@client ~]# vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package toconfigure the ISC BIND named(8) DNS

// server as a caching only nameserver (asa localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ forexample named configuration files.

//

 

options {

//     listen-on port 53 { 127.0.0.1; };

//     listen-on-v6 port 53 { ::1; };

       directory      "/var/named";

       dump-file      "/var/named/data/cache_dump.db";

        statistics-file"/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

       allow-query     { localhost; };

       recursion yes;

 

       dnssec-enable yes;

       dnssec-validation yes;

       dnssec-lookaside auto;

 

       /* Path to ISC DLV key */

       bindkeys-file "/etc/named.iscdlv.key";

 

       managed-keys-directory "/var/named/dynamic";

};

 

logging {

       channel default_debug {

                file"data/named.run";

               severity dynamic;

       };

};

 

zone "." IN {

       type hint;

       file "named.ca";

};

 

include"/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

zone "123.com" IN {

   type slave;

   file "slaves/123.com.zone";

   masters { 192.168.137.23; };

};

 

zone "137.168.192.in-addr.arpa"IN {

   type slave;

   file "slaves/137.168.192.zone";

   masters { 192.168.137.23; };

};