Linux下DNS主从服务器区域解析

目录

一、实验要求

二、环境准备

2.1、准备两台虚拟机

2.2、关闭虚拟机上的防火墙和selinux

三、实验开始

3.1、主DNS的配置

3.2、从DNS的配置

四、测试

---

一、实验要求

DNS主从服务器:配置主DNS
规划：
192.168.xxx.xxx dns1.abc.com主域名服务器(注意为真实的IP)
192.168.xxx.xxx dns2.abc.com从域名服务器
172.16.0.100 fileserver.abc.com文件服务器
172.16.0.101 printserver.abc.com打印服务器
172.16.0.200 www.abc.com网站服务器
172.16.0.201 www.abc.com网站服务器
172.16.0.25 mail.abc.com邮件服务器
172.16.0.22 ntp.abc.com时间服务器
配置从DNS：从主DNS同步区域解析文件

二、环境准备

2.1、准备两台虚拟机

一台manage{192.168.153.133}为主DNS服务器，一台node1{192.168.153.132}为从DNS服务器。

2.2、关闭虚拟机上的防火墙和selinux

暂时关闭防火墙命令：systemctl stop firewalld
永久关闭防火墙命令：systemctl disable firewalld

查看防火墙状态命令：systemctl status firewalld

[root@manage ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor pre>
   Active: inactive (dead)
     Docs: man:firewalld(1)

selinux设置：
配置文件：/etc/sysconfig/selinux
使用vim编辑该配置文件，将SELINUX设置为disabled之后保存退出，使用getenforce命令查看结果是否为Disabled

[root@manage ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor pre>
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@manage ~]# cat /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.

SELINUX=disabled  # 修改为disabled


# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@manage ~]# getenforce   # 查看状态
Disabled

三、实验开始

3.1、主DNS的配置

搭建环境

[root@manage ~]# yum install bind -y

对主DNS服务器的主配置文件进行修改与配置

[root@manage ~]# vim /etc/named.conf

options {
        listen-on port 53 { 192.168.153.133; };   # 主DNS服务器的IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { 192.168.153.0/24; };
        allow-transfer  { 192.168.153.0/24; };   #从DNS服务器的IP地址所在网段


下滑到最后，编辑域
zone "abc.com"  IN {
             type master;
             file "abc.zone";
};


:wq保存并退出

进入到/var/named/：新建vim abc.zone，编辑以下内容

[root@manage ~]# cd /var/named/
[root@manage named]# vim abc.zone

$TTL 1D
@ IN SOA dns1.abc.com. test.163.com (
                                      0     ;serial   #序列号，主从同步序列号越大代表越新
                                      1D    ;refresh  #刷新时间
                                      1H    ;retry    #请求dns请求不到重试时间间隔
                                      1W    ;expire   #和主dns连接不上的时候，失效时间不在请求
                                      3H )  ;minimum  #最小的刷新时间

    IN NS dns1.abc.com.
    IN MX 10 mail.abc.com.
dns1.abc.com.          IN A 192.168.153.133
dns2.abc.com.          IN A 172.16.0.253
dns3.abc.com.          IN A 192.168.153.132   # 接上篇的DNS正向解析，在此加上dns3，后跟从服务器的IP
fileserver.abc.com.    IN A 172.16.0.100
printserver.abc.com.   IN A 172.16.0.101
www.abc.com.           IN A 172.16.0.200
www.abc.com.           IN A 172.16.0.201
mail.abc.com.          IN A 172.16.0.25
ntp.abc.com.           IN A 172.16.0.22
;CNAME: www.abc.com.  -> web.abc.com.
web  IN  CNAME www                           #别名：web.abc.com

启动服务： systemctl  restart  named

[root@manage named]# systemctl restart named

3.2、从DNS的配置

搭建环境

[root@node1 ~]# yum install bind -y

对从DNS服务器的主配置文件进行修改与配置

[root@node1 ~]# vim /etc/named.conf

options {
        listen-on port 53 { 192.168.153.132; };  # 从服务器的IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { 192.168.153.0/24; };   # 从服务器所在的网段



下滑到最后，编辑域
zone "abc.com" IN {
              type slave;
              masters { 192.168.153.133; };   # 主服务器的IP
              file "slaves/abc.zone";
};


:wq 保存并退出

启动服务： systemctl  restart  named

[root@node1 ~]# systemctl restart named

进入/var/name/slaves/目录下发出现会多一个文件

[root@node1 ~]# cd /var/named/slaves/
[root@node1 slaves]# ls -l
total 12
-rw-r--r--. 1 named named 588 Nov  1 15:06 abc.zone

四、测试

在从服务器上用nslookup测试，用yum安装

[root@node1 ~]# yum install bind-utils -y

[root@node1 ~]# nslookup www.abc.com 192.168.153.133
Server:		192.168.153.133
Address:	192.168.153.133#53

Name:	www.abc.com
Address: 172.16.0.200
Name:	www.abc.com
Address: 172.16.0.201

[root@node1 ~]# nslookup www.abc.com 192.168.153.132
Server:		192.168.153.132
Address:	192.168.153.132#53

Name:	www.abc.com
Address: 172.16.0.200
Name:	www.abc.com
Address: 172.16.0.201

实验结束