基于CentOS 6的主从DNS服务器搭建
基于CentOS 6的主从DNS服务器搭建
1、切换至root用户
2、两台服务器分布安装bind
yuminstallbind
3、对比两台服务器bind版本
4、修改主配置文件信息,建议将主配置文件备份后在进行修改。
cp/etc/named.conf/etc/named.conf.bak
vi/etc/named.conf
options{
listen-onport53{127.0.0.1;};//只监听本机53端口
listen-on-v6port53{::1;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{localhost;};//只允许本机递归查询
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*PathtoISCDLVkey*/
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
默认只监听本机的53端口,若要提供服务,最少应增加一个外网地址53端口的监听,并允许所有用户进行递归查询。并且注释所有的dnssec。
vi/etc/named.conf
options{
listen-onport53{192.168.0.15;127.0.0.1;};//增加监听地址,此处添加本机外网地址即可
listen-on-v6port53{::1;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query{any;};//允许所有
recursionyes;
// dnssec-enableyes;
// dnssec-validationyes;
// dnssec-lookasideauto;
/*PathtoISCDLVkey*/
// bindkeys-file"/etc/named.iscdlv.key";
//
// managed-keys-directory"/var/named/dynamic";
};
5、查看本服务器53端口的监听情况
[root@localhost~]#ss-tunlp|grep:53
udpUNCONN00192.168.0.15:53*:*users:(("named",4387,513))
udpUNCONN00127.0.0.1:53*:*users:(("named",4387,512))
udpUNCONN00::1:53:::*users:(("named",4387,514))
tcpLISTEN03::1:53:::*users:(("named",4387,22))
tcpLISTEN03192.168.0.15:53*:*users:(("named",4387,21))
tcpLISTEN03127.0.0.1:53*:*users:(("named",4387,20))
以上操作针对主从两台服务器配置相同。
6、主DNS服务器配置:
定义区域:
[root@localhost~]#cat/etc/named.rfc1912.zones
zone"armo.com"IN{
typemaster;
file"armo.com.zone";
};//正向区域
zone"0.168.192.in-addr.arpa"IN{
typemaster;
file"192.168.0.zone";
};//反向区域
定义区域解析库文件:
[root@localhost~]#cat/var/named/armo.com.zone $TTL1d @ IN SOA ns1.armo.com. admin.armo.com( 2016020301 1H 5M 7D 1D) IN NS ns1.armo.com. IN NS ns2.armo.com. IN MX 10 mx1.armo.com. IN MX 20 mx2.armo.com. ns1 IN A 192.168.0.1 ns2 IN A 192.168.0.17 mx1 IN A 192.168.0.4 mx2 IN A 192.168.0.1 www IN A 192.168.0.17//正向解析库文件 [root@localhost~]#cat/var/named/192.168.0.zone $TTL1d $ORIGIN0.168.192.in-addr.arpa. @ IN SOA ns1.armo.com. admin.armo.com.( 2016020301 1H 5M 7D 1D) IN NS ns1.armo.com. IN NS ns2.armo.com. 1 IN PTR ns1.armo.com. 17 IN PTR www.armo.com. 4 IN PTR mx1.armo.com. 1 IN PTR mx2.armo.com. 17 IN PTR ns2.armo.com. //反向解析库文件
检查是否有语法错误
name-checkconf//检查主配置文件是否有语法错误 named-checkzone"armo.com"/var/named/armo.com.zone//检查区域配置文件
更改文件权限及属组
[root@localhostnamed]#chmod640armo.com.zone [root@localhostnamed]#chown:namedarmo.com.zone//正向 [root@localhostnamed]#chmod640192.168.0.zone [root@localhostnamed]#chown:named192.168.0.zone//反向
测试主DNS服务器解析:
[root@localhost~][email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd ;;Gotanswer: ;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:52591 ;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:2,ADDITIONAL:2 ;;QUESTIONSECTION: ;www.armo.com. IN A ;;ANSWERSECTION: www.armo.com. 86400 IN A 192.168.0.17 ;;AUTHORITYSECTION: armo.com. 86400 IN NS ns2.armo.com. armo.com. 86400 IN NS ns1.armo.com. ;;ADDITIONALSECTION: ns1.armo.com. 86400 IN A 192.168.0.1 ns2.armo.com. 86400 IN A 192.168.0.17 ;;Querytime:2msec ;;SERVER:192.168.0.15#53(192.168.0.15) ;;WHEN:WedFeb306:01:382016 ;;MSGSIZErcvd:114//正向 [root@localhost~][email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd ;;Gotanswer: ;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:63940 ;;flags:qraardra;QUERY:1,ANSWER:1,AUTHORITY:0,ADDITIONAL:0 ;;QUESTIONSECTION: ;4.0.168.192.in-addr.arpa. IN PTR ;;ANSWERSECTION: 4.0.168.192.in-addr.arpa.86400 IN PTR localhost. ;;Querytime:29msec ;;SERVER:192.168.216.231#53(192.168.216.231) ;;WHEN:WedFeb306:03:422016 ;;MSGSIZErcvd:65//反向
7、从DNS服务器配置
测试与主DNS服务器的区域传送
[root@localhost~][email protected] ;<<>>DiG9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6<<>>[email protected] ;;globaloptions:+cmd armo.com. 86400 IN SOA ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400 armo.com. 86400 IN NS ns1.armo.com. armo.com. 86400 IN NS ns2.armo.com. armo.com. 86400 IN MX 10mx1.armo.com. armo.com. 86400 IN MX 20mx2.armo.com. mx1.armo.com. 86400 IN A 192.168.0.4 mx2.armo.com. 86400 IN A 192.168.0.1 ns1.armo.com. 86400 IN A 192.168.0.1 ns2.armo.com. 86400 IN A 192.168.0.17 www.armo.com. 86400 IN A 192.168.0.17 armo.com. 86400 IN SOA ns1.armo.com.admin.armo.com.armo.com.2016020301360030060480086400 ;;Querytime:21msec ;;SERVER:192.168.0.15#53(192.168.0.15) ;;WHEN:WedFeb306:04:402016 ;;XFRsize:11records(messages1,bytes273)
定义区域
[root@localhost~]#cat/etc/named.rfc1912.zones
zone"armo.com"IN{
typeslave;
masters{192.168.0.15;};
file"slave/armo.com.zone";
}
启动服务
servicenamedstart
查看同步信息
[root@localhost~]#tail/var/log/messages Feb306:20:42localhostnamed[15085]:zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:zonelocalhost.localdomain/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:zonelocalhost/IN:loadedserial0 Feb306:20:42localhostnamed[15085]:managed-keys-zone./IN:loadedserial2 Feb306:20:42localhostnamed[15085]:running Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:Transferstarted. Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:connectedusing192.168.0.17#43758 Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:transferredserial2016020301 Feb306:20:42localhostnamed[15085]:transferof'armo.com/IN'from192.168.0.15#53:Transfercompleted:1messages,11records,273bytes,0.001secs(273000bytes/sec) Feb306:20:42localhostnamed[15085]:zonearmo.com/IN:sendingnotifies(serial2016020301) [root@localhost~]#cat/var/named/slaves/armo.com.zone $ORIGIN. $TTL86400 ;1day armo.com INSOA ns1.armo.com.admin.armo.com.armo.com.( 2016020301;serial 3600;refresh(1hour) 300;retry(5minutes) 604800;expire(1week) 86400;minimum(1day) ) NS ns1.armo.com. NS ns2.armo.com. MX 10mx1.armo.com. MX 20mx2.armo.com. $ORIGINarmo.com. mx1 A 192.168.0.4 mx2 A 192.168.0.1 ns1 A 192.168.0.1 ns2 A 192.168.0.17 www A 192.168.0.17 [root@localhost~]#
至此DNS主从服务器建设完毕。
评论暂时关闭