bind软件dns配置

01/01 02:32
阅读数 34

#######################################################
DNS协议运行在UDP协议之上,使用端口号53。
安装DNS软件bind
yum install bind bind-utils bind-devel bind-chroot -y


所有节点配置dns
vim /etc/resolf.conf
nameserver 192.168.56.100
nameserver 192.168.56.101


#######################################################
bind-chroot为牢笼,我们是内部dns,为了方便不用设置
修改配置文件
vim /etc/named.conf


options {
listen-on port 53 { any; };#定义监听的端口及ip地址
listen-on-v6 port 53 { ::1; };#定义监听的ipv6地址
directory "/var/named";#全局目录
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };#允许查询的ip地址
forwarder{ 114.114.114.114;); #转发本地没有的记录







   recursion yes; #是否允许递归查询
    dnssec-enable yes;
    dnssec-validation yes;
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};




zone "." IN {
type hint;
file "named.ca";
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

添加域
vim /etc/named.rfc1912.zones
zone "test.com" IN
{
type master;
file "test.com.zone";
allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };





};

检查语法是否正确,没有提示错误就是正确的
named-checkconf

创建正向解析文件
vim /var/named/test.com.zone
$TTL 300;
@ IN SOA dns1.test.com admin.test.com(
2017032800 ; Serial #序列号,通常为日期
300 ; Refresh #刷新时间,即每隔多久到主服务器检查一
1800 ; Retry #重试时间,?
604800 ; Expire #过期时间,
300 ; TTL #主服务器挂后,从服务器至多工作的时间?
)
;
IN NS dns1
IN NS dns2
dns1 IN A 192.168.56.100
dns2 IN A 192.168.56.20













检查语法
named-checkzone test.com /var/named/test.com.zone
更改文件的组为named
chown root:named test.com.zone


启动服务
systemctl start named.service

配置反向解析区域
vim /etc/named.rfc1912.zones
zone "56.168.192.in-addr.arpa" IN {
type master;
file "56.168.192.in-addr-arpa";
allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };




};
配置反向解析文件
vim /var/named/56.168.192.in-addr-arpa

$TTL 43200;
@ 86400 IN SOA dns1.test.com. admin.test.com.(
201411;
1h;
5m;
7d;
1d;
)
IN NS dns1.test.com.
100 IN PTR dns1.test.com.
20 IN PTR dns2.test.com.









检查配置文件
named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr-arpa
更改文件的组为named
chown root:named 56.168.192.in-addr-arpa


重启服务
systemctl restart named.service

测试反向解析
dig -x 192.168.56.100

#######################################################
配置从DNS服务器
yum install bind bind-utils bind-devel bind-chroot -y
启动服务
systemctl restart named.service
复制主dns /etc/named.conf 到从DNS
#######################################################
修改配置文件
vim /etc/named.rfc1912.zones







zone "test.com" IN
{
type slave;
masters { 192.168.56.100; };
file "slaves/test.com.zone";
allow-transfer{ none; };
};
zone "56.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.56.100; };
file "slaves/56.168.192.in-addr-arpa";
allow-transfer{ none; };
};











#######################################################
修改主DNS正向解析文件,序列有+1并添加IN NS dns2
vim /var/named/test.com.zone

IN    NS    dns2

dns2 IN A 192.168.56.20

修改DNS反向解析文件,序列号+1并添加dns2.test.com.
vim /var/named/56.168.192.in-addr-arpa
IN NS dns2.test.com.

重启主DNS服务后从DNS就回多两个文件
systemctl restart named.service

#######################################################
测试从DNS
关闭主DNS服务
systemctl stop named.service


两个节点ping dns1.test.com都能ping通,说明从DNS开始公示

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部