基于BIND实现的DNS正反解析及主从DNS的配置
标签: DNS正反解析 DNS主从复制
测试环境
准备2台虚拟机,一台为主DNS,IP地址为:192.168.103.161。另一台为从DNS,IP地址为:192.168.103.162
两台都装好bind,所需包有:bind,bind-utils,bind-libs
主DNS的配置文件
配置主文件/etc/named.conf,如下所示
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
编辑/etc/named.rfc1912.zones文件,如下所示
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "evan.org.cn" IN { #正向解析
type master; #类型为主DNS
file "evan.org.cn.zone"; #正向解析文件位置
allow-update { none; }; #允许自动更新
};
zone "103.168.192.in-addr.arpa" IN { #反向解析
type master; #类型为主DNS
file "192.168.103.zone"; #反向解析文件位置
allow-update { none; }; #允许自动更新
};
在/var/named/目录中添加正反向解析文件
添加正向解析文件:evan.org.cn.zone
$TTL 86440 @ IN SOA ns1.evan.org.cn. admin.evan.org.cn ( #SOA字段 2016040502 #版本号,同步一次+1 1H #更新时间 2M #更新失败,重试更新时间 3D #更新失败多长时间后此DNS失效时间 1D #解析不到请求不予回复的时间 ) IN NS ns1.evan.org.cn. #有两个域名服务器 IN NS ns2.evan.org.cn. IN MX 10 mx1.evan.org.cn. #定义邮件服务器,10指优先级 0-99数字越小优先级越高 IN MX 20 mx2.evan.org.cn. ns1 IN A 192.168.103.161 #ns1域名服务器的ip地址 ns2 IN A 192.168.103.162 #ns2域名服务器的ip地址 mx1 IN A 192.168.103.161 #mx1邮件服务器的ip地址 mx2 IN A 192.168.103.162 #mx2邮件服务器的ip地址 www IN A 192.168.103.161 #www.evan.org.cn的ip地址 ftp IN CNAME www #ftp的正式名字是www
添加反向解析文件:192.168.103.zone
$TTL 86440 @ IN SOA ns1.evan.org.cn. admin.evan.org.cn ( 2016040501 1H 2M 2D 1D ) IN NS ns1.evan.org.cn. IN NS ns2.evan.org.cn. 161 IN PTR ns1.evan.org.cn. #反向解析PTR格式 162 IN PTR ns2.evan.org.cn. 161 IN PTR mx1.evan.org.cn. 162 IN PTR mx2.evan.org.cn. 161 IN PTR www.evan.org.cn. 162 IN PTR www.evan.org.cn.
检查语法错误
[root@www named]# named-checkconf [root@www named]# named-checkzone "192.168.103.zone" /var/named/192.168.103.zone zone 192.168.103.zone/IN: loaded serial 2016040501 OK [root@www named]# named-checkzone "evan.org.cn.zone" /var/named/evan.org.cn.zone zone evan.org.cn.zone/IN: loaded serial 2016040501 OK
更改两个自定义区域文件的权限640及属组为named
[root@www named]# chmod 640 evan.org.cn.zone 192.168.103.zone [root@www named]# chown :named evan.org.cn.zone [root@www named]# chown :named 192.168.103.zone
重启主DNS,然后进行正反向解析测试
[root@www named]# dig -t A www.evan.org.cn @192.168.103.161 #正向解析测试 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -t A www.evan.org.cn @192.168.103.161 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4306 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.evan.org.cn. IN A ;; ANSWER SECTION: www.evan.org.cn. 86440 IN A 192.168.103.161 ;; AUTHORITY SECTION: evan.org.cn. 86440 IN NS ns2.evan.org.cn. evan.org.cn. 86440 IN NS ns1.evan.org.cn. ;; ADDITIONAL SECTION: ns1.evan.org.cn. 86440 IN A 192.168.103.161 ns2.evan.org.cn. 86440 IN A 192.168.103.162 ;; Query time: 0 msec ;; SERVER: 192.168.103.161#53(192.168.103.161) ;; WHEN: Wed Apr 6 22:28:58 2016 ;; MSG SIZE rcvd: 117 [root@www named]# dig -x 192.168.103.161 @192.168.103.161 #反向解析测试 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -x 192.168.103.161 @192.168.103.161 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50415 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;161.103.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 161.103.168.192.in-addr.arpa. 86440 IN PTR www.evan.org.cn. 161.103.168.192.in-addr.arpa. 86440 IN PTR ns1.evan.org.cn. 161.103.168.192.in-addr.arpa. 86440 IN PTR mx1.evan.org.cn. ;; AUTHORITY SECTION: 103.168.192.in-addr.arpa. 86440 IN NS ns1.evan.org.cn. 103.168.192.in-addr.arpa. 86440 IN NS ns2.evan.org.cn. ;; ADDITIONAL SECTION: ns1.evan.org.cn. 86440 IN A 192.168.103.161 ns2.evan.org.cn. 86440 IN A 192.168.103.162 ;; Query time: 1 msec ;; SERVER: 192.168.103.161#53(192.168.103.161) ;; WHEN: Wed Apr 6 22:32:53 2016 ;; MSG SIZE rcvd: 175
从DNS的配置文件
/etc/named.conf和主DNS配置一样
编辑区域文件/etc/named.rf1912.zones,紧接着添加正反解析,如下所示:
zone "evan.org.cn" IN { #正向解析
type slave; #类型从DNS
masters { 192.168.103.161; }; #主DNS ip地址
file "slaves/evan.org.cn.zone"; #evan.org.cn.zone拷贝到slaves目录下
allow-update { none; }; #允许自动更新
};
zone "103.168.192.in-addr.arpa" IN { #反向解析
type slave; #类型从DNS
masters { 192.168.103.161; }; #主DNS ip地址
file "slaves/192.168.103.zone"; #192.168.103.zone拷贝到slaves目录下
allow-update { none; }; #允许自动更新
};
重启从DNS,查看/var/named/slaves/目录,会出现192.168.103.zone和evan.org.cn.zone两个文件
测试正向解析
[root@ns2 ~]# dig -t NS evan.org.cn @192.168.103.161 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> -t NS evan.org.cn @192.168.103.161 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18709 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;evan.org.cn. IN NS ;; ANSWER SECTION: evan.org.cn. 86440 IN NS ns1.evan.org.cn. evan.org.cn. 86440 IN NS ns2.evan.org.cn. ;; ADDITIONAL SECTION: ns1.evan.org.cn. 86440 IN A 192.168.103.161 ns2.evan.org.cn. 86440 IN A 192.168.103.162 ;; Query time: 2 msec ;; SERVER: 192.168.103.161#53(192.168.103.161) ;; WHEN: Wed Apr 6 22:45:02 2016 ;; MSG SIZE rcvd: 97
主从同步
在主DNS /var/named/evan.org.cn.zone 中加一条A记录
$TTL 86440 @ IN SOA ns1.evan.org.cn. admin.evan.org.cn ( 2016040502 #版本号+1 1H 2M 3D 1D ) IN NS ns1.evan.org.cn. IN NS ns2.evan.org.cn. IN MX 10 mx1.evan.org.cn. IN MX 20 mx2.evan.org.cn. ns1 IN A 192.168.103.161 ns2 IN A 192.168.103.162 mx1 IN A 192.168.103.161 mx2 IN A 192.168.103.162 www IN A 192.168.103.161 ftp IN CNAME www img IN A 192.168.103.161 #添加的新纪录
主DNS重读配置文件
[root@www named]# service named reload Reloading named: [ OK ]
到从DNS上查看是否同步复制过来
$ORIGIN . $TTL 86440 ; 1 day 40 seconds evan.org.cn IN SOA ns1.evan.org.cn. admin.evan.org.cn.evan.org.cn. ( 2016040502 ; serial #版本号也随着更新了 3600 ; refresh (1 hour) 120 ; retry (2 minutes) 259200 ; expire (3 days) 86400 ; minimum (1 day) ) NS ns1.evan.org.cn. NS ns2.evan.org.cn. MX 10 mx1.evan.org.cn. MX 20 mx2.evan.org.cn. $ORIGIN evan.org.cn. ftp CNAME www img A 192.168.103.163 #新增加的A记录 mx1 A 192.168.103.161 mx2 A 192.168.103.162 ns1 A 192.168.103.161 ns2 A 192.168.103.162 www A 192.168.103.161 A 192.168.103.162
到这里,基于BIND实现的DNS正反解析及主从DNS的配置已经结束了。如果有不足之处,敬请见谅!
原创文章,作者:黑白子,如若转载,请注明出处:http://www.178linux.com/14333
