DNS 主从协作及配置父子域实验

实验:DNS主从协作及配置父子域实验

实验拓扑图

blob.png

实验准备

    1、所有主机关闭防火墙和selinux

        service iptables stop

        chkconfig iptables off

        setenforce 0

    2、所有主机安装上bind bind-chroot

        yum -y install bind bind-chroot

    3、所有主机的DNS设置       

        cat /etc/resolv.conf 

            search centos6.cn

            nameserver 192.168.91.67

            nameserver 192.168.91.68

        

    Master 主配置文件 

    

        [root@node1 ~]# cat /etc/named.conf

            options {

                    listen-on port 53 { any; };

                    #listen-on-v6 port 53 { ::1; };

                    directory       "/var/named";

                    dump-file       "/var/named/data/cache_dump.db";

                    statistics-file "/var/named/data/named_stats.txt";

                    memstatistics-file "/var/named/data/named_mem_stats.txt";

                    allow-query     { any; };

                    recursion yes;

                    allow-transfer { none; };

                    bindkeys-file "/etc/named.iscdlv.key";

            

                    managed-keys-directory "/var/named/dynamic";

            };

            

            logging {

                    channel default_debug {

                            file "data/named.run";

                            severity dynamic;

                    };

            };

            

            zone "." IN {

                    type hint;

                    file "named.ca";

            };

            zone "centos6.cn" IN {

                    type master;

                    file "named.centos.cn";

                    allow-transfer { 192.168.91.68; }; #指定slave

            };

            zone "91.168.192.in-addr.arpa" IN {

                    type master;

                    file "named.192.168.91";

                    allow-transfer { 192.168.91.68; }; #指定slave

            };

            

            include "/etc/named.rfc1912.zones";

    Master 正向配置文件

        

        [root@node1 ~]# cat /var/named/named.centos.cn 

            $TTL 86400

            @       IN      SOA     master.centos6.cn. test.www.centos6.cn. (

                    2016080505

                    3H

                    15M

                    1W

                    1D

            )

            @       IN      NS      master.centos6.cn.

            @       IN      NS      slave.centos6.cn.

            master.centos6.cn.      IN      A       192.168.91.67

            slave.centos6.cn.       IN      A       192.168.91.68

            @                       IN      MX 10   mail.centos6.cn.

            www.centos6.cn.         IN      A       192.168.91.67

            node1.centos6.cn.       IN      A       192.168.91.67

            node2.centos6.cn.       IN      A       192.168.91.68

            node3.centos6.cn.       IN      A       192.168.91.69

            node4.centos6.cn.       IN      A       192.168.91.70

            niki                    IN      NS      dns.niki       #下面两行子域相关的配置

            dns.niki                IN      A       192.168.91.69

    Master 反向配置文件

        

        [root@node1 ~]# cat /var/named/named.192.168.91 

            $TTL    86400

            @       IN      SOA     master.centos6.cn. www.centos6.cn. (

                    2016080504

                    3H

                    15M

                    1W

                    1D

            )

            @       IN      NS      master.centos6.cn.

            @       IN      NS      slave.centos6.cn.

            67      IN      PTR     master.centos6.cn.

            68      IN      PTR     slave.centos6.cn.

            67      IN      PTR     www.centos6.cn.

            67      IN      PTR     node1.centos6.cn.

            68      IN      PTR     node2.centos6.cn.

            69      IN      PTR     node3.centos6.cn.

            70      IN      PTR     node4.centos6.cn.

    启动DNS服务 

        /etc/init.d/named start。

        chkocnfig named on

        至此Master配置完成

    Slave 主配置文件

    

                

        [root@node2 slaves]# cat /etc/named.conf

       

            options {

                    listen-on port 53 { any; };

                    #listen-on-v6 port 53 { ::1; };

                    directory       "/var/named";

                    dump-file       "/var/named/data/cache_dump.db";

                    statistics-file "/var/named/data/named_stats.txt";

                    memstatistics-file "/var/named/data/named_mem_stats.txt";

                    allow-query     { any; };

                    recursion yes;

                    bindkeys-file "/etc/named.iscdlv.key";

            

                    managed-keys-directory "/var/named/dynamic";

            };

            

            logging {

                    channel default_debug {

                            file "data/named.run";

                            severity dynamic;

                    };

            };

            

            zone "." IN {

                    type hint;

                    file "named.ca";

            };

            zone "centos6.cn" IN {

                    type slave;

                    file "slaves/named.centos.cn";

                    masters { 192.168.91.67; }; #指定Master

            };

            zone "91.168.192.in-addr.arpa" IN {

                    type slave;

                    file "slaves/named.192.168.91";

                    masters { 192.168.91.67; }; #指定Master

            };

            

            include "/etc/named.rfc1912.zones";

    

    Slave 不需要正向和反向解析文件,启动DNS服务后会自动从Master复制过来。查看 /var/named/slave 目录下有两个文件,是Master正向和反向解析文件

        

        [root@node2 slaves]# /etc/init.d/named start

        [root@node2 slaves]# chkconfig named on

        [root@node2 slaves]# ll /var/named/slaves/

        -rw-r–r–. 1 named named 528 Aug 10 10:04 named.192.168.91

        -rw-r–r–. 1 named named 574 Aug 10 11:36 named.centos.cn

        

测试

    master主机

    

        [root@node1 ~]# dig -t ns centos6.cn

        

        ;; QUESTION SECTION:

        ;centos6.cn.                    IN      NS

        

        ;; ANSWER SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.67#53(192.168.91.67)

        ;; WHEN: Wed Aug 10 11:54:37 2016

        ;; MSG SIZE  rcvd: 101

    

        [root@node1 ~]# dig -t A www.centos6.cn

        

        ;; QUESTION SECTION:

        ;www.centos6.cn.                        IN      A

        

        ;; ANSWER SECTION:

        www.centos6.cn.         86400   IN      A       192.168.91.67

        

        ;; AUTHORITY SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.67#53(192.168.91.67)

        ;; WHEN: Wed Aug 10 11:55:20 2016

        ;; MSG SIZE  rcvd: 121

    

    slave 主机

        

        [root@node2 ~]# dig -t ns centos6.cn

        

        ;; QUESTION SECTION:

        ;centos6.cn.                    IN      NS

        

        ;; ANSWER SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 2 msec

        ;; SERVER: 192.168.91.67#53(192.168.91.67)

        ;; WHEN: Wed Aug 10 14:18:13 2016

        ;; MSG SIZE  rcvd: 101

        

        [root@node2 ~]# dig -t A www.centos6.cn

        

        ;; QUESTION SECTION:

        ;www.centos6.cn.                        IN      A

        

        ;; ANSWER SECTION:

        www.centos6.cn.         86400   IN      A       192.168.91.67

        

        ;; AUTHORITY SECTION:

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 2 msec

        ;; SERVER: 192.168.91.67#53(192.168.91.67)

        ;; WHEN: Wed Aug 10 14:18:28 2016

        ;; MSG SIZE  rcvd: 121

    现在将master关机,模拟master发生故障,再次测试

        slave主机

        [root@node2 ~]# dig -t ns centos6.cn   

        

        ;; QUESTION SECTION:

        ;centos6.cn.                    IN      NS

        

        ;; ANSWER SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn. #会发现master和slave位置发生了变化

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.68#53(192.168.91.68)

        ;; WHEN: Wed Aug 10 14:22:54 2016

        ;; MSG SIZE  rcvd: 101

        

        [root@node2 ~]# dig -t A www.centos6.cn

        

        ;; QUESTION SECTION:

        ;www.centos6.cn.                        IN      A

        

        ;; ANSWER SECTION:

        www.centos6.cn.         86400   IN      A       192.168.91.67

        

        ;; AUTHORITY SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.68#53(192.168.91.68)

        ;; WHEN: Wed Aug 10 14:23:00 2016

        ;; MSG SIZE  rcvd: 121

    

    由此可以看出slave DNS是起作用的

    从域的域名:niki.centos6.cn。里面有台主机也叫www。FWQN:www.niki.centos6.cn。IP:192.168.91.70

    配置子域:

        1、在父域的master 正向解析文件里增加指定的NS并指向子域的主机名和IP地址即可,同时需要修改更新序列号,以便从服务器能够

            [root@node1 ~]# cat /var/named/named.centos.cn             

                @       IN      SOA     master.centos6.cn. test.www.centos6.cn. (

                2016080502 3H 15M 1W 1D ) # 序号增大

                #增加下面两行

                niki                    IN      NS      dns.niki

                dns.niki                IN      A       192.168.91.69   

             [root@node1 ~]# service named restart     

       2、配置子域,主配置文件和正向解析文件    

        主配置文件

            [root@node3 named]# cat /etc/named.conf

            options {

                    listen-on port 53 { any; };

                    #listen-on-v6 port 53 { ::1; };

                    directory       "/var/named";

                    dump-file       "/var/named/data/cache_dump.db";

                    statistics-file "/var/named/data/named_stats.txt";

                    memstatistics-file "/var/named/data/named_mem_stats.txt";

                    allow-query     { any; };

                    recursion yes;

       

                    bindkeys-file "/etc/named.iscdlv.key";

            

                    managed-keys-directory "/var/named/dynamic";

            };

            

            logging {

                    channel default_debug {

                            file "data/named.run";

                            severity dynamic;

                    };

            };

            

            zone "." IN {

                    type hint;

                    file "named.ca";

            };

            zone "niki.centos6.cn" IN {

                    type master;

                    file "named.niki.centos6.cn";

            };

            #将针对父域的查询请求转发给父域

            zone "centos6.cn" IN {

                    type forward;

                    forwarders { 192.168.91.67; 192.168.91.68; };

            };

            include "/etc/named.rfc1912.zones";

      

        正向解析文件。

            [root@node3 named]# cat named.niki.centos6.cn 

            $TTL 86400

            @       IN      SOA     dns.niki.centos6.cn.    root.niki.centos6.cn. (

                            2016080901

                            3H

                            15M

                            1W

                            1D)

                    IN      NS      dns

            dns     IN      A       192.168.91.69

            www     IN      A       192.168.91.70

                    IN      MX 10   mail

            mail    IN      A       192.168.91.69

先在子域上测试

    

        [root@node3 ~]# dig -t ns niki.centos6.cn @192.168.91.69

        

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns niki.centos6.cn @192.168.91.69

        ;; global options: +cmd

        ;; Got answer:

        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19172

        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

        

        ;; QUESTION SECTION:

        ;niki.centos6.cn.               IN      NS

        

        ;; ANSWER SECTION:

        niki.centos6.cn.        86400   IN      NS      dns.niki.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        dns.niki.centos6.cn.    86400   IN      A       192.168.91.69

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.69#53(192.168.91.69)

        ;; WHEN: Wed Aug 10 15:05:15 2016

        ;; MSG SIZE  rcvd: 67

        

        [root@node3 ~]# dig -t A www.niki.centos6.cn @192.168.91.69

        

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.niki.centos6.cn @192.168.91.69

        ;; global options: +cmd

        ;; Got answer:

        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64869

        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

        

        ;; QUESTION SECTION:

        ;www.niki.centos6.cn.           IN      A

        

        ;; ANSWER SECTION:

        www.niki.centos6.cn.    86400   IN      A       192.168.91.70

        

        ;; AUTHORITY SECTION:

        niki.centos6.cn.        86400   IN      NS      dns.niki.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        dns.niki.centos6.cn.    86400   IN      A       192.168.91.69

        

        ;; Query time: 0 msec

        ;; SERVER: 192.168.91.69#53(192.168.91.69)

        ;; WHEN: Wed Aug 10 15:05:38 2016

        ;; MSG SIZE  rcvd: 87

        测试成功

然后在父域Master上测试

        使用dig 和 nslookup 都可以测试,效果差不多,只是为了复习下其他的命令而已。这里也可以使用dig测试.dig -t ns niki.centos6.cn @192.168.91.67

        [root@node1 ~]# nslookup

        > set type=ns

        > niki.centos6.cn

        Server:         192.168.91.67

        Address:        192.168.91.67#53

        

        Non-authoritative answer:

        niki.centos6.cn nameserver = dns.niki.centos6.cn.

        

        Authoritative answers can be found from:

        dns.niki.centos6.cn     internet address = 192.168.91.69

还需要在Slave上测试

        

        [root@node2 ~]# host -a www.niki.centos6.cn 192.168.91.68

        Trying "www.niki.centos6.cn"

        Using domain server:

        Name: 192.168.91.68

        Address: 192.168.91.68#53

        Aliases: 

        

        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56586

        ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

        

        ;; QUESTION SECTION:

        ;www.niki.centos6.cn.           IN      ANY

        

        ;; ANSWER SECTION:

        www.niki.centos6.cn.    86400   IN      MX      10 mail.niki.centos6.cn.

        www.niki.centos6.cn.    86400   IN      A       192.168.91.70

        

        ;; AUTHORITY SECTION:

        niki.centos6.cn.        86369   IN      NS      dns.niki.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        mail.niki.centos6.cn.   86400   IN      A       192.168.91.69

        dns.niki.centos6.cn.    86369   IN      A       192.168.91.69

        

        Received 124 bytes from 192.168.91.68#53 in 3 ms

        如果Slave上测试不成功,尝试将Master的更新序列号调大,然后重启named 进程

最后测试在子域上查询父域管辖的区域

        

        [root@node3 ~]# dig -t ns centos6.cn @192.168.91.69

        

        ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns centos6.cn @192.168.91.69

        ;; global options: +cmd

        ;; Got answer:

        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28967

        ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

        

        ;; QUESTION SECTION:

        ;centos6.cn.                    IN      NS

        

        ;; ANSWER SECTION:

        centos6.cn.             86400   IN      NS      slave.centos6.cn.

        centos6.cn.             86400   IN      NS      master.centos6.cn.

        

        ;; ADDITIONAL SECTION:

        master.centos6.cn.      86400   IN      A       192.168.91.67

        slave.centos6.cn.       86400   IN      A       192.168.91.68

        

        ;; Query time: 3 msec

        ;; SERVER: 192.168.91.69#53(192.168.91.69)

        ;; WHEN: Wed Aug 10 15:19:08 2016

        ;; MSG SIZE  rcvd: 101

        

至此DNS主从协作及父子域实验完成

原创文章,作者:jslijb,如若转载,请注明出处:http://www.178linux.com/32507

(0)
jslijbjslijb
上一篇 2016-08-15
下一篇 2016-08-15

相关推荐

  • 8-4 文本处理工具

    本节主要了解文本处理工具 文件查看命令:cat  tac  rev     cat [OPTION]… [FILE]…         -E:显示行结束符$    &…

    Linux干货 2016-08-07
  • linux文件权限管理和用户,组管理常用命令应用实例

    用户和组概念简述 用户一般指使用计算机的人,GNU/linux通过用户和用户组实现对计算机的文件访问和设备使用控制。 用户分类1.管理员root(类似皇帝,权力最大)2.普通用户:分为系统用户和普通登录用户。系统用户不登录,常用于发起一些进程提供服务,防止进程被劫持带来的风险,所以尽量减少以root身份发起进程对外提供服务。3.用户标识UID。管理员的UID…

    2017-10-05
  • 双主模型的lvs-dr高可用负载均衡集群

    实验目的:使用keepalived实现lvs-dr模型双主高可用集群 实验环境:两台virtual server(实现lvs的双主)、两台real server(安装web service,用于负载均衡)、一台clietn用于验证结果 注意:为了不影响实验结果,在实验开始前先关闭iptables和selinux 操作步骤: 一、配置IP 1.配置A主机的IP…

    2017-05-13
  • 第五周作业

    1、显示当前系统上root,fedora或user1用户的默认shell。 [root@hostname ~]# grep -E ‘^(root|fedora|user1)’ /etc/passwd | cut -d: -f1,7 root:/bin/bash 2、找出/etc/rc.d/init.d/functions文件中某词后面跟一组小括号的行,形如:…

    Linux干货 2017-08-04
  • shell脚本4——特殊循环和函数

    循环的特殊用法: 1、while循环的特殊用法之遍历文件的每一行 while read line; do     循环体 done < /PATH/FROM/SOMEFILE 依次读取/PATH/FROM/SOMEFILE文件中的每一行,将每一行赋值给变量line…

    Linux干货 2016-08-21
  • CentOS6 网卡bonding

    Bonding ;理念 将多块网卡绑定同一IP地址对外提供服务,可以实现高可用 或者负载均衡。直接给两块网卡设置同一IP地址是不可以的 。通过bonding,虚拟一块网卡对外提供连接,物理网卡的 被修改为相同的MAC地址 banding工作模式 Mode 0 (balance-rr) 轮转(Round-robin)策略: 从头到尾顺序的在每一个slave 接…

    Linux干货 2017-11-24