DNS 主从协作及配置父子域实验

实验：DNS主从协作及配置父子域实验

实验拓扑图

实验准备

1、所有主机关闭防火墙和selinux

service iptables stop

chkconfig iptables off

setenforce 0

2、所有主机安装上bind bind-chroot

yum -y install bind bind-chroot

3、所有主机的DNS设置

cat /etc/resolv.conf

search centos6.cn

nameserver 192.168.91.67

nameserver 192.168.91.68

Master 主配置文件

[root@node1 ~]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

allow-transfer { none; };

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type master;

file "named.centos.cn";

allow-transfer { 192.168.91.68; }; #指定slave

};

zone "91.168.192.in-addr.arpa" IN {

type master;

file "named.192.168.91";

allow-transfer { 192.168.91.68; }; #指定slave

};

include "/etc/named.rfc1912.zones";

Master 正向配置文件

[root@node1 ~]# cat /var/named/named.centos.cn

$TTL 86400

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080505

15M

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

master.centos6.cn. IN A 192.168.91.67

slave.centos6.cn. IN A 192.168.91.68

@ IN MX 10 mail.centos6.cn.

www.centos6.cn. IN A 192.168.91.67

node1.centos6.cn. IN A 192.168.91.67

node2.centos6.cn. IN A 192.168.91.68

node3.centos6.cn. IN A 192.168.91.69

node4.centos6.cn. IN A 192.168.91.70

niki IN NS dns.niki #下面两行子域相关的配置

dns.niki IN A 192.168.91.69

Master 反向配置文件

[root@node1 ~]# cat /var/named/named.192.168.91

$TTL 86400

@ IN SOA master.centos6.cn. www.centos6.cn. (

2016080504

15M

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

67 IN PTR master.centos6.cn.

68 IN PTR slave.centos6.cn.

67 IN PTR www.centos6.cn.

67 IN PTR node1.centos6.cn.

68 IN PTR node2.centos6.cn.

69 IN PTR node3.centos6.cn.

70 IN PTR node4.centos6.cn.

启动DNS服务

/etc/init.d/named start。

chkocnfig named on

至此Master配置完成

Slave 主配置文件

[root@node2 slaves]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type slave;

file "slaves/named.centos.cn";

masters { 192.168.91.67; }; #指定Master

};

zone "91.168.192.in-addr.arpa" IN {

type slave;

file "slaves/named.192.168.91";

masters { 192.168.91.67; }; #指定Master

};

include "/etc/named.rfc1912.zones";

Slave 不需要正向和反向解析文件，启动DNS服务后会自动从Master复制过来。查看 /var/named/slave 目录下有两个文件，是Master正向和反向解析文件

[root@node2 slaves]# /etc/init.d/named start

[root@node2 slaves]# chkconfig named on

[root@node2 slaves]# ll /var/named/slaves/

-rw-r–r–. 1 named named 528 Aug 10 10:04 named.192.168.91

-rw-r–r–. 1 named named 574 Aug 10 11:36 named.centos.cn

测试

master主机

[root@node1 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:54:37 2016

;; MSG SIZE rcvd: 101

[root@node1 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:55:20 2016

;; MSG SIZE rcvd: 121

slave 主机

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:13 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS master.centos6.cn.

centos6.cn. 86400 IN NS slave.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:28 2016

;; MSG SIZE rcvd: 121

现在将master关机，模拟master发生故障，再次测试

slave主机

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn. #会发现master和slave位置发生了变化

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:22:54 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:23:00 2016

;; MSG SIZE rcvd: 121

由此可以看出slave DNS是起作用的

从域的域名：niki.centos6.cn。里面有台主机也叫www。FWQN：www.niki.centos6.cn。IP：192.168.91.70

配置子域：

1、在父域的master 正向解析文件里增加指定的NS并指向子域的主机名和IP地址即可，同时需要修改更新序列号，以便从服务器能够

[root@node1 ~]# cat /var/named/named.centos.cn

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080502 3H 15M 1W 1D ) # 序号增大

#增加下面两行

niki IN NS dns.niki

dns.niki IN A 192.168.91.69

[root@node1 ~]# service named restart

2、配置子域，主配置文件和正向解析文件

主配置文件

[root@node3 named]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "niki.centos6.cn" IN {

type master;

file "named.niki.centos6.cn";

};

#将针对父域的查询请求转发给父域

zone "centos6.cn" IN {

type forward;

forwarders { 192.168.91.67; 192.168.91.68; };

};

include "/etc/named.rfc1912.zones";

正向解析文件。

[root@node3 named]# cat named.niki.centos6.cn

$TTL 86400

@ IN SOA dns.niki.centos6.cn. root.niki.centos6.cn. (

2016080901

15M

1D)

IN NS dns

dns IN A 192.168.91.69

www IN A 192.168.91.70

IN MX 10 mail

mail IN A 192.168.91.69

先在子域上测试

[root@node3 ~]# dig -t ns niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19172

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:

;niki.centos6.cn. IN NS

;; ANSWER SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:15 2016

;; MSG SIZE rcvd: 67

[root@node3 ~]# dig -t A www.niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64869

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.niki.centos6.cn. IN A

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:38 2016

;; MSG SIZE rcvd: 87

测试成功

然后在父域Master上测试

使用dig 和 nslookup 都可以测试，效果差不多，只是为了复习下其他的命令而已。这里也可以使用dig测试.dig -t ns niki.centos6.cn @192.168.91.67

[root@node1 ~]# nslookup

> set type=ns

> niki.centos6.cn

Server: 192.168.91.67

Address: 192.168.91.67#53

Non-authoritative answer:

niki.centos6.cn nameserver = dns.niki.centos6.cn.

Authoritative answers can be found from:

dns.niki.centos6.cn internet address = 192.168.91.69

还需要在Slave上测试

[root@node2 ~]# host -a www.niki.centos6.cn 192.168.91.68

Trying "www.niki.centos6.cn"

Using domain server:

Name: 192.168.91.68

Address: 192.168.91.68#53

Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56586

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:

;www.niki.centos6.cn. IN ANY

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN MX 10 mail.niki.centos6.cn.

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86369 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

mail.niki.centos6.cn. 86400 IN A 192.168.91.69

dns.niki.centos6.cn. 86369 IN A 192.168.91.69

Received 124 bytes from 192.168.91.68#53 in 3 ms

如果Slave上测试不成功，尝试将Master的更新序列号调大，然后重启named 进程

最后测试在子域上查询父域管辖的区域

[root@node3 ~]# dig -t ns centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28967

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 3 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:19:08 2016

;; MSG SIZE rcvd: 101

至此DNS主从协作及父子域实验完成

原创文章，作者：jslijb，如若转载，请注明出处：http://www.178linux.com/32507

DNS 主从协作及配置父子域实验

相关推荐

iptables 入门

2016-10-18作业

find 命令详解

linux-系统启动和内核管理

Linux文件管理与bash特性

行编辑器sed