一、实验环境及IP地址规划
VMware Workstation 10.0, CentOS 6.5 X86系统
主DNS服务器:192.168.1.102
从DNS服务器:192.168.1.110
www服务器: 192.168.0.102
192.168.0.103
pop服务器: 192.168.0.109
二、实验步骤
1、关闭网络防火墙及SElinux(主从DNS服务器上都要有此操作)
[root@junjie ~]# /etc/init.d/iptables stop [root@junjie ~]# /etc/init.d/iptables status iptables: Firewall is not running. (注意:此步骤不容忽略,否则会吃大亏,比如我在此就耗费大半天的时间)
[root@junjie ~]# setenforce 0 [root@junjie ~]# getenforce Permissive(或是disable也可以)
主DNS服务器的安装及配置
2、 安装DNS服务器
[root@junjie ~]# yum install bind bind-libs bind-utils -y [root@junjie ~]# yum list all | grep ^bind bind.i686 32:9.8.2-0.17.rc1.el6_4.6 @Base bind-libs.i686 32:9.8.2-0.17.rc1.el6_4.6 @Base bind-utils.i686 32:9.8.2-0.17.rc1.el6_4.6 @Base bind-chroot.i686 32:9.8.2-0.17.rc1.el6_4.6 Base bind-devel.i686 32:9.8.2-0.17.rc1.el6_4.6 Base bind-dyndb-ldap.i686 2.3-5.el6 Base bind-sdb.i686 32:9.8.2-0.17.rc1.el6_4.6 Base
3、修改配置文件/etc/named.conf
[root@junjie ~]# mv /etc/named.conf /etc/named.conf.bak (先备份原始配置文件) [root@junjie ~]# vi /etc/named.conf
1 # named.conf
2 options {
3 directory "/var/named";
4 allow-recursion { 192.168.0.0/24; };
5
6 };
7
8
9 zone "." IN {
10 type hint;
11 file "named.ca";
12 };
13
14 zone "localhost" IN {
15 type master;
16 file "named.localhost";
17 allow-transfer { none; };
18 };
19
20 zone "0.0.127.in-addr.arpa" IN {
21 type master;
22 file "named.loopback";
23 allow-transfer { none; };
24 };
25
26 zone "junjie.com" IN {
27 type master;
28 file "junjie.com.zone";
29 allow-transfer { 192.168.0.110; };
30
31 };
32
33 zone "0.168.192.in-addr.arpa" IN {
34 type master;
35 file "192.168.0.zone";
36 allow-transfer { 192.168.0.110; };
37
38 };
4、新建正反向解析文件并修改权限及属组
[root@junjie ~]# cd /var/named [root@junjie named]# vi junjie.com.zone
1 $TTL 600 2 junjie.com. IN SOA ns1.junjie.com. admin.junjie.com. ( 3 2015041601 4 1H 5 5M 6 2D 7 6H) 8 IN NS ns1 9 IN NS ns2 10 ns1 IN A 192.168.0.102 11 ns2 IN A 192.168.0.110 12 www IN A 192.168.0.102 13 www IN A 192.168.0.103
[root@junjie named]# vi 192.168.0.zone
1 $TTL 600 2 @ IN SOA ns1.junjie.com. admin.junjie.com. ( 3 2015041601 4 1H 5 5M 6 2D 7 6H) 8 IN NS ns1.junjie.com. 9 IN NS ns2.junjie.com. 10 102 IN PTR ns1.junjie.com. 11 110 IN PTR ns2.junjie.com. 12 102 IN PTR www.junjie.com. 13 103 IN PTR www.junjie.com.
[root@junjie named]# chmod 640 junjie.com.zone 192.168.0.zone [root@junjie named]# chown root:named junjie.com.zone 192.168.0.zone [root@junjie named]# ll junjie.com.zone 192.168.0.zone -rw-r-----. 1 root named 366 Apr 12 07:02 192.168.0.zone -rw-r-----. 1 root named 342 Apr 12 07:02 junjie.com.zone
5、启动主DNS服务器上的named服务
[root@junjie named]# rndc-confgen -r /dev/urandom -a (首先执行此步操作,否则启动DNS服务会卡住不动) [root@junjie named]# service named start Starting named: [ OK ] [root@junjie named]# chkconfig named on (将named服务设为开机自启动) [root@junjie named]# chkconfig --list named named 0:off1:off2:on3:on4:on5:on6:off
主DNS服务器的安装及配置
6、安装DNS服务器(同2、此处省略具体步骤)
7、修改配置文件/etc/named.conf
[root@localhost ~]# mv /etc/named.conf /etc/named.conf.bak (先备份原始配置文件) [root@localhost ~]# vi /etc/named.conf
1 options {
2 directory "/var/named";
3 allow-recursion { 192.168.0.0/24; };
4 };
5
6 zone "." IN {
7 type hint;
8 file "named.ca";
9 };
10
11 zone "localhost" IN {
12 type master;
13 file "named.localhost";
14 allow-transfer { none; };
15 };
16
17 zone "0.0.127.in-addr.arpa" IN {
18 type master;
19 file "named.loopback";
20 allow-transfer { none; };
21 };
22
23 zone "junjie.com" IN {
24 type slave;
25 file "slaves/junjie.com.zone";
26 masters { 192.168.0.102; };
27 };
28
29 zone "0.168.192.in-addr.arpa" IN {
30 type slave;
31 file "slaves/192.168.0.zone";
32 masters { 192.168.0.102; };
33 };
34
三、进行实验
8、启动从DNS服务器上的named服务
[root@localhost ~]# rndc-confgen -r /dev/urandom -a (首先执行此步操作,否则启动DNS服务会卡住不动) [root@localhost ~]# service named start Starting named: [ OK ] [root@localhost ~]# chkconfig named on (将named服务设为开机自启动) [root@localhost ~]# chkconfig --list named named 0:off1:off2:on3:on4:on5:on6:off
9、查看同步结果
[root@localhost ~]# cd /var/named/slaves/ [root@localhost slaves]# ls 192.168.0.zone junjie.com.zone
[root@localhost slaves]# cat 192.168.0.zone $ORIGIN . $TTL 600 ; 10 minutes 0.168.192.in-addr.arpa IN SOA ns1.junjie.com. admin.junjie.com. ( 2015041601 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 172800 ; expire (2 days) 21600 ; minimum (6 hours) ) NS ns1.junjie.com. NS ns2.junjie.com. $ORIGIN 0.168.192.in-addr.arpa. 102 PTR ns1.junjie.com. PTR www.junjie.com. 103 PTR www.junjie.com. 110 PTR ns3.junjie.com.
[root@localhost slaves]# cat junjie.com.zone $ORIGIN . $TTL 600 ; 10 minutes junjie.com IN SOA ns1.junjie.com. admin.junjie.com. ( 2015041601 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 172800 ; expire (2 days) 21600 ; minimum (6 hours) ) NS ns1.junjie.com. NS ns2.junjie.com. $ORIGIN junjie.com. ns1 A 192.168.0.102 ns2 A 192.168.0.110 www A 192.168.0.102 A 192.168.0.103
此时,看的以上两个文件已经自动从主服务器上同步到从服务器上,表明实验成功。
以后每次,主服务器上更新正反向解析文件的话,从服务器上的解析文件会自动与之同步。以下为验证过程:
首先,在主DNS服务器上更新junjie.com.zone和192.168.0.zone文件,分别添加如下内容:
[root@junjie named]# vi junjie.com.zone
1 $TTL 600 2 junjie.com. IN SOA ns1.junjie.com. admin.junjie.com. ( 3 2015041602 4 1H 5 5M 6 2D 7 6H) 8 IN NS ns1 9 IN NS ns2 10 ns1 IN A 192.168.0.102 11 ns2 IN A 192.168.0.110 12 www IN A 192.168.0.102 13 www IN A 192.168.0.103 14 pop IN A 192.168.0.109
[root@junjie named]# vi 192.168.0.zone
1 $TTL 600 2 @ IN SOA ns1.junjie.com. admin.junjie.com. ( 3 2015041601 4 1H 5 5M 6 2D 7 6H) 8 IN NS ns1.junjie.com. 9 IN NS ns2.junjie.com. 10 102 IN PTR ns1.junjie.com. 11 110 IN PTR ns2.junjie.com. 12 102 IN PTR www.junjie.com. 13 103 IN PTR www.junjie.com. 14 109 IN PTR pop.junjie.com.
[root@junjie named]# service named restart
然后,在从DNS服务器上查看这两个解析文件192.168.0.zone和junjie.com.zone
[root@localhost slaves]# cat 192.168.0.zone $ORIGIN . $TTL 600; 10 minutes 0.168.192.in-addr.arpa IN SOA ns1.junjie.com. admin.junjie.com. ( 2015041602 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 172800 ; expire (2 days) 21600 ; minimum (6 hours) ) NSns1.junjie.com. NSns2.junjie.com. $ORIGIN 0.168.192.in-addr.arpa. 102 PTR ns1.junjie.com. PTR www.junjie.com. 103 PTR www.junjie.com. 109 PTR pop.junjie.com. 110 PTR ns2.junjie.com.
[root@localhost slaves]# cat junjie.com.zone $ORIGIN . $TTL 600; 10 minutes junjie.com IN SOA ns1.junjie.com. admin.junjie.com. ( 2015041602 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 172800 ; expire (2 days) 21600 ; minimum (6 hours) ) NSns1.junjie.com. NSns2.junjie.com. $ORIGIN junjie.com. ns1 A 192.168.0.102 ns2 A 192.168.0.110 pop A 192.168.0.109 www A 192.168.0.102 A192.168.0.103
可以看到,在主服务器更新的数据、序列号,在从服务器上都自动更新过来了,表明验证成功。
原创文章,作者:蝙蝠侠•杰,如若转载,请注明出处:http://www.178linux.com/3376
评论列表(1条)
看得出非常仔细,实验也很细致,赞,标签的添加有利于文章的seo