本实验需的注意问题:
1、运营商的服务器需要更改根指向服务器地址
2、根服务器上的配置文件/etc/named.conf需要将"."根区域禁用;
3、更改区域数据库文件的属组为named;chgrp named filename;
4、更改区域数据库文件的权限为640;chmod 640 filename;
5、关闭配置文件中的dnssec;
6、将配置文件/etc/named.conf中listen-on allow-query禁用;
7、检查配置文件:named-checkconf;
8、检查数据库配置文件:named-checkzone who.com /var/named/who.com.zone;
9、清缓存:rndc fiush;
10、关闭系统防火墙:iptables -F;
11、使用dig www.who.com @127.0.0.1进行测试;
根服务器配置信息:172.16.80.66
1、更改配置文件,添加“.”区域
vim /etc/named.rfc1912.zones
zone "."{
type master;
file root.zone;
allow-transfer{172.16.80.130;};
}
2、添加数据库文件root.zone
$TTL 1D
@ IN SOA dns1 root.com. (
20161205
1D
1H
1W
3H )
@ NS dns1
@ NS slave
slave A 172.16.80.130
dns1 A 172.16.80.66
com NS dns2
dns2 A 172.16.80.77
顶级域"com"的配置
1、在配置文件/etc/named.rfc1912.zones中添加"com"域;
zone "com" IN{
type master;
file "com.zone" ;
allow-transfer{172.16.80.130;};
}
2、建立数据库/var/named/com.zone
$TTL 1D
@ IN SOA com. root.com. (
20161205
1D
1H
1W
3H )
com. NS dns1
@ NS slave
slave A 172.16.80.130
dns1 A 172.16.80.77
who NS dns2
dns2 A 172.16.80.88
~
二级域whoareyou.com的配置信息:172.16.80.88
1、更改配置文件,添加“whoareyou.com”区域
zone "who.com" IN {
type master;
file "who.com.zone";
allow-transfer{172.16.80.130;};
};
2、添加数据库文件whoareyou.com.zone
$TTL 1D
@ IN SOA who.com. root.who.com. (
20161205
1D
1H
1W
3H )
who.com. IN NS dns1
@ IN NS slave
slave IN A 172.16.80.130
dns1 IN A 172.16.80.88
websrv IN A 8.8.8.8
www IN CNAME websrv
ftp IN NS dns3
dns3 IN A 172.16.80.88
运营商DNS配置信息:172.16.80.120
1、更改数据库文件/var/named/named.ca
将name.ca中对应的根的文件删除仅留1个,并将该ip改为配置的根IP;
[root@Centos6 named]# cat named.ca
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 172.16.80.66
备份服务器DNS配置信息,从服务器仅需要在/etc/named.rfc1912.zones中添加以下内容:
zone "." IN {
type slave;
file "slaves/root.zone";
masters{172.16.80.66;};
};
zone "com" IN {
type slave;
file "slaves/com.zone";
masters{ 172.16.80.77 ;};
};
zone "who.com" IN {
type slave;
file "slaves/who.com.zone";
masters{ 172.16.80.88 ;};
};
在客户机上进行测试:
[root@localhost ~]# dig www.who.com @172.16.80.120
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> www.who.com @172.16.80.120
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52710
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.who.com. IN A
;; ANSWER SECTION:
www.who.com. 86400 IN CNAME websrv.who.com.
websrv.who.com. 86400 IN A 172.16.80.77
;; AUTHORITY SECTION:
who.com. 86400 IN NS dns1.who.com.
;; ADDITIONAL SECTION:
dns1.who.com. 86400 IN A 172.16.80.88
;; Query time: 6 msec
;; SERVER: 172.16.80.120#53(172.16.80.120)
;; WHEN: Tue Dec 6 15:04:43 2016
;; MSG SIZE rcvd: 101
原创文章,作者:guo_ruillin,如若转载,请注明出处:http://www.178linux.com/62880