拓扑图
创建主DNS:
配置文件/etc/named.conf
listen-on port 53 { 127.0.0.1; }; //监听端口与IP,注释掉,或者将127.0.0.1改为localhost
allow-query { localhost; }; //允许查询的主机,注释掉
dnssec-enable no; //是否开启安全阀开关,将yes修改为no
dnssec-validation no; //是否进行安全认证,将yes修改为no
区域配置文件/etc/named.rfc1912.zone
zone “tom.com” IN {
type master;
file “tom.com.zone”;
};
配置匹配数据库/var/named/tom.com.zone
$TTL 1D
@ IN SOA tomdns1 tomadmin (
2017041501
1D
1H
1W
1D )
NS tomdns1
NS tomdns2
tomdns1 A 172.18.14.79
tomdns2 A 172.18.14.76
websrv A 6.6.6.6
www CNAME websrv
创建从DNS:
配置文件/etc/named.conf
listen-on port 53 { 127.0.0.1; }; //监听端口与IP,注释掉,或者将127.0.0.1改为localhost
allow-query { localhost; }; //允许查询的主机,注释掉
dnssec-enable no; //是否开启安全阀开关,将yes修改为no
dnssec-validation no; //是否进行安全认证,将yes修改为no
配置文件/etc/named.rfc1912.zone
zone “tom.com” IN {
type slave;
masters {172.18.14.79;};
file “slaves/tom.com.slave”;
};
创建父DNS:
配置文件/etc/named.conf
listen-on port 53 { 127.0.0.1; }; //监听端口与IP,注释掉,或者将127.0.0.1改为localhost
allow-query { localhost; }; //允许查询的主机,注释掉
dnssec-enable no; //是否开启安全阀开关,将yes修改为no
dnssec-validation no; //是否进行安全认证,将yes修改为no
配置文件/etc/named.rfc1912.zone
zone “com” IN {
type master;
file “com.zone”;
};
配置com域数据库/var/named/com.zone
$TTL 1D
@ IN SOA comdns comadmin (
2017041501
1D
1H
1W
1D )
NS comdns
tom NS tomdns1
tom NS tomdns2
comdns A 172.18.253.20
tomdns1 A 172.18.14.79
tomdns2 A 172.18.14.76
创建根域:
配置文件/etc/named.conf
listen-on port 53 { 127.0.0.1; }; //监听端口与IP,注释掉,或者将127.0.0.1改为localhost
allow-query { localhost; }; //允许查询的主机,注释掉
dnssec-enable no; //是否开启安全阀开关,将yes修改为no
dnssec-validation no; //是否进行安全认证,将yes修改为no
删除根域
zone “.” IN { //删除掉这个配置域
type hint;
file “named.ca”;
};
配置文件/etc/named.rfc1912.zone
zone “.” IN {
type master;
file “root.zone”;
};
配置根域数据库/var/named/root.zone
$TTL 1D
@ IN SOA rootdns rootadmin (
2017041501
1D
1H
1W
2D )
NS rootdns
com NS comdns
comdns A 172.18.253.20
rootdns A 172.18.251.207
修改每台设备上的/var/named/named.ca
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 172.18.251.207
配置内部DNS服务器
修改配置文件/etc/named.conf
listen-on port 53 { 127.0.0.1; }; //监听端口与IP,注释掉,或者将127.0.0.1改为localhost
allow-query { localhost; }; //允许查询的主机,注释掉
dnssec-enable no; //是否开启安全阀开关,将yes修改为no
dnssec-validation no; //是否进行安全认证,将yes修改为no
原创文章,作者:gaomei,如若转载,请注明出处:http://www.178linux.com/73355