配置解析一个正向区域:
1、定义区域
在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.conf)中实现:
(1) 在/etc/named.rfc1912.cnof中实现
[root@pxe120 named]# vim /etc/named.rfc1912.zones
type master;
file “named.loopback”;
allow-update { none; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.empty”;
allow-update { none; };
};
zone “ilinux.io” IN {
type master;
file “ilinux.io.zone”;
};
注意写入的时候一定要加“;”号
(2) 在/etc/named.conf中实现
[root@pxe120 named]# vim /etc/named.conf
options {
listen-on port 53 { 0.0.0.0; }; 此行需要将后面的地址改为 0.0.0.0;(注意0前的空格和“;”号后的空格)
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
//allow-query { localhost; }; 此行需要注释掉或将花括号内更改为{ any; } (注意输入空格和“;”号)
/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
//dnssec-enable yes; 此行需要注释掉,用//
//dnssec-validation yes; 此行需要注释掉,用//
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
2、建立区域数据文件(主要记录为A或AAAA记录)在/var/named目录下建立区域数据文件;
# vim /var/named/ilinux.io.zone
$TTL 600
ilinux.io. IN SOA ilinux.io. nsadmin.ilinux.io. (
2017052301
1H
5M
1W
6H )
IN NS dns1.ilinux.io.
IN NS dns2.ilinux.io. 此行若没有其他可以不写
IN MX 10 mail
dns1.ilinux.io. IN A 172.16.253.120 此处IP地址为本地IP
dns2.ilinux.io. IN A 172.16.253.121 此行没有其他的可以不写
www.ilinux.io. IN A 172.16.0.1
web IN CNAME www
ftp IN A 172.16.0.2
mail IN A 172.16.0.3
(注意加”.” ,不加就意味着词句是可以自动补全的)
3、检查语法错误
named-checkconf
named-checkzone “ilinux.io” ilinux.io.zone
4、权限及属组修改:
chown :named ilinux.io.zone
chmod o= /var/named/ilinux.io.zone
5、让服务器重载配置文件和区域数据文件
rndc reload
配置解析一个反向区域
1、定义区域
在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.conf)中实现:
(1) 在/etc/named.rfc1912.cnof中实现
# vim /etc/named.rfc1912.zones
type master;
file “named.loopback”;
allow-update { none; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.empty”;
allow-update { none; };
};
zone “ilinux.io” IN {
type master;
file “ilinux.io.zone”;
};
zone “16.172.in-addr.arpa” IN { 注意:反向区域的名字反写的网段地址 16.172.in-addr.arpa
type master;
file “172.16.zone”;
};
2、定义区域解析库文件(主要记录为PTR)
创建:在/var/named目录下创建172.16.zone
$TTL 1200
@ IN SOA ilinux.io. nsadmin.ilinux.io. (
2017052301
3H
20M
1W
1D )
@ IN NS dns1.ilinux.io.
@ IN NS dns2.ilinux.io.
120.253 IN PTR dns1.ilinux.io.
121.253 IN PTR dns2.ilinux.io.
1.0 IN PTR www.ilinux.io.
注意事项与正向相同
3、检查语法错误
named-checkconf
named-checkzone “1.0.16.172.in-addr.arpa” 172.16.zone
4、权限及属组修改:
chown :named 172.16.zone
chmod o= /var/named/172.16.zone
5、让服务器重载配置文件和区域数据文件
rndc reload
或 systemctl reload name.service
主从服务器配置(需要在两台或多台服务器上操作)
1、同步时间(如果时间不同步后续会产生不必要的一些麻烦)
$ ntpdate NTP_SERVER
因为在上面的实验里,我们已经配置好了一台具有DNS解析功能的服务器了,所以我们就把那一台机器作为主服务器使用。
配置从服务器
2、使用yum 安装bind
3、修改配置文件
# vim /etc/named.conf
ptions {
// listen-on port 53 { 127.0.0.1; }; 将此行用//注释掉
listen-on-v6 port 53 { ::1; };
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; }; 将花括号内更改为any
dnssec-enable no; 将yes更改为no
dnssec-validation no; 将yes更改为no
4、定义一个从域
# vim /etc/named.rfc1912.zones
zone “ilinux.io” IN {
type slave;
file “slaves/ilinux.io.zone”;
masters { 172.16.253.120; };
};
zone “16.172.in-addr.apra” IN {
type slave;
file “slaves/172.16.zone”;
masters { 172.16.253.120; };
};
检查语法: named-checkconf
开启服务:systemctl start named.service
测试:dig -t A www.ilinux.io @172.16.251.5
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.ilinux.io @172.16.251.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45865
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ilinux.io. IN A
;; ANSWER SECTION:
www.ilinux.io. 600 IN A 172.16.0.1
;; AUTHORITY SECTION:
ilinux.io. 600 IN NS dns1.ilinux.io.
ilinux.io. 600 IN NS dns2.ilinux.io.
;; ADDITIONAL SECTION:
dns1.ilinux.io. 600 IN A 172.16.253.120
dns2.ilinux.io. 600 IN A 172.16.253.121
;; Query time: 2 msec
;; SERVER: 172.16.251.5#53(172.16.251.5)
;; WHEN: Fri May 26 17:12:17 CST 2017
;; MSG SIZE rcvd: 128
dig -t NS ilinux.io @172.16.251.5
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t NS ilinux.io @172.16.251.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 652
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ilinux.io. IN NS
;; ANSWER SECTION:
ilinux.io. 600 IN NS dns1.ilinux.io.
ilinux.io. 600 IN NS dns2.ilinux.io.
;; ADDITIONAL SECTION:
dns1.ilinux.io. 600 IN A 172.16.253.120
dns2.ilinux.io. 600 IN A 172.16.253.121
;; Query time: 1 msec
;; SERVER: 172.16.251.5#53(172.16.251.5)
;; WHEN: Fri May 26 18:07:19 CST 2017
;; MSG SIZE rcvd: 108
子域授权
在主DNS服务器上进行授权
1、将以下内容添加到ilinux.io.zone
# vim /var/named/ilinux.io.zone
ops.ilinux.com. IN NS dns1.ops.ilinux.io
ops.ilinux.com. IN NS dns2.ops.ilinux.io
dns1.ops.ilinux.com. IN A 172.16.251.5
dns2.ops.ilinux.com. IN A 172.16.251.6
2、在子域DNS服务器上配置
使用yum安装bind
修改配置文件
# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; }; 使用//注释掉此行
listen-on-v6 port 53 { ::1; };
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; }; 将括号内的内容更改为any
dnssec-enable no; 将此行与下一行的yes更改为no
dnssec-validation no;
3、在/etc/named.rfc1912.zones中添加子域信息
# vim /etc/named.rfc1912.zones
zone “ops.ilinux.com” IN {
type master;
file “ops.ilinux.zone”;
};
4、定义子域解析库:
# vim /var/named/ops.ilinux.zone
$TTL 300
@ IN SOA ilinux.com. nsadmin.ilinux.com. (
2017052301
1H
2M
3D
1D )
IN NS dns1.ops.ilinux.com.
IN NS dns2.ops.ilinux.com.
dns1 IN A 172.16.251.5
dns2 IN A 172.16.251.6
www IN A 172.16.251.13
5、配置完成后测试:
# systemctl restart named
通过本机解析本域主机名
# host -t A www.ops.ilinux.com 172.16.251.5
Using domain server:
Name: 172.16.251.5
Address: 172.16.251.5#53
Aliases:
www.ops.ilinux.com has address 172.16.251.13
原创文章,作者:木,如若转载,请注明出处:http://www.178linux.com/76827
