正向解析,反向解析,主从,
主:主配置文件:
options {
listen-on port 53 { 127.0.0.1; 172.16.252.194; }; //监听的端口,即哪些主机可以进行访问
directory “/var/named”; //对应数据文件的目录位置
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; }; //运行哪些主机请求查询,这里选择any运行所有;
recursion yes; //将自己视为客户端的一种查询方式
//forward only; //只转发请求,不做解析,此时DNS服务器是一个缓冲服务器;
dnssec-enable no;
dnssec-validation no;
区域配置文件:
zone “iofunction.com” IN { //表示要解析的域名:正向解析时就是iofunction.com
type master; //该zone的类型,为主的,有{master|slave|hint|forward},除了根外默认为master
file “iofunction.com.zone”; //该zone的文件名称
allow-transfer { 172.16.252.120; };
};
zone “16.172.in-addr.arpa” IN { //反向的时候有固定的格式:ip网段的网络ID部分倒着写,.in-addr.arpa
type master;
file “16.172.zone”;
allow-transfer { 172.16.252.120; };
};
正向解析文件:
[root@localhost named]# cat iofunction.com.zone
$TTL 3600 //保存时间
@ IN SOA ns1.iofunction.com. ioadmin.iofunction.com. ( //@就表示iofunction.com 域名,SOA开始验证,
2017052305 //序列号,每次更改文件时,都要增加1,要不然从服务器不知道你是否有变化
2H //刷新时间
20M //重试时间
1W //过期时间
1D ) //否定答案的TTL值
@ IN NS ns1.iofunction.com. //NS就是服务器的缩写,后面记录的数据是DNS服务器的意思
@ IN NS ns2.iofunction.com.
ns1.iofunction.com. IN A 172.16.252.194 //对应DNS的地址,可以有多个,可做主从,多从,来缓解压力
ns2.iofunction.com. IN A 172.16.252.120
www IN A 192.168.153.128 //www主机名+域名,域名会自动添加上去,A表示的是正向解析记录,表示从网址解析成IP地址。
web IN A 192.168.152.129
study IN A 172.16.0.100
cname IN CNAME web //别名地址
ai IN A 1.1.1.1
反向解析文件:
[root@localhost named]# cat 16.172.zone
$TTL 3600
@ IN SOA ns1.iofunction.com. ioadmin.iofunction.com (
2017052301
1H
2H
1D
1D )
@ IN NS ns1.iofunction.com.
194.252 IN PTR ns1.iofunction.com. //PTR 有特定的格式,把ip地址反过来写,会把反向的zone_name拿过来添加到后面。
100.0 IN PTR study.iofunction.com.
***切记,文件生成后,要记得将文件的权限设置成其他人没有权限。属组设为name组***
从服务器:
options {
listen-on port 53 { 127.0.0.1; 172.16.252.120; }; //监听在自己的端口上
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
zone “iofunction.com” IN {
type slave; //从服务器上只需要把类型改成slave
file “slaves/iofunction.com.zone”; //相对路径,将同步后的文件放在哪,该目录的权限和属主属组。
masters { 172.16.252.194; }; //主服务器的地址
};
zone “16.172.in-addr.arpa” IN {
type slave;
file “slaves/16.172.zone”;
masters { 172.16.252.194; };
};
1、要将服务器开启:service named start
2、先在主服务器上测试能不能解析www.iofunction.com
dig -t A www.iofunction.com @172.16.252.194
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> -t A www.iofunction.com @172.16.252.194
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 //aa表示权威的DNS服务器那获得的解析
;; QUESTION SECTION:
;www.iofunction.com. IN A
;; ANSWER SECTION:
www.iofunction.com. 3600 IN A 192.168.153.128 //正向解析成功
;; AUTHORITY SECTION:
iofunction.com. 3600 IN NS ns1.iofunction.com.
iofunction.com. 3600 IN NS ns2.iofunction.com.
;; ADDITIONAL SECTION:
ns1.iofunction.com. 3600 IN A 172.16.252.194
ns2.iofunction.com. 3600 IN A 172.16.252.120
;; Query time: 2 msec
;; SERVER: 172.16.252.194#53(172.16.252.194)
;; WHEN: Wed May 24 00:27:26 2017
;; MSG SIZE rcvd: 120
3、反向解析192.168.153.128
[root@localhost named]# dig -x 172.16.0.100 @172.16.252.194
;; QUESTION SECTION:
;100.0.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.0.16.172.in-addr.arpa. 3600 IN PTR study.iofunction.com. 解析成功了
;; AUTHORITY SECTION:
16.172.in-addr.arpa. 3600 IN NS ns1.iofunction.com.
4、在主服务器上添加一条A记录
(1)vim iofunction.com
$TTL 3600
@ IN SOA ns1.iofunction.com. ioadmin.iofunction.com. (
2017052306 //序列号一定要改,要不然不会触发更新,就会导致主从不一致
2H
20M
1W
1D )
@ IN NS ns1.iofunction.com.
@ IN NS ns2.iofunction.com.
ns1.iofunction.com. IN A 172.16.252.194
ns2.iofunction.com. IN A 172.16.252.120
www IN A 192.168.153.128
web IN A 192.168.152.129
study IN A 172.16.0.100
cname IN CNAME web
new IN A 10.10.10.10 //添加一条新记录
(2)rndc reload //重读一下配置文件,就会触发更新。 rndc 953端口
tail /var/log/message 就可以看到传输的消息了
原创文章,作者:dance_man,如若转载,请注明出处:http://www.178linux.com/76830