1. 配置正向解析
1.安装bind
yum install bind bind-utils -y
2.配置/etc/named.conf,需要修改的地方
listen-on port 53 { 127.0.0.1; 192.168.42.135; }; allow-query { any; }; dnssec-enable no; dnssec-validation no;
3.添加一个区域(srayban.com)
vim /etc/named.rfc1912.zones zone "srayban.com" IN { type master; file "rayban.com.zone" };
4.创建区域文件rayban.com.zone
vim /var/named/rayban.com.zone $TTL 3600 $ORIGIN srayban.com. @ IN SOA ns1.srayban.com. dnsadmin.srayban.com. ( 2017052301 1H 10M 3D 1D ) IN NS ns1 IN MX 10 mx1 IN MX 20 mx2 ns1 IN A 192.168.42.151 ns2 IN A 192.168.42.152 www IN A 192.168.42.153 web IN CNAME www
5.修改权限
chmod o= srayban.com.zone chown :named srayban.com.zone
5.检查语法
named-checkconf #检查区域文件 named-checkzone "srayban.com" /var/named/srayban.com.zone zone srayban.com/IN: loaded serial 2017052301 OK
6.用dig命令测试
dig -t A www.srayban.com @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A www.srayban.com @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28861 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.srayban.com. IN A ;; ANSWER SECTION: www.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: srayban.com. 3600 IN NS ns1.srayban.com. srayban.com. 3600 IN NS ns2.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.151 ns2.srayban.com. 3600 IN A 192.168.42.152 ;; Query time: 0 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Tue May 23 20:24:23 CST 2017 ;; MSG SIZE rcvd: 128
2. 配置反向解析
1.增加反向区域模块
vim /etc/named.rfc1912.conf zone "42.168.192.in-addr.arpa" { type master; file "42.168.192.in-addr.arpa.zone" }
2.在/var/named/下,新增42.168.192.in-addr.arpa.zone文件
vim 42.168.192.in-addr.arpa.zone $TTL 3600 $ORIGIN 42.168.192.in-addr.arpa. @ IN SOA ns1.srayban.com. nsadmin.srayban.com. ( 2017052302 1H 10M 3D 12H ) IN NS ns1.srayban.com. 151 IN PTR ns1.srayban.com. 152 IN PTR ns2.srayban.com. 153 IN PTR www.srayban.com.
3.修改权限
chmod o= /var/named/42.168.192.in-addr.arpa.zone chown :named /var/named/42.168.192.in-addr.arpa.zone
4.检查语法
named-checkconf named-checkzone "42.168.192.in-addr.arpa" /var/named/42.168.192.in-addr.arpa.z one zone 42.168.192.in-addr.arpa/IN: loaded serial 2017052302 OK
5.重载配置文件和区域数据文件
rndc reload
6.测试反向解析
dig -x 192.168.42.151 @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -x 192.168.42.151 @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4195 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;151.42.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 151.42.168.192.in-addr.arpa. 3600 IN PTR ns1.srayban.com. ;; AUTHORITY SECTION: 42.168.192.in-addr.arpa. 3600 IN NS ns1.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.151 ;; Query time: 9 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Tue May 23 22:30:05 CST 2017 ;; MSG SIZE rcvd: 115
3. DNS集群部署配置
我们现在要部署一个1主3从的dns服务器
> #主服务器 > 192.168.42.150 > #从服务器 > 192.168.42.151 > 192.168.42.152 > 192.168.42.153
1.我们还是拿之前的配置的那台作主服务器,因为我们需要改变之前的配置,配置如下
vim /var/named/srayban.com.zone $TTL 3600 $ORIGIN srayban.com. @ IN SOA ns1.srayban.com. dnsadmin.srayban.com. ( 2017052311 1H 10M 3D 1D ) IN NS ns1 IN NS ns2 IN NS ns3 IN NS ns4 ns1 IN A 192.168.42.150 ns2 IN A 192.168.42.151 ns3 IN A 192.168.42.152 ns4 IN A 192.168.42.153 bbs IN A 192.168.42.151 taom IN A 192.168.42.152 www IN A 192.168.42.153 web IN CNAME www
2.从服务器安装bind(3台都得安装)
yum install bind bind-utils -y
3.配置从服务器的named.conf,配置如下:
vim /etc/namd.conf #listen-on port 53 { 127.0.0.1; }; 注释这行 allow-query { any; }; dnssec-enable no; dnssec-validation no;
4.配置区域文件named.rfc1912.zones,新增内容如下:
vim /etc/named.rfc1912.zones zone "srayban.com" IN { type slave; file "slaves/srayban.com.zone"; masters { 192.168.42.150; }; };
5.其他两台从服务器,做一样的配置即可
6.检查配置,启动named
named-checkconf systemctl start named.service
7.在每台机上测试
dig -t A www.srayban.com @192.168.42.151 dig -t A www.srayban.com @192.168.42.152 dig -t A www.srayban.com @192.168.42.153
都能得到正确结果
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A web.srayban.com @192.168.42.151 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55117 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.srayban.com. IN A ;; ANSWER SECTION: web.srayban.com. 3600 IN CNAME www.srayban.com. www.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: srayban.com. 3600 IN NS ns3.srayban.com. srayban.com. 3600 IN NS ns2.srayban.com. srayban.com. 3600 IN NS ns1.srayban.com. srayban.com. 3600 IN NS ns4.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.150 ns2.srayban.com. 3600 IN A 192.168.42.151 ns3.srayban.com. 3600 IN A 192.168.42.152 ns4.srayban.com. 3600 IN A 192.168.42.153 ;; Query time: 2 msec ;; SERVER: 192.168.42.151#53(192.168.42.151) ;; WHEN: Wed May 24 13:54:06 CST 2017 ;; MSG SIZE rcvd: 214
4. 子域授权
1.在主域数据库文件配置 ,增加子域部分
$TTL 3600 $ORIGIN srayban.com. @ IN SOA ns1.srayban.com. dnsadmin.srayban.com. ( 2017052313 ###更改版本号 1H 10M 3D 1D ) IN NS ns1 IN NS ns2 IN NS ns3 IN NS ns4 blog IN NS ns4.blog #####增加blog子域,定义二级域为blog.srayban.com ns1 IN A 192.168.42.150 ns2 IN A 192.168.42.151 ns3 IN A 192.168.42.152 ns4 IN A 192.168.42.153 bbs IN A 192.168.42.151 taom IN A 192.168.42.152 www IN A 192.168.42.153 web IN CNAME www ns4.blog IN A 192.168.42.153 #####做一下A记录,定义二级域的NS服务器地址
2.在named.rfc1912.zones添加子域区域
vim /etc/named.rfc1912.zones zone "blog.srayban.com" IN { type master; file "blog.srayban.com.zone"; };
3.创建子域区域配置文件
vim /var/named/blog.srayban.com.zone $TTL 3600 $ORIGIN blog.srayban.com. @ IN SOA blog.srayban.com dnsadmin.srayban.com. ( 2017021201 ###更改版本号 1D 30M 1D 1D ) IN NS ns4 ns4 IN A 192.168.42.153 www IN A 192.168.42.153
4.修改权限
chmod o= blog.srayban.com.zone chown :named blog.srayban.com.zone
5.测试子域是否配置成功
named-checkconf named-checkzone "blog.srayban.com." /var/named/blog.srayban.com.zone
6.验证是否成功
dig -t A www.blog.srayban.com @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A www.blog.srayban.com @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60741 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.blog.srayban.com. IN A ;; ANSWER SECTION: www.blog.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: blog.srayban.com. 3600 IN NS ns4.blog.srayban.com. ;; ADDITIONAL SECTION: ns4.blog.srayban.com. 3600 IN A 192.168.42.153 ;; Query time: 1 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Wed May 24 17:01:21 CST 2017 ;; MSG SIZE rcvd: 99
原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/76833
评论列表(1条)
主要介绍了linux 下named服务的正向解析,反向解析,named有关集群配置及子域授权,内容写的很详尽,排版非常好,加油!