1. 配置正向解析
1.安装bind
yum install bind bind-utils -y
2.配置/etc/named.conf,需要修改的地方
listen-on port 53 { 127.0.0.1; 192.168.42.135; };
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
3.添加一个区域(srayban.com)
vim /etc/named.rfc1912.zones
zone "srayban.com" IN {
type master;
file "rayban.com.zone"
};
4.创建区域文件rayban.com.zone
vim /var/named/rayban.com.zone
$TTL 3600
$ORIGIN srayban.com.
@ IN SOA ns1.srayban.com. dnsadmin.srayban.com. (
2017052301
1H
10M
3D
1D )
IN NS ns1
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.42.151
ns2 IN A 192.168.42.152
www IN A 192.168.42.153
web IN CNAME www
5.修改权限
chmod o= srayban.com.zone chown :named srayban.com.zone
5.检查语法
named-checkconf #检查区域文件 named-checkzone "srayban.com" /var/named/srayban.com.zone zone srayban.com/IN: loaded serial 2017052301 OK
6.用dig命令测试
dig -t A www.srayban.com @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A www.srayban.com @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28861 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.srayban.com. IN A ;; ANSWER SECTION: www.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: srayban.com. 3600 IN NS ns1.srayban.com. srayban.com. 3600 IN NS ns2.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.151 ns2.srayban.com. 3600 IN A 192.168.42.152 ;; Query time: 0 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Tue May 23 20:24:23 CST 2017 ;; MSG SIZE rcvd: 128
2. 配置反向解析
1.增加反向区域模块
vim /etc/named.rfc1912.conf
zone "42.168.192.in-addr.arpa" {
type master;
file "42.168.192.in-addr.arpa.zone"
}
2.在/var/named/下,新增42.168.192.in-addr.arpa.zone文件
vim 42.168.192.in-addr.arpa.zone
$TTL 3600
$ORIGIN 42.168.192.in-addr.arpa.
@ IN SOA ns1.srayban.com. nsadmin.srayban.com. (
2017052302
1H
10M
3D
12H )
IN NS ns1.srayban.com.
151 IN PTR ns1.srayban.com.
152 IN PTR ns2.srayban.com.
153 IN PTR www.srayban.com.
3.修改权限
chmod o= /var/named/42.168.192.in-addr.arpa.zone chown :named /var/named/42.168.192.in-addr.arpa.zone
4.检查语法
named-checkconf named-checkzone "42.168.192.in-addr.arpa" /var/named/42.168.192.in-addr.arpa.z one zone 42.168.192.in-addr.arpa/IN: loaded serial 2017052302 OK
5.重载配置文件和区域数据文件
rndc reload
6.测试反向解析
dig -x 192.168.42.151 @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -x 192.168.42.151 @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4195 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;151.42.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 151.42.168.192.in-addr.arpa. 3600 IN PTR ns1.srayban.com. ;; AUTHORITY SECTION: 42.168.192.in-addr.arpa. 3600 IN NS ns1.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.151 ;; Query time: 9 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Tue May 23 22:30:05 CST 2017 ;; MSG SIZE rcvd: 115
3. DNS集群部署配置
我们现在要部署一个1主3从的dns服务器
> #主服务器 > 192.168.42.150 > #从服务器 > 192.168.42.151 > 192.168.42.152 > 192.168.42.153
1.我们还是拿之前的配置的那台作主服务器,因为我们需要改变之前的配置,配置如下
vim /var/named/srayban.com.zone
$TTL 3600
$ORIGIN srayban.com.
@ IN SOA ns1.srayban.com. dnsadmin.srayban.com. (
2017052311
1H
10M
3D
1D )
IN NS ns1
IN NS ns2
IN NS ns3
IN NS ns4
ns1 IN A 192.168.42.150
ns2 IN A 192.168.42.151
ns3 IN A 192.168.42.152
ns4 IN A 192.168.42.153
bbs IN A 192.168.42.151
taom IN A 192.168.42.152
www IN A 192.168.42.153
web IN CNAME www
2.从服务器安装bind(3台都得安装)
yum install bind bind-utils -y
3.配置从服务器的named.conf,配置如下:
vim /etc/namd.conf
#listen-on port 53 { 127.0.0.1; }; 注释这行
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
4.配置区域文件named.rfc1912.zones,新增内容如下:
vim /etc/named.rfc1912.zones
zone "srayban.com" IN {
type slave;
file "slaves/srayban.com.zone";
masters { 192.168.42.150; };
};
5.其他两台从服务器,做一样的配置即可
6.检查配置,启动named
named-checkconf systemctl start named.service
7.在每台机上测试
dig -t A www.srayban.com @192.168.42.151 dig -t A www.srayban.com @192.168.42.152 dig -t A www.srayban.com @192.168.42.153
都能得到正确结果
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A web.srayban.com @192.168.42.151 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55117 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.srayban.com. IN A ;; ANSWER SECTION: web.srayban.com. 3600 IN CNAME www.srayban.com. www.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: srayban.com. 3600 IN NS ns3.srayban.com. srayban.com. 3600 IN NS ns2.srayban.com. srayban.com. 3600 IN NS ns1.srayban.com. srayban.com. 3600 IN NS ns4.srayban.com. ;; ADDITIONAL SECTION: ns1.srayban.com. 3600 IN A 192.168.42.150 ns2.srayban.com. 3600 IN A 192.168.42.151 ns3.srayban.com. 3600 IN A 192.168.42.152 ns4.srayban.com. 3600 IN A 192.168.42.153 ;; Query time: 2 msec ;; SERVER: 192.168.42.151#53(192.168.42.151) ;; WHEN: Wed May 24 13:54:06 CST 2017 ;; MSG SIZE rcvd: 214
4. 子域授权
1.在主域数据库文件配置 ,增加子域部分
$TTL 3600
$ORIGIN srayban.com.
@ IN SOA ns1.srayban.com. dnsadmin.srayban.com. (
2017052313 ###更改版本号
1H
10M
3D
1D )
IN NS ns1
IN NS ns2
IN NS ns3
IN NS ns4
blog IN NS ns4.blog #####增加blog子域,定义二级域为blog.srayban.com
ns1 IN A 192.168.42.150
ns2 IN A 192.168.42.151
ns3 IN A 192.168.42.152
ns4 IN A 192.168.42.153
bbs IN A 192.168.42.151
taom IN A 192.168.42.152
www IN A 192.168.42.153
web IN CNAME www
ns4.blog IN A 192.168.42.153 #####做一下A记录,定义二级域的NS服务器地址
2.在named.rfc1912.zones添加子域区域
vim /etc/named.rfc1912.zones
zone "blog.srayban.com" IN {
type master;
file "blog.srayban.com.zone";
};
3.创建子域区域配置文件
vim /var/named/blog.srayban.com.zone
$TTL 3600
$ORIGIN blog.srayban.com.
@ IN SOA blog.srayban.com dnsadmin.srayban.com. (
2017021201 ###更改版本号
1D
30M
1D
1D )
IN NS ns4
ns4 IN A 192.168.42.153
www IN A 192.168.42.153
4.修改权限
chmod o= blog.srayban.com.zone chown :named blog.srayban.com.zone
5.测试子域是否配置成功
named-checkconf named-checkzone "blog.srayban.com." /var/named/blog.srayban.com.zone
6.验证是否成功
dig -t A www.blog.srayban.com @192.168.42.150 ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> -t A www.blog.srayban.com @192.168.42.150 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60741 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.blog.srayban.com. IN A ;; ANSWER SECTION: www.blog.srayban.com. 3600 IN A 192.168.42.153 ;; AUTHORITY SECTION: blog.srayban.com. 3600 IN NS ns4.blog.srayban.com. ;; ADDITIONAL SECTION: ns4.blog.srayban.com. 3600 IN A 192.168.42.153 ;; Query time: 1 msec ;; SERVER: 192.168.42.150#53(192.168.42.150) ;; WHEN: Wed May 24 17:01:21 CST 2017 ;; MSG SIZE rcvd: 99
原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/76833
评论列表(1条)
主要介绍了linux 下named服务的正向解析,反向解析,named有关集群配置及子域授权,内容写的很详尽,排版非常好,加油!