####################################################### DNS协议运行在UDP协议之上,使用端口号53。 安装DNS软件bind yum install bind bind-utils bind-devel bind-chroot -y
所有节点配置dns vim /etc/resolf.conf nameserver 192.168.56.100 nameserver 192.168.56.101
####################################################### bind-chroot为牢笼,我们是内部dns,为了方便不用设置 修改配置文件 vim /etc/named.conf
options { listen-on port 53 { any; };#定义监听的端口及ip地址 listen-on-v6 port 53 { ::1; };#定义监听的ipv6地址 directory "/var/named";#全局目录 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; };#允许查询的ip地址 forwarder{ 114.114.114.114;); #转发本地没有的记录
recursion yes; #是否允许递归查询
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
添加域 vim /etc/named.rfc1912.zones zone "test.com" IN { type master; file "test.com.zone"; allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };
};
检查语法是否正确,没有提示错误就是正确的 named-checkconf
创建正向解析文件 vim /var/named/test.com.zone $TTL 300; @ IN SOA dns1.test.com admin.test.com( 2017032800 ; Serial #序列号,通常为日期 300 ; Refresh #刷新时间,即每隔多久到主服务器检查一 1800 ; Retry #重试时间,? 604800 ; Expire #过期时间, 300 ; TTL #主服务器挂后,从服务器至多工作的时间? ) ; IN NS dns1 IN NS dns2 dns1 IN A 192.168.56.100 dns2 IN A 192.168.56.20
检查语法 named-checkzone test.com /var/named/test.com.zone 更改文件的组为named chown root:named test.com.zone
启动服务 systemctl start named.service
配置反向解析区域 vim /etc/named.rfc1912.zones zone "56.168.192.in-addr.arpa" IN { type master; file "56.168.192.in-addr-arpa"; allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };
}; 配置反向解析文件 vim /var/named/56.168.192.in-addr-arpa
$TTL 43200;
@ 86400 IN SOA dns1.test.com. admin.test.com.(
201411;
1h;
5m;
7d;
1d;
)
IN NS dns1.test.com.
100 IN PTR dns1.test.com.
20 IN PTR dns2.test.com.
检查配置文件 named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr-arpa 更改文件的组为named chown root:named 56.168.192.in-addr-arpa
重启服务 systemctl restart named.service
测试反向解析 dig -x 192.168.56.100
####################################################### 配置从DNS服务器 yum install bind bind-utils bind-devel bind-chroot -y 启动服务 systemctl restart named.service 复制主dns /etc/named.conf 到从DNS ####################################################### 修改配置文件 vim /etc/named.rfc1912.zones
zone "test.com" IN { type slave; masters { 192.168.56.100; }; file "slaves/test.com.zone"; allow-transfer{ none; }; }; zone "56.168.192.in-addr.arpa" IN { type slave; masters { 192.168.56.100; }; file "slaves/56.168.192.in-addr-arpa"; allow-transfer{ none; }; };
####################################################### 修改主DNS正向解析文件,序列有+1并添加IN NS dns2 vim /var/named/test.com.zone
IN NS dns2
dns2 IN A 192.168.56.20
修改DNS反向解析文件,序列号+1并添加dns2.test.com. vim /var/named/56.168.192.in-addr-arpa IN NS dns2.test.com.
重启主DNS服务后从DNS就回多两个文件 systemctl restart named.service
####################################################### 测试从DNS 关闭主DNS服务 systemctl stop named.service
两个节点ping dns1.test.com都能ping通,说明从DNS开始公示