bind软件dns配置

####################################################### DNS协议运行在UDP协议之上，使用端口号53。 安装DNS软件bind yum install bind bind-utils bind-devel bind-chroot -y

所有节点配置dns vim /etc/resolf.conf nameserver 192.168.56.100 nameserver 192.168.56.101

####################################################### bind-chroot为牢笼，我们是内部dns，为了方便不用设置 修改配置文件 vim /etc/named.conf

options { listen-on port 53 { any; };#定义监听的端口及ip地址 listen-on-v6 port 53 { ::1; };#定义监听的ipv6地址 directory "/var/named";#全局目录 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; };#允许查询的ip地址 forwarder{ 114.114.114.114；）; #转发本地没有的记录

   recursion yes; #是否允许递归查询
    dnssec-enable yes;
    dnssec-validation yes;
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

};

logging { channel default_debug { file "data/named.run"; severity dynamic; }; };

zone "." IN { type hint; file "named.ca"; };

include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

添加域 vim /etc/named.rfc1912.zones zone "test.com" IN { type master; file "test.com.zone"; allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };

};

检查语法是否正确，没有提示错误就是正确的 named-checkconf

创建正向解析文件 vim /var/named/test.com.zone $TTL 300; @ IN SOA dns1.test.com admin.test.com( 2017032800 ; Serial #序列号，通常为日期 300 ; Refresh #刷新时间，即每隔多久到主服务器检查一 1800 ; Retry #重试时间，？ 604800 ; Expire #过期时间， 300 ; TTL #主服务器挂后，从服务器至多工作的时间？ ) ; IN NS dns1 IN NS dns2 dns1 IN A 192.168.56.100 dns2 IN A 192.168.56.20

检查语法 named-checkzone test.com /var/named/test.com.zone 更改文件的组为named chown root:named test.com.zone

启动服务 systemctl start named.service

配置反向解析区域 vim /etc/named.rfc1912.zones zone "56.168.192.in-addr.arpa" IN { type master; file "56.168.192.in-addr-arpa"; allow-transfer{ 127.0.0.1;192.168.56.100;192.168.56.101; };

}; 配置反向解析文件 vim /var/named/56.168.192.in-addr-arpa

$TTL 43200; @ 86400 IN SOA dns1.test.com. admin.test.com.( 201411; 1h; 5m; 7d; 1d; ) IN NS dns1.test.com.
100 IN PTR dns1.test.com. 20 IN PTR dns2.test.com.

检查配置文件 named-checkzone 56.168.192.in-addr.arpa /var/named/56.168.192.in-addr-arpa 更改文件的组为named chown root:named 56.168.192.in-addr-arpa

重启服务 systemctl restart named.service

测试反向解析 dig -x 192.168.56.100

####################################################### 配置从DNS服务器 yum install bind bind-utils bind-devel bind-chroot -y 启动服务 systemctl restart named.service 复制主dns /etc/named.conf 到从DNS ####################################################### 修改配置文件 vim /etc/named.rfc1912.zones

zone "test.com" IN { type slave; masters { 192.168.56.100; }; file "slaves/test.com.zone"; allow-transfer{ none; }; }; zone "56.168.192.in-addr.arpa" IN { type slave; masters { 192.168.56.100; }; file "slaves/56.168.192.in-addr-arpa"; allow-transfer{ none; }; };

####################################################### 修改主DNS正向解析文件，序列有+1并添加IN NS dns2 vim /var/named/test.com.zone

IN    NS    dns2

dns2 IN A 192.168.56.20

修改DNS反向解析文件，序列号+1并添加dns2.test.com. vim /var/named/56.168.192.in-addr-arpa IN NS dns2.test.com.

重启主DNS服务后从DNS就回多两个文件 systemctl restart named.service

####################################################### 测试从DNS 关闭主DNS服务 systemctl stop named.service

两个节点ping dns1.test.com都能ping通，说明从DNS开始公示