实验环境:
Centos 6.6
dns主服务器: dns-master 10.12.28.71
dns从服务器: dns-slave 10.12.28.72
dns客户端: dns-client 10.12.28.73
关闭防火墙
停用selinux
1、安装dns服务器和客户端程序
dns主服务器:
[root@dns-master ~]# yum install bind -y
dns从服务器
[root@dns-slave ~]# yum install bind -y
dns客户端
[root@dns-client ~]# rpm -qa |grep bind-utils bind-utils-9.8.2-0.30.rc1.el6.x86_64
2、配置dns服务器基本设置(dns主服务器和从服务器操作一样)
2.1、配置dns服务器全局属性 options {}
[root@dns-master ~]# vim /etc/named.conf options { listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; };
2.2、配置dns服务器开机启动
chkconfig named on
2.3、启动dns服务器
/etc/init.d/named start
3、在dns主服务器上添加对qq.com的正向解析和反向解析
3.1、在 /etc/named.rfc1912.zones 文件末尾添加对qq.com的正向和反向解析
[root@dns-master ~]# vim /etc/named.rfc1912.zones zone "qq.com" IN { type master; file "qq.com.zone"; }; zone "28.12.10.in-addr.arpa" IN { type master; file "10.12.28.zone"; };
3.2、添加文件 /var/named/qq.com.zone
[root@dns-master ~]# cat /var/named/qq.com.zone $TTL 86400 $ORIGIN qq.com. @ IN SOA ns1.qq.com. admin.qq.com. ( 2016020201 1H 5M 7D 1D ) IN NS ns1.qq.com. IN NS ns2.qq.com. ns1 IN A 10.12.28.71 ns2 IN A 10.12.28.72 host1 IN A 10.12.28.1 host2 IN A 10.12.28.2 host3 IN A 10.12.28.3 www IN CNAME host1 ftp IN CNAME host2 smtp IN MX 5 host3 * IN A 10.12.28.71
3.3、添加文件 /var/named/10.12.28.zone
[root@dns-master ~]# cat /var/named/10.12.28.zone $TTL 86400 @ IN SOA ns1.qq.com. admin.qq.com. ( 2016020201 1H 5M 7D 1D ) IN NS ns1.qq.com. IN NS ns2.qq.com. 71 IN PTR ns1.qq.com. 72 IN PTR ns2.qq.com. 1 IN PTR host1.qq.com. 2 IN PTR host2.qq.com. 3 IN PTR host3.qq.com. 1 IN PTR www.qq.com. 2 IN PTR ftp.qq.com. 3 IN PTR smtp.qq.com.
3.4、修改 /var/named/qq.com 和 /var/named/10.12.28.zone 文件权限和属组
[root@dns-master ~]# chmod 640 /var/named/qq.com.zone [root@dns-master ~]# chmod 640 /var/named/10.12.28.zone [root@dns-master ~]# chgrp named /var/named/qq.com.zone [root@dns-master ~]# chgrp named /var/named/10.12.28.zone [root@dns-master ~]# ll /var/named/ total 36 -rw-r-----. 1 root named 293 Feb 3 00:18 10.12.28.zone drwxrwx---. 2 named named 4096 Feb 3 00:18 data drwxrwx---. 2 named named 4096 Feb 3 00:18 dynamic -rw-r-----. 1 root named 2075 Apr 23 2014 named.ca -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback -rw-r-----. 1 root named 316 Feb 2 23:56 qq.com.zone drwxrwx---. 2 named named 4096 Jan 27 19:54 slaves
3.5、检查dns配置文件和解析库文件语法是否正确
[root@dns-master ~]# named-checkconf [root@dns-master ~]# named-checkzone "qq.com" /var/named/qq.com.zone zone qq.com/IN: loaded serial 2016020201 OK [root@dns-master ~]# named-checkzone "28.12.10.in-addr.arpa" /var/named/10.12.28.zone zone 28.12.10.in-addr.arpa/IN: loaded serial 2016020201 OK
3.6、重新加载dns配置文件和解析库文件
[root@dns-master ~]# /etc/init.d/named reload Reloading named: [ OK ] [root@dns-master ~]# rndc reload server reload successful
3.7、确认dns服务端口处于监听状态
[root@dns-master ~]# ss -tunlp |grep '\<53\>' udp UNCONN 0 0 10.12.28.71:53 *:* users:(("named",2147,513)) udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",2147,512)) tcp LISTEN 0 3 10.12.28.71:53 *:* users:(("named",2147,21)) tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",2147,20))
4、在dns从服务器上添加对qq.com的正向解析和反向解析
4.1、在 /etc/named.rfc1912.zones 文件末尾添加对qq.com的正向和反向解析
[root@dns-master ~]# vim /etc/named.rfc1912.zones zone "qq.com" IN { type slave; masters { 10.12.28.71; }; }; zone "28.12.10.in-addr.arpa" IN { type slave; masters { 10.12.28.71; }; };
4.2、检查dns配置文件文件语法是否正确
[root@dns-slave ~]# named-checkconf
4.3、重新加载dns配置文件和解析库文件
[root@dns-slave ~]# /etc/init.d/named reload Reloading named: [ OK ]
4.4、确认dns服务端口处于监听状态
[root@dns-slave ~]# ss -tunlp |grep '\<53\>' udp UNCONN 0 0 10.12.28.72:53 *:* users:(("named",1914,513)) udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",1914,512)) tcp LISTEN 0 3 10.12.28.72:53 *:* users:(("named",1914,21)) tcp LISTEN 0 3 127.0.0.1:53 *:* users:(("named",1914,20))
5、客户端测试,只对dns从服务器发起查询
[root@dns-client ~]# host -t A ns1.qq.com 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: ns1.qq.com has address 10.12.28.71 [root@dns-client ~]# host -t A ns2.qq.com 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: ns2.qq.com has address 10.12.28.72 [root@dns-client ~]# host -t A www.qq.com 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: www.qq.com is an alias for host1.qq.com. host1.qq.com has address 10.12.28.1 [root@dns-client ~]# host -t A ftp.qq.com 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: ftp.qq.com is an alias for host2.qq.com. host2.qq.com has address 10.12.28.2 [root@dns-client ~]# host -t MX smtp.qq.com 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: smtp.qq.com mail is handled by 5 host3.qq.com. [root@dns-client ~]# host -t PTR 10.12.28.1 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: 1.28.12.10.in-addr.arpa domain name pointer host1.qq.com. 1.28.12.10.in-addr.arpa domain name pointer [root@dns-client ~]# host -t PTR 10.12.28.2 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: 2.28.12.10.in-addr.arpa domain name pointer ftp.qq.com. 2.28.12.10.in-addr.arpa domain name pointer host2.qq.com. [root@dns-client ~]# host -t PTR 10.12.28.3 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: 3.28.12.10.in-addr.arpa domain name pointer host3.qq.com. 3.28.12.10.in-addr.arpa domain name pointer smtp.qq.com. [root@dns-client ~]# host -t PTR 10.12.28.71 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: 71.28.12.10.in-addr.arpa domain name pointer ns1.qq.com. [root@dns-client ~]# host -t PTR 10.12.28.72 10.12.28.72 Using domain server: Name: 10.12.28.72 Address: 10.12.28.72#53 Aliases: 72.28.12.10.in-addr.arpa domain name pointer ns2.qq.com.