首页 > 代码库 > dns服务
dns服务
desktop:(主dns)
主机名---dns-server.example.com
IP---172.25.254.144
指定yum源
/////////////////////////////////////////////////////////
[root@dns-server ~]# yum install bind -y ##安装bind软件包##
[root@dns-server ~]# systemctl start named ##开启named服务##
[root@dns-server ~]# ll /dev/random ##/dev/random为开启named服务时生成
的加密文件##
crw-rw-rw-. 1 root root 1, 8 Mar 15 07:16 /dev/random
[root@dns-server ~]# cat /dev/random
gu
IP‘
[root@dns-server ~]# vim /etc/named.conf ##named服务的配置文件##
......
9
10 options {
11 // listen-on port 53 { 127.0.0.1; }; ##注释该行,监听所有53端口
##
12 // listen-on-v6 port 53 { ::1; }; ##注释该行,监听所有53端口
##
13 directory "/var/named"; ##指定解析库位置##
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 allow-query { any; }; ##允许谁来查询##
18 forwarders { 172.25.254.250; }; ##指定上级DNS##
......
29 recursion yes; ##是否运行递归##
30
31 dnssec-enable yes;
32 dnssec-validation yes;
33 dnssec-lookaside auto;
34
35 /* Path to ISC DLV key */
36 bindkeys-file "/etc/named.iscdlv.key";
37
38 managed-keys-directory "/var/named/dynamic";
39
40 pid-file "/run/named/named.pid";
41 session-keyfile "/run/named/session.key";
42 };
43
44 logging { ##指定日志文件##
45 channel default_debug {
46 file "data/named.run";
47 severity dynamic;
48 };
49 };
50
51 zone "." IN { ##指定区域##
52 type hint; ##指定服务器类型虚拟DNS##
53 file "named.ca"; ##指定解析库名字##
54 };
55
56 include "/etc/named.rfc1912.zones"; ##包含配置文件/etc/named.rfc1912.zones##
57 include "/etc/named.root.key";
......
####正向解析####
[root@dns-server ~]# vim /etc/named.rfc1912.zones
......
25 zone "westoslinux.com" IN {
26 type master;
27 file "westoslinux.com.zone";
28 allow-update { none; };
29 allow-transfer { 172.25.254.244; }; ##允许同步本机A记>录文件的主机IP##
30 };
......
[root@dns-server ~]# cd /var/named/
[root@dns-server named]# ls
data named.ca named.localhost slaves
dynamic named.empty named.loopback
[root@dns-server named]# cp -p named.localhost westoslinux.com.zone
[root@dns-server named]# vim westoslinux.com.zone
1 $TTL 1D
2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westoslinux.com.
9 dns A 172.25.254.144
10 www A 172.25.254.125
[root@dns-server named]# systemctl restart named
####反向解析####
[root@dns-server ~]# vim /etc/named.rfc1912.zones
......
50 zone "254.25.172.in-addr.arpa" IN {
51 type master;
52 file "westoslinux.com.ptr";
53 allow-update { none; };
54 };
......
[root@dns-server named]# vim westoslinux.com.ptr
1 $TTL 1D
2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westoslinux.com.
9 dns A 172.25.254.144
10 222 PTR www.westoslinux.com.
11 233 PTR bbs.westoslinux.com.
[root@dns-server named]# systemctl restart named
[root@dns-server named]# vim westoslinux.com.zone
1 $TTL 1D
2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westoslinux.com.
9 dns A 172.25.254.144
10 www CNAME www.a.westoslinux.com.
11 www.a A 172.25.254.125
12 www.a A 172.25.254.225
13 westoslinux.com. MX 1 172.25.254.1.
[root@dns-server named]# systemctl restart named
虚拟机server:(辅助dns)
主机名:dns-server2.example.com
IP:172.25.254.244
指定yum源:vim /etc/yum.repos.d/rhel_dvd.repo
安装bind软件包:yum install bind -y
开启named服务:systemctl restart named
修改配置文件/etc/name.conf(与主dns一致)
重启named服务:systemctl restart named
火墙配置:
[root@dns-server2 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns-server2 ~]# firewall-cmd --reload
success
[root@dns-server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client dns ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@dns-server2 ~]# vim /etc/named.rfc1912.zones
......
25 zone "westoslinux.com" IN {
26 type slave; ##设定本机为辅助dns##
27 masters { 172.25.254.144; }; ##A记录文件同步主机IP##
28 file "slaves/westoslinux.com.zone"; ##存放A记录文件的>位置##
29 allow-update { none; };
30 };
......
[root@dns-server2 ~]# systemctl restart named
测试:
vim /etc/resolv.conf
nameserver 172.25.254.244 ##IP为辅助dns的IP##
补充:
/etc/named.rfc1912.zones
......
25 zone "westoslinux.com" IN {
26 type master;
27 file "westoslinux.com.zone";
28 allow-update { none; };
29 allow-transfer { 172.25.254.244; }; ##允许同步本机A记>录文件的主机IP##
30 also-notify { 172.25.254.244;};
31 };
每次重新启动服务要修改/var/named/westos.com.zone 中的serial值,一般改为日>期
设置主dns
vim /etc/named.rfc1912.zones
cp -p /var/named/westos.com.zone /mnt
chmod 770 /var/named
setsebool -P named_write_master_zones 1
辅助dns:
nsupdate
>server 172.25.254.100
>update add hello.westos.com 86400 A 172.25.254.100
>send
>quit
nsupdate
> server 172.25.254.100
> update delete hello.westos.com
>send
>quit
这样做可以让辅助dns 去更新主dns
dns服务