首页 > 代码库 > DNS配置
DNS配置
DNS配置
实验环境
主dns:192.168.110.33
从dns:192.168.110.59
iptables and selinux disabled
yum install -y bind
主dns端
1.主配置文件(注意文件权限)
# ll /etc/named.conf
-rw-r-----. 1 root named 453 Aug 7 22:44 /etc/named.conf
# vim /etc/named.conf
options {
directory "/var/named"; #定义区域数据目录
};
zone "cheungssh.com" IN { #定义域
type master; #类型为master
file "cheungssh.com.zone"; #定义区域数据文件
};
zone "110.168.192.in-addr.arpa" { #反向解析
type master;
file "192.168.110.zone";
};
zone "." IN { #根域
type hint; #类型为根
file "named.ca";
};
zone "localhost" IN { #本地解析
type master;
2.区域数据文件(注意文件权限)
# pwd
/var/named
# ll
-rw-r-----. 1 root named 329 Aug 7 22:25 192.168.110.zone
-rw-r-----. 1 root named 427 Aug 8 00:27 cheungssh.com.zone
正向区域数据文件
# vim cheungssh.com.zone
$TTL 1D #ttl值为一天
cheungssh.com. IN SOA ns.cheungssh.com. admin.cheungssh.com. (
1026080702 ; serial #序列号(此文件修改一次,序列号必须变)
1D ; refresh #刷新时间
1H ; retry #重试时间
1W ; expire #过期时间
3H ) ; minimum #最小时常
IN NS ns #定义域所属的dns服务器
IN MX 10 mail #定义邮件记录
mail IN A 192.168.110.33
ns IN A 192.168.110.33
www IN A 192.168.110.33
ycc IN A 192.168.110.33
www IN A 192.168.110.34
ftp IN CNAME WWW #别名,ftp别名为www
vip IN A 192.168.197.100
rs1 IN A 192.168.197.105
rs2 IN A 192.168.197.107
反向区域数据文件
# vim 192.168.110.zone
$TTL 1D
@ IN SOA ns.cheungssh.com. admin.cheungssh.com. (
1026080702 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.cheungssh.com.
33 IN PTR ns.cheungssh.com.
33 IN PTR www.cheungssh.com.
33 IN PTR mail.cheungssh.com
34 IN PTR ns.cheungssh.com.
6 IN PTR hello.cheungssh.com.
3.在/etc/resolv.conf中指明dns服务器
# vim /etc/resolv.conf
nameserver 192.168.110.33
4.重启dns服务
5.命令测试
dig命令测试解析
# dig -t A www.cheungssh.com #-t指明rt记录
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t A www.cheungssh.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14084
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.cheungssh.com. IN A
;; ANSWER SECTION:
www.cheungssh.com. 86400 IN A 192.168.110.33
www.cheungssh.com. 86400 IN A 192.168.110.34
;; AUTHORITY SECTION: #权威答案
cheungssh.com. 86400 IN NS ns.cheungssh.com.
;; ADDITIONAL SECTION: #补充段,避免二次查询,直接将主机名转换为ip
ns.cheungssh.com. 86400 IN A 192.168.110.33
;; Query time: 0 msec
;; SERVER: 192.168.110.33#53(192.168.110.33)
;; WHEN: Sun Aug 7 00:59:32 2016
;; MSG SIZE rcvd: 84
# dig -t CNAME ftp.cheungssh.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t CNAME ftp.cheungssh.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57946
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ftp.cheungssh.com. IN CNAME
;; ANSWER SECTION:
ftp.cheungssh.com. 86400 IN CNAME WWW.cheungssh.com.
;; AUTHORITY SECTION:
cheungssh.com. 86400 IN NS ns.cheungssh.com.
;; ADDITIONAL SECTION:
ns.cheungssh.com. 86400 IN A 192.168.110.33
;; Query time: 0 msec
;; SERVER: 192.168.110.33#53(192.168.110.33)
;; WHEN: Sun Aug 7 01:10:39 2016
;; MSG SIZE rcvd: 86
# dig -t NS cheungssh.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -t NS cheungssh.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31012
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;cheungssh.com. IN NS
;; ANSWER SECTION:
cheungssh.com. 86400 IN NS ns.cheungssh.com.
;; ADDITIONAL SECTION:
ns.cheungssh.com. 86400 IN A 192.168.110.33
;; Query time: 0 msec
;; SERVER: 192.168.110.33#53(192.168.110.33)
;; WHEN: Sun Aug 7 01:11:56 2016
;; MSG SIZE rcvd: 64
dig测试反向解析
# dig -x 192.168.110.33
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.110.33
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6945
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;33.110.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
33.110.168.192.in-addr.arpa. 86400 IN PTR www.cheungssh.com.
33.110.168.192.in-addr.arpa. 86400 IN PTR mail.cheungssh.com.110.168.192.in-addr.arpa.
33.110.168.192.in-addr.arpa. 86400 IN PTR ns.cheungssh.com.
;; AUTHORITY SECTION:
110.168.192.in-addr.arpa. 86400 IN NS ns.cheungssh.com.
;; ADDITIONAL SECTION:
ns.cheungssh.com. 86400 IN A 192.168.110.33
;; Query time: 0 msec
;; SERVER: 192.168.110.33#53(192.168.110.33)
;; WHEN: Sun Aug 7 01:37:53 2016
;; MSG SIZE rcvd: 156
host命令测试解析
# host -t A www.cheungssh.com
www.cheungssh.com has address 192.168.110.33
www.cheungssh.com has address 192.168.110.34
# host -t A www.cheungssh.com
www.cheungssh.com has address 192.168.110.34
www.cheungssh.com has address 192.168.110.33
# host -t NS cheungssh.com
cheungssh.com name server ns.cheungssh.com.
# host -t MX cheungssh.com
cheungssh.com mail is handled by 10 mail.cheungssh.com. #10表示优先级是10
# host -t SOA cheungssh.com
cheungssh.com has SOA record ns.cheungssh.com. admin.cheungssh.com. 1026080701 86400 3600 604800 10800
从dns端
1.主配置文件(注意文件权限)
# ll /etc/named.conf
-rw-r-----. 1 root named 523 Aug 7 22:00 /etc/named.conf
# cat /etc/named.conf
options {
directory "/var/named";
};
zone "cheungssh.com" IN {
type slave; #类型为slave
file "slaves/cheungssh.com.zone"; #区域数据文件在slaves下
masters { 192.168.110.33; }; #指明主dns
};
zone "110.168.192.in-addr.arpa" {
type slave;
file "slaves/192.168.110.zone";
masters { 192.168.110.33; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
2.在/etc/resolv.conf中指明dns服务器
# vim /etc/resolv.conf
nameserver 192.168.110.33
3.重启dns服务,区域数据文件会从主dns同步至/var/named/slaves目录下
4.区域数据文件(注意文件权限,从主dns同步过来,一般权限不存在问题)
#pwd
/var/named
# ll
total 8
-rw-r--r--. 1 named named 458 Aug 7 23:01 192.168.110.zone
-rw-r--r--. 1 named named 459 Aug 7 23:01 cheungssh.com.zone
# cat cheungssh.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
cheungssh.com IN SOA ns.cheungssh.com. admin.cheungssh.com. (
1026080702 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.cheungssh.com.
MX 10 mail.cheungssh.com.
$ORIGIN cheungssh.com.
ftp CNAME WWW
mail A 192.168.110.33
ns A 192.168.110.33
www A 192.168.110.33
A 192.168.110.34
ycc A 192.168.110.33
# cat 192.168.110.zone
$ORIGIN .
$TTL 86400 ; 1 day
110.168.192.in-addr.arpa IN SOA ns.cheungssh.com. admin.cheungssh.com. (
1026080702 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns.cheungssh.com.
$ORIGIN 110.168.192.in-addr.arpa.
33 PTR ns.cheungssh.com.
PTR www.cheungssh.com.
PTR mail.cheungssh.com
34 PTR ns.cheungssh.com.
6 PTR hello.cheungssh.com.
5.测试
# dig ycc.cheungssh.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> ycc.cheungssh.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16006
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;ycc.cheungssh.com. IN A
;; ANSWER SECTION:
ycc.cheungssh.com. 86400 IN A 192.168.110.33
;; AUTHORITY SECTION:
cheungssh.com. 86400 IN NS ns.cheungssh.com.
;; ADDITIONAL SECTION:
ns.cheungssh.com. 86400 IN A 192.168.110.33
;; Query time: 0 msec
;; SERVER: 192.168.110.59#53(192.168.110.59)
;; WHEN: Mon Aug 8 03:01:28 2016
;; MSG SIZE rcvd: 84
本文出自 “真水无香” 博客,请务必保留此出处http://chengyanli.blog.51cto.com/11399167/1846788
DNS配置