准备:
本实验基于两台centos6.5其内核版本号为2.6.32-431.el6.x86_64
配置时间同步
# echo "#update system date by jiajie at 20170506" >>/var/spool/cron/root
# echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1" >>/var/spool/cron/root
关闭防火墙和SELINUX
# service iptables stop
# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
本实验的主DNS服务器IP是:192.168.1.16
,从DNS服务器的IP是192.168.1.20
。
主服务器:支持正反向解析,从服务器:从正反向解析
开始 配置主服务器(IP:192.168.1.16)
安装软件 # yum -y install bind bind-libs bind-utils
版本:bind.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.1
配置正向解析的数据库文件 ; 配置主DNS服务器的配置文件(只列出修改的):
# cat /etc/named.conf
options {
listen-on port 53 { 192.168.1.16; 127.0.0.1; };//or delete this line
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
*定义正向区域
*在该文件内添加下面的ZONE(注意格式和符号)
# tail /etc/named.rfc1912.zones
zone "jiajie.com" IN {
type master;
file "jiajie.zone";
};
创建区域解析库文件:
# vim /var/named/jiajie.com.zone
$TTL 1D
$ORIGIN jiajie.com.
@ IN SOA ns1.jiajie.com. jjzgood.126.com. (
20170507
1H
10M
5D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.1.16
ns2 IN A 192.168.1.20
mx1 IN A 192.168.1.17
mx2 IN A 192.168.1.18
www IN A 192.168.1.16
www IN A 192.169.1.20
ftp IN CNAME www
修改权限和属组:
# chown :named /var/named/jiajie.zone
# chmod 640 /var/named/jiajie.zone
查错和重启服务:
# named-checkconf
# named-checkzone "jiajie.com" /var/named/jiajie.zone
zone jiajie.com/IN: loaded serial 20170507
OK
# service named restart
# rndc status
现象:
# host -t A www.jiajie.com 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
www.jiajie.com has address 192.169.1.20
www.jiajie.com has address 192.168.1.16
# host -t A mx1.jiajie.com 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
mx1.jiajie.com has address 192.168.1.17
# host -t A ftp.jiajie.com 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
ftp.jiajie.com is an alias for www.jiajie.com.
www.jiajie.com has address 192.168.1.16
www.jiajie.com has address 192.169.1.20
由现象可以看出我们配置的主DNS服务器是成功的。
配置反向解析: 添加反向zone:
# tail /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
};
添加反向区域解析库文件:
# vim /var/named/192.168.1.zone
$TTL 1D
@ IN SOA ns1.jiajie.com. jjzgood.126.com. (
20170507
1H
10M
5D
1D )
IN NS ns1.jiajie.com.
IN NS ns2.jiajie.com.
16 IN PTR ns1.jiajie.com.
16 IN PTR www.jiajie.com.
20 IN PTR ns2.jiajie.com.
20 IN PTR www.jiajie.com.
17 IN PTR mx1.jiajie.com.
18 IN PTR mx2.jiajie.com.
检查和重新加载:
# named-checkconf
# named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone
zone 192.168.1.in-addr.arpa/IN: loaded serial 20170507
OK
# rndc reload
server reload successful
查看现象:
# host -t ptr 192.168.1.16 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
16.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.
16.1.168.192.in-addr.arpa domain name pointer ns1.jiajie.com.
# host -t ptr 192.168.1.20 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
20.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.
20.1.168.192.in-addr.arpa domain name pointer ns2.jiajie.com.
# host -t ptr 192.168.1.17 192.168.1.16
Using domain server:
Name: 192.168.1.16
Address: 192.168.1.16#53
Aliases:
17.1.168.192.in-addr.arpa domain name pointer mx1.jiajie.com.
WINDOWS平台查看:
配置从服务器(IP:192.168.1.20):
注意
从服务器应该是一台独立的服务器
主服务器的区域解析库里必须有一条NS记录志向从服务器
从服务器只需要定义区域,并不需要配置解析库文件
下载安装包:
yum -y install bind
yum -y install bind-utils
配置从服务器的配置文件
# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.20; 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
添加区域文件:
# vim /etc/named.rfc1912.zones
zone "jiajie.com" IN {
type slave;
masters { 192.168.1.16; };
file "slaves/jiajie.com.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.16; };
file "slaves/192.168.1.zone";
};
查错与加载:
# named-checkconf
# rndc reload
现象:这时候你会看见在/var/named/slaves/
目录下有两个文件(我们并没有创建)。可知从服务已经自动把主服务器的解析库文件复制过来了。
# ll /var/named/slaves/
192.168.1.zone jiajie.com.zone
这时你在主服务器上的解析库里添加或者修改数据,然后将系列号加1,这时候主服务器会通知从服务来“复制”数据。
排错:
一般出错就在于格式或者符号问题,细心点就可以排除大部分问题。
本人在配置反向解析库文件查错时出现了下面问题:
# named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone
/var/named/192.168.1.zone:3: ignoring out-of-zone data (1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:11: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:12: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:13: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:14: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:15: ignoring out-of-zone data (17.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:16: ignoring out-of-zone data (18.1.168.192.in-addr.arpa)
zone 192.168.1.in-addr.arpa/IN: has 0 SOA records
zone 192.168.1.in-addr.arpa/IN: has no NS records
zone 192.168.1.in-addr.arpa/IN: not loaded due to errors.
虽然报错,但是反向解析依然可以使用。我在多方寻求帮助未果,最后发现只要把/var/named/192.158.1.zone
中的$ORIGIN 1.168.192.in-addr.arpa
删除就可以了。这行本来就是可有可无的,写上只是为了好理解一点。
2017/5/7 11:55:42
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。