Centos 7.1 Bind主从搭建
##########################################################################
概览
DNS简单描述
1.环境准备
2.配置主DNS服务器
2.1. 主要配置文件
2.2. 配置/etc/named.conf
2.3. 配置/etc/named.rfc1912.zones
2.4. 配置/var/named/数据库文件
2.5 启动服务以及测试
3. 配置从dns服务器
3.1. 主DNS服务器上修改
3.2. 从DNS服务器修改
3.3.启动服务测试
###########################################################################
DNS简单描述
我们都知道,网络通信中,数据链路等使用的地址是MAC地址;网络层使用的是IP地址,传输层使用的地址是端口号,它们各有各的识别方式。而和用户关系最密切的就是IP地址,每个入网的(不论是Internet或Intranet)计算机都必须有自己的IP地址,这样才可保证信息的正确传递。但IP地址是数字构成的,非常难与记忆和表达他的实际用途,所以人们用形象的域名代替IP,方便交流和记忆,但需要注意的是,网络通信中数据包的传输是靠IP地址进行的。也就是说,当www.syd.com与www1.syd.com发送信息的时候,首先必须将自己的和对方的域名转化为实际的IP地址,并填写在数据包的头部,才进行数据的传输。而完成域名到IP或IP到域名的翻译(解析)的软件就是DNS服务系统。DNS服务系统必然要安装在某个计算机上,这个计算机就是所谓为的DNS服务器。
目前为止,实现这种域名解析的方法主要有三种:
1)hosts文件,但要求所有互相解析的机器必须都配置
2)NIS (SUN的技术)集中管理域名,只适合局域网,原因大家自己想
3)DNS 实现域名的层次化,分布式管理,目前大部分都是这种方式
DNS服务的配置比较难,而且可能需要ISP的支持,DNS也是各种网络应用服务的基础,例如网站,邮件。都需要域名的支持,而且有了DNS,IP的移植就方便多了。
###########################################################################
1.环境准备
主服务器IP :192.168.1.150
从服务器IP:192.168.1.200
关闭firewalld和selinux
OS:CentOS Linux release 7.1.1503 (Core)
bind软件:# yum install bindbind-utils
# rpm -qa bind*
bind-license-9.9.4-18.el7_1.5.noarch
bind-libs-lite-9.9.4-18.el7_1.5.x86_64
bind-libs-9.9.4-18.el7_1.5.x86_64
bind-utils-9.9.4-18.el7_1.5.x86_64
bind-9.9.4-18.el7_1.5.x86_64
域名:zrd.com
##########################################################################
2.配置主DNS服务器:
------------------------------------------------------------------------------------------------------------
2.1. 主要配置文件:
/etc/named.conf 主要配置端口,安全,日志相关日志
/etc/named.rfc1912.zones 定义正反解区域相关
/var/named/ 正反解数据库
------------------------------------------------------------------------------------------------------------
2.2. 配置/etc/named.conf
------------------------------------------------------------------------------------------------------------
#---------------------------------
# 备份/etc/named.conf配置文件
#---------------------------------
[[email protected] ~]# cp /etc/named.conf /etc/named.conf.bak
#---------------------------------
# 编辑/etc/named.conf配置文件
#双斜杠为注释内容
#---------------------------------
[[email protected]~]#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bindpackage to configure the ISC BIND named(8) DNS
// server as a caching onlynameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-onport 53 { 127.0.0.1; };
// listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNSserver, do NOT enable recursion.
- If you are building a RECURSIVE (caching)DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IPaddress, you MUST enable access
control to limit queries to your legitimateusers. Failing to do so will
cause your server to become part of largescale DNS amplification
attacks. Implementing BCP38 within yournetwork would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enableyes;
// dnssec-validationyes;
// dnssec-lookasideauto;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
2.3. 配置/etc/named.rfc1912.zones
#------------------------------------------------------------------
# 备份/etc/named.rfc1912.zones配置文件
#------------------------------------------------------------------
[[email protected]~]# cp/etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
#------------------------------------------------------------------
# 编辑/etc/named.rfc1912.zones配置文件
#双斜杠为注释内容
#------------------------------------------------------------------
[[email protected] ~]# vim/etc/named.rfc1912.zones
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
//##########################
//自定义zrd.com正向解的区域
//##########################
zone"zrd.com" IN {
type master;
file "zrd.com.zone";
};
//####################################################
//自定义反向解析
//####################################################
zone"1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr-arpa";
};
2.4. 配置/var/named/数据库文件
#------------------------------------------------------------------
#创建正向解析数据库文件/var/named/zrd.com.zone
#------------------------------------------------------------------
[[email protected] ~]# vimzrd.com.zone
$TTL 600
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015091901
1H
5M
3D
12H
)
IN NS dns
IN MX 10 mail
dns IN A 192.168.1.150
www IN A 192.168.1.151
mail IN A 192.168.1.152
pop IN CNAME mail
修改属组
[[email protected] ~]#chown.named /var/named/zrd.com.zone
#------------------------------------------------------------------
#创建反向解析数据库文件/var/named/1.168.192.in-addr-arpa
#------------------------------------------------------------------
[[email protected]ns1 ~]# vim/var/named/1.168.192.in-addr-arpa
$TTL 600
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015091901
1H
5M
3D
12H
)
IN NS dns.zrd.com.
150 IN PTR dns.zrd.com.
151 IN PTR www.zrd.com.
152 IN PTR mail.zrd.com.
2.5 启动服务以及测试
2.5.1 服务相关(停,启,查,服务器自启动,禁止自启动)
[[email protected] ~]#systemctl stop named
[[email protected] ~]#systemctl start named
[[email protected] ~]#systemctl status named
[[email protected] ~]#systemctl enable named
[[email protected] ~]#systemctl disable named
2.5.2 测试
查看侦听53端口domain服务是否已经开启
查看正反解析服务是否正常
PS:至此;不配置从DNS服务器,一台简单的DNS服务器已配置完成!
#######################################################################
#######################################################################
3. 配置从dns服务器
------------------------------------------------------------------------------------------------------------
3.1. 主DNS服务器上修改
3.1.1 修改/etc/named.rfc1912.zones
[[email protected] ~]# vim/etc/named.rfc1912.zones
//named.rfc1912.zones:
//
// Provided by RedHat caching-nameserver package
//
// ISC BIND namedzone configuration for zones recommended by
// RFC 1912 section4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R WFranks
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
/////////////////////////////////
//自定义zrd.com正解的区域
////////////////////////////////
zone"zrd.com" IN {
type master;
file "zrd.com.zone";
allow-transfer{ 127.0.0.1; 192.168.1.150; 192.168.1.200; }; //只允许特定的DNS服务器过来同步zone
};
////////////////////////////
//自定义反解析
////////////////////////////
zone"1.168.192.in-addr.arpa" IN {
type master;
file"1.168.192.in-addr-arpa";
allow-transfer { 127.0.0.1; 192.168.1.150;192.168.1.200; }; //只允许特定的DNS服务器过来同步zone
};
3.1.2. 正向解析文件修改
3.1.3. 反向解析文件修改
3.2. 从DNS服务器修改
#----------------------------------------------------------
#3.2.1. /etc/named.conf配置
#----------------------------------------------------------
[[email protected] slaves]#vim /etc/named.conf
dnssec-validation yes;
dnssec-lookaside auto;
*/
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "."IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
----------------------------------------------------------------
#----------------------------------------------------------
#3.2.2 /etc/named.rfc1912.zones 配置
#----------------------------------------------------------
[[email protected] slaves]#vim /etc/named.rfc1912.zones
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
////////////////////////////
//从服务器正解配置
////////////////////////////
zone"zrd.com." IN {
type slave;
masters { 192.168.1.150; };
file "slaves/zrd.com.zone";
allow-transfer { none; };
};
/////////////////////////
//从DNS服务器反解设置
/////////////////////////
zone"1.168.192.in-addr.arpa." IN {
type slave;
masters { 192.168.1.150; };
file"slaves/1.168.192.in-addr.zone";
allow-transfer{ none; }; //作为从服务器不应该让其他服务器zone传送。
};
#######################################################
3.3.启动服务测试
#systemctlstart named
正向解析测试
反向解析测试