实验环境
- 系统: CentOS Linux release 7.4.1708 (Core)
- 主服务器: 192.168.1.54
- 从服务器: 192.168.1.89
- 测试服务器: 192.168.1.49
安装dns服务
#两台服务器时间要保持一致
[root@private home]# /usr/sbin/ntpdate cn.pool.ntp.org
3 Nov 13:39:25 ntpdate[30164]: step time server 119.28.183.184 offset 1.287519 sec
#安装服务
[root@private home]# yum install -y bind bind-utils
#设置防火墙
[root@private home]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
[root@private home]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
配置服务
主服务器
#修改/etc/named.conf文件
[root@kvm000 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.54; }; #监听本机IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24 }; #允许解析请求的地址
recursion yes; #开启递归查询
dnssec-enable no; #关闭DNS安全扩展功能
dnssec-validation no; #关闭DNS安全验证
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
{
...
...
}
#修改/etc/named.rfc1912.zones
[root@kvm000 ~]# vim /etc/named.rfc1912.zones
zone "windns.com." IN { #创建正向解析域
type master;
file "windns.com.zone";
allow-update { none; };
allow-transfer { 192.168.1.89; }; #允许同步DNS的辅助服务器IP;
notify yes; #启用变更通告,当主服务器DNS区域文件发生变更后,通知从服务器进行比较同步;
};
zone "1.168.192.in-addr.arpa" IN { #创建反解析域
type master;
file "192.168.1.zone";
allow-update { none; };
allow-transfer { 192.168.1.89;};
notify yes;
};
#新建windns.com.zone正向解析文件
[root@kvm000 ~]# vim /var/named/windns.com.zone
$TTL 3600
$ORIGIN windns.com.
@ IN SOA windns.com. admin.windns.com. (
2018042101
1D
1H
1W
3H
)
@ IN NS ns1.windns.com.
@ IN NS ns2.windns.com.
ns1 IN A 192.168.1.54
ns2 IN A 192.168.1.89
www IN A 192.168.1.92
web IN CNAME www
#新建/var/named/192.168.1.zone反向解析文件
[root@kvm000 ~]# vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA windns.com. admin.windns.com. (
2018042101
1D
1H
1W
3H
)
@ IN NS ns1.windns.com.
@ IN NS ns2.windns.com.
54 IN PTR ns1.windns.com.
89 IN PTR ns2.windns.com.
92 IN PTR www.windns.com.
#检查配置文件
[root@kvm000 named]# named-checkzone windns.com windns.com.zone
zone windns.com/IN: loaded serial 2018042101
OK
[root@kvm000 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone
zone 1.168.192.in-addr.arpa/IN: loaded serial 2018042101
OK
#如没问题则启动服务
[root@kvm000 named]# systemctl start named
[root@kvm000 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-11-03 23:19:53 CST; 18min ago
Process: 12264 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 12260 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 12265 (named)
Tasks: 11
Memory: 63.0M
CGroup: /system.slice/named.service
└─12265 /usr/sbin/named -u named -c /etc/named.conf
Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: loaded serial 2018042101
Nov 03 23:19:53 kvm000 named[12265]: zone localhost.localdomain/IN: loaded serial 0
Nov 03 23:19:53 kvm000 named[12265]: all zones loaded
Nov 03 23:19:53 kvm000 named[12265]: running
Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 named[12265]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR started
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR ended
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#1911: received notify for zone 'windns.com'
从服务器配置
options {
listen-on port 53 { 192.168.1.89; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
{
...
...
}
#修改/etc/named.rfc1912.zones
vim
zone "windns.com" IN {
type slave; #指定类型为slave ;
file "slaves/windns.com.zone"; #指定同步文件的存放路径及名称;
masters { 192.168.1.54; }; #指定主服务器的IP;
masterfile-format text; #指定区域文件的格式为text,不指定有可能会为乱码(没错,这坑我又踩过);
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.1.zone";
masters { 192.168.1.54; };
masterfile-format text;
};
#检查配置文件是否正确
[root@private home]# named-checkconf /etc/named.conf
#如没问题则启动服务
[root@private home]# systemctl start named
[root@private home]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2018-11-03 23:37:18 CST; 5s ago
Process: 16589 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 16586 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 16591 (named)
Tasks: 9
Memory: 59.9M
CGroup: /system.slice/named.service
└─16591 /usr/sbin/named -u named -c /etc/named.conf
11月 03 23:37:18 private.winchannel.net named[16591]: zone localhost.localdomain/IN: loaded serial 0
11月 03 23:37:18 private.winchannel.net named[16591]: zone localhost/IN: loaded serial 0
11月 03 23:37:18 private.winchannel.net named[16591]: all zones loaded
11月 03 23:37:18 private.winchannel.net named[16591]: running
11月 03 23:37:18 private.winchannel.net systemd[1]: Started Berkeley Internet Name Domain (DNS).
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: Transfer started.
11月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...021
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: transferred serial 2018042101
11月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...ec)
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: sending notifies (serial ...01)
测试dns服务
修改dns地址
[root@sftp-server ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.54
nameserver 192.168.1.89
ping测试
# 返回结果是 192.168.1.92 , dns生效
[root@sftp-server ~]# ping www.windns.com
PING www.windns.com (192.168.1.92) 56(84) bytes of data.
64 bytes from www.windns.com (192.168.1.92): icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from www.windns.com (192.168.1.92): icmp_seq=2 ttl=64 time=0.168 ms
64 bytes from www.windns.com (192.168.1.92): icmp_seq=3 ttl=64 time=0.144 ms
nslookup测试
[root@sftp-server ~]# nslookup
> www.windns.com #域名测试解析结果
Server: 192.168.1.54
Address: 192.168.1.54#53
Name: www.windns.com
Address: 192.168.1.92
> 192.168.1.92 #IP测试解析域名
Server: 192.168.1.54
Address: 192.168.1.54#53
92.1.168.192.in-addr.arpa name = www.windns.com.
dig测试
# 正向测试 A记录
[root@sftp-server ~]# dig www.windns.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.windns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31367
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.windns.com. IN A
;; ANSWER SECTION:
www.windns.com. 3600 IN A 192.168.1.92
;; AUTHORITY SECTION:
windns.com. 3600 IN NS ns2.windns.com.
windns.com. 3600 IN NS ns1.windns.com.
;; ADDITIONAL SECTION:
ns1.windns.com. 3600 IN A 192.168.1.54
ns2.windns.com. 3600 IN A 192.168.1.89
;; Query time: 0 msec
;; SERVER: 192.168.1.54#53(192.168.1.54)
;; WHEN: Sat Nov 3 23:58:29 2018
;; MSG SIZE rcvd: 116
# 反向测试
[root@sftp-server ~]# dig 192.168.1.92
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> 192.168.1.92
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49348
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.1.92. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018110300 1800 900 604800 86400
;; Query time: 263 msec
;; SERVER: 192.168.1.54#53(192.168.1.54)
;; WHEN: Sat Nov 3 23:58:50 2018
;; MSG SIZE rcvd: 105
停主dns测试
#可以看到 解析的由1.54变成了1.89 测试生效~
[root@sftp-server ~]# nslookup
> www.windns.com
Server: 192.168.1.89
Address: 192.168.1.89#53
Name: www.windns.com
Address: 192.168.1.92
> 192.168.1.92
Server: 192.168.1.89
Address: 192.168.1.89#53
92.1.168.192.in-addr.arpa name = www.windns.com.
88网段测试
#修改网卡dns
C:\Users\baiyongjie>ipconfig /all
以太网适配器 以太网:
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
物理地址. . . . . . . . . . . . . : F4-8E-38-7E-D7-0B
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是
本地链接 IPv6 地址. . . . . . . . : fe80::6d84:a277:46d:2c7a%12(首选)
IPv4 地址 . . . . . . . . . . . . : 192.168.88.37(首选)
子网掩码 . . . . . . . . . . . . : 255.255.255.0
默认网关. . . . . . . . . . . . . : 192.168.88.1
DHCPv6 IAID . . . . . . . . . . . : 49581624
DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-23-0B-F2-AA-F4-8E-38-7E-D7-0B
DNS 服务器 . . . . . . . . . . . : 192.168.1.54
8.8.8.8
TCPIP 上的 NetBIOS . . . . . . . : 已启用
#ping 测试
C:\Users\baiyongjie>ping www.windns.com
正在 Ping www.windns.com [192.168.1.92] 具有 32 字节的数据:
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63