Centos 7 安装配置DNS主从服务

实验环境

  • 系统: CentOS Linux release 7.4.1708 (Core)
  • 主服务器: 192.168.1.54
  • 从服务器: 192.168.1.89
  • 测试服务器: 192.168.1.49

安装dns服务

#两台服务器时间要保持一致
[root@private home]# /usr/sbin/ntpdate cn.pool.ntp.org
 3 Nov 13:39:25 ntpdate[30164]: step time server 119.28.183.184 offset 1.287519 sec

#安装服务
[root@private home]# yum install -y bind bind-utils

#设置防火墙
[root@private home]# iptables -I INPUT -p udp --dport 53 -j ACCEPT

[root@private home]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53

配置服务

主服务器
#修改/etc/named.conf文件
[root@kvm000 ~]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.1.54; }; #监听本机IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24 }; #允许解析请求的地址
        recursion yes; #开启递归查询
        dnssec-enable no;  #关闭DNS安全扩展功能
        dnssec-validation no;  #关闭DNS安全验证
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

{
    ...
    ...
}


#修改/etc/named.rfc1912.zones
[root@kvm000 ~]# vim /etc/named.rfc1912.zones
zone "windns.com." IN {    #创建正向解析域
        type master;
        file "windns.com.zone";
        allow-update { none; };
        allow-transfer { 192.168.1.89; };  #允许同步DNS的辅助服务器IP;
        notify yes;  #启用变更通告,当主服务器DNS区域文件发生变更后,通知从服务器进行比较同步;
};
zone "1.168.192.in-addr.arpa" IN {  #创建反解析域
        type master;
        file "192.168.1.zone";
        allow-update { none; };
        allow-transfer { 192.168.1.89;};
        notify yes;
};


#新建windns.com.zone正向解析文件
[root@kvm000 ~]# vim /var/named/windns.com.zone
$TTL 3600
$ORIGIN windns.com.
@       IN      SOA   windns.com. admin.windns.com. (
        2018042101
        1D
        1H
        1W
        3H
)
@       IN      NS      ns1.windns.com.
@       IN      NS      ns2.windns.com.
ns1     IN      A       192.168.1.54
ns2     IN      A       192.168.1.89
www     IN      A       192.168.1.92
web     IN      CNAME   www

#新建/var/named/192.168.1.zone反向解析文件
[root@kvm000 ~]# vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN  1.168.192.in-addr.arpa.
@       IN      SOA  windns.com. admin.windns.com. (
        2018042101
        1D
        1H
        1W
        3H
)
@       IN      NS      ns1.windns.com.
@       IN      NS      ns2.windns.com.
54      IN      PTR     ns1.windns.com.
89      IN      PTR     ns2.windns.com.
92      IN      PTR     www.windns.com.

#检查配置文件
[root@kvm000 named]#  named-checkzone windns.com windns.com.zone                                                  
zone windns.com/IN: loaded serial 2018042101
OK

[root@kvm000 named]#  named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone  
zone 1.168.192.in-addr.arpa/IN: loaded serial 2018042101
OK

#如没问题则启动服务
[root@kvm000 named]# systemctl start named
[root@kvm000 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-11-03 23:19:53 CST; 18min ago
  Process: 12264 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 12260 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 12265 (named)
    Tasks: 11
   Memory: 63.0M
   CGroup: /system.slice/named.service
           └─12265 /usr/sbin/named -u named -c /etc/named.conf

Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: loaded serial 2018042101
Nov 03 23:19:53 kvm000 named[12265]: zone localhost.localdomain/IN: loaded serial 0
Nov 03 23:19:53 kvm000 named[12265]: all zones loaded
Nov 03 23:19:53 kvm000 named[12265]: running
Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 named[12265]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR started
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR ended
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#1911: received notify for zone 'windns.com'

从服务器配置
options {
        listen-on port 53 { 192.168.1.89; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24; };
        recursion yes;
        dnssec-enable no;
        dnssec-validation no;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

{
    ...
    ...
}

#修改/etc/named.rfc1912.zones
vim 
zone "windns.com" IN {
        type slave;    #指定类型为slave ;
        file "slaves/windns.com.zone";  #指定同步文件的存放路径及名称;
        masters { 192.168.1.54; };  #指定主服务器的IP;
        masterfile-format text;  #指定区域文件的格式为text,不指定有可能会为乱码(没错,这坑我又踩过);
};
zone "1.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/192.168.1.zone";
        masters { 192.168.1.54; };
        masterfile-format text;
};

#检查配置文件是否正确
[root@private home]# named-checkconf /etc/named.conf

#如没问题则启动服务
[root@private home]# systemctl start named
[root@private home]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2018-11-03 23:37:18 CST; 5s ago
  Process: 16589 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 16591 (named)
    Tasks: 9
   Memory: 59.9M
   CGroup: /system.slice/named.service
           └─16591 /usr/sbin/named -u named -c /etc/named.conf

11月 03 23:37:18 private.winchannel.net named[16591]: zone localhost.localdomain/IN: loaded serial 0
11月 03 23:37:18 private.winchannel.net named[16591]: zone localhost/IN: loaded serial 0
11月 03 23:37:18 private.winchannel.net named[16591]: all zones loaded
11月 03 23:37:18 private.winchannel.net named[16591]: running
11月 03 23:37:18 private.winchannel.net systemd[1]: Started Berkeley Internet Name Domain (DNS).
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: Transfer started.
11月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...021
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: transferred serial 2018042101
11月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...ec)
11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: sending notifies (serial ...01)

测试dns服务

修改dns地址
[root@sftp-server ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.54
nameserver 192.168.1.89
ping测试
# 返回结果是 192.168.1.92 , dns生效
[root@sftp-server ~]# ping www.windns.com
PING www.windns.com (192.168.1.92) 56(84) bytes of data.
64 bytes from www.windns.com (192.168.1.92): icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from www.windns.com (192.168.1.92): icmp_seq=2 ttl=64 time=0.168 ms
64 bytes from www.windns.com (192.168.1.92): icmp_seq=3 ttl=64 time=0.144 ms
nslookup测试
[root@sftp-server ~]# nslookup 
> www.windns.com #域名测试解析结果
Server:         192.168.1.54
Address:        192.168.1.54#53

Name:   www.windns.com
Address: 192.168.1.92

> 192.168.1.92 #IP测试解析域名
Server:         192.168.1.54
Address:        192.168.1.54#53

92.1.168.192.in-addr.arpa       name = www.windns.com.
dig测试
# 正向测试 A记录
[root@sftp-server ~]# dig  www.windns.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.windns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31367
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.windns.com.                        IN      A

;; ANSWER SECTION:
www.windns.com.         3600    IN      A       192.168.1.92

;; AUTHORITY SECTION:
windns.com.             3600    IN      NS      ns2.windns.com.
windns.com.             3600    IN      NS      ns1.windns.com.

;; ADDITIONAL SECTION:
ns1.windns.com.         3600    IN      A       192.168.1.54
ns2.windns.com.         3600    IN      A       192.168.1.89

;; Query time: 0 msec
;; SERVER: 192.168.1.54#53(192.168.1.54)
;; WHEN: Sat Nov  3 23:58:29 2018
;; MSG SIZE  rcvd: 116

# 反向测试
[root@sftp-server ~]# dig  192.168.1.92

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> 192.168.1.92
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49348
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.1.92.                  IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2018110300 1800 900 604800 86400

;; Query time: 263 msec
;; SERVER: 192.168.1.54#53(192.168.1.54)
;; WHEN: Sat Nov  3 23:58:50 2018
;; MSG SIZE  rcvd: 105
停主dns测试
#可以看到 解析的由1.54变成了1.89 测试生效~
[root@sftp-server ~]# nslookup 
> www.windns.com
Server:         192.168.1.89
Address:        192.168.1.89#53

Name:   www.windns.com
Address: 192.168.1.92

> 192.168.1.92
Server:         192.168.1.89
Address:        192.168.1.89#53

92.1.168.192.in-addr.arpa       name = www.windns.com.
88网段测试
#修改网卡dns
C:\Users\baiyongjie>ipconfig /all
以太网适配器 以太网:

   连接特定的 DNS 后缀 . . . . . . . :
   描述. . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   物理地址. . . . . . . . . . . . . : F4-8E-38-7E-D7-0B
   DHCP 已启用 . . . . . . . . . . . : 否
   自动配置已启用. . . . . . . . . . : 是
   本地链接 IPv6 地址. . . . . . . . : fe80::6d84:a277:46d:2c7a%12(首选)
   IPv4 地址 . . . . . . . . . . . . : 192.168.88.37(首选)
   子网掩码  . . . . . . . . . . . . : 255.255.255.0
   默认网关. . . . . . . . . . . . . : 192.168.88.1
   DHCPv6 IAID . . . . . . . . . . . : 49581624
   DHCPv6 客户端 DUID  . . . . . . . : 00-01-00-01-23-0B-F2-AA-F4-8E-38-7E-D7-0B
   DNS 服务器  . . . . . . . . . . . : 192.168.1.54
                                       8.8.8.8
   TCPIP 上的 NetBIOS  . . . . . . . : 已启用
   
#ping 测试
C:\Users\baiyongjie>ping  www.windns.com

正在 Ping www.windns.com [192.168.1.92] 具有 32 字节的数据:
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
    原文作者:baiyongjie
    原文地址: https://www.jianshu.com/p/fb764f4cacfa
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞