内网dns服务部署以及主从dns配置
16lz
2021-03-14
安装配置内网 bind主dns服务
一、环境说明
10.10.169.141 作为主dns服务
10.10.131.111 作为备dns服务
10.10.100.47 作为单独的内网其他的测试dns生效的服务器
2台dns服务器要关闭iptables,或者iptables放行953和53端口
二、安装和配置主dns服务
1、首先安装bind9
yum install -y bind bind-utils bind-libs
+++++++++++++++++++++++++++++++++++
2、部署bind主DNS
主DNS服务器上创建named用户
mkdir -p /etc/bind/useradd -r -m -d /var/named -s /sbin/nologin named创建rndc key
伪造数据,便于生成key
echo "djflsjfklsdjlkfjsdkljflskdjfowejfoweifjiweofjweiofjiweojfiowejfiowejfoiwejfoiwejfiowejfiowejfoweijfoiwefjiowejf" >/root/random生成key
rndc-confgen -r /root/random -s 127.0.0.1 -p 953 >/etc/bind/rndc.conf建立软链
ln -s /etc/bind/rndc.conf /etc/rndc.conf手动创建 named.conf
+++++++++++++++++++++++++++++++++
3、主dns配置文件参数介绍:
vim /etc/named.conf
抛去//注释后的文件内容:
[root@*** soft]# egrep -vi "^//|^$" /etc/named.confoptions { listen-on port 53 { any; }; // ipv4 监听端口.默认是127.0.0.1,需要修改成any,意思是服务器上的所有IP地址均可提供DNS域名解析服务 listen-on-v6 port 53 { ::1; }; // ipv6 监听端口 directory "/var/named"; //指定DNS区域文件存放目录 dump-file "/var/named/data/cache_dump.db"; //缓存转储位置 statistics-file "/var/named/data/named_stats.txt"; //记录统计信息的文件 memstatistics-file "/var/named/data/named_mem_stats.txt"; //记录内存使用的统计信息 recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; //默认是localhost ,允许所有人对本服务器发送DNS查询请求 /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; version "dns server"; forward first; /*forwarders { 100.100.2.136; 100.100.2.138; };*/阿里的北京区内部dns地址 forwarders { 119.29.29.29;182.254.116.116; }; // 腾讯的dns地址 allow-query-cache { any; };};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};zone "jiaodayno.cn" IN { type master; file "jiaodayno.cn";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";+++++++++++++++++++++++++++++++++
4、主域数据配置文件
cd /var/named/ #进入到named目录下cp named.localhost jiaodayno.cn #拷贝已有的named文件并重命名为baidu.comchown named.named jiaodayno.cn #修改文件的属主跟属组jiaodayno.cn文件内容如下:[root@*** ~]# cat /var/named/jiaodayno.cn$TTL 1D@ IN SOA ns1.jiaodayno.cn. ns2.jiaodayno.cn. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.jiaodayno.cn.ns1 A 10.10.169.141ns2 A 10.10.169.141www A 10.10.131.111jianwei A 10.10.100.47io IN A 10.10.137.59 ## 加IN也是可以的[root@*** ~]# ll /var/named/jiaodayno.cn-rw-r--r-- 1 named named 351 Feb 10 04:41 /var/named/jiaodayno.cn++++++++++++++++++++++++++++
5、使用检查命令进行检查配置文件语法
named-checkconf[root@*** named]# named-checkconf /etc/named.conf[root@*** ~]# named-checkzone "jiaodayno.cn" /var/named/jiaodayno.cn zone jiaodayno.cn/IN: loaded serial 0OK+++++++++++++++++++++++++++++++++
6、配置bind dns为缓存dns
此时配置的dns只能解析对域名jiaodayno.cn主域的记录进行解析,无法解析其他未配置的众多域名,需要做的是指定上游dns
指定上游dns:当无法使用本地的dns解析时,利用上游dns服务器进行解析
添加内容forwarders { 119.29.29.29;182.254.116.116; }; // 腾讯的dns地址重启服务
systemctl restart named
+++++++++++++++++++++++++
7、验证
修改客户端dns配置文件并检验
[root@test01 ~]# cat /etc/resolv.conf#nameserver 10.9.255.1#nameserver 10.9.255.2nameserver 10.10.169.141[root@test02 ~]# cat /etc/resolv.conf#nameserver 10.9.255.1#nameserver 10.9.255.2#nameserver 114.114.114.114nameserver 10.10.169.141[root@*** named]# dig www.jiaodayno.cn; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> www.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12672;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.jiaodayno.cn. IN A;; ANSWER SECTION:www.jiaodayno.cn. 86400 IN A 10.10.131.111;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141;; Query time: 0 msec;; SERVER: 10.10.169.141#53(10.10.169.141);; WHEN: Wed Feb 10 04:49:29 CST 2021;; MSG SIZE rcvd: 95[root@*** named]# dig jianwei.jiaodayno.cn; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> jianwei.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31918;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;jianwei.jiaodayno.cn. IN A;; ANSWER SECTION:jianwei.jiaodayno.cn. 86400 IN A 10.10.100.47;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141;; Query time: 0 msec;; SERVER: 10.10.169.141#53(10.10.169.141);; WHEN: Wed Feb 10 04:49:47 CST 2021;; MSG SIZE rcvd: 99[root@test02 ~]# ping www.jiaodayno.cnPING www.jiaodayno.cn (10.10.131.111) 56(84) bytes of data.64 bytes from test01 (10.10.131.111): icmp_seq=1 ttl=63 time=0.786 ms64 bytes from test01 (10.10.131.111): icmp_seq=2 ttl=63 time=0.318 ms[root@test01 ~]# ping www.jiaodayno.cnPING www.jiaodayno.cn (10.10.131.111) 56(84) bytes of data.64 bytes from test01 (10.10.131.111): icmp_seq=1 ttl=64 time=0.008 ms64 bytes from test01 (10.10.131.111): icmp_seq=2 ttl=64 time=0.024 ms[root@test01 ~]# ping jianwei.jiaodayno.cnPING jianwei.jiaodayno.cn (10.10.100.47) 56(84) bytes of data.64 bytes from test02 (10.10.100.47): icmp_seq=1 ttl=63 time=0.997 ms64 bytes from test02 (10.10.100.47): icmp_seq=2 ttl=63 time=0.268 ms[root@test01 ~]# nslookup jianwei.jiaodayno.cnServer: 10.10.169.141Address: 10.10.169.141#53Name: jianwei.jiaodayno.cnAddress: 10.10.100.47[root@test01 ~]# nslookup www.jiaodayno.cnServer: 10.10.169.141Address: 10.10.169.141#53Name: www.jiaodayno.cnAddress: 10.10.131.111++++++++++++++++++++++++
三、配置bind dns从服务器并同步
新增一台dns服务器为从服务器,编辑其主配置文件
10.10.131.111 作为备dns服务10.10.131.111 机器上安装bind dns服务10.10.131.111 作为备dns服务执行下面的命令:
yum install -y bind bind-utils bind-libs从dns 服务的配置文件如下:
[root@test01 ~]# cat /etc/named.confoptions { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; version "dns server"; forward first; /*forwarders { 100.100.2.136; 100.100.2.138; };*/ forwarders { 119.29.29.29;182.254.116.116; }; allow-query-cache { any; };};zone "jiaodayno.cn" IN { type slave; ///类型为slave file "jiaodayno.cn"; ///指定域文件名称 masters { 10.10.169.141; }; ///配置主dns服务的内网IP};修改/var/named权限或修改属主和属组:
chown -R named.named /var/named
检查配置文件的语法:
[root@test01 data]# named-checkconf /etc/named.conf
修改主dns服务器 10.10.169.141的主配置文件named.conf如下:
[root@*** ~]# cat /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//// See the BIND Administrator's Reference Manual (ARM) for details about the// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; version "dns server"; forward first; /*forwarders { 100.100.2.136; 100.100.2.138; };*/ forwarders { 119.29.29.29;182.254.116.116; }; allow-query-cache { any; };};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};// 主dns服务器named.conf文件配置如下实现主从dns同步zone "jiaodayno.cn" IN { type master; file "jiaodayno.cn"; allow-transfer { 10.10.131.111; }; //填写的是从dns服务器的内网IPnotify yes;also-notify { 10.10.131.111; };//填写的是从dns服务器的内网IP };include "/etc/named.rfc1912.zones";include "/etc/named.root.key";修改主dns服务器 10.10.169.141的域名数据配置文件:
[root@*** ~]# cat /var/named/jiaodayno.cn$TTL 1D@ IN SOA ns1.jiaodayno.cn. ns2.jiaodayno.cn. ( 1 ; serial //此参数最开始默认时0,没修改一次这个文件,此参数必须加1才能生效 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.jiaodayno.cn. NS ns2.jiaodayno.cn. // #添加指定dns2从dnsns1 A 10.10.169.141ns2 A 10.10.131.111 //#添加指定dns2从dns的A记录www A 10.10.100.47jianwei A 10.10.100.47 //#增加域名 !!!!!!提示:每次修改主dns服务器的named.conf配置文件时,serial 这个参数必须加1,然后重启dns服务才能生效,然后把主dns zone域文件jiaodayno.cn信息同步到从dns服务器上
修改从dns服务器 10.10.131.111的resolv.conf文件:
[root@test01 named]# cat /etc/resolv.confnameserver 10.10.169.141nameserver 10.10.131.111修改10.10.100.47 作为单独的内网其他的测试dns服务器:
[root@test02 ~]# cat /etc/resolv.confnameserver 10.10.169.141nameserver 10.10.131.111+++++++++++++++++++++++++++++
四、测试从dns服务是否正常同步主dns服务
修改主dns服务的zone域文件添加A记录 bbs:
[root@*** ~]# cat /var/named/jiaodayno.cn$TTL 1D@ IN SOA ns1.jiaodayno.cn. ns2.jiaodayno.cn. ( 3 ; serial //此参数最开始默认时0,没修改一次这个文件,此参数必须加1才能生效 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.jiaodayno.cn. NS ns2.jiaodayno.cn. // #添加指定dns2从dnsns1 A 10.10.169.141ns2 A 10.10.131.111 //#添加指定dns2从dns的A记录www A 10.10.100.47jianwei A 10.10.100.47 //#增加域名 bbs A 10.10.100.47 //#增加域名 查看主dns服务的zone域文件时间搓:
[root@*** named]# ll /var/named/jiaodayno.cn-rw-r--r-- 1 named named 374 Feb 10 22:12 /var/named/jiaodayno.cn检查配置文件named.conf配置文件语法:
[root@*** named]# named-checkconf /etc/named.conf[root@*** named]# named-checkzone "jiaodayno.cn" /var/named/jiaodayno.cnzone jiaodayno.cn/IN: loaded serial 3OK[root@*** named]# systemctl restart named
验证dns服务同步:
在从dns服务器 10.10.131.111 查看域文件:
[root@test01 named]# ll /var/named/jiaodayno.cn -rw-r--r-- 1 named named 322 Feb 10 21:57 /var/named/jiaodayno.cn[root@test01 named]# ll /var/named/jiaodayno.cn -rw-r--r-- 1 named named 366 Feb 10 22:14 /var/named/jiaodayno.cn发现bbs 以及有主dns服务同步到了从dns服务:
[root@test01 named]# cat /var/named/jiaodayno.cn `#锜Q jiaodaynocn8ns1 jiaodaynocnns2 jiaodaynocnQ :*0JQ jiaodaynocnns1 jiaodaynocnns2 jiaodaynocn,Qbbs jiaodaynocn d/,Qns1 jiaodaynocn ©,Qns2 jiaodaynocn o,Qwww jiaodaynocn d/[root@test01 named]# 分别在10.10.131.111和 10.10.100.47 2台服务器验证域名解析是否生效:
[root@test01 named]# dig bbs.jiaodayno.cn; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> bbs.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36098;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;bbs.jiaodayno.cn. IN A;; ANSWER SECTION:bbs.jiaodayno.cn. 86400 IN A 10.10.100.47;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.jiaodayno.cn. 86400 IN NS ns2.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141ns2.jiaodayno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.169.141#53(10.10.169.141);; WHEN: Wed Feb 10 22:18:57 CST 2021;; MSG SIZE rcvd: 129[root@test01 named]# dig www.jiaodayno.cn; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> www.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59924;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.jiaodayno.cn. IN A;; ANSWER SECTION:www.jiaodayno.cn. 86400 IN A 10.10.100.47;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns2.jiaodayno.cn.jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141ns2.jiaodayno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.169.141#53(10.10.169.141);; WHEN: Wed Feb 10 22:19:08 CST 2021;; MSG SIZE rcvd: 129[root@test01 named]# nslookup www.jiaodayno.cnServer: 10.10.169.141Address: 10.10.169.141#53Name: www.jiaodayno.cnAddress: 10.10.100.47[root@test01 named]# nslookup bbs.jiaodayno.cnServer: 10.10.169.141Address: 10.10.169.141#53Name: bbs.jiaodayno.cnAddress: 10.10.100.47+++++++++++++++++++++
五、验证主dns服务挂掉从dns服务是否可以正常提供解析服务
10.10.169.141服务器关闭掉主dns服务
[root@*** named]# systemctl stop named;ss -lntup|grep named
10.10.100.47测试验证:
[root@test02 ~]# ping www.jiaodayno.cnPING www.jiaodayno.cn (10.10.100.47) 56(84) bytes of data.64 bytes from test02 (10.10.100.47): icmp_seq=1 ttl=64 time=0.020 ms64 bytes from test02 (10.10.100.47): icmp_seq=2 ttl=64 time=0.043 ms^C--- www.jiaodayno.cn ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.020/0.031/0.043/0.012 ms[root@test02 ~]# ping bbs.jiaodayno.cnPING bbs.jiaodayno.cn (10.10.100.47) 56(84) bytes of data.64 bytes from test02 (10.10.100.47): icmp_seq=1 ttl=64 time=0.012 ms64 bytes from test02 (10.10.100.47): icmp_seq=2 ttl=64 time=0.031 ms^C--- bbs.jiaodayno.cn ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.012/0.021/0.031/0.010 ms[root@test02 ~]# dig bbs.jiaodayno.cn; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> bbs.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18908;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;bbs.jiaodayno.cn. IN A;; ANSWER SECTION:bbs.jiaodayno.cn. 86400 IN A 10.10.100.47;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns2.jiaodayno.cn.jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141ns2.jiaodayno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.131.111#53(10.10.131.111);; WHEN: Wed Feb 10 22:24:38 CST 2021;; MSG SIZE rcvd: 129[root@test02 ~]# dig www.jiaodayno.cn; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.jiaodayno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45096;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.jiaodayno.cn. IN A;; ANSWER SECTION:www.jiaodayno.cn. 86400 IN A 10.10.100.47;; AUTHORITY SECTION:jiaodayno.cn. 86400 IN NS ns2.jiaodayno.cn.jiaodayno.cn. 86400 IN NS ns1.jiaodayno.cn.;; ADDITIONAL SECTION:ns1.jiaodayno.cn. 86400 IN A 10.10.169.141ns2.jiaodayno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.131.111#53(10.10.131.111);; WHEN: Wed Feb 10 22:25:04 CST 2021;; MSG SIZE rcvd: 129[root@test02 ~]# nslookup www.jiaodayno.cnServer: 10.10.131.111Address: 10.10.131.111#53Name: www.jiaodayno.cnAddress: 10.10.100.47[root@test02 ~]# nslookup bbs.jiaodayno.cnServer: 10.10.131.111Address: 10.10.131.111#53Name: bbs.jiaodayno.cnAddress: 10.10.100.47++++++++++++++++++++++++++++++++++++++
六、 主dns配置文件配置多个主域
主dns服务配置文件 /etc/named.conf 配置多个主域文件
10.10.169.141 机器为主dns服务,主dns服务/etc/named.conf文件添加多个域参数内容如下:
[root@*** ~]# cat /etc/named.conf|sed -n '63,81p'zone "jiaodayno.cn" IN { type master; file "jiaodayno.cn"; //域文件名称 allow-transfer { 10.10.131.111; }; ////填写的是从dns服务器的内网IPnotify yes;also-notify { 10.10.131.111; }; //填写的是从dns服务器的内网IP};zone "aikeno.cn" IN { type master; file "aikeno.cn"; //域文件名称 allow-transfer { 10.10.131.111; }; //填写的是从dns服务器的内网IPnotify yes;also-notify { 10.10.131.111; }; //填写的是从dns服务器的内网IP};/var/named/aikeno.cn 主域配置文件内容如下:
[root@*** ~]# cat /var/named/aikeno.cn $TTL 1D@ IN SOA ns1.aikeno.cn. ns2.aikeno.cn. ( 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns1.aikeno.cn. NS ns2.aikeno.cn.ns1 A 10.10.169.141ns2 A 10.10.131.111oa A 10.10.137.59www A 10.10.137.59提示:每次修改 /var/named/aikeno.cn 文件,必须给serial参数加1,这样重启named服务才会生效
授权named用户
chown named.named /var/named/aikeno.cnchown named.named /var/named/jiaodayno.cn检查配置文件语法:
[root@*** ~]# named-checkconf /etc/named.conf检查主域文件的语法:
[root@*** ~]# named-checkzone "aikeno.cn" /var/named/aikeno.cn zone aikeno.cn/IN: loaded serial 1OK重启named服务:
systemctl restart named
测试是否生效:
[root@10-10-73-48 ~]# ping www.aikeno.cnPING www.aikeno.cn (10.10.137.59) 56(84) bytes of data.64 bytes from 10.10.137.59 (10.10.137.59): icmp_seq=1 ttl=63 time=1.39 ms^C--- www.aikeno.cn ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 1.394/1.394/1.394/0.000 ms[root@10-10-73-48 ~]# dig www.aikeno.cn; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.aikeno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56460;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.aikeno.cn. IN A;; ANSWER SECTION:www.aikeno.cn. 86400 IN A 10.10.137.59;; AUTHORITY SECTION:aikeno.cn. 86400 IN NS ns1.aikeno.cn.aikeno.cn. 86400 IN NS ns2.aikeno.cn.;; ADDITIONAL SECTION:ns1.aikeno.cn. 86400 IN A 10.10.169.141ns2.aikeno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.131.111#53(10.10.131.111);; WHEN: Sat Mar 13 21:59:49 CST 2021;; MSG SIZE rcvd: 129但是此时再检查slave dns服务器10.10.131.111时,/var/named/aikeno.cn 文件没有同步过来,这样的话,当主dns服务挂掉的话,从 dns上的aikeno.cn主域的解析记录不会生效
检查从dns服务的named.conf配置文件:
需要把新加的主域文件也写入到从dns服务的 named.conf中[root@test01 ~]# cat /etc/named.conf|sed -n '28,38p'zone "jiaodayno.cn" IN { type slave; file "jiaodayno.cn"; masters { 10.10.169.141; }; //填写的是主dns服务器的内网IP};zone "aikeno.cn" IN { type slave; file "aikeno.cn"; masters { 10.10.169.141; }; //填写的是主dns服务器的内网IP};检查从dns named.conf配置文件语法:
[root@test01 ~]# named-checkconf /etc/named.conf注意:此时不能 named-checkzone "aikeno.cn" /var/named/aikeno.cn因为这个/var/named/aikeno.cn 这个主域文件没有同步过来。必须重启slave dns服务,才会同步到slave dns服务器上。但是同步到slave dns服务器上的/var/named/aikeno.cn 文件是二进制文件。所以此时要是再slave上执行named-checkzone "aikeno.cn" /var/named/aikeno.cn时,也是会报错的所以在slave dns服务器上不要执行 named-checkzone "aikeno.cn" /var/named/aikeno.cn 进行主域文件语法校验此时停掉主dns服务,测试slave dns服务 主域aikeno.cn 文件的解析记录是否正常:
[root@*** ~]# systemctl stop named
[root@*** ~]# ping www.aikeno.cn
ping: www.aikeno.cn: Name or service not known
检测 从dns服务解析记录:
[root@test01 ~]# ping www.aikeno.cnPING www.aikeno.cn (10.10.137.59) 56(84) bytes of data.64 bytes from 10.10.137.59 (10.10.137.59): icmp_seq=1 ttl=63 time=0.464 ms64 bytes from 10.10.137.59 (10.10.137.59): icmp_seq=2 ttl=63 time=0.615 ms[root@10-10-73-48 ~]# ping www.aikeno.cnPING www.aikeno.cn (10.10.137.59) 56(84) bytes of data.64 bytes from 10.10.137.59 (10.10.137.59): icmp_seq=1 ttl=63 time=1.08 ms64 bytes from 10.10.137.59 (10.10.137.59): icmp_seq=2 ttl=63 time=0.382 ms[root@test01 ~]# dig www.aikeno.cn; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 <<>> www.aikeno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55406;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.aikeno.cn. IN A;; ANSWER SECTION:www.aikeno.cn. 86400 IN A 10.10.137.59;; AUTHORITY SECTION:aikeno.cn. 86400 IN NS ns2.aikeno.cn.aikeno.cn. 86400 IN NS ns1.aikeno.cn.;; ADDITIONAL SECTION:ns1.aikeno.cn. 86400 IN A 10.10.169.141ns2.aikeno.cn. 86400 IN A 10.10.131.111;; Query time: 0 msec;; SERVER: 10.10.131.111#53(10.10.131.111);; WHEN: Sat Mar 13 22:25:35 CST 2021;; MSG SIZE rcvd: 129[root@10-10-73-48 ~]# dig www.aikeno.cn; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> www.aikeno.cn;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15630;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.aikeno.cn. IN A;; ANSWER SECTION:www.aikeno.cn. 86400 IN A 10.10.137.59;; AUTHORITY SECTION:aikeno.cn. 86400 IN NS ns1.aikeno.cn.aikeno.cn. 86400 IN NS ns2.aikeno.cn.;; ADDITIONAL SECTION:ns1.aikeno.cn. 86400 IN A 10.10.169.141ns2.aikeno.cn. 86400 IN A 10.10.131.111;; Query time: 1 msec;; SERVER: 10.10.131.111#53(10.10.131.111);; WHEN: Sat Mar 13 22:26:17 CST 2021;; MSG SIZE rcvd: 129也可以采用下面的方式测试:
[root@test01 ~]# host -t NS aikeno.cn 10.10.131.111Using domain server:Name: 10.10.131.111Address: 10.10.131.111#53Aliases: aikeno.cn name server ns2.aikeno.cn.aikeno.cn name server ns1.aikeno.cn.[root@test01 ~]# host -t NS aikeno.cn 10.10.169.141;; connection timed out; no servers could be reached[root@test01 ~]# [root@test01 ~]# host -t NS aikeno.cn 10.10.169.141Using domain server:Name: 10.10.169.141Address: 10.10.169.141#53Aliases: aikeno.cn name server ns2.aikeno.cn.aikeno.cn name server ns1.aikeno.cn.参考文档:
https://www.zytrax.com/books/dns/ch7/view.html
https://blog.51cto.com/zhuzw/1705394
https://www.cnblogs.com/kevingrace/p/9359989.html
如果文章对你有帮助,请赞赏
赞赏
0人进行了赞赏支持
更多相关文章
- (视频) 基于HTML5的服务器远程访问工具
- rsync+inotify实现服务器的实时同步
- [翻译]微服务设计模式 - 1. 单体应用模式
- [翻译]微服务设计模式 - 2. 微服务应用模式
- Android TCP Socket通信客户端/服务器端Demo(附APP源码)
- mongoDB入门系列之配置解释及错误汇总
- 公有云上基于微服务架构 SAAS 产品研发实践
- 基于容器和微服务的端到端持续交付流水线
- 微服务落地反思以及有效落地