内容简介:DNS架构拓扑架构图:正向解析区域、反向解析区域;主/从;子域配置;
DNS架构拓扑架构图:
正向解析区域、反向解析区域;主/从;子域配置;
环境准备,3台centos7.2系统,关闭防火墙,selinux,配置yum源,设置时间同步,设置DNS为主域名服务器IP(172.16.100.67)
--------------------------------------------------------------------------------------------------------------------------------------
一, 主域名服务器配置(172.16.100.67):
(1)安装bind,并启动,设置开机自启动
~]# yum install bind –y
~]# systemctl start named.service
~]# systemctl enable named.service
(2)修改配置文件(仅列出有修改配置)
~]# vim / etc / named.conf
options { listen-on port 53 { 127.0.0.1;172.16.100.67; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no;
(3)检查配置文件语法错误(默认 / etc / named.conf),并重读配置文件
~]# named-checkconf
~]# rndc reload
(4)配置解析一个正向区域:
1)定义正向区域
~] vim /etc/named.rfc1912.zones
zone "iecentury.com" IN { type master; file "iecentury.com.zone"; };
注意:区域名字即为域名;
2)建立区域数据文件(主要记录为A或AAAA记录,在 / var / named目录下建立区域数据文件;)
~]# vim / var / named / iecentury.com.zone
$TTL 3600 $ORIGIN iecentury.com. @ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. ( 201812031 1H 10M 3D 1D ) IN NS ns1 IN MX 10 mx1 IN MX 20 mx2 IN A 172.16.100.67 ns1 IN A 172.16.100.67 mx1 IN A 172.16.100.68 mx2 IN A 172.16.100.69 www IN A 172.16.100.67 web IN CNAME www
权限及属组修改:
# chgrp named /var/named/iecentury.com.zone
# chmod o= /var/named/iecentury.com.zone
检查语法错误
]# named-checkconf
]# named-checkzone iecentury.com / var / named / iecentury.com.zone
3) 让服务器重载配置文件和区域数据文件(或 systemctl reload named.service )
# rndc reload
检查rndc状态(注意:语法正常,重读配置成功,区域增加并不代表区域正常工作,要用dig/nslookup/host等DNS测试 工具 测试)
~]# rndc status
version : 9.9.4-RedHat-9.9.4-61.el7_5.1 < id: 8f9657aa>
CPUs found : 8
worker threads : 8
UDP listeners per interface : 8
number of zones : 102 成功+1(默认101)
debug level : 0
xfers running : 0
xfers deferred : 0
soa queries in progress : 0
query logging is OFF
recursive clients : 0 / 0 / 1000
tcp clients : 0 / 100
server is up and running
(5)配置解析一个反向区域
1) 定义区域 ( 在主配置文件中或主配置文件辅助配置文件中实现 ) ;
~]# vim / etc / named.rfc1912.zones
zone "100.16.172.in-addr.arpa" IN { type master; file "100.16.172.zone"; };
注意:反向区域的名字
反写的网段地址.in-addr.arpa
示例:100.16.172.in-addr.arpa
在 / var / named目录下建立区域数据文件;示例:区域名称为100.16.172.in-addr.arpa;(反过来写IP)
~]# vim / var / named / 100.16.172.zone
$TTL 3600 $ORIGIN 100.16.172.in-addr.arpa. @ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. ( 201810032 1H 10M 3D 12H ) IN NS ns1.iecentury.com. 67 IN PTR ns1.iecentury.com. 68 IN PTR mx1.iecentury.com. 69 IN PTR mx2.iecentury.com. 67 IN PTR www.iecentury.com.
权限及属组修改:
~]# chmod o= / var / named / 100.16.172.zone
~]# chgrp named / var / named / 100.16.172.zone
检查语法错误、重读配置、rndc状态检查:
~]# named-checkzone 100.16.172.zone / var / named / 100.16.172.zone
~]# named-checkconf
~]# rndc reload
[root@james ~]# rndc status
version : 9.9.4-RedHat-9.9.4-61.el7_5.1 < id: 8f9657aa>
CPUs found : 8
worker threads : 8
UDP listeners per interface : 8
number of zones : 103 成功+1
debug level : 0
xfers running : 0
xfers deferred : 0
soa queries in progress : 0
query logging is OFF
recursive clients : 0 / 0 / 1000
tcp clients : 0 / 100
server is up and running
(6)测试正向解析及反向解析
~]# dig -t A www.iecentury.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com
;; global options : +cmd
;; Got answer :
;; ->>HEADER<<- opcode : QUERY, status : NOERROR, id: 45698
;; flags : qr aa rd ra ; QUERY : 1, ANSWER : 1 , AUTHORITY : 1, ADDITIONAL : 2
;; OPT PSEUDOSECTION :
; EDNS : version : 0, flags :; udp : 4096
;; QUESTION SECTION :
; www.iecentury.com. IN A
;; ANSWER SECTION :
www.iecentury.com. 3600 IN A 172.16.100.67
;; AUTHORITY SECTION :
iecentury.com. 3600 IN NS ns1.iecentury.com.
;; ADDITIONAL SECTION :
ns1.iecentury.com. 3600 IN A 172.16.100.67
;; Query time : 21 msec
;; SERVER : 172.16.100.67#53 ( 172.16.100.67 )
;; WHEN : 日 11月 04 00 : 14 : 56 CST 2018
;; MSG SIZE rcvd : 96
~]# dig -x 172.16.100.67
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -x 172.16.100.67
;; global options : +cmd
;; Got answer :
;; ->>HEADER<<- opcode : QUERY, status : NOERROR, id: 56457
;; flags : qr aa rd ra ; QUERY : 1, ANSWER : 2, AUTHORITY : 1, ADDITIONAL : 2
;; OPT PSEUDOSECTION :
; EDNS : version : 0, flags :; udp : 4096
;; QUESTION SECTION :
; 67.100.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION :
67.100.16.172.in-addr.arpa. 3600 IN PTR ns1.iecentury.com.
67.100.16.172.in-addr.arpa. 3600 IN PTR www.iecentury.com.
;; AUTHORITY SECTION :
100.16.172.in-addr.arpa. 3600 IN NS ns1.iecentury.com.
;; ADDITIONAL SECTION :
ns1.iecentury.com. 3600 IN A 172.16.100.67
;; Query time : 1 msec
;; SERVER : 172.16.100.67#53 ( 172.16.100.67 )
;; WHEN : 日 11月 04 00 : 15 : 13 CST 2018
;; MSG SIZE rcvd : 134
--------------------------------------------------------------------------------------------------------------------------------------
二 、辅域名服务器配置:(172.16.100.68)
(1)安装bind,修改配置文件
~]# yum install bind -y
~]# vim /etc/named.conf
options { listen-on port 53 { 127.0.0.1;172.16.100.68;}; dnssec-enable no; dnssec-validation no;
(2)Master(172.16.100.67)上配置一个正向从区域和反向从区域:
在Master上,确保区域数据文件中为每个从服务配置NS记录,并且在正向区域文件需要每个从服务器的NS记录的主机名配置一个A记录,且此A后面的地址为真正的从服务器的IP地址;
[root@james ~]# vim /var/named/iecentury.com.zone
$TTL 3600 $ORIGIN iecentury.com. @ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. ( 201812031 1H 10M 3D 1D ) IN NS ns1 IN NS ns2 #从服务器NS记录 IN MX 10 mx1 IN MX 20 mx2 IN A 172.16.100.67 ns1 IN A 172.16.100.67 #从服务器A记录 ns2 IN A 172.16.100.68 mx1 IN A 172.16.100.68 mx2 IN A 172.16.100.69 www IN A 172.16.100.67 web IN CNAME www 反向区域 ~]# vim /var/named/100.16.172.zone $TTL 3600 $ORIGIN 100.16.172.in-addr.arpa. @ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. ( 2014100801 1H 10M 3D 12H ) IN NS ns1.iecentury.com. IN NS ns2.iecentury.com. #反向NS2记录 67 IN PTR ns1.iecentury.com. 68 IN PTR ns2.iecentury.com. #反向A记录 68 IN PTR mx1.iecentury.com. 69 IN PTR mx2.iecentury.com. 67 IN PTR www.iecentury.com.
语法检查并重新配置
~]# named-checkzone iecentury.com /var/named/iecentury.com.zone
~] # rndc reload
(3)在slave DNS上定义iecentury.com域名正向区域(masters为NS1)和反向解析区域
~]# vim /etc/named.rfc1912.zones
zone "iecentury.com" IN { type slave; file "slaves/iecentury.con.zone"; masters { 172.16.100.67; }; };
zone "100.16.172.in-addr.arpa" IN { type slave; file "slaves/100.16.172.zone"; masters { 172.16.100.67; }; };
语法检查、重载配置
配置文件语法检查 named-checkconf
重载配置 rndc reload
验证:(1)在/var/named/slaves目录下自动同步iecentury.zone区域
~]# ls /var/named/slaves
iecentury.com.zone
(2)测试slave正反向解析
~]# dig -x 172.16.100.67
~]# dig -t A www.iecentury.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13394
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iecentury.com.INA
;; ANSWER SECTION:
www.iecentury.com.3600INA172.16.100.67
;; AUTHORITY SECTION:
iecentury.com.3600INNSns1.iecentury.com.
iecentury.com.3600INNSns2.iecentury.com.
;; ADDITIONAL SECTION:
ns1.iecentury.com.3600INA172.16.100.67
ns2.iecentury.com.3600INA172.16.100.68
;; Query time: 0 msec
;; SERVER: 172.16.100.68#53(172.16.100.68)
;; WHEN: 日 11月 04 13:13:24 CST 2018
;; MSG SIZE rcvd: 130
至此,辅域名服务器配置完毕
--------------------------------------------------------------------------------------------------------------------------------------
三、子域服务器(ops.iecentury.com)
master上(172.16.100.67)子域授权
~]#
vim / var / named / iecentury.com.zone
$TTL 3600 $ORIGIN iecentury.com. @ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. ( 201811033 #序列号手动+1 1H 10M 3D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2 IN A 172.16.100.67 ns1 IN A 172.16.100.67 ns2 IN A 172.16.100.68 mx1 IN A 172.16.100.68 mx2 IN A 172.16.100.69 www IN A 172.16.100.67 web IN CNAME www ops IN NS ns1.ops #添加子域ns记录 ns1.ops IN A 172.16.100.69 #添加子域A记录 重载配置
~]# rndc reload
子域服务器配置(172.16.100.69)
(1)安装bind,并启动,设置开机自启动
~]# yum install bind –y~]# systemctl start named.service
~]#systemctl enable named.service
(2)修改配置文件(仅列出有修改配置)
~]# vim / etc / named.conf
options { listen-on port 53 { 127.0.0.1;172.16.100.69; }; // allow-query { localhost; }; dnssec-enable no; dnssec-validation no;
(3)检查配置文件语法错误(默认 / etc / named.conf),并重读配置文件
~]# named-checkconf
~]# rndc reload
(4)配置解析一个子域正向区域:
1)定义正向区域
~]# vim / etc / named.rfc1912.zones
zone "ops.iecentury.com" IN { type master; file "ops.iecentury.com.zone"; };
2)建立区域数据文件(主要记录为A或AAAA记录,在 / var / named目录下建立区域数据文件;)
~]# vim / var / named / iecentury.com.zone
$TTL 3600 $ORIGIN ops.iecentury.com. @ IN SOA ns1.ops.iecentury.com. dnsadmin.ops.iecentury.com. ( 201811034 1H 10M 3D 1D ) IN NS ns1 ns1 IN A 172.16.100.69 www IN A 172.16.100.69
权限及属组修改:
~]# chmod o= / var / named / ops.iecentury.com.zone
~]# chgrp named / var / named / ops.iecentury.com.zone
子域测试:
~]# dig -t A www.ops.iecentury.com
设置子域对父域的转发
~]# vim / etc / named.rfc1912.zones
zone "iecentury.com" IN { type forward; forward only; forwarders { 172.16.100.67;172.16.100.68; }; };
主从域服务器测试子域解析:
~]# dig -t A www.ops.iecentury.com
备注:如从域不测试不成功,可尝试重启named服务
~]#systemctl restart named.service
以上是正向解析区域、反向解析区域;主/从;子域配置;bind acl基本安全控制,非DNS服务商,可不做深入了解!
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Pro JavaScript Techniques
John Resig / Apress / 2006-12-13 / USD 44.99
Pro JavaScript Techniques is the ultimate JavaScript book for the modern web developer. It provides everything you need to know about modern JavaScript, and shows what JavaScript can do for your web s......一起来看看 《Pro JavaScript Techniques》 这本书的介绍吧!
HTML 压缩/解压工具
在线压缩/解压 HTML 代码
图片转BASE64编码
在线图片转Base64编码工具