内容简介:DNS架构拓扑架构图:正向解析区域、反向解析区域;主/从;子域配置;
DNS架构拓扑架构图:
正向解析区域、反向解析区域;主/从;子域配置;
环境准备,3台centos7.2系统,关闭防火墙,selinux,配置yum源,设置时间同步,设置DNS为主域名服务器IP(172.16.100.67)
--------------------------------------------------------------------------------------------------------------------------------------
一, 主域名服务器配置(172.16.100.67):
(1)安装bind,并启动,设置开机自启动
~]# yum install bind –y
~]# systemctl start named.service
~]# systemctl enable named.service
(2)修改配置文件(仅列出有修改配置)
~]# vim / etc / named.conf
options {
listen-on port 53 { 127.0.0.1;172.16.100.67; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
(3)检查配置文件语法错误(默认 / etc / named.conf),并重读配置文件
~]# named-checkconf
~]# rndc reload
(4)配置解析一个正向区域:
1)定义正向区域
~] vim /etc/named.rfc1912.zones
zone "iecentury.com" IN {
type master;
file "iecentury.com.zone";
};
注意:区域名字即为域名;
2)建立区域数据文件(主要记录为A或AAAA记录,在 / var / named目录下建立区域数据文件;)
~]# vim / var / named / iecentury.com.zone
$TTL 3600
$ORIGIN iecentury.com.
@ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. (
201812031
1H
10M
3D
1D )
IN NS ns1
IN MX 10 mx1
IN MX 20 mx2
IN A 172.16.100.67
ns1 IN A 172.16.100.67
mx1 IN A 172.16.100.68
mx2 IN A 172.16.100.69
www IN A 172.16.100.67
web IN CNAME www
权限及属组修改:
# chgrp named /var/named/iecentury.com.zone
# chmod o= /var/named/iecentury.com.zone
检查语法错误
]# named-checkconf
]# named-checkzone iecentury.com / var / named / iecentury.com.zone
3) 让服务器重载配置文件和区域数据文件(或 systemctl reload named.service )
# rndc reload
检查rndc状态(注意:语法正常,重读配置成功,区域增加并不代表区域正常工作,要用dig/nslookup/host等DNS测试 工具 测试)
~]# rndc status
version : 9.9.4-RedHat-9.9.4-61.el7_5.1 < id: 8f9657aa>
CPUs found : 8
worker threads : 8
UDP listeners per interface : 8
number of zones : 102 成功+1(默认101)
debug level : 0
xfers running : 0
xfers deferred : 0
soa queries in progress : 0
query logging is OFF
recursive clients : 0 / 0 / 1000
tcp clients : 0 / 100
server is up and running
(5)配置解析一个反向区域
1) 定义区域 ( 在主配置文件中或主配置文件辅助配置文件中实现 ) ;
~]# vim / etc / named.rfc1912.zones
zone "100.16.172.in-addr.arpa" IN {
type master;
file "100.16.172.zone";
};
注意:反向区域的名字
反写的网段地址.in-addr.arpa
示例:100.16.172.in-addr.arpa
在 / var / named目录下建立区域数据文件;示例:区域名称为100.16.172.in-addr.arpa;(反过来写IP)
~]# vim / var / named / 100.16.172.zone
$TTL 3600
$ORIGIN 100.16.172.in-addr.arpa.
@ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. (
201810032
1H
10M
3D
12H )
IN NS ns1.iecentury.com.
67 IN PTR ns1.iecentury.com.
68 IN PTR mx1.iecentury.com.
69 IN PTR mx2.iecentury.com.
67 IN PTR www.iecentury.com.
权限及属组修改:
~]# chmod o= / var / named / 100.16.172.zone
~]# chgrp named / var / named / 100.16.172.zone
检查语法错误、重读配置、rndc状态检查:
~]# named-checkzone 100.16.172.zone / var / named / 100.16.172.zone
~]# named-checkconf
~]# rndc reload
[root@james ~]# rndc status
version : 9.9.4-RedHat-9.9.4-61.el7_5.1 < id: 8f9657aa>
CPUs found : 8
worker threads : 8
UDP listeners per interface : 8
number of zones : 103 成功+1
debug level : 0
xfers running : 0
xfers deferred : 0
soa queries in progress : 0
query logging is OFF
recursive clients : 0 / 0 / 1000
tcp clients : 0 / 100
server is up and running
(6)测试正向解析及反向解析
~]# dig -t A www.iecentury.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com
;; global options : +cmd
;; Got answer :
;; ->>HEADER<<- opcode : QUERY, status : NOERROR, id: 45698
;; flags : qr aa rd ra ; QUERY : 1, ANSWER : 1 , AUTHORITY : 1, ADDITIONAL : 2
;; OPT PSEUDOSECTION :
; EDNS : version : 0, flags :; udp : 4096
;; QUESTION SECTION :
; www.iecentury.com. IN A
;; ANSWER SECTION :
www.iecentury.com. 3600 IN A 172.16.100.67
;; AUTHORITY SECTION :
iecentury.com. 3600 IN NS ns1.iecentury.com.
;; ADDITIONAL SECTION :
ns1.iecentury.com. 3600 IN A 172.16.100.67
;; Query time : 21 msec
;; SERVER : 172.16.100.67#53 ( 172.16.100.67 )
;; WHEN : 日 11月 04 00 : 14 : 56 CST 2018
;; MSG SIZE rcvd : 96
~]# dig -x 172.16.100.67
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -x 172.16.100.67
;; global options : +cmd
;; Got answer :
;; ->>HEADER<<- opcode : QUERY, status : NOERROR, id: 56457
;; flags : qr aa rd ra ; QUERY : 1, ANSWER : 2, AUTHORITY : 1, ADDITIONAL : 2
;; OPT PSEUDOSECTION :
; EDNS : version : 0, flags :; udp : 4096
;; QUESTION SECTION :
; 67.100.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION :
67.100.16.172.in-addr.arpa. 3600 IN PTR ns1.iecentury.com.
67.100.16.172.in-addr.arpa. 3600 IN PTR www.iecentury.com.
;; AUTHORITY SECTION :
100.16.172.in-addr.arpa. 3600 IN NS ns1.iecentury.com.
;; ADDITIONAL SECTION :
ns1.iecentury.com. 3600 IN A 172.16.100.67
;; Query time : 1 msec
;; SERVER : 172.16.100.67#53 ( 172.16.100.67 )
;; WHEN : 日 11月 04 00 : 15 : 13 CST 2018
;; MSG SIZE rcvd : 134
--------------------------------------------------------------------------------------------------------------------------------------
二 、辅域名服务器配置:(172.16.100.68)
(1)安装bind,修改配置文件
~]# yum install bind -y
~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;172.16.100.68;};
dnssec-enable no;
dnssec-validation no;
(2)Master(172.16.100.67)上配置一个正向从区域和反向从区域:
在Master上,确保区域数据文件中为每个从服务配置NS记录,并且在正向区域文件需要每个从服务器的NS记录的主机名配置一个A记录,且此A后面的地址为真正的从服务器的IP地址;
[root@james ~]# vim /var/named/iecentury.com.zone
$TTL 3600
$ORIGIN iecentury.com.
@ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com. (
201812031
1H
10M
3D
1D )
IN NS ns1
IN NS ns2 #从服务器NS记录
IN MX 10 mx1
IN MX 20 mx2
IN A 172.16.100.67
ns1 IN A 172.16.100.67 #从服务器A记录
ns2 IN A 172.16.100.68
mx1 IN A 172.16.100.68
mx2 IN A 172.16.100.69
www IN A 172.16.100.67
web IN CNAME www
反向区域
~]# vim /var/named/100.16.172.zone
$TTL 3600
$ORIGIN 100.16.172.in-addr.arpa.
@ IN SOA ns1.iecentury.com. nsadmin.iecentury.com. (
2014100801
1H
10M
3D
12H )
IN NS ns1.iecentury.com.
IN NS ns2.iecentury.com. #反向NS2记录
67 IN PTR ns1.iecentury.com.
68 IN PTR ns2.iecentury.com. #反向A记录
68 IN PTR mx1.iecentury.com.
69 IN PTR mx2.iecentury.com.
67 IN PTR www.iecentury.com.
语法检查并重新配置
~]# named-checkzone iecentury.com /var/named/iecentury.com.zone
~] # rndc reload
(3)在slave DNS上定义iecentury.com域名正向区域(masters为NS1)和反向解析区域
~]# vim /etc/named.rfc1912.zones
zone "iecentury.com" IN {
type slave;
file "slaves/iecentury.con.zone";
masters { 172.16.100.67; };
};
zone "100.16.172.in-addr.arpa" IN {
type slave;
file "slaves/100.16.172.zone";
masters { 172.16.100.67; };
};
语法检查、重载配置
配置文件语法检查 named-checkconf
重载配置 rndc reload
验证:(1)在/var/named/slaves目录下自动同步iecentury.zone区域
~]# ls /var/named/slaves
iecentury.com.zone
(2)测试slave正反向解析
~]# dig -x 172.16.100.67
~]# dig -t A www.iecentury.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A www.iecentury.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13394
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iecentury.com.INA
;; ANSWER SECTION:
www.iecentury.com.3600INA172.16.100.67
;; AUTHORITY SECTION:
iecentury.com.3600INNSns1.iecentury.com.
iecentury.com.3600INNSns2.iecentury.com.
;; ADDITIONAL SECTION:
ns1.iecentury.com.3600INA172.16.100.67
ns2.iecentury.com.3600INA172.16.100.68
;; Query time: 0 msec
;; SERVER: 172.16.100.68#53(172.16.100.68)
;; WHEN: 日 11月 04 13:13:24 CST 2018
;; MSG SIZE rcvd: 130
至此,辅域名服务器配置完毕
--------------------------------------------------------------------------------------------------------------------------------------
三、子域服务器(ops.iecentury.com)
master上(172.16.100.67)子域授权
~]#
vim / var / named / iecentury.com.zone
$TTL
3600
$ORIGIN
iecentury.com.
@ IN SOA ns1.iecentury.com. dnsadmin.iecentury.com.
(
201811033
#序列号手动+1
1H
10M
3D
1D
)
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
IN A 172.16.100.67
ns1 IN A 172.16.100.67
ns2 IN A 172.16.100.68
mx1 IN A 172.16.100.68
mx2 IN A 172.16.100.69
www IN A 172.16.100.67
web IN CNAME www
ops IN NS ns1.ops #添加子域ns记录
ns1.ops IN A 172.16.100.69 #添加子域A记录
重载配置
~]# rndc reload
子域服务器配置(172.16.100.69)
(1)安装bind,并启动,设置开机自启动
~]# yum install bind –y~]# systemctl start named.service
~]#systemctl enable named.service
(2)修改配置文件(仅列出有修改配置)
~]# vim / etc / named.conf
options {
listen-on port 53 { 127.0.0.1;172.16.100.69; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
(3)检查配置文件语法错误(默认 / etc / named.conf),并重读配置文件
~]# named-checkconf
~]# rndc reload
(4)配置解析一个子域正向区域:
1)定义正向区域
~]# vim / etc / named.rfc1912.zones
zone "ops.iecentury.com" IN {
type master;
file "ops.iecentury.com.zone";
};
2)建立区域数据文件(主要记录为A或AAAA记录,在 / var / named目录下建立区域数据文件;)
~]# vim / var / named / iecentury.com.zone
$TTL 3600
$ORIGIN ops.iecentury.com.
@ IN SOA ns1.ops.iecentury.com. dnsadmin.ops.iecentury.com. (
201811034
1H
10M
3D
1D )
IN NS ns1
ns1 IN A 172.16.100.69
www IN A 172.16.100.69
权限及属组修改:
~]# chmod o= / var / named / ops.iecentury.com.zone
~]# chgrp named / var / named / ops.iecentury.com.zone
子域测试:
~]# dig -t A www.ops.iecentury.com
设置子域对父域的转发
~]# vim / etc / named.rfc1912.zones
zone "iecentury.com" IN {
type forward;
forward only;
forwarders { 172.16.100.67;172.16.100.68; };
};
主从域服务器测试子域解析:
~]# dig -t A www.ops.iecentury.com
备注:如从域不测试不成功,可尝试重启named服务
~]#systemctl restart named.service
以上是正向解析区域、反向解析区域;主/从;子域配置;bind acl基本安全控制,非DNS服务商,可不做深入了解!
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
