实验环境
系统: CentOS Linux release 7.4.1708 (Core)
主服务器: 192.168.1.54
从服务器: 192.168.1.89
测试服务器: 192.168.1.49
安装dns服务
#两台服务器时间要保持一致[root@private home]# /usr/sbin/ntpdate cn.pool.ntp.org 3 Nov 13:39:25 ntpdate[30164]: step time server 119.28.183.184 offset 1.287519 sec#安装服务[root@private home]# yum install -y bind bind-utils#设置防火墙[root@private home]# iptables -I INPUT -p udp --dport 53 -j ACCEPT[root@private home]# iptables -nLChain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
配置服务
主服务器
#修改/etc/named.conf文件[root@kvm000 ~]# vim /etc/named.confoptions {
listen-on port 53 { 192.168.1.54; }; #监听本机IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24 }; #允许解析请求的地址
recursion yes; #开启递归查询
dnssec-enable no; #关闭DNS安全扩展功能
dnssec-validation no; #关闭DNS安全验证
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
{
...
...
}#修改/etc/named.rfc1912.zones[root@kvm000 ~]# vim /etc/named.rfc1912.zoneszone "windns.com." IN { #创建正向解析域
type master;
file "windns.com.zone";
allow-update { none; };
allow-transfer { 192.168.1.89; }; #允许同步DNS的辅助服务器IP;
notify yes; #启用变更通告,当主服务器DNS区域文件发生变更后,通知从服务器进行比较同步;};
zone "1.168.192.in-addr.arpa" IN { #创建反解析域
type master;
file "192.168.1.zone";
allow-update { none; };
allow-transfer { 192.168.1.89;};
notify yes;
};#新建windns.com.zone正向解析文件[root@kvm000 ~]# vim /var/named/windns.com.zone$TTL 3600$ORIGIN windns.com.
@ IN SOA windns.com. admin.windns.com. (
2018042101
1D
1H
1W
3H
)
@ IN NS ns1.windns.com.
@ IN NS ns2.windns.com.
ns1 IN A 192.168.1.54
ns2 IN A 192.168.1.89
www IN A 192.168.1.92
web IN CNAME www#新建/var/named/192.168.1.zone反向解析文件[root@kvm000 ~]# vim /var/named/192.168.1.zone$TTL 3600$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA windns.com. admin.windns.com. (
2018042101
1D
1H
1W
3H
)
@ IN NS ns1.windns.com.
@ IN NS ns2.windns.com.
54 IN PTR ns1.windns.com.
89 IN PTR ns2.windns.com.
92 IN PTR www.windns.com.#检查配置文件[root@kvm000 named]# named-checkzone windns.com windns.com.zone zone windns.com/IN: loaded serial 2018042101
OK
[root@kvm000 named]# named-checkzone 1.168.192.in-addr.arpa 192.168.1.zone zone 1.168.192.in-addr.arpa/IN: loaded serial 2018042101
OK#如没问题则启动服务[root@kvm000 named]# systemctl start named[root@kvm000 named]# systemctl status named named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-11-03 23:19:53 CST; 18min ago
Process: 12264 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 12260 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 12265 (named)
Tasks: 11
Memory: 63.0M
CGroup: /system.slice/named.service
└─12265 /usr/sbin/named -u named -c /etc/named.conf
Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: loaded serial 2018042101
Nov 03 23:19:53 kvm000 named[12265]: zone localhost.localdomain/IN: loaded serial 0
Nov 03 23:19:53 kvm000 named[12265]: all zones loaded
Nov 03 23:19:53 kvm000 named[12265]: running
Nov 03 23:19:53 kvm000 named[12265]: zone windns.com/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 named[12265]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2018042101)
Nov 03 23:19:53 kvm000 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Nov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR startedNov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#55021 (windns.com): transfer of 'windns.com/IN': AXFR endedNov 03 23:37:18 kvm000 named[12265]: client 192.168.1.89#1911: received notify for zone 'windns.com'从服务器配置
options {
listen-on port 53 { 192.168.1.89; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.1.0/24;192.168.9.0/24;192.168.88.0/24; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
{
...
...
}#修改/etc/named.rfc1912.zonesvim
zone "windns.com" IN {
type slave; #指定类型为slave ;
file "slaves/windns.com.zone"; #指定同步文件的存放路径及名称;
masters { 192.168.1.54; }; #指定主服务器的IP;
masterfile-format text; #指定区域文件的格式为text,不指定有可能会为乱码(没错,这坑我又踩过);};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.1.zone";
masters { 192.168.1.54; };
masterfile-format text;
};#检查配置文件是否正确[root@private home]# named-checkconf /etc/named.conf#如没问题则启动服务[root@private home]# systemctl start named[root@private home]# systemctl status named named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2018-11-03 23:37:18 CST; 5s ago
Process: 16589 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 16586 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 16591 (named)
Tasks: 9
Memory: 59.9M
CGroup: /system.slice/named.service
└─16591 /usr/sbin/named -u named -c /etc/named.conf11月 03 23:37:18 private.winchannel.net named[16591]: zone localhost.localdomain/IN: loaded serial 011月 03 23:37:18 private.winchannel.net named[16591]: zone localhost/IN: loaded serial 011月 03 23:37:18 private.winchannel.net named[16591]: all zones loaded11月 03 23:37:18 private.winchannel.net named[16591]: running11月 03 23:37:18 private.winchannel.net systemd[1]: Started Berkeley Internet Name Domain (DNS).11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: Transfer started.11月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...02111月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: transferred serial 201804210111月 03 23:37:18 private.winchannel.net named[16591]: transfer of 'windns.com/IN' from 192.168.1.54...ec)11月 03 23:37:18 private.winchannel.net named[16591]: zone windns.com/IN: sending notifies (serial ...01)测试dns服务
修改dns地址
[root@sftp-server ~]# vim /etc/resolv.conf# Generated by NetworkManagernameserver 192.168.1.54nameserver 192.168.1.89
ping测试
# 返回结果是 192.168.1.92 , dns生效[root@sftp-server ~]# ping www.windns.comPING www.windns.com (192.168.1.92) 56(84) bytes of data.64 bytes from www.windns.com (192.168.1.92): icmp_seq=1 ttl=64 time=0.100 ms64 bytes from www.windns.com (192.168.1.92): icmp_seq=2 ttl=64 time=0.168 ms64 bytes from www.windns.com (192.168.1.92): icmp_seq=3 ttl=64 time=0.144 ms
nslookup测试
[root@sftp-server ~]# nslookup > www.windns.com #域名测试解析结果Server: 192.168.1.54Address: 192.168.1.54#53Name: www.windns.comAddress: 192.168.1.92> 192.168.1.92 #IP测试解析域名Server: 192.168.1.54Address: 192.168.1.54#5392.1.168.192.in-addr.arpa name = www.windns.com.
dig测试
# 正向测试 A记录[root@sftp-server ~]# dig www.windns.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> www.windns.com;; global options: +cmd;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31367 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.windns.com. IN A;; ANSWER SECTION:www.windns.com. 3600 IN A 192.168.1.92;; AUTHORITY SECTION:windns.com. 3600 IN NS ns2.windns.com.windns.com. 3600 IN NS ns1.windns.com. ;; ADDITIONAL SECTION:ns1.windns.com. 3600 IN A 192.168.1.54ns2.windns.com. 3600 IN A 192.168.1.89;; Query time: 0 msec;; SERVER: 192.168.1.54#53(192.168.1.54) ;; WHEN: Sat Nov 3 23:58:29 2018 ;; MSG SIZE rcvd: 116 # 反向测试[root@sftp-server ~]# dig 192.168.1.92; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> 192.168.1.92;; global options: +cmd;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49348 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;192.168.1.92. IN A;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018110300 1800 900 604800 86400 ;; Query time: 263 msec;; SERVER: 192.168.1.54#53(192.168.1.54) ;; WHEN: Sat Nov 3 23:58:50 2018 ;; MSG SIZE rcvd: 105
停主dns测试
#可以看到 解析的由1.54变成了1.89 测试生效~[root@sftp-server ~]# nslookup > www.windns.comServer: 192.168.1.89Address: 192.168.1.89#53Name: www.windns.comAddress: 192.168.1.92> 192.168.1.92Server: 192.168.1.89Address: 192.168.1.89#5392.1.168.192.in-addr.arpa name = www.windns.com.
88网段测试
#修改网卡dnsC:\Users\baiyongjie>ipconfig /all 以太网适配器 以太网: 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller 物理地址. . . . . . . . . . . . . : F4-8E-38-7E-D7-0B DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是 本地链接 IPv6 地址. . . . . . . . : fe80::6d84:a277:46d:2c7a%12(首选) IPv4 地址 . . . . . . . . . . . . : 192.168.88.37(首选) 子网掩码 . . . . . . . . . . . . : 255.255.255.0 默认网关. . . . . . . . . . . . . : 192.168.88.1 DHCPv6 IAID . . . . . . . . . . . : 49581624 DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-23-0B-F2-AA-F4-8E-38-7E-D7-0B DNS 服务器 . . . . . . . . . . . : 192.168.1.54 8.8.8.8 TCPIP 上的 NetBIOS . . . . . . . : 已启用 #ping 测试C:\Users\baiyongjie>ping www.windns.com 正在 Ping www.windns.com [192.168.1.92] 具有 32 字节的数据: 来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63来自 192.168.1.92 的回复: 字节=32 时间<1ms TTL=63
作者:baiyongjie
链接:https://www.jianshu.com/p/fb764f4cacfa
点击查看更多内容
为 TA 点赞
评论
共同学习,写下你的评论
评论加载中...
作者其他优质文章
正在加载中
感谢您的支持,我会继续努力的~
扫码打赏,你说多少就多少
赞赏金额会直接到老师账户
支付方式
打开微信扫一扫,即可进行扫码打赏哦