服务搭建前的环境:
1.关闭selinux和防火墙
关闭selinux:
①永久性修改
vim /etc/selinux/config(需要重启才能生效)
②临时性修改
setenforce 0
查看:
关闭防火墙:
/etc/init.d/iptables stop
关闭开机启动:
chkconfig iptables off
2.安装
服务器端安装:DNS服务对应的名称是bind,对应的进程是named
安装:
yum install -y bind
客户端安装:
yum install bind-utils
3.分析DNS的应用场景,进行服务搭建
(1)本地DNS
①规划域名和主机
域名到IP的映射:
www-->10.1.1.243
dns1-->10.1.1.245
dns2-->10.1.1.246
②配置主配置文件定义正反解区域
vim /etc/named.conf
options {
listen-on port 53 { any; };
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
}
vim /etc/named.rfc1912.zones
zone "xx.com" IN {
type master;
file "named.xx.com";
allow-update { none; };
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "10.1.1.arpa";
allow-update { none; };
};
③创建正反解文件
正解文件:
cp /var/named/named.localhost /var/named/named.xx.com(注意:这里的文件命名要和正解区域的file的文件名一致)
vim /var/named/named.xx.com
$TTL 1D
@ IN SOA xx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xx.com.
dns1 IN A 10.1.1.245
dns2 IN A 10.1.1.246
www IN A 10.1.1.243
反解文件:
cp /var/named/named.localhost /var/named/10.1.1.arpa
vim /var/named/10.1.1.arpa
$TTL 1D
@ IN SOA xx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xx.com.
245 IN PTR dns1.xx.com.
246 IN PTR dns2.xx.com.
243 IN PTR www.xx.com.
配置完成,重启服务:
/etc/init.d/named restart
在客户端查看配置是否成功:
正解检测:
反解检测:
遇到的问题:
权限不足的问题:
** server can‘t find dns1.xx.com: SERVFAIL
查看日志:
zone 0.in-addr.arpa/IN: loaded serial 0 zone 1.1.10.in-addr.arpa/IN: loading from master file 10.1.1.arpa failed: permission denied zone 1.1.10.in-addr.arpa/IN: not loaded due to errors. zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone realhostip.com/IN: loading from master file named.xx.com failed: permission denied zone realhostip.com/IN: not loaded due to errors. zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 managed-keys-zone ./IN: loaded serial 2 Running
可以看到是因为文件权限不足的原因,因此对文件修改所属用户和所属组,并修改权限。
chown named:named /var/named/named.xx.com chmod 775 /var/named/named.xx.com chown named:named /var/named/10.1.1.arpa chmod 775 /var/named/10.1.1.arpa
(2)主从DNS
①进行主从时间同步:(主从服务器上均需要执行该命令)
ntpdate ntp.api.bz
②主服务器修改配置:
vim /etc/named.rfc1912.zones
zone "xx.com" IN {
type master;
file "named.xx.com";
allow-transfer { 10.1.1.246; };
};
zone "1.1.10.in-addr.arpa" IN {
type master;
file "10.1.1.arpa";
allow-transfer { 10.1.1.246; };
};
vim /var/named/named.xx.com
$TTL 1D
@ IN SOA xx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xx.com.
@ IN NS dns2.xx.com.
dns1 IN A 10.1.1.245
dns2 IN A 10.1.1.246
www IN A 10.1.1.243
vim /var/named/10.1.1.arpa
$TTL 1D
@ IN SOA xx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xx.com.
@ IN NS dns2.xx.com.
245 IN PTR dns1.xx.com.
246 IN PTR dns2.xx.com.
243 IN PTR www.xx.com.
重启服务:
/etc/init.d/named restart
③从服务器配置:
vim /etc/named.conf
options {
listen-on port 53 { any; };
allow-query { any; };
dnssec-enable no;
dnssec-validation no;
}
vim /etc/named.rfc1912.zones
zone "xx.com" IN {
type slave;
file "slaves/named.xx.com";
masters { 10.1.1.245; };
};
zone "1.1.10.in-addr-arpa" IN {
type slave;
file "slaves/10.1.1.arpa";
masters { 10.1.1.245; };
};
查看是否有从服务器文件:
/etc/init.d/named restart
④修改主服务器正反解文件序列号,进行检测
在从服务器查看日志:
tail -n 30 /var/log/messages | grep named May 18 15:55:22 dns2 named[8229]: automatic empty zone: D.F.IP6.ARPA May 18 15:55:22 dns2 named[8229]: automatic empty zone: 8.E.F.IP6.ARPA May 18 15:55:22 dns2 named[8229]: automatic empty zone: 9.E.F.IP6.ARPA May 18 15:55:22 dns2 named[8229]: automatic empty zone: A.E.F.IP6.ARPA May 18 15:55:22 dns2 named[8229]: automatic empty zone: B.E.F.IP6.ARPA May 18 15:55:22 dns2 named[8229]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA May 18 15:55:22 dns2 named[8229]: command channel listening on 127.0.0.1#953 May 18 15:55:22 dns2 named[8229]: command channel listening on ::1#953 May 18 15:55:22 dns2 named[8229]: zone 0.in-addr.arpa/IN: loaded serial 0 May 18 15:55:22 dns2 named[8229]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 May 18 15:55:22 dns2 named[8229]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 May 18 15:55:22 dns2 named[8229]: zone localhost.localdomain/IN: loaded serial 0 May 18 15:55:22 dns2 named[8229]: zone localhost/IN: loaded serial 0 May 18 15:55:23 dns2 named[8229]: managed-keys-zone ./IN: loaded serial 0 May 18 15:55:23 dns2 named[8229]: running May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: Transfer started. May 18 15:55:23 dns2 named[8229]: transfer of ‘xx.com/IN‘ from 10.1.1.245#53: connected using 10.1.1.246#35973 May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: transferred serial 0 May 18 15:55:23 dns2 named[8229]: transfer of ‘xx.com/IN‘ from 10.1.1.245#53: Transfer completed: 1 messages, 7 records, 199 bytes, 0.001 secs (199000 bytes/sec) May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: sending notifies (serial 0) May 18 15:55:23 dns2 named[8229]: managed-keys-zone ./IN: Initializing automatic trust anchor management for zone ‘.‘; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period. May 18 15:55:23 dns2 named[8229]: zone 1.1.10.in-addr-arpa/IN: refresh: non-authoritative answer from master 10.1.1.245#53 (source 0.0.0.0#0) May 18 15:56:20 dns2 named[8229]: zone 1.1.10.in-addr-arpa/IN: refresh: non-authoritative answer from master 10.1.1.245#53 (source 0.0.0.0#0) May 18 15:58:00 dns2 named[8229]: client 10.1.1.245#45183: received notify for zone ‘1.1.10.in-addr.arpa‘: not authoritative May 18 15:58:01 dns2 named[8229]: client 10.1.1.245#30300: received notify for zone ‘xx.com‘ May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: Transfer started. May 18 15:58:01 dns2 named[8229]: transfer of ‘xx.com/IN‘ from 10.1.1.245#53: connected using 10.1.1.246#39857 May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: transferred serial 20180518 May 18 15:58:01 dns2 named[8229]: transfer of ‘xx.com/IN‘ from 10.1.1.245#53: Transfer completed: 1 messages, 7 records, 199 bytes, 0.001 secs (199000 bytes/sec) May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: sending notifies (serial 20180518)
查看从服务器接收到的文件:
配置成功。
原文:https://www.cnblogs.com/xwhuxx/p/9077459.html