Centos 7.1 Bind主從搭建
##########################################################################
概覽
DNS簡單描述
1.環境準備
2.配置主DNS服務器
2.1. 主要配置文件
2.2. 配置/etc/named.conf
2.3. 配置/etc/named.rfc1912.zones
2.4. 配置/var/named/數據庫文件
2.5 啓動服務以及測試
3. 配置從dns服務器
3.1. 主DNS服務器上修改
3.2. 從DNS服務器修改
3.3.啓動服務測試
###########################################################################
DNS簡單描述
我們都知道,網絡通信中,數據鏈路等使用的地址是MAC地址;網絡層使用的是IP地址,傳輸層使用的地址是端口號,它們各有各的識別方式。而和用戶關係最密切的就是IP地址,每個入網的(不論是Internet或Intranet)計算機都必須有自己的IP地址,這樣纔可保證信息的正確傳遞。但IP地址是數字構成的,非常難與記憶和表達他的實際用途,所以人們用形象的域名代替IP,方便交流和記憶,但需要注意的是,網絡通信中數據包的傳輸是靠IP地址進行的。也就是說,當www.syd.com與www1.syd.com發送信息的時候,首先必須將自己的和對方的域名轉化爲實際的IP地址,並填寫在數據包的頭部,才進行數據的傳輸。而完成域名到IP或IP到域名的翻譯(解析)的軟件就是DNS服務系統。DNS服務系統必然要安裝在某個計算機上,這個計算機就是所謂爲的DNS服務器。
目前爲止,實現這種域名解析的方法主要有三種:
1)hosts文件,但要求所有互相解析的機器必須都配置
2)NIS (SUN的技術)集中管理域名,只適合局域網,原因大家自己想
3)DNS 實現域名的層次化,分佈式管理,目前大部分都是這種方式
DNS服務的配置比較難,而且可能需要ISP的支持,DNS也是各種網絡應用服務的基礎,例如網站,郵件。都需要域名的支持,而且有了DNS,IP的移植就方便多了。
###########################################################################
1.環境準備
主服務器IP :192.168.1.150
從服務器IP:192.168.1.200
關閉firewalld和selinux
OS:CentOS Linux release 7.1.1503 (Core)
bind軟件:# yum install bindbind-utils
# rpm -qa bind*
bind-license-9.9.4-18.el7_1.5.noarch
bind-libs-lite-9.9.4-18.el7_1.5.x86_64
bind-libs-9.9.4-18.el7_1.5.x86_64
bind-utils-9.9.4-18.el7_1.5.x86_64
bind-9.9.4-18.el7_1.5.x86_64
域名:zrd.com
##########################################################################
2.配置主DNS服務器:
------------------------------------------------------------------------------------------------------------
2.1. 主要配置文件:
/etc/named.conf 主要配置端口,安全,日誌相關日誌
/etc/named.rfc1912.zones 定義正反解區域相關
/var/named/ 正反解數據庫
------------------------------------------------------------------------------------------------------------
2.2. 配置/etc/named.conf
------------------------------------------------------------------------------------------------------------
#---------------------------------
# 備份/etc/named.conf配置文件
#---------------------------------
[root@ns1 ~]# cp /etc/named.conf /etc/named.conf.bak
#---------------------------------
# 編輯/etc/named.conf配置文件
#雙斜槓爲註釋內容
#---------------------------------
[root@ns1~]#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bindpackage to configure the ISC BIND named(8) DNS
// server as a caching onlynameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-onport 53 { 127.0.0.1; };
// listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNSserver, do NOT enable recursion.
- If you are building a RECURSIVE (caching)DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IPaddress, you MUST enable access
control to limit queries to your legitimateusers. Failing to do so will
cause your server to become part of largescale DNS amplification
attacks. Implementing BCP38 within yournetwork would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enableyes;
// dnssec-validationyes;
// dnssec-lookasideauto;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
2.3. 配置/etc/named.rfc1912.zones
#------------------------------------------------------------------
# 備份/etc/named.rfc1912.zones配置文件
#------------------------------------------------------------------
[root@ns1~]# cp/etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
#------------------------------------------------------------------
# 編輯/etc/named.rfc1912.zones配置文件
#雙斜槓爲註釋內容
#------------------------------------------------------------------
[root@ns1 ~]# vim/etc/named.rfc1912.zones
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
//##########################
//自定義zrd.com正向解的區域
//##########################
zone"zrd.com" IN {
type master;
file "zrd.com.zone";
};
//####################################################
//自定義反向解析
//####################################################
zone"1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr-arpa";
};
2.4. 配置/var/named/數據庫文件
#------------------------------------------------------------------
#創建正向解析數據庫文件/var/named/zrd.com.zone
#------------------------------------------------------------------
[root@ns1 ~]# vimzrd.com.zone
$TTL 600
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015091901
1H
5M
3D
12H
)
IN NS dns
IN MX 10 mail
dns IN A 192.168.1.150
www IN A 192.168.1.151
mail IN A 192.168.1.152
pop IN CNAME mail
修改屬組
[root@ns1 ~]#chown.named /var/named/zrd.com.zone
#------------------------------------------------------------------
#創建反向解析數據庫文件/var/named/1.168.192.in-addr-arpa
#------------------------------------------------------------------
[root@ns1 ~]# vim/var/named/1.168.192.in-addr-arpa
$TTL 600
@ IN SOA dns.zrd.com. admin.zrd.com. (
2015091901
1H
5M
3D
12H
)
IN NS dns.zrd.com.
150 IN PTR dns.zrd.com.
151 IN PTR www.zrd.com.
152 IN PTR mail.zrd.com.
2.5 啓動服務以及測試
2.5.1 服務相關(停,啓,查,服務器自啓動,禁止自啓動)
[root@ns1 ~]#systemctl stop named
[root@ns1 ~]#systemctl start named
[root@ns1 ~]#systemctl status named
[root@ns1 ~]#systemctl enable named
[root@ns1 ~]#systemctl disable named
2.5.2 測試
查看偵聽53端口domain服務是否已經開啓
查看正反解析服務是否正常
PS:至此;不配置從DNS服務器,一臺簡單的DNS服務器已配置完成!
#######################################################################
#######################################################################
3. 配置從dns服務器
------------------------------------------------------------------------------------------------------------
3.1. 主DNS服務器上修改
3.1.1 修改/etc/named.rfc1912.zones
[root@ns1 ~]# vim/etc/named.rfc1912.zones
//named.rfc1912.zones:
//
// Provided by RedHat caching-nameserver package
//
// ISC BIND namedzone configuration for zones recommended by
// RFC 1912 section4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R WFranks
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
/////////////////////////////////
//自定義zrd.com正解的區域
////////////////////////////////
zone"zrd.com" IN {
type master;
file "zrd.com.zone";
allow-transfer{ 127.0.0.1; 192.168.1.150; 192.168.1.200; }; //只允許特定的DNS服務器過來同步zone
};
////////////////////////////
//自定義反解析
////////////////////////////
zone"1.168.192.in-addr.arpa" IN {
type master;
file"1.168.192.in-addr-arpa";
allow-transfer { 127.0.0.1; 192.168.1.150;192.168.1.200; }; //只允許特定的DNS服務器過來同步zone
};
3.1.2. 正向解析文件修改
3.1.3. 反向解析文件修改
3.2. 從DNS服務器修改
#----------------------------------------------------------
#3.2.1. /etc/named.conf配置
#----------------------------------------------------------
[root@ns2 slaves]#vim /etc/named.conf
dnssec-validation yes;
dnssec-lookaside auto;
*/
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "."IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
----------------------------------------------------------------
#----------------------------------------------------------
#3.2.2 /etc/named.rfc1912.zones 配置
#----------------------------------------------------------
[root@ns2 slaves]#vim /etc/named.rfc1912.zones
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
////////////////////////////
//從服務器正解配置
////////////////////////////
zone"zrd.com." IN {
type slave;
masters { 192.168.1.150; };
file "slaves/zrd.com.zone";
allow-transfer { none; };
};
/////////////////////////
//從DNS服務器反解設置
/////////////////////////
zone"1.168.192.in-addr.arpa." IN {
type slave;
masters { 192.168.1.150; };
file"slaves/1.168.192.in-addr.zone";
allow-transfer{ none; }; //作爲從服務器不應該讓其他服務器zone傳送。
};
#######################################################
3.3.啓動服務測試
#systemctlstart named
正向解析測試
反向解析測試