實驗環境如下:
虛擬機centos6.4版本
master的ip爲192.168.0.120
slave的ip爲192.168.0.121
yum install -y ntpdate安裝時間同步命令
ntpdate time.windows.com同步時間,如果一次不成功,需要多同步幾次,原因不解釋。。。你們懂的
vim /etc/selinux/config改成SELINUX=disabled
chkconfig iptables off關閉iptables
\\\\\做完準備工作後重啓下機器/////
yum install -y bind bind-utils安裝bind服務及dig檢測命令
>/etc/named.conf
vim /etc/named.conf
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
chown named /etc/named.conf
cd /var/named/
dig -t NS . > named.ca
vim localhost.zone
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1D
)
@ IN NS localhost.
localhost. IN A 127.0.0.1
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
vim named.local
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
$TTL 86400
@ IN SOA localhost. admin.localhost. (
2013081601
1H
10M
7D
1D
)
@ IN NS localhost.
1 IN PTR localhost.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
檢測配置是否有問題: named-checkconf
檢測正解析: named-checkzone "localhost" /var/named/localhost.zone
檢測反解析: named-checkzone "0.0.127.in-addr.arpa" /var/named/named.local
如果都“OK”那就可以了
rndc-confgen -r /dev/urandom -a // 這一步是生成 rndc.key, 如果沒有這個key namd 是啓動不了的
chown named:named /etc/rndc.key
/etc/init.d/named start
首先測試正向解析:dig @127.0.0.1 localhost.
接着測試反解析:dig @127.0.0.1 -x 127.0.0.1
都正常了,那麼我呢就增加個域名來試試......
vim /etc/named.conf 後面增加
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
zone "abc.com" IN {
type master;
file "abc.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.zone";
};
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
編輯zone文件: vim /var/named/abc.com.zone
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
$TTL 600
@ IN SOA abc.com. root.abc.com. (
2013081611
1H
10M
7D
1D
)
IN NS ns.abc.com.
IN MX 10 mail.abc.com.
ns IN A 192.168.0.120
www IN A 192.168.0.73
mail IN A 192.168.0.10
bbs IN CNAME www.abc.com.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
編輯反解析文件: vim /var/named/192.168.zone
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
$TTL 600
@ IN SOA ns.abc.com. root.abc.com. (
2013081601
1H
10M
7D
1D
)
@ IN NS ns.abc.com.
120 IN PTR ns.abc.com.
10 IN PTR mail.abc.com.
73 IN PTR www.abc.com.
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
分別檢測兩個配置文件是否有問題:
named-checkzone "abc.com" abc.com.zone
named-checkzone "0.168.192.in-addr.arpa" 192.168.zone
重啓named服務,測試:
dig @127.0.0.1 www.abc.com
dig @127.0.0.1 -x 192.168.0.120
配置DNS轉發:
我們配置的DNS是隻能解析我們定義的zone的,我們沒有定義的是不能解析的。
配置DNS轉發就可以解析其他互聯網上的域名了,前提是這個域名在互聯網中的確在使用,也就是說這個域名已經被某個DNS服務器解析了。
vim /etc/named.conf //在options{} 裏面增加
forward first;
forwarders { 8.8.8.8; };
這兩行就是用來配置轉發的,該DNS服務器不能解析的域名會轉發到8.8.8.8這個DNS服務器上去解析。
配置主從:
在從服務器上安裝 yum install -y bind bind-utils
拷貝主上的配置文件到從上,其中有/etc/named.conf, /var/named/localhost.zone, /var/named/named.local
可以使用scp來拷貝很方便哦,他的安裝包是yum install -y openssh-clients
拷貝過來後,修改一下從的/etc/named.conf 內容參考:
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "abc.com" IN {
type slave;
file "slaves/abc.com.zone";
masters { 192.168.0.120; };
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.zone";
masters { 192.168.0.120; };
};
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
從上生成rndc.key: rndc-confgen -r /dev/urandom -a
chown named:named /etc/rndc.key
從上啓動named: /etc/init.d/named start
啓動成功後會在 /var/named/下生成一個slaves目錄,這個目錄下會有192.168.zone, abc.com.zone這兩個文件,內容是和主上的一樣的
在從上測試: dig @127.0.0.1 www.abc.com
測試主從同步
在主dns上更改文件 /var/named/abc.com.zone // 在最後增加一行:
123 IN A 1.1.1.1
另外需要修改一下第三行的那個數字串,這個是用來做標記的,只有這個數字變化了,纔可以讓從自動跟着變,數字只能是變大,不能減小,2013081601 -> 2013081602
重啓主namd服務: /etc/init.d/named restart
經測試我們發現一個問題,就是從經常會同步特別慢,這是很要命的。所以需要我們做一個特殊操作,在主上的/etc/named.conf中,abc.com的zone中增加兩行:
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
notify yes;
also-notify { 192.168.0.121; };
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\