1. 下載DNS服務和配置前準備
yum -y install bind bind-chroot bind-util bind-libs
關閉防火牆和防火牆開機選項: service iptables stop
chkconfig iptables off
設置selinux爲disabled,如下圖:
2. 配置主DNS服務器
步驟一:vi /etc/named.conf
修改listen-on port 53 { any; };
allow-query { any; }
如下圖所示:
整體的配置如下:
options { listen-on port 53 { any; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; include "/etc/named/clients.acl"; //zone "." IN { // type hint; // file "named.ca"; //}; #include "/etc/named.rfc1912.zones"; #include "/etc/named.root.key"; view "nj01" { match-clients { localhost; nj01; }; allow-update { nj01; }; recursion yes; include "/etc/named/named.conf"; include "/etc/named/named_nj01.conf"; };
options:控制服務器的全局配置選項和爲其它語句設置默認值.
directory "/var/name" 定義bind的工作目錄爲/var/name,配置文件中所有使用的相對路徑,指的都在這裏配置的目錄下,比如後面配置文件中的file "archermind.org.hosts"。
根據需要添加的conf文件都需要修改,這裏就不一一列出來了。
named.rfc1912.zones文件:
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; };
步驟二:修改/etc/named/clients.acl(最好所有的clients.acl一起修改,包括var目錄和從服務器的)
加入你的從DNS服務器IP,如下圖:
步驟三:修改/etc/named/named.conf,如下
zone "archermind.com" IN { type forward; forwarders { 192.168.100.101; 192.168.100.102; }; forward only; }; zone "archermind.cn" IN { type master; file "archermind.cn.hosts"; allow-transfer { slaves; }; }; zone "archermind.org" IN { type master; file "archermind.org.hosts"; allow-transfer { slaves; }; }; zone "amtbaas.com" IN { type forward; forwarders { 192.168.100.101; 192.168.100.102; }; };
1.type forward是轉發域名給其他服務器分析。
2.主服務器的type設置爲master,如果有DNS從服務器,要設置allow-transfer。
3.zone:定義一個域,比如正解析域和反解析域。
步驟四:
全部設置完以後service named restart。
.
3. 配置從DNS服務器
步驟一:vi /etc/resolv.conf
上面是本機IP
下面是DNS主服務器IP
步驟二:
和主服務器配置一樣的/etc/named.conf
配置/etc/named/named.conf
zone "archermind.com" IN { type forward; forwarders { 192.168.100.101; 192.168.100.102; }; forward only; }; zone "archermind.cn" IN { type slave; masters {10.20.70.71;}; file "archermind.cn.hosts"; }; zone "archermind.org" IN { type slave; masters {10.20.70.71;}; file "archermind.org.hosts"; };
和主DNS服務器類似,type填寫的不一樣。
步驟三:
service named restart
4. 驗證從服務器的DNS域名解析
cmd->nslookup->server xxx(從服務器IP)->輸入網址。
如下圖:
5. 配置rsync從服務器到主服務器的同步
如果要配置多臺從DNS服務器,這裏建議用rsync同步的方式同步配置文件
步驟一:在主服務器上下載並啓動自動同步服務
yum -y install xinetd
service xinetd start。
開機選項chkconfig rsync on。
步驟二:主DNS服務器上的同步配置rsync.conf
Vi /etc/rsync.conf
配置如下
uid = root gid = named user chroot =no max connections = 20000 timeout =600 pid file= /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock log file = /var/log/rsyncd.log [name] path=/etc/named ignore errors read only = yes list = no hosts allow = 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 [varname] path=/var/named ignore errors read only = yes list = no hosts allow = 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 [i] path=/work/i ignore errors
步驟三:
從DNS上創建自動定時腳本
cd /etc/cron.hourly/
vi named.sh
備註:在同步的時候不會同步/etc/named.conf文件,裏面的端口要自己手動改成any。
腳本如下圖所示:
#!/bin/bash rsync -avz --delete 192.168.100.62::name /etc/named --log-file /var/log/namersynclog.log rsync -avz --delete --exclude=/data --exclude=/dynamic 192.168.100.62::varname /var/named --log-file /var/log/varnamersynclog.log /etc/init.d/named reload