1. 下載DNS服務和配置前準備
yum -y install bind bind-chroot bind-util bind-libs
關閉防火牆和防火牆開機選項: service iptables stop
chkconfig iptables off
設置selinux爲disabled,如下圖:
2. 配置主DNS服務器
步驟一:vi /etc/named.conf
修改listen-on port 53 { any; };
allow-query { any; }
如下圖所示:
整體的配置如下:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named/clients.acl";
//zone "." IN {
// type hint;
// file "named.ca";
//};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
view "nj01" {
match-clients {
localhost;
nj01;
};
allow-update {
nj01;
};
recursion yes;
include "/etc/named/named.conf";
include "/etc/named/named_nj01.conf";
};
options:控制服務器的全局配置選項和爲其它語句設置默認值.
directory "/var/name" 定義bind的工作目錄爲/var/name,配置文件中所有使用的相對路徑,指的都在這裏配置的目錄下,比如後面配置文件中的file "archermind.org.hosts"。
根據需要添加的conf文件都需要修改,這裏就不一一列出來了。
named.rfc1912.zones文件:
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
步驟二:修改/etc/named/clients.acl(最好所有的clients.acl一起修改,包括var目錄和從服務器的)
加入你的從DNS服務器IP,如下圖:
步驟三:修改/etc/named/named.conf,如下
zone "archermind.com" IN {
type forward;
forwarders {
192.168.100.101;
192.168.100.102;
};
forward only;
};
zone "archermind.cn" IN {
type master;
file "archermind.cn.hosts";
allow-transfer { slaves; };
};
zone "archermind.org" IN {
type master;
file "archermind.org.hosts";
allow-transfer { slaves; };
};
zone "amtbaas.com" IN {
type forward;
forwarders {
192.168.100.101;
192.168.100.102;
};
};
1.type forward是轉發域名給其他服務器分析。
2.主服務器的type設置爲master,如果有DNS從服務器,要設置allow-transfer。
3.zone:定義一個域,比如正解析域和反解析域。
步驟四:
全部設置完以後service named restart。
.
3. 配置從DNS服務器
步驟一:vi /etc/resolv.conf
上面是本機IP
下面是DNS主服務器IP
步驟二:
和主服務器配置一樣的/etc/named.conf
配置/etc/named/named.conf
zone "archermind.com" IN {
type forward;
forwarders {
192.168.100.101;
192.168.100.102;
};
forward only;
};
zone "archermind.cn" IN {
type slave;
masters {10.20.70.71;};
file "archermind.cn.hosts";
};
zone "archermind.org" IN {
type slave;
masters {10.20.70.71;};
file "archermind.org.hosts";
};和主DNS服務器類似,type填寫的不一樣。
步驟三:
service named restart
4. 驗證從服務器的DNS域名解析
cmd->nslookup->server xxx(從服務器IP)->輸入網址。
如下圖:
5. 配置rsync從服務器到主服務器的同步
如果要配置多臺從DNS服務器,這裏建議用rsync同步的方式同步配置文件
步驟一:在主服務器上下載並啓動自動同步服務
yum -y install xinetd
service xinetd start。
開機選項chkconfig rsync on。
步驟二:主DNS服務器上的同步配置rsync.conf
Vi /etc/rsync.conf
配置如下
uid = root gid = named user chroot =no max connections = 20000 timeout =600 pid file= /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock log file = /var/log/rsyncd.log [name] path=/etc/named ignore errors read only = yes list = no hosts allow = 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 [varname] path=/var/named ignore errors read only = yes list = no hosts allow = 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 [i] path=/work/i ignore errors
步驟三:
從DNS上創建自動定時腳本
cd /etc/cron.hourly/
vi named.sh
備註:在同步的時候不會同步/etc/named.conf文件,裏面的端口要自己手動改成any。
腳本如下圖所示:
#!/bin/bash rsync -avz --delete 192.168.100.62::name /etc/named --log-file /var/log/namersynclog.log rsync -avz --delete --exclude=/data --exclude=/dynamic 192.168.100.62::varname /var/named --log-file /var/log/varnamersynclog.log /etc/init.d/named reload