DNS域名系統是互聯網的一項服務。它作爲將域名和IP地址相互映射的一個分佈式數據庫,能夠使人更方便地訪問互聯網。DNS使用TCP和UDP端口53
DNS服務器主從複製,子域授權
主服務器:10.120.123.13
從服務器:10.120.123.250
子服務器:10.120.123.251
從服務器的主配置文件:/etc/named.conf
options {
listen-on port 53 { 10.120.123.250; }; //定義監聽的端口以及監聽ip
//listen-on-v6 port 53 { ::1; }; //關閉IPv6 查詢
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes; //允許遞歸
dnssec-enable no; //關閉DNS安全相關
dnssec-validation no; //關閉DNS安全相關
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging { //日誌相關的配置
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { //定義根區域
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
從服務器定義區域解析庫文件:/etc/named.rfc1912.zones
zone "test.com" IN {
type slave; //定義服務類型slave
file "slaves/test.com.zone";
masters { 10.120.123.13; }; //定義主服務器地址
masterfile-format text; //定義格式,解決服務器區域文件亂碼
};
zone "123.120.10.in-addr.arpa" IN {
type slave; //定義服務類型slave
file "slaves/10.120.123.zone";
masters { 10.120.123.13; }; //定義主服務器地址
masterfile-format text; //定義格式,解決服務器區域文件亂碼
};
主服務器區域解析庫文件(/var/named/test.com.zone): 增加NS記錄
$TTL 3600
$ORIGIN test.com.
@ IN SOA ns1.test.com. dnsadmin.test.com. (
2019010818
1H
10M
3D
1D )
IN NS ns1
IN NS ns2 //從服務器
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 10.120.123.13
ns2 IN A 10.120.123.250 //從服務器
mx1 IN A 10.120.123.252
mx2 IN A 10.120.123.253
www IN A 10.120.123.254
web IN CNAME www
ops IN NS ns1.ops //子域授權
ns1.ops IN A 10.120.123.251
$TTL 3600
$ORIGIN 123.120.10.in-addr.arpa.
@ IN SOA ns1.test.com. nsadmin.test.com. (
2019010802
1H
10M
3D
12H )
IN NS ns1.test.com.
IN NS ns2.test.com. //從服務器
13 IN PTR ns1.test.com.
250 IN PTR ns2.test.com. //從服務器
252 IN PTR mx1.test.com.
253 IN PTR mx2.test.com.
254 IN PTR www.test.com.
子域區域解析庫文件(/var/named/ops.test.com.zone)
$TTL 3600
$ORIGIN ops.test.com.
@ IN SOA ns1.ops.test.com. nsadmin.ops.test.com. (
2019022401
1H
10M
1D
2H )
IN NS ns1
ns1 IN A 10.120.123.251
www IN A 10.120.123.251
主服務器重載主配置
rndc reload
從服務器開啓服務
systemctl restart named.service
從服務器測試
完全區域傳送
dig -t axfr test.com @10.120.123.13
正向解析
dig -t A www.test.com @10.120.123.250
反向解析
dig -x 10.120.123.13 @10.120.123.250
子域測試
dig www.ops.test.com @10.120.123.13 //主
dig www.ops.test.com @10.120.123.250 //從
dig www.ops.test.com @10.120.123.251 //子