軟件安裝
yum install bind
主節點配置:
[root@ named]# cat /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;72.7.99.50;72.7.99.117; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
// statistics-file "/var/named/data/named_stats.txt";
// memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
// recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@ named]# cat /etc/named.rfc1912.zones
zone "anetest.com" IN {
type master;
file "anetest.com.zone";
allow-transfer {72.7.99.51;};
};
[root@ named]# cat /var/named/anetest.com.zone
$TTL 1D
@ IN SOA @ anetest.com. (
201904191 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.anetest.com.
IN NS slave.anetest.com.
* IN A 72.7.99.1
master IN A 72.7.99.50
slave IN A 72.7.99.51
web IN A 72.7.6.4
參數解析
#vim /var/naemd/anetest.com.zone
$TTL 1D
@ 2D IN SOA dns1 admin.magedu.com. (
200005 ; serial #版本號,版本號可以任意數值,位數不能超過10個
1D ; refresh #更新間隔時間,1D表示一天
1H ; retry #同步數據失敗後,再次嘗試同步間隔時間。1H表示1小時
1W ; expire #一直不能同步數據,此間隔時間後從服務器不再提供解析服務
3H ) ; minimum #錯誤請求間隔時間,此時間內不再重啓查詢,直接將結果返回給客戶端
NS dns1 #指明服務器名稱
dns1 2D IN A 172.18.24.17 #服務器IP
www CNAME web #指明www爲web的別名
web A 172.18.24.26 #域名對應的IP
從DNS配置
[root@pdnserver02 slaves]# cat /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;72.7.99.51;72.7.99.50;};
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
// statistics-file "/var/named/data/named_stats.txt";
// memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
// recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@ slaves]# cat /etc/named.rfc1912.zones
zone "anetest.com" IN {
type slave;
file "slaves/anetest.com.zone";
masters { 72.7.99.50; };
};
[root@ slaves]# cat /var/named/slaves/anetest.com.zone
$ORIGIN .
$TTL 86400 ; 1 day
anetest.com IN SOA anetest.com. anetest.com. (
201904191 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS master.anetest.com.
NS slave.anetest.com.
$ORIGIN anetest.com.
* A 72.7.99.1
web A 72.7.6.4
master A 72.7.99.50
slave A 72.7.99.51
搭建過程中出現問題:
1、主從同步問題
(1)刪除從庫/var/named/slaved/目錄下的文件,文件不同步
通過修改主庫的 監聽地址,添加本機地址 listen-on port 53 { 127.0.0.1;72.7.99.51;72.7.99.50;};
(2)修改anetest.com.zone 文件中的配置,從庫不同步
通過修改 anetest.com.zone 文件中的 201904191 ; serial 值,然後service named reload 可以同步
(3)主從不通步的原因3 anetest.com.zone NS寫的有問題
IN NS master.anetest.com.
IN NS slave.anetest.com.
檢查語法:
named-checkconf
重新載入服務:
# service named reload
觸發同步過程的原因有4種:
1.從域名服務器剛剛啓動;
2.主域名服務器的Serial值增大;
3.執行了rndc?reload命令;
4.到了主從服務器的同步更新時間。
rndc reload #從主服務器同步解析數據到從服務器上
dig -t axfr anetest.com
[root@pdnserver02 ~]# dig +trace pda.anetest.com
禁用IPv6
error (network unreachable) resolving 'com/DNSKEY/IN': 2001:503:231d::2:30#53
error (network unreachable) resolving 'com/DNSKEY/IN': 2001:503:a83e::2:30#53
該報錯是由於啓用了ipv6的原因導致的,雖然我們在/etc/named.conf中將listen項的IPv6配置已禁用,但是在named.ca配置中還有13臺根域的ipv6配置。所以還需要如下兩種方法中的任一種來關閉ipv6的使用。
方法1:修改/etc/sysconfig/named配置
直接編輯配置文件/etc/sysconfig/named:
OPTIONS="whatever" 改爲 OPTIONS="-4"
# 注意OPTIONS選項的值可以是:whatever、-4、-6中的一個
方法2:完全禁用IPv6
這部分可以參看我的博文 centos關閉ipv6 --- 這裏有提供一些老版本的關閉方法。這裏也提下在centos6下的關閉方法:
配置文件/etc/sysconfig/network,然後 將NETWORKING_IPV6=YES改爲NETWORKING=no;關閉ip6tables這個服務;向/etc/modprobe.conf文件中,添加如下內容:
alias ipv6 off
alias net-pf-10 off
反向dns配置
主dns添加
cat /etc/named.rfc1912.zones
zone "lx.com" IN {
type master;
file "lx.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.206.zone";
};
對應zone區域的文件內容
[root@ named]# cat /var/named/lx.com.zone
$TTL 600
@ IN SOA dns.lx.com dnsadmin.lx.com (
20190423 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.lx.com.
IN NS slave.lx.com.
IN MX 10 dns.lx.com.
master IN A 192.168.0.206
slave IN A 192.168.0.207
mail IN A 192.168.0.202
www IN A 192.168.0.203
lx IN A 192.168.0.206
ns2 IN A 192.168.0.207
lxt IN A 192.168.0.204
lxx IN A 192.168.0.204
lp IN A 192.168.0.205
xxlip IN A 192.168.0.208
[root@ named]# cat /var/named/192.168.0.206.zone
$TTL 600
@ IN SOA dns.lx.com dnsadmin.lx.com (
20190422 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.lx.com.
IN NS slave.lx.com.
201 IN PTR dns.lx.com.
202 IN PTR mail.lx.com.
203 IN PTR www.lx.com.
206 IN PTR lx.lx.com.
207 IN PTR ns2.lx.com.
204 IN PTR lxx.lx.com.
205 IN PTR lp.lx.com.
208 IN PTR xxlip.lx.com.
備dns添加
cat /etc/named.rfc1912.zones
zone "lx.com" IN {
type slave;
masters { 192.168.0.206; };
file "slaves/lx.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.0.206; };
file "slaves/192.168.0.206.zone";
};