部署主服务器
主服务器:
[root@linuxprobe ~]# yum install bind-chroot -y [root@linuxprobe ~]# systemctl restart named [root@linuxprobe ~]# systemctl enable named ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service' [root@linuxprobe ~]# vim /etc/named.conf 10 options { 11 listen-on port 53 { any; }; 12 listen-on-v6 port 53 { ::1; }; 13 directory "/var/named"; 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 allow-query { any; }; [root@linuxprobe ~]# vim /etc/named.rfc1912.zones 1 zone "linuxprobe.com" IN { 2 type master; 3 file "linuxprobe.com.zone"; 4 allow-update {none;}; 5 }; 6 zone "10.168.192.in-addr.arpa" IN { 7 type master; 8 file "192.168.10.arpa"; 9 allow-update {none;}; 10 }; [root@linuxprobe ~]# cd /var/named [root@linuxprobe named]# ls named.loopback named.localhost s [root@linuxprobe named]# cp -a named.localhost linuxprobe.com.zone [root@linuxprobe named]# cp -a named.localhost 192.168.10.arpa [root@linuxprobe named]# ls -l named.localhost linuxprobe.com.zone named.loopback 192.168.10.arpa [root@linuxprobe named]# vim linuxprobe.com.zone $TTL 1D @ IN SOA linuxprobe.com. root.linuxprobe.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.linuxprobe.com. ns IN A 192.168.10.10 www IN A 192.168.10.10 [root@linuxprobe named]# vim 192.168.10.arpa TL 1D @ IN SOA linuxprobe.com. root.linuxprobe.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.linuxprobe.com. ns IN A 192.168.10.10 10 PTR www.linuxprobe.com. [root@linuxprobe named]# systemctl restart named [root@linuxprobe named]# nmtui Addresses 192.168.10.10/24 DNS servers 192.168.10.10 [root@linuxprobe named]# systemctl restart network [root@linuxprobe named]# ping www.linuxprobe.com PING www.linuxprobe.com.w.kunlunno.com (116.117.158.76) 56(84) bytes of data. 64 bytes from 116.117.158.76: icmp_seq=1 ttl=48 time=25.4 ms 64 bytes from 116.117.158.76: icmp_seq=2 ttl=48 time=31.6 ms [root@linuxprobe named]# nslookup > www.linuxprobe.com Server: 192.168.10.10 Address: 192.168.10.10#53 Name: www.linuxprobe.com Address: 192.168.10.10 > 192.168.10.10 Server: 192.168.10.10 Address: 192.168.10.10#53 10.10.168.192.in-addr.arpa name = www.linuxprobe.com. > exit
部署从服务器
主服务器:
[root@linuxprobe named]# vim /etc/named.rfc1912.zones 1 zone "linuxprobe.com" IN { 2 type master; 3 file "linuxprobe.com.zone"; 4 allow-update {192.168.10.20;}; 5 }; 6 zone "10.168.192.in-addr.arpa" IN { 7 type master; 8 file "192.168.10.arpa"; 9 allow-update {192.168.10.20;}; 10 }; [root@linuxprobe named]# systemctl restart named [root@linuxprobe named]# iptables -F [root@linuxprobe named]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
从服务器:
[root@localhost ~]# yum install bind-chroot -y [root@localhost ~]# systemctl restart named [root@localhost ~]# systemctl enable named ln -s '/usr/lib/systemd/system/named.service' '/etc/systemd/system/multi-user.target.wants/named.service' [root@localhost ~]# vim /etc/named.conf 10 options { 11 listen-on port 53 { any; }; 12 listen-on-v6 port 53 { ::1; }; 13 directory "/var/named"; 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 allow-query { any; }; [root@localhost ~]# vim /etc/named.rfc1912.zones 1 zone "linuxprobe.com" IN { 2 type slave; 3 masters { 192.168.10.10; }; 4 file "slaves/linuxprobe.com.zone"; 5 }; 6 zone "10.168.192.in-addr.arpa" IN { 7 type slave; 8 masters { 192.168.10.10; }; 9 file "slaves/192.168.10.10.arpa"; 10 }; [root@localhost ~]# systemctl restart named [root@localhost ~]# nm-connection-editor Addresses 192.168.10.20/255.255.255.0 DNS servers 192.168.10.20 [root@localhost ~]# systemctl restart network [root@localhost ~]# cd /var/named/slaves [root@localhost slaves]# ls 192.168.10.10 linuxprobe.com.zone [root@localhost slaves]# nslookup > www.linuxprobe.com Server: 192.168.10.20 Address: 192.168.10.20#53 Name: www.linuxprobe.com Address: 192.168.10.10 > 192.168.10.10 Server: 192.168.10.20 Address: 192.168.10.20#53 10.10.168.192.in-addr.arpa name = www.linuxprobe.com. > exit
安全的加密传输
主服务器:
[root@linuxprobe named]# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST master-slave Kmaster-slave.+157+15340 [root@linuxprobe named]# ls 192.168.10.arpa Kmaster-slave.+157+15340.key named.empty chroot Kmaster-slave.+157+15340.private named.localhost data linuxprobe.com.zone named.loopback dynamic named.ca slaves [root@linuxprobe named]# cat Kmaster-slave.+157+15340.key master-slave. IN KEY 512 3 157 bz72ID2Ut/0T7QSa7lHUhA== [root@linuxprobe named]# cat Kmaster-slave.+157+15340.private Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: bz72ID2Ut/0T7QSa7lHUhA== Bits: AAA= Created: 20200102133226 Publish: 20200102133226 Activate: 20200102133226 [root@linuxprobe named]# [root@linuxprobe named]# cd chroot/etc/ [root@linuxprobe etc]# vim transfer.key 1 key "master-slave" { 2 algorithm hmac-md5; 3 secret "bz72ID2Ut/0T7QSa7lHUhA=="; 4 }; [root@linuxprobe etc]# chown root:named transfer.key [root@linuxprobe etc]# chmod 640 transfer.key [root@linuxprobe etc]# ln transfer.key /etc [root@linuxprobe etc]# vim /etc/named.conf 9 include "/etc/transfer.key"; 10 options { 11 listen-on port 53 { any; }; 12 listen-on-v6 port 53 { ::1; }; ????? 13 directory "/var/named"; 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 allow-query { any; }; 18 allow-transfer { key master-slave; }; [root@linuxprobe etc]# systemctl restart named [root@linuxprobe named]# iptables -F [root@linuxprobe named]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
从服务器:
[root@localhost slaves]# ls 192.168.10.10 linuxprobe.com.zone [root@localhost slaves]# rm -rf * [root@localhost slaves]# cd /var/named/chroot/etc/ [root@localhost etc]# vim transfer.key 1 key "master-slave" { 2 algorithm hmac-md5; 3 secret "bz72ID2Ut/0T7QSa7lHUhA=="; 4 };
[root@localhost etc]# chmod 640 transfer.key [root@localhost etc]# chown root:named transfer.key [root@localhost etc]# ln transfer.key /etc [root@localhost etc]# vim /etc/transfer.key 1 key "master-slave" { 2 algorithm hmac-md5; 3 secret "bz72ID2Ut/0T7QSa7lHUhA=="; 4 };
[root@localhost etc]# vim /etc/named.conf 9 include "/etc/transfer.key"; 43 server 192.168.10.10 44 { 45 keys { master-slave; }; 46 }; [root@localhost slaves]# systemctl restart named [root@localhost slaves]# ls 192.168.10.10 linuxprobe.com.zone [root@localhost slaves]# nslookup > www.linuxprobe.com Server: 192.168.10.20 Address: 192.168.10.20#53 Name: www.linuxprobe.com Address: 192.168.10.10 > 192.168.10.10 Server: 192.168.10.20 Address: 192.168.10.20#53 10.10.168.192.in-addr.arpa name = www.linuxprobe.com. > exit