zoukankan      html  css  js  c++  java
  • centos7 主从dns配置 bind服务

    一,配置前请先关闭防火墙selinux

      防火墙关闭方法,参见上一篇文章。

      setenforce 0    #临时关闭

      修改/etc/selinux/config 文件  将SELINUX=enforcing改为SELINUX=disabled  #永久关闭

    二,安装依赖包

      yum -y install bind   #默认会安装4个bind依赖包

      yum -y install bind-utils  #用于解析dns域名的 dig命令和 nsloo命令

      rpm -qa | grep -w bind   #查看是否安装成功

    三,配置named.conf文件

      修改前先备份。

      cp /etc/named.conf /etc/named.conf.origin

      vim /etc/named.conf

      

      options {
      listen-on port 53 { 192.16.230.60; };
      listen-on-v6 port 53 { ::1; };  
      directory "/var/named";
      dump-file "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query { any; };

      recursion yes;
      also-notify { 192.16.230.61; };

      dnssec-enable yes;
      dnssec-validation yes;

      bindkeys-file "/etc/named.iscdlv.key";

      managed-keys-directory "/var/named/dynamic";

      pid-file "/run/named/named.pid";
      session-keyfile "/run/named/session.key";
      };

      logging {
      channel default_debug {
      file "data/named.run";
      severity dynamic;
      };
    };

      

    zone "test.com" IN {
    type master;
    file "test.com.zone";
    allow-transfer { 192.16.230.61; };
    };

    zone "230.16.192.in-addr.arpa" IN {
    type master;
    file "192.16.230.arpa";
    allow-transfer { 192.16.230.61; };
    };

    四,配置区域解析库文件test.con.zone

    cd /var/named

    vim test.com.zone

    $TTL     1D
    @  IN   SOA   test.com.   ns1.test.com.   (
          2018022201 ; serial
          1D ; refresh
          1H ; retry;
          1W ; expire
          3H ; minimum
          )
      NS   ns1.test.com.
      NS   ns2.test.com.
    ns1   A  192.16.230.60
    ns2   A  192.16.230.61
    www  A  192.16.230.62
    *    A   6.6.6.6

    五,建立反向解析192.16.230.arpa

    $TTL     1D
    @   IN   SOA   test.com.   ns1.test.com. (
          2018022201 ; serial
          1D ; refresh
          1H ; retry;
          1W ; expire
          3H ; minimum
          )
      NS   ns1.test.com.
      NS   ns2.test.com.
    60   PTR   ns1.test.com.
    61   PTR  ns2.test.com.
    62   PTR    www.test.com.

    六,检查语法

    named-checkconf /etc/named.conf    #无任何输出即可

    named-checkzone test.com test.com.zone   #显示OK

    named-checkzone 230.16.192.in-arpa 192.16.230.arpa

    七,启动服务

    systemctl start named.service

    systemctl status named.service   #查看日志

    八,可测试master能否正常解析 

      nslookup

    九,配置从dns服务器

      关闭防火墙,selinux

      安装依赖包,参见上面。

      从master上复制named.conf 到从dns上   #先备份原有的named.conf

      scp /etc/named.conf 192.16.230.61:/etc/

      修改named.conf配置文件的所属组

      chown named.named /etc/named.conf

    十,修改配置文件named.conf

    options {
      listen-on port 53 { 192.16.230.61; };
      listen-on-v6 port 53 { ::1; };
      directory "/var/named";
      dump-file "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query { any; };

      recursion yes;

      dnssec-enable yes;
      dnssec-validation yes;

      bindkeys-file "/etc/named.iscdlv.key";

      managed-keys-directory "/var/named/dynamic";

      pid-file "/run/named/named.pid";
      session-keyfile "/run/named/session.key";
    };

    logging {
      channel default_debug {
        file "data/named.run";
        severity dynamic;
       };
    };

    zone "test.com" IN {
      type slave;
      masters { 192.16.230.60; };
      file "slaves/test.com.zone";
    };

    zone "230.16.192.in-addr.arpa" IN {
      type slave;
      masters { 192.16.230.60; };
      file "slaves/192.16.230.arpa";
    };

    十一,启动从dns,查看slaves下是否有文件同步

    systemctl start named.service

    systemctl status named.service   #查看日志

    ll /var/named/slaves/

    十二,测试主从dns的解析功能

    nslookup命令  或  dig命令

  • 相关阅读:
    华为云·核心伙伴开发者训练营第七期开营,共赴产业云美好明天!
    GaussDB (for Cassandra) 数据库治理:大key与热key问题的检测与解决
    我的应用我做主丨动手搭建招聘小应用
    大数据集群被窃取数据怎么办?透明加密可以一试
    云小课 | 使用ROMA API,API管理从此不用愁!
    带你了解Node.js包管理工具:包与NPM
    下班约会时来了新需求,咋办?
    CANN 5.0黑科技解密 | 算力虚拟化,让AI算力“物尽其用”
    15个问题自查你真的了解java编译优化吗?
    鸿蒙轻内核M核的故障管家:Fault异常处理
  • 原文地址:https://www.cnblogs.com/fuhai0815/p/8459670.html
Copyright © 2011-2022 走看看