DNS主从域名解析之bind

环境要求：

主服务器：172.31.0.38
从服务器：172.31.0.48

安装软件

[root@centos8 ~]# yum install bind

改配置文件

[root@centos8 ~]# vim /etc/named.conf
options {
//      listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
//      allow-query     { localhost; };

[root@centos8 named]# vim /etc/named.rfc1912.zones
zone "longxuan.vip" {
    type slave;
    masters {172.31.0.38;};
    file "slaves/longxuan.vip.slave";
};

重启服务

[root@centos8 named]# systemctl enable --now named

客户端绑定两个DNS

[root@centos8 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=172.31.0.38
DNS2=172.31.0.48

重启网卡

[16:01:25 root@sz-kx-centos8 ~]# nmcli connection reload
[16:02:10 root@sz-kx-centos8 ~]# nmcli connection up eth0

DNS服务器添加slave

[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@       IN SOA  master admin.longxuan.vip. (
                                2021050100      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      master
        NS      slave1
master  A       172.31.0.38
slave1  A       172.31.0.48
www     CNAME   cdn.longxuan.vip.
cdn     CNAME   vip.longxuan.vip.
vip     A       172.31.0.48

注意：DNS从服务器如果没有实时同步，需要改数据的同时还要记得改序列号(版本号)

[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@       IN SOA  master admin.longxuan.vip. (
                                2021050101      ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      master
        NS      slave1
master  A       172.31.0.38
slave1  A       172.31.0.48
www     CNAME   cdn.longxuan.vip.
cdn     CNAME   vip.longxuan.vip.
vip     A       172.31.0.48
*       A       172.31.0.48
@       A       172.31.0.48

重启服务

[root@localhost named]# rndc reload
server reload successful

DNS从服务器执行：

[16:30:05 root@centos8 /var/named/slaves]# ll
total 4
-rw-r--r-- 1 named named 711 May  3 16:32 longxuan.vip.slave

没有改如下配置时一条命令就可以查看所有的DNS对应的ip地址

[16:03:02 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip

为了安全需要按照如下配置：

DNS主配置
[root@localhost named]# vim /etc/named.conf 
# 添加一下面一条信息,允许谁可以
allow-transfer {172.31.0.48;};

重启服务
[root@localhost named]# rndc reload
server reload successful

DNS从配置
[root@localhost ~]# vim /etc/named.conf
# 添加一下面一条信息，允许谁可以，none表示没有
 allow-transfer {none;};
 
重启服务
[root@localhost ~]# rndc reload
server reload successful

客户端验证

[16:14:22 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip @172.31.0.38

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> -t axfr longxuan.vip @172.31.0.38
;; global options: +cmd
; Transfer failed.
[16:22:10 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip @172.31.0.48

; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> -t axfr longxuan.vip @172.31.0.48
;; global options: +cmd
; Transfer failed.