DNS域名解析服务

centos7 关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

centos6 关闭防火墙

service iptables stop

chkconfig iptables off

关闭selinux安全机制

sed -i '7 s/enforcing/disabled' /etc/selinux/config

setenforce 0

iptables -F

 

主DNS域名解析服务器

[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# iptables -F
[root@ns1 ~]# setenforce 0

yum安装bind

[root@ns1 ~]# cat /etc/resolv.conf   指定DNS服务器地址
# Generated by NetworkManager
search chenyu.com
nameserver 202.106.0.20
nameserver 192.168.12.12
nameserver 192.168.12.13
[root@ns1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.12.12 ns1.chenyu.com
192.168.12.13 ns2.chenyu.com
[root@ns1 ~]#

[root@ns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.12.12; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };

recursion yes;

};

zone "chenyu.com" IN {
type master;  3种类型 master用于正向 slave用于反向 hint配缓存服务器使用
file "chenyu.com.zheng";
allow-transfer { 192.168.12.13; };
};

zone "12.168.192.in-addr.arpa" IN {  网段反着写
type master;
file "chenyu.com.fan";
allow-transfer { 192.168.12.13; };
};

named-checkconf /etc/named.conf 检测主配置文件有没有语法错误

[root@ns1 ~]# cat /var/named/chenyu.com.zheng
$TTL 86400
@ 　　IN　　 SOA　　 chenyu.com. 　　root.chenyu.com. (
　　　　　　432343 　　序号
　　　　　　3H　　　　3小时   更新时间间隔
　　　　　　15M　　　15分     更新失败再次尝试的间隔时间
　　　　　　1W　　　　1周     若一直失败，尝试一周后放弃
　　　　　　1D　　　　1天      无效解析记录的生存周期
)
IN NS ns1.chenyu.com.   NS name server
IN NS ns2.chenyu.com.
IN MX 10 mail.chenyu.com. 邮件交换 10是优先级 数字越大优先级越低
ns1 IN A 192.168.12.12　　A 用于正向
ns2 IN A 192.168.12.13
www IN A 192.168.12.113

*　　IN A 192.168.12.12 泛域名解析 解析文件中不存在的全部指向192.168.12.12

abc IN A 192.168.12.114

abc IN A 192.168.12.115  负载均衡abc可以指向3个ip 减小压力

abc IN A 192.168.12.116

named-checkzone chenyu.com. /var/named/chenyu.com.zheng 检测正反解析文件有无语法错误
[root@ns1 ~]# cat /var/named/chenyu.com.fan
$TTL 86400
@　　 IN 　　SOA 　　chenyu.com. 　　root.chenyu.com. (
　　　　　　432343
　　　　　　3H
　　　　　　15M
　　　　　　1W
　　　　　　1D
)
IN NS ns1.chenyu.com.
IN NS ns2.chenyu.com.
IN MX 10 mail.chenyu.com.
12 IN PTR ns1.chenyu.com. PTR用于反向解析
13 In PTR ns2.chenyu.com.
113 IN PTR www.chenyu.com.

named-checkzone chenyu.com. /var/named/chenyu.com.zheng 检测正反解析文件有无语法错误

[root@ns1 ~]# ll /var/named/chenyu.com.*
-rw-r--r--. 1 root named 236 8月 19 13:29 /var/named/chenyu.com.fan
-rw-r--r--. 1 root named 258 8月 19 13:56 /var/named/chenyu.com.zheng  将数组改为named

[root@ns1 ~]# systemctl restart named

systemctl enable named 设置开机启动

从DNS域名解析服务器 

[root@ns1 ~]# scp /etc/named.conf /etc/hosts /etc/resolv.conf 192.168.12.13:/etc 从主中将文件复制过来
The authenticity of host '192.168.12.13 (192.168.12.13)' can't be established.
ECDSA key fingerprint is SHA256:j3DsbsQelzcLR3oXnXGiKnjghgDQETijR2jc/MHZzdw.
ECDSA key fingerprint is MD5:9c:e1:fc:67:98:78:23:b0:fa:b9:59:8f:b7:1e:4f:46.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.12.13' (ECDSA) to the list of known hosts.
root@192.168.12.13's password:
named.conf 100% 595 415.7KB/s 00:00
hosts 100% 216 132.0KB/s 00:00
resolv.conf 100% 72 26.9KB/s 00:00

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0

yum安装bind

[root@localhost ~]# cat /etc/named.conf
options {
directory "/var/named";

};

zone "chenyu.com" IN {
type slave;
file "slaves/chenyu.com.zheng";
masters { 192.168.12.12; };
};

zone "12.168.192.in-addr.arpa" IN {
type slave;
file "slaves/chenyu.com.fan";
masters { 192.168.12.12; };
};

[root@localhost ~]# systemctl restart named