标签:dns
1.单台DNS,本机IP:192.168.56.13
2.系统版本
[root@localhost ~]# cat /etc/redhat-release CentOS release 6.8 (Final) [root@localhost ~]# uname -a Linux localhost.localdomain 2.6.32-642.13.1.el6.x86_64 #1 SMP Wed Jan 11 20:56:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@localhost ~]#
3.安装dns
yum install bind-utils bind bind-devel bind-chroot -y [root@localhost ~]# rpm -qa bind-utils bind bind-devel bind-chroot bind-chroot-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-devel-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-9.8.2-0.62.rc1.el6_9.2.x86_64 bind-utils-9.8.2-0.62.rc1.el6_9.2.x86_64 [root@localhost ~]#
4.修改DNS的主配置文件
[root@localhost ~]# >/etc/named.conf
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
[root@localhost ~]#5.修改rndc.key配置文件
[root@localhost ~]# vim /etc/rndc.key
[root@localhost ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
[root@localhost ~]#6.修改rndc.conf 配置文件
[root@localhost ~]# vim /etc/rndc.conf
[root@localhost ~]# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
[root@localhost ~]#7.修改域配置文件
[root@localhost ~]# cat /var/named/chroot/etc/view.conf
view "View" {
zone "sense.com" {
type master;
file "sense.com.zone";
allow-transfer { #默认是master DNS 允许哪台从的服务器来同步
10.255.253.211;
};
notify yes;
also-notify { #master的配置改变 通知哪台从的DNS来同步,待会部署从DNS在修改
10.255.253.211;
};
};
};
[root@localhost ~]#8.
此配置文件是/var/named/chroot/etc/view.conf包含的 默认是同一级的目录 [root@localhost etc]# vim sense.com.zone [root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 [root@localhost etc]# pwd /var/named/chroot/etc [root@localhost etc]#
9.赋予权限并启动
cd /var && chown -R named.named named/ /etc/init.d/named start chkconfig named on
10.测试A记录
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 #自己制定加了一个 [root@localhost etc]# pwd /var/named/chroot/etc [root@localhost etc]# [root@localhost etc]# rndc reload #除了named.conf修改其余 reload即可 WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [root@localhost etc]#
[root@localhost etc]# dig @192.168.56.13 a.sense.com #指定DNS 否则默认/etc/resolv.conf ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> @192.168.56.13 a.sense.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44448 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;a.sense.com. IN A ;; ANSWER SECTION: a.sense.com. 3600 IN A 202.56.102.100 #可以看出 结果OK ;; AUTHORITY SECTION: sense.com. 3600 IN NS op.sense.com. ;; ADDITIONAL SECTION: op.sense.com. 3600 IN A 1.2.3.4 ;; Query time: 1 msec ;; SERVER: 192.168.56.13#53(192.168.56.13) ;; WHEN: Mon May 29 15:47:25 2017 ;; MSG SIZE rcvd: 78 [root@localhost etc]#
11.实现DNS负载均衡(一个域名多个IP)
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 a A 202.56.102.100 [root@localhost etc]# rndc reload
设置成本机的IP DNS
[root@localhost etc]# cat /etc/resolv.conf nameserver 192.168.56.13 [root@localhost etc]#
[root@localhost etc]# ping a.sense.com PING a.sense.com (202.56.102.101) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 771ms [root@localhost etc]# ping a.sense.com PING a.sense.com (202.56.102.100) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 614ms [root@localhost etc]# ping a.sense.com PING a.sense.com (202.56.102.101) 56(84) bytes of data. ^C --- a.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 535ms [root@localhost etc]# 可以看出虽然ping不通 但是已经实现了DNS负载均衡,而且RR轮询的算法
12.智能DNS(一个IP 对应多个域名 后端可以用nginx配置)
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 a A 202.56.102.101 develop A 203.55.101.4 cms A 203.55.101.4 [root@localhost etc]# rndc reload [root@localhost etc]# ping cms.sense.com #可以看出已经解析 PING cms.sense.com (203.55.101.4) 56(84) bytes of data. ^C --- cms.sense.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 752ms [root@localhost etc]# ping develop.sense.com #可以看出已经解析 PING develop.sense.com (203.55.101.4) 56(84) bytes of data. ^C --- develop.sense.com ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1103ms [root@localhost etc]#
13.cname 测试(一个域名cname到另外一个域名)
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. [root@localhost etc]# 测试: [root@localhost etc]# dig @192.168.56.13 dw.sense.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2 <<>> @192.168.56.13 dw.sense.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33977 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;dw.sense.com. IN A ;; ANSWER SECTION: dw.sense.com. 3600 IN CNAME a.sense.com. #测试成功 a.sense.com. 3600 IN A 202.56.102.100 ;; AUTHORITY SECTION: sense.com. 3600 IN NS op.sense.com. ;; ADDITIONAL SECTION: op.sense.com. 3600 IN A 1.2.3.4 ;; Query time: 3 msec ;; SERVER: 192.168.56.13#53(192.168.56.13) ;; WHEN: Mon May 29 16:12:42 2017 ;; MSG SIZE rcvd: 95 [root@localhost etc]#
14.mx记录(邮件服务器的地址)
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 #增加的mx记录 [root@localhost etc]# [root@localhost etc]# host mx.sense.com mx.sense.com mail is handled by 5 192.168.100.253.sense.com. [root@localhost etc]#
15.DNS主从配置(192.168.56.13为maste主的DNS服务器 192.168.56.14为从的DNS服务器)
[root@localhost ~]# >/etc/named.conf
[root@localhost ~]# vim /etc/named.conf
[root@localhost ~]# cat /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
[root@localhost ~]#[root@localhost ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
[root@localhost ~]#[root@localhost ~]# vim /etc/rndc.key
[root@localhost ~]# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
[root@localhost ~]# vim /etc/rndc.conf
[root@localhost ~]# cat /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
[root@localhost ~]#[root@localhost ~]# vim /var/named/chroot/etc/view.conf
[root@localhost ~]# cat /var/named/chroot/etc/view.conf
view "SlaveView" {
zone "sense.com" {
type slave;
masters {192.168.56.13; };
file "slave.sense.com.zone";
};
};
[root@localhost ~]#去192.168.56.13 修改配置文件
[root@localhost etc]# vim /var/named/chroot/etc/view.conf
[root@localhost etc]# cat /var/named/chroot/etc/view.conf
view "View" {
zone "sense.com" {
type master;
file "sense.com.zone";
allow-transfer {
192.168.56.14; #此处改为192.168.56.14
};
notify yes;
also-notify {
192.168.56.14;#此处改为192.168.56.14
};
};
};
[root@localhost etc]# rndc reload
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful
[root@localhost etc]#启动192.168.56.14服务
[root@localhost ~]# cd /var && chown -R named.named named/ [root@localhost var]# /etc/init.d/named start Starting named: [ OK ] [root@localhost var]# chkconfig named on
校验在192.168.56.14上面,可以看出记录都同步过来了
[root@localhost etc]# cat slave.sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [root@localhost etc]# pwd /var/named/chroot/etc [root@localhost etc]#
错误点总结:
[root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 b A 202.56.102.100 #新加的,如果是新加的 serial 得加一 否则从节点不成效 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 [root@localhost etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [root@localhost etc]# [root@localhost etc]# cat slave.sense.com.zone #可以看出从节点没有生效 $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [root@localhost etc]# serial序列号加1主节点192.168.56.13 [root@localhost etc]# cat sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2001 ; serial #此处加一 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. shanks A 1.2.3.4 op A 1.2.3.4 a A 202.56.102.100 b A 202.56.102.100 develop A 203.55.101.4 cms A 203.55.101.4 dw CNAME a.sense.com. mx MX 5 192.168.100.253 [root@localhost etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful [root@localhost etc]# 从节点192.168.56.14校验 可以看出很快就过来了 [root@localhost etc]# cat slave.sense.com.zone $ORIGIN . $TTL 3600 ; 1 hour sense.com IN SOA op.sense.com. dns.sense.com. ( 2001 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.sense.com. $ORIGIN sense.com. a A 202.56.102.100 b A 202.56.102.100 cms A 203.55.101.4 develop A 203.55.101.4 dw CNAME a mx MX 5 192.168.100.253 op A 1.2.3.4 shanks A 1.2.3.4 [root@localhost etc]#
本文出自 “砖家博客” 博客,请务必保留此出处http://wsxxsl.blog.51cto.com/9085838/1930586
标签:dns
原文地址:http://wsxxsl.blog.51cto.com/9085838/1930586
