标签:log out 1.5 star alt 时长 clu magedu intern
DNS1、dns安装包bind*、安装完成后生成named用户
[root@localhost ~]# yum -y install bind (服务器)
[root@centos6 ~]# yum -y install bind-libs (相关库)
[root@centos6 ~]# yum -y install bind-utils (客户端)
[root@localhost ~]# getent passwd named
named:x:25:25:Named:/var/named:/sbin/nologin
[root@localhost ~]# rpm -q --scripts bind
preinstall scriptlet (using /bin/sh):
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g 25 -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u 25 -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
fi;
:;
postinstall scriptlet (using /bin/sh):
/sbin/ldconfig
.
.
.2、dns配置文件、服务名、数据库目录、区域文件、互联网根服务器配置文件、端口
/etc/named.conf
/usr/lib/systemd/system/named.service
/var/named
/etc/named.rfc1912.zones
/var/named/named.ca
tcp、udp 533、更改dns为localhost,根据根域解析
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125 (61.135.169.125): icmp_seq=1 ttl=56 time=19.9 ms
64 bytes from 61.135.169.125 (61.135.169.125): icmp_seq=2 ttl=56 time=19.9 ms4、测试dns的工具dig、host、nslookup,需要安装bind-utils
[root@localhost ~]# yum -y install bind-utils
[root@localhost ~]# dig www.baidu.com
[root@localhost ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 61.135.169.121
www.a.shifen.com has address 61.135.169.125
[root@localhost ~]# nslookup www.baidu.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 61.135.169.121
Name: www.a.shifen.com
Address: 61.135.169.1255、配置文件
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 172.0.0.1; }; (绑定本机ip在53端口,//注释掉表示所有)
// allow-query { localhost; }; (注释掉表示允许其他所有机器对我的访问)
allow-transfer {192.168.2.96;}; (允许此IP做我的从服务器)
6、重新加载服务
[root@localhost ~]# rndc reload
server reload successful7、临时指定dns解析
[root@centos6 ~]# host www.baidu.com 192.168.2.6
[root@centos6 ~]# dig www.baidu.com @192.168.2.68、数据库资源定义的格式(/var/named/)
语法: name TTL IN rr_type value
域名 缓存时间 资源记录的类型 值
@可用于引用当前区域的名字
TTL可从全局继承
rr_type资源记录的类型:(不同的类型,书写的格式有所不同)
SOA:Start Of Authority,起始授权记录;一个区域解析库有且仅能有一个
SOA记录,必须位于解析库的第一条记录。
A:IPV4 域名-->IP
AAAA:IPV6 域名-->IPV6
PTR:IP-->域名
NS:Name Server,专用于标明当前区域的DNS服务器
CNAME :Canonical Name,别名记录
MX:Mail eXchanger,邮件交换器
TXT:对域名进行标识和说明的一种方式,一般做验证记录时会使用此项.
SOA: value的值包括:当前区域的主DNS服务器的域名,也可以使用当前区域的名字;
当前区域管理员的邮箱地址;但地址中不能使用@符号,一般用.替换
例如:
$TTL 1D
@ IN SOA master admin.huahua.com. (1 600 120 1D )
@表示当前区域 主dns 邮箱 (版本号 时间间隔 重试时间间隔 从服务器过期时长 不存在的记录缓存时长) <--- 主从dns服务器同步(主dns根据版本号的增加,向从dns推送dns数据、从dns服务器根据时间间隔,拉取主dns的数据)
NS: value的值用来指明谁是主dns,谁是从dns;对NS记录而言,任何一个ns记录后面的服务器名字,都应该在后续有一个A记录。
例如
NS master 主
NS slave1 从
NS slave2 从
A: value的值主机名对应主机的IP地址
CNAME: 别名记录(www代替web)(一个域名提供多个ip轮询减轻负载)
例如:
$TTL 1D
@ IN SOA master admin.huahua.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
web A 192.168.2.100
web A 192.168.2.6
www CNAME web
MX: 邮件交换器
例如:
$TTL 1D
@ IN SOA master admin.huahua.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
@ MX 10 mailsrv1
@ MX 20 mailsrv2
mailsrv1 A 3.3.3.3
mailsrv2 A 4.4.4.4
客户端测试
[root@centos6 ~]# cat /etc/resolv.conf
nameserver 192.168.2.6
[root@centos6 ~]# dig -t mx huahua.com (查询huahua.com搭建的邮件信息)
[root@centos6 ~]# dig -t ns magedu.com9、实验:正向主服务器:负责管理和同步 (本机器ip:192.168.2.6)
修改主配置文件
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 172.0.0.1; };
// allow-query { localhost; };修改区域文件,增加域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "huahua.com" { 区域
type master; 类型master主dns服务
file "huahua.com.zone"; 数据库文件名称
};建立数据库文件huahua.com.zone,参考现有的库
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost huahua.com.zone
[root@localhost named]# ll huahua.com.zone
-rw-r----- 1 root named 152 Jun 21 2007 huahua.com.zone
[root@localhost named]# vim huahua.com.zone
$TTL 1D
@ IN SOA master admin.huahua.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
db1 A 1.1.1.1
db2 A 2.2.2.2
web1 A 192.168.2.100
web2 A 192.168.2.6
* A 192.168.2.100 泛域名解析
@ A 192.168.2.100 只输入域名也可以访问100
$GENERATE 1-100 servers$ A 1.1.1.$ 检查配置文件/etc/named.conf有没有语法错误
[root@localhost named]# named-checkconf检查数据库文件/var/named/huahua.com.zone有没有语法错误
[root@localhost named]# named-checkzone --help
named-checkzone: invalid argument --
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@localhost named]# named-checkzone huahua.com /var/named/huahua.com.zone (对huahua.com这个域名去检查数据库)
zone huahua.com/IN: loaded serial 1
OK
[root@localhost named]# rndc reload
server reload successful客户端指定dns进行测试,解析成功
[root@centos6 ~]# dig db1.huahua.com @192.168.2.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> db1.huahua.com @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45877
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;db1.huahua.com. IN A
;; ANSWER SECTION:
db1.huahua.com. 86400 IN A 1.1.1.1
;; AUTHORITY SECTION:
huahua.com. 86400 IN NS master.huahua.com.
;; ADDITIONAL SECTION:
master.huahua.com. 86400 IN A 192.168.2.6
;; Query time: 1 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Wed Apr 3 08:29:11 2019
;; MSG SIZE rcvd: 85
[root@centos6 ~]# dig db2.huahua.com @192.168.2.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> db2.huahua.com @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;db2.huahua.com. IN A
;; ANSWER SECTION:
db2.huahua.com. 86400 IN A 2.2.2.2
;; AUTHORITY SECTION:
huahua.com. 86400 IN NS master.huahua.com.
;; ADDITIONAL SECTION:
master.huahua.com. 86400 IN A 192.168.2.6
;; Query time: 1 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Wed Apr 3 08:32:37 2019
;; MSG SIZE rcvd: 85
[root@centos6 ~]# cat /etc/resolv.conf
nameserver 192.168.2.6
[root@centos6 ~]# curl 192.168.2.100
hello world!
[root@centos6 ~]# curl web1.huahua.com
hello world!10、实验:反向主服务器:
修改区域文件,增加域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "2.168.192.in-addr.arpa" {
type master;
file "192.168.2.zone";
};建立数据库文件192.168.2.zone,参考现有的库
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.loopback 192.168.2.zone
[root@localhost named]# ll 192.168.2.zone
-rw-r----- 1 root named 168 Dec 15 2009 192.168.2.zone
[root@localhost named]# vim 192.168.2.zone
$TTL 1D
@ IN SOA master admin.huahua.com. ( 1 1H 10M 12H 1D )
NS master
master A 192.168.2.6
6 PTR web.huahua.com.
100 PTR web.huahua.com.
[root@localhost named]# rndc reload
server reload successful测试
[root@centos6 ~]# dig -t ptr 100.2.168.192.in-addr.arpa
[root@centos6 ~]# dig -x 192.168.2.100
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 192.168.2.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61173
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;100.2.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.2.168.192.in-addr.arpa. 86400 IN PTR web.huahua.com.
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 86400 IN NS master.2.168.192.in-addr.arpa.
;; ADDITIONAL SECTION:
master.2.168.192.in-addr.arpa. 86400 IN A 192.168.2.6
;; Query time: 1 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Wed Apr 3 10:06:21 2019
;; MSG SIZE rcvd: 10911、正向从服务器(192.168.2.96)
主DNS主配置文件加入
[root@localhost ~]# vim /etc/named.conf
allow-transfer {192.168.2.96;}; (允许做我的从服务器地址)
[root@localhost ~]# rndc reload
server reload successful从DNS主配置文件
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 172.0.0.1; };
// allow-query { localhost; };
allow-transfer {none;}; (没有从服务器) 修改区域文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "huahua.com" {
masters {192.168.2.6;};
type slave;
file "slaves/huahua.com.slave";
};启动服务,查看列表已经生成
[root@localhost slaves]# systemctl start named
[root@localhost slaves]# cd /var/named/slaves/
[root@localhost slaves]# ll
total 4
-rw-r--r-- 1 named named 575 Apr 23 12:05 huahua.com.slave将主服务器down,用客户端测试解析成功
[root@centos6 ~]# cat /etc/resolv.conf
nameserver 192.168.2.6
nameserver 192.168.2.96
[root@centos6 ~]# curl web.huahua.com
hello world!
[root@centos6 ~]# dig www.huahua.com (查看解析走向)实现自动同步需要在主dns的数据库文件加入从dns对应的ip,从dns服务的区域文件加入主dns对应的IP
[root@centos6 ~]# dig -t axfr huahua.com @192.168.2.6 (抓取dns信息)
12、子域搭建
直接在父域中加入
[root@localhost ~]# vim /var/named/huahua.com.zone
www.shanghai A 1.1.1.1或者创建新的区域
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "shenzhen.huahua.com" {
type master;
file "shenzhen.huahua.com.zone";
};
[root@localhost named]# cp -p huahua.com.zone shenzhen.huahua.com.zone
[root@localhost named]# vim shenzhen.huahua.com.zone
$TTL 1D
@ IN SOA master admin.huahua.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
web A 192.168.2.100
子域委派(父域与子域分开在不同的服务器)
在父域数据库
[root@localhost named]# vim /var/named/huahua.com.zone
chengdu NS chengdudns 将子域成都托付给192.168.2.96管理
chengdudns A 192.168.2.96
在子域数据库修改
[root@localhost named]# cp -p named.localhost chengdu.huahua.com.zone
[root@localhost named]# vim chengdu.huahua.com.zone
$TTL 1D
@ IN SOA master admin.huahua.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.96
web A 66.66.66.66
www CNAME web
子域的区域配置
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "chengdu.huahua.com" {
type master;
file "chengdu.huahua.com.zone";
};
13、DNS全局转发
192.168.2.96机器
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "lili.com" {
type master;
file "lili.com.zone";
};
[root@localhost named]# vim lili.com.zone
$TTL 1D
@ IN SOA master admin.lili.com. (
10 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.96
web A 8.8.8.8
www CNAME web
[root@localhost named]# rndc reload
server reload successful192.168.2.6机器加入转发
[root@localhost named]# vim /etc/named.conf
forward first; (first不止步|only止步)
forwarders {192.168.2.96;};
dnssec-enable no;
dnssec-validation no;
[root@localhost named]# rndc reload
server reload successful192.168.2.100客户端通过192.168.2.6来访问www.lili.com,192.168.2.6转发至192.168.2.96
[root@centos6 ~]# dig www.lili.com @192.168.2.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.lili.com @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 123
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.lili.com. IN A
;; ANSWER SECTION:
www.lili.com. 86400 IN CNAME web.lili.com.
web.lili.com. 86400 IN A 8.8.8.8
;; AUTHORITY SECTION:
lili.com. 86400 IN NS master.lili.com.
;; ADDITIONAL SECTION:
master.lili.com. 86400 IN A 192.168.2.96
;; Query time: 14 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Wed Apr 3 14:08:32 2019
;; MSG SIZE rcvd: 10114、DNS特定区域转发
192.168.2.6机器
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "lili.com" {
type forward;
forward only;
forwarders {192.168.2.96;};
};
[root@localhost named]# rndc reload
server reload successful15、bind-ACL访问控制
bind有四个内置的acl:
none 没有一个主机
any 任意主机
localhost 本机
localnet 本机的IP同掩码运算后得到的网络地址
注意:只能先定义后使用;因此一般定义在配置文件中,处于options的前面
访问控制的指令:
allow-query {}: 允许查询的主机;白名单
allow-transfer {}:允许区域传送的主机;白名单
allow-recursion {}: 允许递归的主机,建议全局使用
allow-update {}: 允许更新区域数据库中的内容
自定义acl
[root@localhost named]# vim /etc/named.conf
acl lannet {
192.168.2.0/24;
192.168.3.0/24;
};
options {
allow-query { lannet;localhost; };
。。。
};16、智能DNS,没钱就购买CDN服务吧
做个简单的智能DNS实验
创建三个数据库
[root@localhost named]# ll huahua.com.*
-rw-r----- 1 root named 324 Apr 23 07:24 huahua.com.bj
-rw-r----- 1 root named 324 Apr 23 07:24 huahua.com.sh
-rw-r----- 1 root named 324 Apr 23 07:24 huahua.com.zone[root@localhost named]# vim huahua.com.bj
$TTL 1D
@ IN SOA master admin.huahua.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
websrv A 7.7.7.7
www CNAME websrv[root@localhost named]# vim huahua.com.sh
$TTL 1D
@ IN SOA master admin.huahua.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
websrv A 8.8.8.8
www CNAME websrv[root@localhost named]# vim huahua.com.zone
$TTL 1D
@ IN SOA master admin.huahua.com. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 192.168.2.6
websrv A 9.9.9.9
www CNAME websrv主配置文件定义ACL、view视图
[root@localhost named]# vim /etc/named.conf
acl beijingnet {
192.168.2.0/24;
};
acl shanghainet {
172.22.0.0/16;
};
acl othernet {
any;
};
。。。
。。。
。。。
view beijingview{
match-clients { beijingnet;};
include "/etc/named.rfc1912.zones.bj";
};
view shanghaiview{
match-clients { shanghainet;};
include "/etc/named.rfc1912.zones.sh";
};
view otherview{
match-clients { othernet;};
include "/etc/named.rfc1912.zones";
};
此文件删除下面的根域,然后放在区域文件中
zone "." IN {
type hint;
file "named.ca";
};
[root@localhost named]# named-checkconf 创建三个区域文件
[root@localhost named]# ll /etc/named.rfc1912.zones*
-rw-r----- 1 root named 1128 Apr 23 09:20 /etc/named.rfc1912.zones
-rw-r----- 1 root named 1128 Apr 23 09:20 /etc/named.rfc1912.zones.bj
-rw-r----- 1 root named 1128 Apr 23 09:20 /etc/named.rfc1912.zones.sh
[root@localhost named]# vim /etc/named.rfc1912.zones.bj
zone "." IN {
type hint;
file "named.ca";
};
zone "huahua.com" {
type master;
file "huahua.com.bj";
};
[root@localhost named]# vim /etc/named.rfc1912.zones.sh
zone "." IN {
type hint;
file "named.ca";
};
zone "huahua.com" {
type master;
file "huahua.com.sh";
};
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};
zone "huahua.com" {
type master;
file "huahua.com.zone";
};给DNS服务器配置临时ip
[root@localhost named]# ip a a 172.22.13./16 dev ens33
[root@localhost named]# ip a a 10.0.0.7/8 dev ens33现在用客户机实验
192.168.2.6网络对应着北京7.7.7.7
[root@centos6 ~]# dig www.huahua.com @192.168.2.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.huahua.com @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19196
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.huahua.com. IN A
;; ANSWER SECTION:
www.huahua.com. 86400 IN CNAME websrv.huahua.com.
websrv.huahua.com. 86400 IN A 7.7.7.7
;; AUTHORITY SECTION:
huahua.com. 86400 IN NS master.huahua.com.
;; ADDITIONAL SECTION:
master.huahua.com. 86400 IN A 192.168.2.6
;; Query time: 2 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Wed Apr 3 15:59:13 2019
;; MSG SIZE rcvd: 106
172.22.13.6网络对应着上海8.8.8.8
[root@centos6 ~]# dig www.huahua.com @172.22.13.6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.huahua.com @172.22.13.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62361
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.huahua.com. IN A
;; ANSWER SECTION:
www.huahua.com. 86400 IN CNAME websrv.huahua.com.
websrv.huahua.com. 86400 IN A 8.8.8.8
;; AUTHORITY SECTION:
huahua.com. 86400 IN NS master.huahua.com.
;; ADDITIONAL SECTION:
master.huahua.com. 86400 IN A 192.168.2.6
;; Query time: 2 msec
;; SERVER: 172.22.13.6#53(172.22.13.6)
;; WHEN: Wed Apr 3 16:01:44 2019
;; MSG SIZE rcvd: 106
10.0.0.7对应着9.9.9.9
[root@centos6 ~]# dig www.huahua.com @10.0.0.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.huahua.com @10.0.0.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1595
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.huahua.com. IN A
;; ANSWER SECTION:
www.huahua.com. 86400 IN CNAME websrv.huahua.com.
websrv.huahua.com. 86400 IN A 9.9.9.9
;; AUTHORITY SECTION:
huahua.com. 86400 IN NS master.huahua.com.
;; ADDITIONAL SECTION:
master.huahua.com. 86400 IN A 192.168.2.6
;; Query time: 3 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Wed Apr 3 16:12:51 2019
;; MSG SIZE rcvd: 10617、综合实验《实现Internet dns架构》
准备实验环境:7台linux并测试相互正常通信,关闭防火墙和selinux,搭建好光盘yum,192.168.2.6服务器搭建httpd-web ,所有机器可以正常访问192.168.2.6的web
配置192.168.2.16主DNS服务器
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
allow-transfer {192.168.2.26;};
// allow-query { localhost; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "huahua.com" {
type master;
file "huahua.com.zone";
};
[root@localhost ~]# cd /var/named/
[root@localhost named]# vim huahua.com.zone
$TTL 1D
@ IN SOA ns1 adm.huahua.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.2.16
ns2 A 192.168.2.26
www A 192.168.2.6
[root@localhost named]# chgrp named huahua.com.zone
[root@localhost named]# chmod 640 huahua.com.zone
[root@localhost named]# ll huahua.com.zone
-rw-r----- 1 root named 127 Apr 22 16:25 huahua.com.zone
[root@localhost named]# systemctl start named 配置192.168.2.26从DNS服务器
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
allow-transfer {none;};
// allow-query { localhost; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "huahua.com" {
type slave;
masters {192.168.2.16;};
file "slaves/huahua.com.zone";
};
[root@localhost ~]# systemctl start named
[root@localhost ~]# ll /var/named/slaves/ 查看从主dns服务器下载有没有成功
total 4
-rw-r--r-- 1 named named 304 Apr 22 16:57 huahua.com.zone配置192.168.2.36 com域服务器
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "com" {
type master;
file "com.zone";
};
[root@localhost ~]# cd /var/named/
[root@localhost named]# vim com.zone
$TTL 1D
@ IN SOA ns1 admin.huahua.com. (1 1D 1H 1W 3D )
NS ns1
huahua NS huahuans1
huahua NS huahuans2
ns1 A 192.168.2.36
huahuans1 A 192.168.2.16
huahuans1 A 192.168.2.26
[root@localhost named]# systemctl start named配置192.168.2.46 根域
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
zone "." IN {
type master;
file "root.zone";
[root@localhost ~]# cd /var/named
[root@localhost named]# vim root.zone
$TTL 1D
@ IN SOA ns1 admin.huahua.com. (1 1D 1H 1W 3D )
NS ns1
com NS comns
ns1 A 192.168.2.46
comns A 192.168.2.36
[root@localhost named]# systemctl start named配置192.168.2.56 LDNS
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
[root@localhost ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net.3600000 IN A 192.168.2.46
[root@localhost ~]# systemctl restart named
客户端192.168.2.66
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
[root@localhost ~]# curl www.huahua.com
hello world!标签:log out 1.5 star alt 时长 clu magedu intern
原文地址:https://blog.51cto.com/14230743/2383627
