Skip to main content

 路由器设置 > 新闻资讯 >

DNS主从配置

2014-03-07 01:31 浏览:

为主DNS服务器配置IP

[root@localhost ~]# ifconfig eth0

eth0Link encap:EthernetHWaddr00:0C:29:AC:5E:76

inet addr:192.168.10.87

安装DNS服务:[root@localhost ~]# cd /misc/cd/Server/

[root@localhost Server]# rpm --import/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[root@localhost Server]# rpm -ivhbind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpmcaching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm

[root@localhost etc]# pwd注意路径容易弄错

/var/named/chroot/etc

使用模板拷贝DNS服务主配置文件,注意属猪权限不要改变(-p保留权限属主等)

[root@localhost etc]# cp -pnamed.caching-nameserver.conf named.conf

[root@localhost etc]# vim named.conf

options {

listen-on port 53 { 192.168.10.87; };

//listen-on-v6 port 53 { ::1; };

allow-transfer {192.168.10.88}授权此IP地址的服务器,可以为从DNS服务器。

allow-query{ any; };

allow-query-cache { any; };

};

logging {

channel default_debug {

file"data/named.run";

severity dynamic;

};

};

view localhost_resolver {

match-clients{ any; };

match-destinations { any; };

recursion yes;

:%s/localhost/any/gclocalhost替换为anyc为交互式)

编辑第二配置文件:

[root@localhost etc]# vimnamed.rfc1912.zones

:21,31y

51 zone "tarena.com" IN {

52type master;

53file "tarena.com.zone";

54};

55

56zone "10.168.192.in-addr.arpa" IN {

57type master;

58file "192.168.10.arpa";

59};

:%s/localhost/tarena.com/gc

[root@localhost etc]# named-checkconfnamed.conf检验语法是否正确

[root@localhost etc]# named-checkconfnamed.rfc1912.zones

编辑区域声明文件,使用模板复制:

[root@localhost named]# pwd

/var/named/chroot/var/named

[root@localhost named]# cp -plocaldomain.zone tarena.com.zone

[root@localhost named]# vim tarena.com.zone正向区域声明

$TTL86400

@IN SOAtarena.com. root.tarena.com. (

2014030301; serial(d. adams)

3H; refresh

15M; retry

1W; expiry

1D); minimum

IN NStarena.com.

wwwIN A192.168.10.30

mailIN A192.168.10.35

bbsIN A192.168.10.40

ftpIN CNAMEbbs

wwwIN A192.168.10.31负载均衡

wwwIN A192.168.10.32负载均衡

*IN A192.168.10.25通配机头名

@IN A192.168.10.28域名解析

:%s/localhost/tarena.com.

编辑反向区域声明:

[root@localhost named]# named-checkzonetarena.com tarena.com.zone 检验语法

zone tarena.com/IN: loaded serial2014030301

OK

[root@localhost named]# cp -ptarena.com.zone 192.168.10.arpa

[root@localhost named]# vim 192.168.10.arpa

30IN PTRwww.tarena.com.

35IN PTRmail.tarena.com.

40IN PTRbbs.tarena.com.

[root@localhost named]# named-checkzonetarena.com 192.168.10.arpa

zone tarena.com/IN: loaded serial2014030301

OK

重启服务:

[root@localhost named]# service namedrestart

停止 named[确定]

启动 named[确定]

客户机验证:[root@localhost ~]# host mail.tarena.com

mail.tarena.com has address 192.168.10.35

[root@localhost ~]# nslookup

> ftp.tarena.com

Server:192.168.10.87

Address:192.168.10.87#53

ftp.tarena.comcanonical name = bbs.tarena.com.

Name:bbs.tarena.com

Address: 192.168.10.40

> tarena.com

Server:192.168.10.87

Address:192.168.10.87#53

Name:tarena.com

Address: 192.168.10.28

配置从DNS服务器:

安装软件包:编辑主文件:同主服务器一样,编辑第二主文件时与主服务器不同:

[root@localhost etc]# vimnamed.rfc1912.zones

zone "tarena.com" IN {

type slave;

file "slaves/tarena.com.zone";

masters {192.168.10.87; };

};

zone "10.168.192.in-addr.arpa" IN{

type slave;

file "slaves/192.168.10.arpa";

masters {192.168.10.87; };

};

检验语法:从服务器,区域声明自动从主服务复制因此不需要自己配置;

[root@localhost etc]# named-checkconfnamed.conf

[root@localhost etc]# named-checkconfnamed.rfc1912.zones

查看未重启服务时的从服务器区域声明目录,目录为空;

[root@localhost named]# ls slaves/

[root@localhost named]#

重启服务:

[root@localhost etc]# service named restart

停止 named[确定]

启动 named[确定]

此时目录自动生成了以助服务器为模板的两个区域声明文件

[root@localhost named]# ls slaves/

192.168.10.arpatarena.com.zone

验证:从客户机验证,DNSip指向从服务器:

[root@localhost ~]# nslookupwwwww.tarena.com 192.168.10.88

Server:192.168.10.88

Address:192.168.10.88#53

Name:wwwww.tarena.com

Address: 192.168.10.25

区域数据的特殊应用:

[root@localhost named]# vim tarena.com.zone编辑正向区域声明

$GENERATE1-200station$IN A 192.168.10$

[root@localhost named]# vim 192.168.10.arpa

$GENERATE1-200$IN PTRstation$.tarena.com.

验证两个区域的声明语法:

[root@localhost named]# named-checkzonetarena.com tarena.com.zone

one tarena.com/IN: loaded serial 2014030301

OK

[root@localhost named]# named-checkzonetarena.com 192.168.10.arpa

zone tarena.com/IN: loaded serial2014030301

OK

从客户机验证函数解析:(正向)

[root@localhost named]# vim tarena.com.zone

$GENERATE1-200station$IN A 192.168.10.$

[root@localhost named]# service namedrestart

停止 named[确定]

启动 named[确定]

验证:[root@localhost ~]# nslookup

> station22.tarena.com

Server:192.168.10.87

Address:192.168.10.87#53

Name:station22.tarena.com

Address: 192.168.10.22

> exit

[root@localhost ~]# hoststation88.tarena.com

station88.tarena.com has address192.168.10.88

反向函数:

[root@localhost named]# vim 192.168.10.arpa

$GENERATE1-200$IN PTRstation$.tarena.com.

[root@localhost named]# named-checkzonetarena.com 192.168.10.arpa

zone tarena.com/IN: loaded serial2014030301检验语法

OK

客户机验证:

[root@localhost ~]# host 192.168.10.33

33.10.168.192.in-addr.arpa domain namepointer station33.tarena.com.

[root@localhost ~]# nslookup

> 192.168.10.99

Server:192.168.10.87

Address:192.168.10.87#53

99.10.168.192.in-addr.arpaname = station99.tarena.com.