主域名服务器,通常架设在Internet环境中,提供某一个域或某几个域内的主机名与IP地址的查询服务。为了分担域名查询的压力,提供区域数据的备份,有时还会另外架设一台从域名服务器,与主域名服务器同时提供服务。
主域名服务器(dns1.zhuohua):192.168.168.130/24
从域名服务器(dns2.zhuohua):192.168.168.131/24
实验中使用的DNS域名:
happy.store、funny.store
DNS软件的安装可参考:DNS缓存域名服务器
实验中,两台域名服务器的防火墙配置:(TCP 53和UDP 53)
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
注释:不打开TCP 53端口,数据同步失败。
主域名服务器(dns1.zhuohua)的主配置文件:
cat >/etc/named.conf<< EOF
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "happy.store" IN {
type master;
file "happy.store.zone";
notify yes;
also-notify { 192.168.168.131; };
allow-transfer { 192.168.168.131; };
};
zone "funny.store" IN {
type master;
file "funny.store.zone";
notify yes;
also-notify { 192.168.168.131; };
allow-transfer { 192.168.168.131; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
###
新建正向解析数据库文件:( happy.store.zone )
[root@dns1 ~]# vi /var/named/happy.store.zone
$TTL 86400
@ IN SOA happy.store. admin.happy.store. (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns1.zhuohua.
@ IN NS dns2.zhuohua.
ftp IN A 192.168.168.21
bbs IN A 192.168.168.60
mail IN A 192.168.168.25
IN MX 10 mail.happy.store.
www IN A 192.168.168.80
ww IN CNAME www
######
新建正向解析数据库文件:( funny.store.zone )
[root@dns1 ~]# vi /var/named/funny.store.zone
$TTL 86400
@ IN SOA funny.store. admin.funny.store. (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns1.zhuohua.
@ IN NS dns2.zhuohua.
ftp IN A 192.168.168.33
bbs IN A 192.168.168.66
mail IN A 192.168.168.55
IN MX 10 mail.funny.store.
www IN A 192.168.168.88
ww IN CNAME www
###
设置文件属性:
chown named:named /etc/named.conf
chown named:named /var/named/happy.store.zone
chown named:named /var/named/funny.store.zone
重启DNS服务:
[root@dns1 ~]# service named restart
停止 named:[确定]
启动 named:[确定]
客户机的DNS地址指向DNS主域名服务器
备注:这是有DHCP服务器分配了IP地址和网关。
客户端测试:
客户端测试:( nslookup )
happy.store
funny.store
######
从域名服务器(dns2.zhuohua)的主配置文件:
cat >/etc/named.conf<< EOF
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "happy.store" IN {
type slave;
masters { 192.168.168.130; };
file "slaves/happy.store.zone";
};
zone "funny.store" IN {
type slave;
masters { 192.168.168.130; };
file "slaves/funny.store.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
###
设置文件属性:
chown named:named /etc/named.conf
重启DNS服务:
[root@dns2 ~]# service named restart
停止 named:[确定]
启动 named:[确定]
主域名服务器(dns1.zhuohua)也要重启DNS服务:
[root@dns1 ~]# service named restart
停止 named:[确定]
启动 named:[确定]
数据同步成功的话,从域名服务器(dns2.zhuohua)会自动生成正向解析数据库文件:( happy.store.zone 、funny.store.zone )
注释:这里的正向解析数据库文件不要直接修改!!!
客户机的DNS地址指向DNS从域名服务器
备注:这是有DHCP服务器分配了IP地址和网关。
客户端测试:
客户端测试:( nslookup )
happy.store
funny.store
如果想修域名信息,应在主域名服务器(dns1.zhuohua)的正向解析数据库文件里修改:
[root@dns1 ~]# vi /var/named/happy.store.zone
[root@dns1 ~]# vi /var/named/funny.store.zone
要想slave对应的域名信息自动同步master的,就需要修改master对应的解析数据库文件的serial值(要比原来的值大);例如修改了/var/named/happy.store.zone的数据信息,就必须调大这个文件的serial值,如下图:
然后还需要在master重启DNS服务:
[root@dns1 ~]# service named restart
停止 named:[确定]
启动 named:[确定]
slave对应的解析数据库文件就会自动同步的了
笺注:
正常的话,客户端无论使用哪个DNS服务器,其解析效果都应一样。
#################################
#################################
亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^
苏泊尔电压力锅家用智能5L高压饭煲特价
苏泊尔电磁炉火锅家用智能正品学生电池炉灶特价炒菜
苏泊尔电蒸锅多功能家用蒸气锅三层大容量电蒸笼蒸锅蒸菜自动断电
|