主域名服务器,通常架设在Internet环境中,提供某一个域或某几个域内的主机名与IP地址的查询服务。为了分担域名查询的压力,提供区域数据的备份,有时还会另外架设一台从域名服务器,与主域名服务器同时提供服务。
主域名服务器(dns1.zhuohua):192.168.168.154/24
从域名服务器(dns2.zhuohua):192.168.168.155/24
实验中使用的DNS域名:
happy.store、funny.store
DNS软件的安装可参考:CentOS8_DNS缓存域名服务器
实验中,两台域名服务器的防火墙配置:(TCP 53和UDP 53)
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
使规则生效:
firewall-cmd --reload
注释:不打开TCP 53端口,数据同步失败。
###
主域名服务器(dns1.zhuohua)的主配置文件:
cat >/etc/named.conf<< EOF
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "happy.store" IN {
type master;
file "happy.store.zone";
notify yes;
also-notify { 192.168.168.155; };
allow-transfer { 192.168.168.155; };
};
zone "funny.store" IN {
type master;
file "funny.store.zone";
notify yes;
also-notify { 192.168.168.155; };
allow-transfer { 192.168.168.155; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
###
新建正向解析数据库文件:( happy.store.zone )
[root@dns1 ~]# vi /var/named/happy.store.zone
$TTL 86400
@ IN SOA happy.store. admin.happy.store. (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns1.zhuohua.
@ IN NS dns2.zhuohua.
ftp IN A 192.168.168.21
bbs IN A 192.168.168.60
mail IN A 192.168.168.25
IN MX 10 mail.happy.store.
www IN A 192.168.168.80
ww IN CNAME www
######
新建正向解析数据库文件:( funny.store.zone )
[root@dns1 ~]# vi /var/named/funny.store.zone
$TTL 86400
@ IN SOA funny.store. admin.funny.store. (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS dns1.zhuohua.
@ IN NS dns2.zhuohua.
ftp IN A 192.168.168.33
bbs IN A 192.168.168.66
mail IN A 192.168.168.55
IN MX 10 mail.funny.store.
www IN A 192.168.168.88
ww IN CNAME www
###
设置文件属性:
chown named:named /etc/named.conf
chown named:named /var/named/happy.store.zone
chown named:named /var/named/funny.store.zone
重启DNS服务:
[root@dns001 ~]# systemctl restart named
客户机的DNS地址指向DNS主域名服务器
备注:这是有DHCP服务器分配了IP地址和网关。
客户端测试:
客户端测试:( nslookup )
happy.store
funny.store
###
从域名服务器(dns2.zhuohua)的主配置文件:
cat >/etc/named.conf<< EOF
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "happy.store" IN {
type slave;
masters { 192.168.168.154; };
file "slaves/happy.store.zone";
};
zone "funny.store" IN {
type slave;
masters { 192.168.168.154; };
file "slaves/funny.store.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
###
设置文件属性:
chown named:named /etc/named.conf
重启DNS服务:
[root@dns2 ~]# systemctl restart named
主域名服务器(dns1.zhuohua)也要重启DNS服务:
[root@dns001 ~]# systemctl restart named
数据同步成功的话,从域名服务器(dns2.zhuohua)会自动生成正向解析数据库文件:( happy.store.zone 、funny.store.zone )
[root@dns2 slaves]# pwd
/var/named/slaves
[root@dns2 slaves]# ll
总用量 8
-rw-r--r--. 1 named named 464 6月 3 13:05 funny.store.zone
-rw-r--r--. 1 named named 464 6月 3 13:03 happy.store.zone
注释:这里的正向解析数据库文件是查看不了的。
客户机的DNS地址指向DNS从域名服务器
备注:这是有DHCP服务器分配了IP地址和网关。
客户端测试:
客户端测试:( nslookup )
happy.store
funny.store
如果想修域名信息,应在主域名服务器(dns1.zhuohua)的正向解析数据库文件里修改:
[root@dns1 ~]# vi /var/named/happy.store.zone
[root@dns1 ~]# vi /var/named/funny.store.zone
要想slave对应的域名信息自动同步master的,就需要修改master对应的解析数据库文件的serial值(要比原来的值大);例如修改了/var/named/funny.store.zone的数据信息,就必须调大这个文件的serial值,如下图:
然后还需要在master重启DNS服务:
[root@dns001 ~]# systemctl restart named
slave对应的解析数据库文件就会自动同步的了
笺注:
正常的话,客户端无论使用哪个DNS服务器,其解析效果都应一样。 |