1. 部署从dns服务器
yum安装bind9
[root@slave ~]# yum install bind-utils bind bind-devel bind-chroot -y
编辑/etc/named.conf(与master一样)
编辑/etc/rndc.key
编辑/etc/rndc.conf
编辑/var/named/chroot/etc/view.conf(与master有些不一样啦)
[root@slave etc]# cat /var/named/chroot/etc/view.conf view "SlaveView" { zone "example.com" { #zone与master一样 type slave; #类型 从DNS masters {192.168.56.13; }; #master服务器,可以配置多个,用;号分隔 file "slave.example.com.zone"; }; }; #更改master的view.conf, 通知从DNS变更 [root@master ~]# vim /var/named/chroot/etc/view.conf view "View" { zone "example.com" { type master; file "example.com.zone"; allow-transfer { 192.168.56.14; }; notify yes; also-notify { 192.168.56.14; }; }; }; [root@master ~]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful #启动从dns [root@slave etc]# cd /var && chown -R named.named named/ [root@slave var]# /etc/init.d/named start Starting named: [ OK ] [root@slave var]# chkconfig named on [root@slave etc]# cat slave.example.com.zone $ORIGIN . $TTL 3600 ; 1 hour example.com IN SOA op.example.com. dns.example.com. ( 2000 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. $ORIGIN example.com. a A 1.2.3.4 op A 1.2.3.4
2. 添加A、CNAME、MX、PTR记录
添加A记录(serial每次要增加,否则slave不会检测到变化不会同步)
[root@master etc]# vim /var/named/chroot/etc/example.com.zone $ORIGIN . $TTL 3600 ; 1 hour example.com IN SOA op.example.com. dns.example.com. ( 2001 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. $ORIGIN example.com. chegva A 1.2.3.4 op A 1.2.3.4 a A 1.2.3.4 a A 192.168.122.100 [root@master etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful #查看slave zone文件是否同步 [root@slave etc]# cat slave.example.com.zone $ORIGIN . $TTL 3600 ; 1 hour example.com IN SOA op.example.com. dns.example.com. ( 2001 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. $ORIGIN example.com. a A 1.2.3.4 A 192.168.122.100 #bind的一种写法,表示这条解析是继承上条的a chegva A 1.2.3.4 op A 1.2.3.4
添加CNAME记录
[root@master etc]# vim /var/named/chroot/etc/example.com.zone $ORIGIN . $TTL 3600 ; 1 hour example.com IN SOA op.example.com. dns.example.com. ( 2002 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. $ORIGIN example.com. chegva A 1.2.3.4 op A 1.2.3.4 a A 1.2.3.4 a A 192.168.122.100 cname CNAME a.example.com. #前面是a因为要保证a.example.com能被解析,后边一定有个.表示代表的是域名,正常解析只是把这个点忽略了,记得serial数要增加,保存退出reload [root@master etc]# rndc reload WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful #在slave中可以看到,有条cname记录 [root@slave etc]# cat slave.example.com.zone $ORIGIN . $TTL 3600 ; 1 hour example.com IN SOA op.example.com. dns.example.com. ( 2002 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. $ORIGIN example.com. a A 1.2.3.4 A 192.168.122.100 chegva A 1.2.3.4 cname CNAME a #CNAME记录 op A 1.2.3.4
A记录、CNAME记录结果检测
[root@slave etc]# dig @192.168.56.13 cname.example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @192.168.56.13 cname.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56615 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;cname.example.com. IN A ;; ANSWER SECTION: cname.example.com. 3600 IN CNAME a.example.com. #首先解析cname.example.com得到a.example然后解析a.example.com的A记录拿到两个IP a.example.com. 3600 IN A 1.2.3.4 a.example.com. 3600 IN A 192.168.122.100 ;; AUTHORITY SECTION: example.com. 3600 IN NS op.example.com. ;; ADDITIONAL SECTION: op.example.com. 3600 IN A 1.2.3.4 ;; Query time: 0 msec ;; SERVER: 192.168.56.13#53(192.168.56.13) ;; WHEN: Thu Mar 16 07:43:21 2017 ;; MSG SIZE rcvd: 116 [root@slave etc]# dig @192.168.56.14 cname.example.com #再用slave来解析,正常情况下与主dns解析应该是一样的 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @192.168.56.14 cname.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39519 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;cname.example.com. IN A ;; ANSWER SECTION: cname.example.com. 3600 IN CNAME a.example.com. a.example.com. 3600 IN A 192.168.122.100 a.example.com. 3600 IN A 1.2.3.4 ;; AUTHORITY SECTION: example.com. 3600 IN NS op.example.com. ;; ADDITIONAL SECTION: op.example.com. 3600 IN A 1.2.3.4 ;; Query time: 30 msec ;; SERVER: 192.168.56.14#53(192.168.56.14) ;; WHEN: Thu Mar 16 07:45:55 2017 ;; MSG SIZE rcvd: 116
添加MX记录
[root@master etc]# egrep "^mx|serial$" /var/named/chroot/etc/example.com.zone #添加mx记录 2003 ; serial mx MX 5 192.168.122.101 #5是优先级,越小越高 [root@master etc]# rndc reload #用host查看解析结果,dig看不到 [root@master etc]# host mx.example.com 192.168.56.13 Using domain server: Name: 192.168.56.13 Address: 192.168.56.13#53 Aliases: mx.example.com mail is handled by 5 192.168.122.101.example.com. [root@master etc]# host mx.example.com 192.168.56.14 Using domain server: Name: 192.168.56.14 Address: 192.168.56.14#53 Aliases: mx.example.com mail is handled by 5 192.168.122.101.example.com.
PTR记录(反向解析多用于IP地址标识主机特征)
编辑master上的view.conf文件
[root@master etc]# vim /var/named/chroot/etc/view.conf [root@master etc]# vim view.conf view "View" { zone "example.com" { type master; file "example.com.zone"; allow-transfer { 192.168.56.14; }; notify yes; also-notify { 192.168.56.14; }; }; zone "168.192.in-addr.arpa" { #前边的数字表示是192.168这个zone的反向解析,in-addr.arpa是反向解析的申明 type master; file "168.192.zone"; allow-transfer { 192.168.56.14; }; notify yes; also-notify { 192.168.56.14; }; }; };编辑master节点/var/named/chroot/etc/168.192.zone
[root@master etc]# vim /var/named/chroot/etc/168.192.zone $TTL 3600 ; 1 hour @ IN SOA op.example.com. dns.example.com. ( 2004 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) NS op.example.com. 102.122 IN PTR a.example.com. [root@master etc]# chown named.named 168.192.zone [root@master etc]# rndc reload
编辑slave下的view.conf文件,添加反向解析的zone
view "SlaveView" { zone "example.com" { type slave; masters {192.168.56.13; }; file "slave.example.com.zone"; }; zone "168.192.in-addr.arpa" { type slave; masters {192.168.56.13; }; file "slave.168.192.zone"; }; }; [root@slave etc]# rndc reload [root@slave etc]# ll #可以看到salve.168.192.zone已同步过来 total 52 -rw-r--r-- 1 root root 2819 Mar 16 02:40 localtime drwxr-x--- 2 root named 4096 Jan 17 05:04 named -rw-r----- 1 root named 1126 Jul 8 2016 named.conf -rw-r--r-- 1 root named 2389 Jan 17 05:04 named.iscdlv.key -rw-r----- 1 root named 931 Jun 21 2007 named.rfc1912.zones -rw-r--r-- 1 root named 487 Jul 19 2010 named.root.key drwxr-x--- 3 named named 4096 Jan 17 05:04 pki -rw-r--r-- 1 root root 197 Jul 8 2016 rndc.conf -rw-r--r-- 1 root root 91 Jul 8 2016 rndc.key -rw-r--r-- 1 named named 327 Mar 16 08:23 slave.168.192.zone -rw-r--r-- 1 named named 408 Mar 16 08:12 slave.example.com.zone -rw-r--r-- 1 named named 330 Mar 16 08:20 view.conf -rw-r--r-- 1 named named 322 Mar 16 06:59 view.conf.bak检测反向解析
[root@slave etc]# host 192.168.122.102 192.168.56.14 Using domain server: Name: 192.168.56.14 Address: 192.168.56.14#53 Aliases: #可以看到主从dns都能通过IP 192.168.122.102地址解析到域名 102.122.168.192.in-addr.arpa domain name pointer a.example.com. [root@slave etc]# host 192.168.122.102 192.168.56.13 Using domain server: Name: 192.168.56.13 Address: 192.168.56.13#53 Aliases: 102.122.168.192.in-addr.arpa domain name pointer a.example.com
