linux服务管理之dns服务配置教程 第三部分
八、DNS转发
DNS转发网络拓扑结构图,如图一:
图一 DNS转发网络拓扑结构图
serv01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders {192.168.1.12;};
recursionyes;
#dnssec-enableyes;
#dnssec-validationyes;
#dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n5/etc/named.rfc1912.zones
zone "justdb.com" IN {
typemaster;
file"justdb.com.zone";
allow-update{ none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -a
--第四步,编辑justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
[root@serv01 named]# ifconfig
eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第六步,测试本机
[root@serv01 named]# dig www.justdb.com+short
192.168.1.66
serv02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2943 errors:0 dropped:0overruns:0 frame:0
TX packets:1728 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:265863 (259.6 KiB) TXbytes:279067 (272.5 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
root@serv02 named]# vim /etc/named.conf
[root@serv02 named]# cat /etc/named.conf
options {
listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv02 named]# tail -n6/etc/named.rfc1912.zones
zone "larrywen.com" IN {
type master;
file "larrywen.com.zone";
allow-update { none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv02 named]# cp named.localhostlarrywen.com.zone -a
--第四步,编辑larrywen.com.zone文件
[root@serv02 named]# cat larrywen.com.zone
$TTL 1D
@ INSOA dns.larrywen.com. root.larrywen.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.larrywen.com.
dns IN A 192.168.1.12
www IN A 192.168.1.88
--第五步,重启服务
[root@serv02 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
--第六步,测试本机
[root@serv02 named]# dig www.larrywen.com+short
192.168.1.88
serv03 测试机配置
--第一步,安装bind-util
[root@serv03 ~]# yum install bind-util* -y
--第二步,配置默认的dns
[root@serv03 ~]# cat /etc/resolv.conf
nameserver 192.168.1.11
--第三步,测试www.justdb.com
[root@serv03 ~]# dig www.justdb.com +short
192.168.1.66
--第四步,测试www.larrywen.com
[root@serv03 ~]# dig www.larrywen.com +short
192.168.1.88
九、DNS主从服务器
从服务器自动成主服务器中同步数据
#serv01:主服务器 IP:192.168.1.11
#serv02:从服务器,主服务器发生变化,从服务器更新 IP 192.168.1.12
#serv03:测试机 IP:192.168.1.13
网络拓扑结构图如图二:
图二 DNS主从服务器网络拓扑结构图
server01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
-- listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
--allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n7/etc/named.rfc1912.zones
zone "justdb.com" IN {
type master;
file "justdb.com.zone";
-- allow-transfer {192.168.1.12;};
notify yes;
also-notify { 192.168.1.12;};
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -a
--第四步,编辑justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
server02配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv02 slaves]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:6A:EC:97
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6a:ec97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133206 (130.0 KiB) TXbytes:148913 (145.4 KiB)
[root@serv01 named]# yum install bind* -y
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
--listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
-- allow-query { any; };
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
--第三步,修改named.rfc1912.zones 文件,修改如下
[root@serv02 slaves]# tail -n5/etc/named.rfc1912.zones
zone "justdb.com" IN {
type slave;
file "slaves/justdb.com.zone";
masters {192.168.1.11;};
};
--第四步,重启服务
[root@serv02 slaves]# /etc/init.d/namedrestart
Stopping named: [ OK ]
Starting named: [ OK ]
--第五步,进入slaves目录,发现自动生成了文件
[root@serv02 named]# cd slaves/
[root@serv02 slaves]# ll
total 0
[root@serv02 slaves]# ll
total 4
-rw-r--r—. 1 named named 330 Aug 8 23:43 justdb.com.zone
[root@serv02 slaves]# cat justdb.com.zone
$ORIGIN .
$TTL 86400 ;1 day
justdb.com INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.justdb.com.
$ORIGIN justdb.com.
dns A 192.168.1.11
www A 192.168.1.66
测试
--第一步,server01加入新的地址,重启服务
[root@serv01 named]# vim justdb.com.zone
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
-- #注意把serial改成1,不要和以前的保持一致
-- 1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
www IN A 192.168.1.66
ftp IN A 192.168.1.88
--第二步,server02查看文件,发现更新成功
[root@serv02 slaves]# cat justdb.com.zone
$ORIGIN .
$TTL 86400 ;1 day
justdb.com INSOA dns.justdb.com. root.justdb.com. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS dns.justdb.com.
$ORIGIN justdb.com.
dns A 192.168.1.11
--ftp A 192.168.1.88
www A 192.168.1.66
--#序列号只能改大,不能改小
#删除后也可以同步
server03配置
可以使用dig测试双方同步的数据是否一致
十、子域授权
子级DNS服务器(子域授权)
#serv01
jutdb.com 192.168.1.11
web.justdb.com
web.hb.justdb.com
web.xn.justdb.com 192.168.1.12
#客户端192.168.1.13
#nameserver配置成192.168.1.11
#DNS转发:域名之间无关系
#子欲授权:域名之间有关系
网络拓扑结构图如图三:
图三 DNS子域授权网络拓扑结构图
serv01配置
--第一步,查看本机IP,通过yum源安装bind
[root@serv01 named]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr00:0C:29:07:DD:3B
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2823 errors:0 dropped:0 overruns:0 frame:0
TX packets:1618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:257429 (251.3 KiB) TXbytes:252898 (246.9 KiB)
[root@serv01 named]# yum install bind* -y>/dev/null 2>&1
--第二步,修改named.conf文件,修改如下
[root@serv01 named]# vim /etc/named.conf
[root@serv01 named]# cat /etc/named.conf
options {
--listen-onport 53 { any; };
listen-on-v6port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
-- allow-query { any; };<
recursionyes;
--#dnssec-enable yes;
#dnssec-validationyes;
#dnssec-lookasideauto;
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
};
[root@serv01 named]# tail -n7/etc/named.rfc1912.zones
zone "justdb.com" IN {
type master;
file "justdb.com.zone";
allow-update { none; };
};
zone "hb.justdb.com" IN {
type master;
file "hb.justdb.com.zone";
allow-update { none; };
};
--第三步,拷贝文件,注意加上-a或者-p参数
[root@serv01 named]# cp named.localhostjustdb.com.zone -av
[root@serv01 named]# cp named.localhosthb.justdb.com.zone -av
--第四步,编辑justdb.com.zone和hb.justdb.com.zone文件
[root@serv01 named]# cat justdb.com.zone
$TTL 1D
@ INSOA dns.justdb.com. root.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.88
[root@serv01 named]# cat hb.justdb.com.zone
$TTL 1D
@ INSOA dns.hb.justdb.com.root.hb.justdb.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
NS dns.hb.justdb.com.
dns IN A 192.168.1.11
web IN A 192.168.1.89
--第五步,重启服务
[root@serv01 named]# /etc/init.d/namedrestart
Stopping named: . [ OK ]
Starting named: [ OK ]
