desktop:(主dns)
主机名---dns-server.example.comIP---172.25.254.144指定yum源/[root@dns-server ~]# yum install bind -y ##安装bind软件包##[root@dns-server ~]# systemctl start named ##开启named服务##[root@dns-server ~]# ll /dev/random ##/dev/random为开启named服务时生成的加密文件##crw-rw-rw-. 1 root root 1, 8 Mar 15 07:16 /dev/random[root@dns-server ~]# cat /dev/randomgu IP'[root@dns-server ~]# vim /etc/named.conf ##named服务的配置文件## ...... 9 10 options { 11 // listen-on port 53 { 127.0.0.1; }; ##注释该行,监听所有53端口## 12 // listen-on-v6 port 53 { ::1; }; ##注释该行,监听所有53端口## 13 directory "/var/named"; ##指定解析库位置## 14 dump-file "/var/named/data/cache_dump.db"; 15 statistics-file "/var/named/data/named_stats.txt"; 16 memstatistics-file "/var/named/data/named_mem_stats.txt"; 17 allow-query { any; }; ##允许谁来查询## 18 forwarders { 172.25.254.250; }; ##指定上级DNS## ...... 29 recursion yes; ##是否运行递归## 30 31 dnssec-enable yes; 32 dnssec-validation yes; 33 dnssec-lookaside auto; 34 35 /* Path to ISC DLV key */ 36 bindkeys-file "/etc/named.iscdlv.key"; 37 38 managed-keys-directory "/var/named/dynamic"; 39 40 pid-file "/run/named/named.pid"; 41 session-keyfile "/run/named/session.key"; 42 }; 43 44 logging { ##指定日志文件## 45 channel default_debug { 46 file "data/named.run"; 47 severity dynamic; 48 }; 49 }; 50 51 zone "." IN { ##指定区域## 52 type hint; ##指定服务器类型虚拟DNS## 53 file "named.ca"; ##指定解析库名字## 54 }; 55 56 include "/etc/named.rfc1912.zones"; ##包含配置文件/etc/named.rfc1912.zones## 57 include "/etc/named.root.key"; ......####正向解析####[root@dns-server ~]# vim /etc/named.rfc1912.zones ...... 25 zone "westoslinux.com" IN { 26 type master; 27 file "westoslinux.com.zone"; 28 allow-update { none; }; 29 allow-transfer { 172.25.254.244; }; ##允许同步本机A记>录文件的主机IP## 30 }; ......[root@dns-server ~]# cd /var/named/[root@dns-server named]# lsdata named.ca named.localhost slavesdynamic named.empty named.loopback[root@dns-server named]# cp -p named.localhost westoslinux.com.zone[root@dns-server named]# vim westoslinux.com.zone 1 $TTL 1D 2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westoslinux.com. 9 dns A 172.25.254.144 10 www A 172.25.254.125[root@dns-server named]# systemctl restart named####反向解析####[root@dns-server ~]# vim /etc/named.rfc1912.zones ...... 50 zone "254.25.172.in-addr.arpa" IN { 51 type master; 52 file "westoslinux.com.ptr"; 53 allow-update { none; }; 54 }; ......[root@dns-server named]# vim westoslinux.com.ptr 1 $TTL 1D 2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westoslinux.com. 9 dns A 172.25.254.144 10 222 PTR www.westoslinux.com. 11 233 PTR bbs.westoslinux.com.[root@dns-server named]# systemctl restart named[root@dns-server named]# vim westoslinux.com.zone 1 $TTL 1D 2 @ IN SOA dns.westoslinux.com. root.westoslinux.com. ( 3 0 ; serial 4 1D ; refresh 5 1H ; retry 6 1W ; expire 7 3H ) ; minimum 8 NS dns.westoslinux.com. 9 dns A 172.25.254.144 10 www CNAME www.a.westoslinux.com. 11 www.a A 172.25.254.125 12 www.a A 172.25.254.225 13 westoslinux.com. MX 1 172.25.254.1.[root@dns-server named]# systemctl restart named虚拟机server:(辅助dns)主机名:dns-server2.example.comIP:172.25.254.244指定yum源:vim /etc/yum.repos.d/rhel_dvd.repo安装bind软件包:yum install bind -y开启named服务:systemctl restart named修改配置文件/etc/name.conf(与主dns一致)重启named服务:systemctl restart named火墙配置:[root@dns-server2 ~]# firewall-cmd --permanent --add-service=dnssuccess[root@dns-server2 ~]# firewall-cmd --reloadsuccess[root@dns-server2 ~]# firewall-cmd --list-allpublic (default, active) interfaces: eth0 sources: services: dhcpv6-client dns ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:[root@dns-server2 ~]# vim /etc/named.rfc1912.zones ...... 25 zone "westoslinux.com" IN { 26 type slave; ##设定本机为辅助dns## 27 masters { 172.25.254.144; }; ##A记录文件同步主机IP## 28 file "slaves/westoslinux.com.zone"; ##存放A记录文件的>位置## 29 allow-update { none; }; 30 }; ......[root@dns-server2 ~]# systemctl restart named测试:vim /etc/resolv.confnameserver 172.25.254.244 ##IP为辅助dns的IP##补充:/etc/named.rfc1912.zones...... 25 zone "westoslinux.com" IN { 26 type master; 27 file "westoslinux.com.zone"; 28 allow-update { none; }; 29 allow-transfer { 172.25.254.244; }; ##允许同步本机A记>录文件的主机IP## 30 also-notify { 172.25.254.244;}; 31 };每次重新启动服务要修改/var/named/westos.com.zone 中的serial值,一般改为日>期设置主dnsvim /etc/named.rfc1912.zonescp -p /var/named/westos.com.zone /mntchmod 770 /var/namedsetsebool -P named_write_master_zones 1辅助dns:nsupdate>server 172.25.254.100>update add hello.westos.com 86400 A 172.25.254.100>send>quitnsupdate
> server 172.25.254.100> update delete hello.westos.com>send>quit这样做可以让辅助dns 去更新主dns