千家信息网

配置DNS的正反向解析与主从同步

发表于:2024-11-26 作者:千家信息网编辑
千家信息网最后更新 2024年11月26日,配置DNS的正反向解析与主从同步准备:本实验基于两台centos6.5其内核版本号为2.6.32-431.el6.x86_64配置时间同步# echo "#update system date by
千家信息网最后更新 2024年11月26日配置DNS的正反向解析与主从同步

配置DNS的正反向解析与主从同步

准备:

  • 本实验基于两台centos6.5其内核版本号为2.6.32-431.el6.x86_64

  • 配置时间同步

    # echo "#update system date by jiajie at 20170506" >>/var/spool/cron/root # echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1" >>/var/spool/cron/root
  • 关闭防火墙和SELINUX

    # service iptables stop# setenforce 0# sed -i  "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
  • 本实验的主DNS服务器IP是:192.168.1.16,从DNS服务器的IP是192.168.1.20

  • 主服务器:支持正反向解析,从服务器:从正反向解析


开始 配置主服务器(IP:192.168.1.16

  1. 安装软件 # yum -y install bind bind-libs bind-utils 版本:bind.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.1

  2. 配置正向解析的数据库文件 ; 配置主DNS服务器的配置文件(只列出修改的):

    # cat  /etc/named.confoptions {            listen-on port 53 { 192.168.1.16; 127.0.0.1; };//or delete this line    //      listen-on-v6 port 53 { ::1; };            directory       "/var/named";            dump-file       "/var/named/data/cache_dump.db";            statistics-file "/var/named/data/named_stats.txt";            memstatistics-file "/var/named/data/named_mem_stats.txt";            allow-query     { any; };                              recursion yes;    //      dnssec-enable yes;    //      dnssec-validation yes;        /* Path to ISC DLV key */    //      bindkeys-file "/etc/named.iscdlv.key";    //      managed-keys-directory "/var/named/dynamic";        };*定义正向区域*在该文件内添加下面的ZONE(注意格式和符号)# tail /etc/named.rfc1912.zones    zone "jiajie.com" IN {        type master;        file "jiajie.zone";    };
  3. 创建区域解析库文件:

    # vim /var/named/jiajie.com.zone $TTL 1D$ORIGIN jiajie.com.@       IN      SOA     ns1.jiajie.com. jjzgood.126.com. (                20170507                1H                10M                5D                1D )        IN      NS      ns1        IN      NS      ns2        IN      MX 10   mx1        IN      MX 20   mx2ns1     IN      A       192.168.1.16ns2     IN      A       192.168.1.20mx1     IN      A       192.168.1.17mx2     IN      A       192.168.1.18www     IN      A       192.168.1.16www     IN      A       192.169.1.20ftp     IN      CNAME   www
  4. 修改权限和属组:

    # chown :named /var/named/jiajie.zone # chmod 640 /var/named/jiajie.zone
  5. 查错和重启服务:

    # named-checkconf # named-checkzone "jiajie.com" /var/named/jiajie.zone  zone jiajie.com/IN: loaded serial 20170507 OK# service named restart# rndc status
  6. 现象:

    # host -t A www.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: www.jiajie.com has address 192.169.1.20www.jiajie.com has address 192.168.1.16# host -t A mx1.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: mx1.jiajie.com has address 192.168.1.17# host -t A ftp.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: ftp.jiajie.com is an alias for www.jiajie.com.www.jiajie.com has address 192.168.1.16www.jiajie.com has address 192.169.1.20

由现象可以看出我们配置的主DNS服务器是成功的。


  1. 配置反向解析: 添加反向zone:

    # tail /etc/named.rfc1912.zoneszone "1.168.192.in-addr.arpa" IN {    type  master;    file  "192.168.1.zone";};
  2. 添加反向区域解析库文件:

    # vim  /var/named/192.168.1.zone $TTL 1D@       IN      SOA     ns1.jiajie.com. jjzgood.126.com. (                20170507                1H                10M                5D                1D )        IN      NS      ns1.jiajie.com.        IN      NS      ns2.jiajie.com.        16      IN      PTR     ns1.jiajie.com.16      IN      PTR     www.jiajie.com.20      IN      PTR     ns2.jiajie.com.20      IN      PTR     www.jiajie.com.17      IN      PTR     mx1.jiajie.com.18      IN      PTR     mx2.jiajie.com.
  3. 检查和重新加载:

    # named-checkconf # named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone zone 192.168.1.in-addr.arpa/IN: loaded serial 20170507OK# rndc reloadserver reload successful
  4. 查看现象:

    # host -t ptr 192.168.1.16 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 16.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.16.1.168.192.in-addr.arpa domain name pointer ns1.jiajie.com.# host -t ptr 192.168.1.20 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 20.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.20.1.168.192.in-addr.arpa domain name pointer ns2.jiajie.com.# host -t ptr 192.168.1.17 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 17.1.168.192.in-addr.arpa domain name pointer mx1.jiajie.com.
  5. WINDOWS平台查看:



配置从服务器(IP:192.168.1.20):

注意

  1. 从服务器应该是一台独立的服务器

  2. 主服务器的区域解析库里必须有一条NS记录志向从服务器

  3. 从服务器只需要定义区域,并不需要配置解析库文件

下载安装包:

    yum -y install bind    yum -y install bind-utils

配置从服务器的配置文件

# vim /etc/named.confoptions {        listen-on port 53 { 192.168.1.20; 127.0.0.1; };//      listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };        recursion yes;//      dnssec-enable yes;//      dnssec-validation yes;        /* Path to ISC DLV key *///      bindkeys-file "/etc/named.iscdlv.key";//      managed-keys-directory "/var/named/dynamic";};

添加区域文件:

# vim  /etc/named.rfc1912.zoneszone "jiajie.com" IN {    type slave;    masters { 192.168.1.16; };    file "slaves/jiajie.com.zone";};zone "1.168.192.in-addr.arpa" IN {    type slave;    masters { 192.168.1.16; };    file "slaves/192.168.1.zone";};

查错与加载:

# named-checkconf # rndc reload

现象:这时候你会看见在/var/named/slaves/目录下有两个文件(我们并没有创建)。可知从服务已经自动把主服务器的解析库文件复制过来了。

# ll /var/named/slaves/192.168.1.zone   jiajie.com.zone

这时你在主服务器上的解析库里添加或者修改数据,然后将系列号加1,这时候主服务器会通知从服务来"复制"数据。


排错:

  1. 一般出错就在于格式或者符号问题,细心点就可以排除大部分问题。

  2. 本人在配置反向解析库文件查错时出现了下面问题:

    # named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone /var/named/192.168.1.zone:3: ignoring out-of-zone data (1.168.192.in-addr.arpa)/var/named/192.168.1.zone:11: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:12: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:13: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:14: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:15: ignoring out-of-zone data (17.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:16: ignoring out-of-zone data (18.1.168.192.in-addr.arpa)zone 192.168.1.in-addr.arpa/IN: has 0 SOA recordszone 192.168.1.in-addr.arpa/IN: has no NS recordszone 192.168.1.in-addr.arpa/IN: not loaded due to errors.

虽然报错,但是反向解析依然可以使用。我在多方寻求帮助未果,最后发现只要把/var/named/192.158.1.zone中的$ORIGIN 1.168.192.in-addr.arpa删除就可以了。这行本来就是可有可无的,写上只是为了好理解一点。


2017/5/7 11:55:42


0