配置DNS的正反向解析与主从同步
配置DNS的正反向解析与主从同步
准备:
本实验基于两台centos6.5其内核版本号为
2.6.32-431.el6.x86_64
配置时间同步
# echo "#update system date by jiajie at 20170506" >>/var/spool/cron/root # echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1" >>/var/spool/cron/root
关闭防火墙和SELINUX
# service iptables stop# setenforce 0# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
本实验的主DNS服务器IP是:
192.168.1.16
,从DNS服务器的IP是192.168.1.20
。主服务器:支持正反向解析,从服务器:从正反向解析
开始 配置主服务器(IP:192.168.1.16)
安装软件
# yum -y install bind bind-libs bind-utils
版本:bind.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.1
配置正向解析的数据库文件 ; 配置主DNS服务器的配置文件(只列出修改的):
# cat /etc/named.confoptions { listen-on port 53 { 192.168.1.16; 127.0.0.1; };//or delete this line // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; // dnssec-enable yes; // dnssec-validation yes; /* Path to ISC DLV key */ // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; };*定义正向区域*在该文件内添加下面的ZONE(注意格式和符号)# tail /etc/named.rfc1912.zones zone "jiajie.com" IN { type master; file "jiajie.zone"; };
创建区域解析库文件:
# vim /var/named/jiajie.com.zone $TTL 1D$ORIGIN jiajie.com.@ IN SOA ns1.jiajie.com. jjzgood.126.com. ( 20170507 1H 10M 5D 1D ) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2ns1 IN A 192.168.1.16ns2 IN A 192.168.1.20mx1 IN A 192.168.1.17mx2 IN A 192.168.1.18www IN A 192.168.1.16www IN A 192.169.1.20ftp IN CNAME www
修改权限和属组:
# chown :named /var/named/jiajie.zone # chmod 640 /var/named/jiajie.zone
查错和重启服务:
# named-checkconf # named-checkzone "jiajie.com" /var/named/jiajie.zone zone jiajie.com/IN: loaded serial 20170507 OK# service named restart# rndc status
现象:
# host -t A www.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: www.jiajie.com has address 192.169.1.20www.jiajie.com has address 192.168.1.16# host -t A mx1.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: mx1.jiajie.com has address 192.168.1.17# host -t A ftp.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: ftp.jiajie.com is an alias for www.jiajie.com.www.jiajie.com has address 192.168.1.16www.jiajie.com has address 192.169.1.20
由现象可以看出我们配置的主DNS服务器是成功的。
配置反向解析: 添加反向zone:
# tail /etc/named.rfc1912.zoneszone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.zone";};
添加反向区域解析库文件:
# vim /var/named/192.168.1.zone $TTL 1D@ IN SOA ns1.jiajie.com. jjzgood.126.com. ( 20170507 1H 10M 5D 1D ) IN NS ns1.jiajie.com. IN NS ns2.jiajie.com. 16 IN PTR ns1.jiajie.com.16 IN PTR www.jiajie.com.20 IN PTR ns2.jiajie.com.20 IN PTR www.jiajie.com.17 IN PTR mx1.jiajie.com.18 IN PTR mx2.jiajie.com.
检查和重新加载:
# named-checkconf # named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone zone 192.168.1.in-addr.arpa/IN: loaded serial 20170507OK# rndc reloadserver reload successful
查看现象:
# host -t ptr 192.168.1.16 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 16.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.16.1.168.192.in-addr.arpa domain name pointer ns1.jiajie.com.# host -t ptr 192.168.1.20 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 20.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.20.1.168.192.in-addr.arpa domain name pointer ns2.jiajie.com.# host -t ptr 192.168.1.17 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 17.1.168.192.in-addr.arpa domain name pointer mx1.jiajie.com.
WINDOWS平台查看:
配置从服务器(IP:192.168.1.20):
注意
从服务器应该是一台独立的服务器
主服务器的区域解析库里必须有一条NS记录志向从服务器
从服务器只需要定义区域,并不需要配置解析库文件
下载安装包:
yum -y install bind yum -y install bind-utils
配置从服务器的配置文件
# vim /etc/named.confoptions { listen-on port 53 { 192.168.1.20; 127.0.0.1; };// listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes;// dnssec-enable yes;// dnssec-validation yes; /* Path to ISC DLV key */// bindkeys-file "/etc/named.iscdlv.key";// managed-keys-directory "/var/named/dynamic";};
添加区域文件:
# vim /etc/named.rfc1912.zoneszone "jiajie.com" IN { type slave; masters { 192.168.1.16; }; file "slaves/jiajie.com.zone";};zone "1.168.192.in-addr.arpa" IN { type slave; masters { 192.168.1.16; }; file "slaves/192.168.1.zone";};
查错与加载:
# named-checkconf # rndc reload
现象:这时候你会看见在/var/named/slaves/
目录下有两个文件(我们并没有创建)。可知从服务已经自动把主服务器的解析库文件复制过来了。
# ll /var/named/slaves/192.168.1.zone jiajie.com.zone
这时你在主服务器上的解析库里添加或者修改数据,然后将系列号加1,这时候主服务器会通知从服务来"复制"数据。
排错:
一般出错就在于格式或者符号问题,细心点就可以排除大部分问题。
本人在配置反向解析库文件查错时出现了下面问题:
# named-checkzone "192.168.1.in-addr.arpa" /var/named/192.168.1.zone /var/named/192.168.1.zone:3: ignoring out-of-zone data (1.168.192.in-addr.arpa)/var/named/192.168.1.zone:11: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:12: ignoring out-of-zone data (16.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:13: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:14: ignoring out-of-zone data (20.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:15: ignoring out-of-zone data (17.1.168.192.in-addr.arpa)/var/named/192.168.1.zone:16: ignoring out-of-zone data (18.1.168.192.in-addr.arpa)zone 192.168.1.in-addr.arpa/IN: has 0 SOA recordszone 192.168.1.in-addr.arpa/IN: has no NS recordszone 192.168.1.in-addr.arpa/IN: not loaded due to errors.
虽然报错,但是反向解析依然可以使用。我在多方寻求帮助未果,最后发现只要把/var/named/192.158.1.zone
中的$ORIGIN 1.168.192.in-addr.arpa
删除就可以了。这行本来就是可有可无的,写上只是为了好理解一点。
2017/5/7 11:55:42