配置主从服务器
主DNS服务器: 维护所负责解析的域内解析库的服务器;解析库由管理维护
从DNS服务器:从主DNS服务器或其它的从DNS服务器那里“复制”(区域传递)一份解析库
主服务器配置
[root@localhost ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 172.16.50.37; };
directory “/var/named”;
allow-transfer { 172.16.50.60; };
};
zone “baidu.com” IN {
type master;
file “baidu.com.zone”;
};
zone “50.16.172.in-addr.arpa” IN {
type master;
file “hehe.com.zone”;
};
“/etc/named.conf” 26L, 650C
[root@localhost ~]# systemctl restart named
从服务器配置
在实际工作环境中,对于解析任务繁重,工作负荷较大的服务器而言,难免存在服务器出现问题,而在网络环境中,如果因为服务器不能提供服务,损失将会是巨大的,因此需要做一个备份可提供服务的DNS服务器,称为从DNS服务器。
从服务器只需定义区域,而无需提供解析库文件;
主从启动后,解析库文件会自动传送并放置于/var/named/slaves/目录中
[root@localhost slaves]# vim /etc/named.conf
options {
listen-on port 53 { 172.16.50.60; };
directory “/var/named”;
};
zone “baidu.com” IN {
type slave;
file “slaves/baidu.com.zone”;
masters { 172.16.50.37; };
};
zone “50.16.172.in-addr.arpa” IN {
type slave;
file “slaves/hehe.com.zone”;
masters { 172.16.50.37; };
};
[root@localhost ~]# systemctl restart named
**从服务器重启后,是否产生slaves 目录和里面是否有主服务器上配置的zone区域
如果产生slaves目录,但没有zone区域文件,则检查防火墙是否关闭**
正反向批量解析:
正向解析
[root@localhost ~]# vim /var/named/baidu.com.zone
<script type="math/tex" id="MathJax-Element-113">TTL 1D @ IN SOA @ admin.baidu.com. ( 0 1D 1H 1W 3H ) IN NS ns.baidu.com. IN MX 10 mail.baidu.com. ns IN A 172.16.50.37 mail IN A 172.16.50.2 www IN A 172.16.50.1 www IN A 172.16.50.3 ftp IN CNAME www </script>GENERATE 1-10
<script type="math/tex" id="MathJax-Element-114">.baidu.com. IN A 172.16.50..</script>
[root@localhost ~]# systemctl restart named
[root@localhost ~]# dig -t A 1.baidu.com @172.16.50.37
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -t A 1.baidu.com @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.baidu.com. IN A
;; ANSWER SECTION:
1.baidu.com. 86400 IN A 172.16.50.1
;; AUTHORITY SECTION:
baidu.com. 86400 IN NS ns.baidu.com.
;; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37
;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Sat Aug 04 08:17:07 EDT 2018
;; MSG SIZE rcvd: 89
反向解析:
[root@localhost ~]# vim /var/named/hehe.com.zone
<script type="math/tex" id="MathJax-Element-115">TTL 1D @ IN SOA ns.baidu.com. admin.baidu.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.baidu.com. 37 IN PTR ns.baidu.com. 128 IN PTR www.baidu.com. </script>GENERATE 1-10
.baidu.com.
“/var/named/hehe.com.zone” 11L, 245C
[root@localhost ~]# systemctl restart named
[root@localhost ~]# dig -x 172.16.50.1 @172.16.50.37
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 172.16.50.1 @172.16.50.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55547
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.50.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.50.16.172.in-addr.arpa. 86400 IN PTR 1.baidu.com.
;; AUTHORITY SECTION:
50.16.172.in-addr.arpa. 86400 IN NS ns.baidu.com.
; ADDITIONAL SECTION:
ns.baidu.com. 86400 IN A 172.16.50.37
;; Query time: 0 msec
;; SERVER: 172.16.50.37#53(172.16.50.37)
;; WHEN: Sat Aug 04 08:24:00 EDT 2018
;; MSG SIZE rcvd: 111