系统运维-18-2-bind高级应用之主从同步与反向解析

1.关于host命令

host -t NS example.com 172.20.0.131解析名称空间服务。host -t MX example.com 172.20.0.131解析邮件服务。

[root@lab1 named]# host -t NS example.com 172.20.0.131
Using domain server:
Name: 172.20.0.131
Address: 172.20.0.131#53
Aliases:

example.com name server ns1.example.com.
example.com name server ns2.example.com.
[root@lab1 named]# host -t MX example.com 172.20.0.131
Using domain server:
Name: 172.20.0.131
Address: 172.20.0.131#53
Aliases:

example.com mail is handled by 10 mx1.example.com.
example.com mail is handled by 20 mx2.example.com.

2.关于nslookup命令

nslookup进入交互式命令界面。server 172.20.0.131设定解析主机。set q=A设置要查询的解析类型。www.example.com要查询的解析域名。set q=NS设置要查询的解析类型。example.com要查询的解析域名。

[root@lab1 named]# nslookup
> server 172.20.0.131
Default server: 172.20.0.131
Address: 172.20.0.131#53
> set q=A
> www.example.com
Server: 172.20.0.131
Address: 172.20.0.131#53

Name: www.example.com
Address: 172.20.0.131
Name: www.example.com
Address: 172.20.0.132

> set q=NS
> example.com
Server: 172.20.0.131
Address: 172.20.0.131#53

example.com nameserver = ns1.example.com.
example.com nameserver = ns2.example.com.

3.反向解析区域文件

vim -o example.com.zone 172.20.0.zon编辑文件。cat 172.20.0.zone查看文件。vim /etc/named.rfc1912.zones编辑配置文件。 tail -4 /etc/named.rfc1912.zones查看配置文件增加的内容。ll 172.20.0.zone查看配置文件权限和权属。ll 172.20.0.zone修改后确认配置文件权限和权属。named-checkzone "0.20.172.in-addr.arpa" 172.20.0.zone检查区域文件语法。named-checkconf检查主配置文件语法。systemctl reload named重新载入配置。rndc status查看状态信息。host -t PTR 172.20.0.131 172.20.0.131使用host命令进行解析。dig -x 172.20.0.131 @172.20.0.131使用dig命令进行解析。dig -x 172.20.0.132 @172.20.0.131解析其他地址。

[root@lab1 named]# vim -o example.com.zone 172.20.0.zone
2 files to edit
[root@lab1 named]# cat 172.20.0.zone
$TTL 86400
$ORIGIN 0.20.172.in-addr.arpa.
@ IN SOA ns1.example.com. admin.example.com. (
2019011601
1H
5M
7D
1D )
IN NS ns1.example.com.
IN NS ns2.example.com.
131 IN PTR ns1.example.com.
131 IN PTR www.example.com.
132 IN PTR mx1.example.com.
132 IN PTR www.example.com.
133 IN PTR mx2.example.com.

[root@lab1 named]# vim /etc/named.rfc1912.zones

[root@lab1 named]# tail -4 /etc/named.rfc1912.zones
zone "0.20.172.in-addr.arpa" IN {
type master;
file "172.20.0.zone";
};
[root@lab1 named]# ll 172.20.0.zone
-rw-r--r--. 1 root root 550 Jan 16 05:42 172.20.0.zone
[root@lab1 named]# chmod 640 172.20.0.zone
[root@lab1 named]# chown :named 172.20.0.zone
[root@lab1 named]# ll 172.20.0.zone
-rw-r-----. 1 root named 550 Jan 16 05:42 172.20.0.zone

[root@lab1 named]# named-checkzone "0.20.172.in-addr.arpa" 172.20.0.zone
zone 0.20.172.in-addr.arpa/IN: loaded serial 2019011601
OK
[root@lab1 named]# named-checkconf
[root@lab1 named]# systemctl reload named
[root@lab1 named]# rndc status
version: 9.9.4-RedHat-9.9.4-72.el7 <id:8f9657aa>
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 103
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@lab1 named]# host -t PTR 172.20.0.131 172.20.0.131
Using domain server:
Name: 172.20.0.131
Address: 172.20.0.131#53
Aliases:

131.0.20.172.in-addr.arpa domain name pointer www.example.com.
131.0.20.172.in-addr.arpa domain name pointer ns1.example.com.

[root@lab1 named]# dig -x 172.20.0.131 @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 172.20.0.131 @172.20.0.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9270
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;131.0.20.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
131.0.20.172.in-addr.arpa. 86400 IN PTR www.example.com.
131.0.20.172.in-addr.arpa. 86400 IN PTR ns1.example.com.

;; AUTHORITY SECTION:
0.20.172.in-addr.arpa. 86400 IN NS ns2.example.com.
0.20.172.in-addr.arpa. 86400 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 86400 IN A 172.20.0.131
ns2.example.com. 86400 IN A 172.20.0.132

;; Query time: 0 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 05:57:04 EST 2019
;; MSG SIZE rcvd: 165

[root@lab1 named]# dig -x 172.20.0.132 @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 172.20.0.132 @172.20.0.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.0.20.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
132.0.20.172.in-addr.arpa. 86400 IN PTR www.example.com.
132.0.20.172.in-addr.arpa. 86400 IN PTR mx1.example.com.

;; AUTHORITY SECTION:
0.20.172.in-addr.arpa. 86400 IN NS ns1.example.com.
0.20.172.in-addr.arpa. 86400 IN NS ns2.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 86400 IN A 172.20.0.131
ns2.example.com. 86400 IN A 172.20.0.132

;; Query time: 0 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 05:57:42 EST 2019
;; MSG SIZE rcvd: 169

4.模拟区域传送
dig -t axfr example.com @172.20.0.131模拟区域全量传送。dig -t axfr 0.20.172.in-addr.arpa @172.20.0.131模拟区域反向解析全量传送。

[root@lab1 named]# dig -t axfr example.com @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t axfr example.com @172.20.0.131
;; global options: +cmd
example.com.       86400   IN   SOA   ns1.example.com. admin.example.com.example.com. 2019011501 3600 300 604800 86400
example.com.       86400   IN   NS   ns1.example.com.
example.com.       86400   IN   NS   ns2.example.com.
example.com.       86400   IN   MX   10 mx1.example.com.
example.com.       86400   IN   MX   20 mx2.example.com.
ftp.example.com.   86400   IN   CNAME   www.example.com.
mx1.example.com.   86400   IN   A   172.20.0.133
mx2.example.com.   86400   IN   A   172.20.0.134
ns1.example.com.   86400   IN   A   172.20.0.131
ns2.example.com.   86400   IN   A   172.20.0.132
www.example.com.   86400   IN   A   172.20.0.131
www.example.com.   86400   IN   A   172.20.0.132
example.com.       86400   IN   SOA   ns1.example.com. admin.example.com.example.com. 2019011501 3600 300 604800 86400
;; Query time: 0 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 06:04:27 EST 2019
;; XFR size: 13 records (messages 1, bytes 313)

[root@lab1 named]# dig -t axfr 0.20.172.in-addr.arpa @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t axfr 0.20.172.in-addr.arpa @172.20.0.131
;; global options: +cmd
0.20.172.in-addr.arpa.   86400   IN   SOA   ns1.example.com. admin.example.com. 2019011601 3600 300 604800 86400
0.20.172.in-addr.arpa.   86400   IN   NS   ns1.example.com.
0.20.172.in-addr.arpa.   86400   IN   NS   ns2.example.com.
131.0.20.172.in-addr.arpa. 86400 IN   PTR   ns1.example.com.
131.0.20.172.in-addr.arpa. 86400 IN   PTR   www.example.com.
132.0.20.172.in-addr.arpa. 86400 IN   PTR   mx1.example.com.
132.0.20.172.in-addr.arpa. 86400 IN   PTR   www.example.com.
133.0.20.172.in-addr.arpa. 86400 IN   PTR   mx2.example.com.
0.20.172.in-addr.arpa.   86400   IN   SOA   ns1.example.com. admin.example.com. 2019011601 3600 300 604800 86400
;; Query time: 0 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 06:05:31 EST 2019
;; XFR size: 9 records (messages 1, bytes 258)

5.泛域名解析

dig -t A pop3.example.com @172.20.0.131解析错误域名会得到否定答复。vim example.com.zone编辑区域解析配置文件。tail -1 example.com.zone查看增加的内容。rndc reload重新载入状态配置。dig -t A pop3.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3再次解析发现到指定域名区域进行解析。dig -t A p.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3变化解析域名依然到指定域名区域进行解析。vim example.com.zone编辑区域解析配置文件。tail -1 example.com.zone查看增加的内容。dig -t A example.com @172.20.0.131 | grep "ANSWER SECTION" -A3对指定域名进行解析。dig -t A abc.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3对指定域名下的子域名进行解析。

[root@lab1 named]# dig -t A pop3.example.com @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t A pop3.example.com @172.20.0.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3099
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pop3.example.com. IN A

;; AUTHORITY SECTION:
example.com. 86400 IN SOA ns1.example.com. admin.example.com.example.com. 2019011501 3600 300 604800 86400

;; Query time: 0 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 06:11:40 EST 2019
;; MSG SIZE rcvd: 103
[root@lab1 named]# vim example.com.zone
[root@lab1 named]# tail -1 example.com.zone
* IN A 172.20.0.131
[root@lab1 named]# rndc reload
server reload successful
[root@lab1 named]# dig -t A pop3.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3
;; ANSWER SECTION:
pop3.example.com.   86400   IN   CNAME   172.20.0.131.example.com.
172.20.0.131.example.com. 86400   IN   CNAME   172.20.0.131.example.com.
[root@lab1 named]# dig -t A p.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3
;; ANSWER SECTION:
p.example.com.       86400   IN   CNAME   172.20.0.131.example.com.
172.20.0.131.example.com. 86400   IN   CNAME   172.20.0.131.example.com.
[root@lab1 named]# vim example.com.zone
[root@lab1 named]# tail -1 example.com.zone
example.com. IN A 172.20.0.131
[root@lab1 named]# rndc reload
server reload successful
[root@lab1 named]# dig -t A example.com @172.20.0.131 | grep "ANSWER SECTION" -A3
;; ANSWER SECTION:
example.com.       86400   IN   A   172.20.0.131
[root@lab1 named]# dig -t A abc.example.com @172.20.0.131 | grep "ANSWER SECTION" -A3
;; ANSWER SECTION:
abc.example.com.   86400   IN   A   172.20.0.131

6.主从同步（正向解析）

dig -t axfr example.com @172.20.0.131换第二台主机尝试通过第一台主机进行解析（这里记得两台主机都关防火墙进行测试，否则可能出现报错failed: host unreachable.）。vim /etc/named.conf编辑配置文件。cat /etc/named.conf | grep -v ^$ | grep -v ^\/查看配置文件。ps aux | grep named查看进程。 ll -d /var/named/查看权限。 ll /var/named/ | grep slaves查看存放解析文件目录权限。vim /etc/named.rfc1912.zones 编辑配置文件。tail -5 /etc/named.rfc1912.zones增加的内容。 rndc reload重新载入信息。cat /var/log/messages | grep named | tail -9查看日志文件。ll /var/named/slaves确认从主解析服务器同步的解析文件。vim example.com.zone 修改主服务器的解析文件（注意文件中的版本编号自己手动+1）。 tail /var/log/messages查看日志确认向从服务器发送同步。

[root@lab2 ~]# dig -t axfr example.com @172.20.0.131

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -t axfr example.com @172.20.0.131
;; global options: +cmd
example.com.       86400   IN   SOA   ns1.example.com. admin.example.com.example.com. 2019011501 3600 300 604800 86400
example.com.       86400   IN   A   172.20.0.131
example.com.       86400   IN   NS   ns1.example.com.
example.com.       86400   IN   NS   ns2.example.com.
example.com.       86400   IN   MX   10 mx1.example.com.
example.com.       86400   IN   MX   20 mx2.example.com.
*.example.com.       86400   IN   A   172.20.0.131
ftp.example.com.   86400   IN   CNAME   www.example.com.
mx1.example.com.   86400   IN   A   172.20.0.133
mx2.example.com.   86400   IN   A   172.20.0.134
ns1.example.com.   86400   IN   A   172.20.0.131
ns2.example.com.   86400   IN   A   172.20.0.132
www.example.com.   86400   IN   A   172.20.0.131
www.example.com.   86400   IN   A   172.20.0.132
example.com.       86400   IN   SOA   ns1.example.com. admin.example.com.example.com. 2019011501 3600 300 604800 86400
;; Query time: 1 msec
;; SERVER: 172.20.0.131#53(172.20.0.131)
;; WHEN: Wed Jan 16 06:54:05 EST 2019
;; XFR size: 15 records (messages 1, bytes 347)

[root@lab2 ~]# vim /etc/named.conf
[root@lab2 ~]# cat /etc/named.conf | grep -v ^$ | grep -v ^\/
options {
   listen-on-v6 port 53 { ::1; };
   directory    "/var/named";
   dump-file    "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   recursing-file "/var/named/data/named.recursing";
   secroots-file "/var/named/data/named.secroots";
   allow-query { any; };
   /*
   - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
   - If you are building a RECURSIVE (caching) DNS server, you need to enable
   recursion.
   - If your recursive DNS server has a public IP address, you MUST enable access
   control to limit queries to your legitimate users. Failing to do so will
   cause your server to become part of large scale DNS amplification
   attacks. Implementing BCP38 within your network would greatly
   reduce such attack surface
   */
   recursion yes;
   /* Path to ISC DLV key */
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
   type hint;
   file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@lab2 ~]# ps aux | grep named
named 1688 0.0 3.3 241804 61712 ? Ssl 06:43 0:00 /usr/sbin/named -u named -c /etc/named.conf
root 1825 0.0 0.2 151284 5008 pts/0 S+ 07:00 0:00 vim /etc/named.rfc1912.zones
root 1862 0.0 0.0 112660 972 pts/1 S+ 07:01 0:00 grep --color=auto named
[root@lab2 ~]# ll -d /var/named/
drwxrwx--T. 8 root named 177 Jan 16 06:52 /var/named/
[root@lab2 ~]# ll /var/named/ | grep slaves
drwxrwx---. 2 named named 6 Oct 30 20:29 slaves
[root@lab2 ~]# vim /etc/named.rfc1912.zones
[root@lab2 ~]# tail -5 /etc/named.rfc1912.zones
zone "example.com" IN {
type slave;
masters { 172.20.0.131; };
file "slaves/example.com.zone";
};

[root@lab2 ~]# rndc reload
server reload successful
[root@lab2 ~]# cat /var/log/messages | grep named | tail -9
Jan 16 07:06:29 lab2 named[1688]: reloading configuration succeeded
Jan 16 07:06:29 lab2 named[1688]: reloading zones succeeded
Jan 16 07:06:29 lab2 named[1688]: all zones loaded
Jan 16 07:06:29 lab2 named[1688]: running
Jan 16 07:06:29 lab2 named[1688]: zone example.com/IN: Transfer started.
Jan 16 07:06:29 lab2 named[1688]: transfer of 'example.com/IN' from 172.20.0.131#53: connected using 172.20.0.132#41860
Jan 16 07:06:29 lab2 named[1688]: zone example.com/IN: transferred serial 2019011501
Jan 16 07:06:29 lab2 named[1688]: transfer of 'example.com/IN' from 172.20.0.131#53: Transfer completed: 1 messages, 15 records, 347 bytes, 0.001 secs (347000 bytes/sec)
Jan 16 07:06:29 lab2 named[1688]: zone example.com/IN: sending notifies (serial 2019011501)

[root@lab2 ~]# ll /var/named/slaves
total 4
-rw-r--r--. 1 named named 630 Jan 16 07:06 example.com.zone
[root@lab1 named]# vim example.com.zone
[root@lab1 named]# tail -1 example.com.zone
pop3 IN CNAME mx1
[root@lab1 named]# rndc reload
server reload successful
[root@lab1 named]# tail /var/log/messages
Jan 16 07:13:47 lab1 named[2077]: automatic empty zone: B.E.F.IP6.ARPA
Jan 16 07:13:47 lab1 named[2077]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 16 07:13:47 lab1 named[2077]: reloading configuration succeeded
Jan 16 07:13:47 lab1 named[2077]: reloading zones succeeded
Jan 16 07:13:47 lab1 named[2077]: zone example.com/IN: loaded serial 2019011502
Jan 16 07:13:47 lab1 named[2077]: all zones loaded
Jan 16 07:13:47 lab1 named[2077]: running
Jan 16 07:13:47 lab1 named[2077]: zone example.com/IN: sending notifies (serial 2019011502)
Jan 16 07:13:47 lab1 named[2077]: client 172.20.0.132#53486 (example.com): transfer of 'example.com/IN': AXFR-style IXFR started
Jan 16 07:13:47 lab1 named[2077]: client 172.20.0.132#53486 (example.com): transfer of 'example.com/IN': AXFR-style IXFR ended

7.主从同步（反向解析）

vim 172.20.0.zone编辑反向解析文件。cat 172.20.0.zone | grep ns2 | grep PTR查看增加的内容。rndc reload重新载入信息。vim /etc/named.rfc1912.zones 修改从服务器主配置文件。tail -5 /etc/named.rfc1912.zones查看增加的内容。named-checkconf检查语法错误。rndc reload重新载入信息。tail /var/log/messages查看日志。 ll /var/named/slaves查看同步的反向解析文件。vim 172.20.0.zone 编辑主服务器反向解析文件。tail -1 172.20.0.zone查看增加的内容（注意文件中的版本编号自己手动+1）。 rndc reload重新载入信息。tail /var/log/messages查看日志同步信息。

[root@lab1 named]# vim 172.20.0.zone
[root@lab1 named]# cat 172.20.0.zone | grep ns2 | grep PTR
132 IN PTR ns2.example.com.
[root@lab1 named]# rndc reload
server reload successful

[root@lab2 ~]# vim /etc/named.rfc1912.zones
[root@lab2 ~]# tail -5 /etc/named.rfc1912.zones
zone "0.20.172.in-addr.arpa" IN {
type slave;
masters { 172.20.0.131; };
file "slaves/172.20.0.zone";
};
[root@lab2 ~]# named-checkconf
[root@lab2 ~]# rndc reload
server reload successful

[root@lab2 ~]# tail /var/log/messages
Jan 16 07:28:48 lab2 named[1688]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 16 07:28:48 lab2 named[1688]: reloading configuration succeeded
Jan 16 07:28:48 lab2 named[1688]: reloading zones succeeded
Jan 16 07:28:48 lab2 named[1688]: zone 0.20.172.in-addr.arpa/IN: Transfer started.
Jan 16 07:28:48 lab2 named[1688]: all zones loaded
Jan 16 07:28:48 lab2 named[1688]: running
Jan 16 07:28:48 lab2 named[1688]: transfer of '0.20.172.in-addr.arpa/IN' from 172.20.0.131#53: connected using 172.20.0.132#58843
Jan 16 07:28:48 lab2 named[1688]: zone 0.20.172.in-addr.arpa/IN: transferred serial 2019011601
Jan 16 07:28:48 lab2 named[1688]: transfer of '0.20.172.in-addr.arpa/IN' from 172.20.0.131#53: Transfer completed: 1 messages, 10 records, 272 bytes, 0.001 secs (272000 bytes/sec)
Jan 16 07:28:48 lab2 named[1688]: zone 0.20.172.in-addr.arpa/IN: sending notifies (serial 2019011601)
[root@lab2 ~]# ll /var/named/slaves
total 8
-rw-r--r--. 1 named named 461 Jan 16 07:28 172.20.0.zone
-rw-r--r--. 1 named named 687 Jan 16 07:13 example.com.zone
[root@lab1 named]# vim 172.20.0.zone
[root@lab1 named]# tail -1 172.20.0.zone
134 IN PTR imap.example.com.

[root@lab1 named]# rndc reload
server reload successful
[root@lab1 named]# tail /var/log/messages
Jan 16 07:33:30 lab1 named[2077]: automatic empty zone: B.E.F.IP6.ARPA
Jan 16 07:33:30 lab1 named[2077]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 16 07:33:30 lab1 named[2077]: reloading configuration succeeded
Jan 16 07:33:30 lab1 named[2077]: reloading zones succeeded
Jan 16 07:33:30 lab1 named[2077]: zone 0.20.172.in-addr.arpa/IN: loaded serial 2019011602
Jan 16 07:33:30 lab1 named[2077]: zone 0.20.172.in-addr.arpa/IN: sending notifies (serial 2019011602)
Jan 16 07:33:30 lab1 named[2077]: all zones loaded
Jan 16 07:33:30 lab1 named[2077]: running
Jan 16 07:33:30 lab1 named[2077]: client 172.20.0.132#46467 (0.20.172.in-addr.arpa): transfer of '0.20.172.in-addr.arpa/IN': AXFR-style IXFR started
Jan 16 07:33:30 lab1 named[2077]: client 172.20.0.132#46467 (0.20.172.in-addr.arpa): transfer of '0.20.172.in-addr.arpa/IN': AXFR-style IXFR ended

8.关于rndc命令

rndc status | grep query查看查询功能是否开启。rndc querylog开启查询功能。 rndc status | grep query确认开启状态。dig -t A example.com @172.20.0.132用从服务器尝试解析。 tail /var/log/messages | grep client查看日志确认记录。 dig -t MX example.com @172.20.0.132尝试用主服务器进行解析。tail /var/log/messages | grep client查看日志确认记录。rndc status | grep level查看调试级别。rndc trace手动调升（默认1级）。rndc status | grep level查看调试级别。rndc trace 5直接指定级别。rndc trace 0关闭（0级别默认为关闭）。rndc status | grep level查看调试级别。

[root@lab2 named]# rndc status | grep query
query logging is OFF
[root@lab2 named]# rndc querylog
[root@lab2 named]# rndc status | grep query
query logging is ON

[root@lab2 ~]# dig -t A example.com @172.20.0.132

[root@lab2 ~]# tail /var/log/messages | grep client
Jan 16 08:04:51 lab2 named[1688]: client 172.20.0.132#41725 (example.com): query: example.com IN A +E (172.20.0.132)
[root@lab1 named]# dig -t MX example.com @172.20.0.132

[root@lab2 ~]# tail /var/log/messages | grep client
Jan 16 08:04:51 lab2 named[1688]: client 172.20.0.132#41725 (example.com): query: example.com IN A +E (172.20.0.132)
Jan 16 08:07:11 lab2 named[1688]: client 172.20.0.131#56932 (example.com): query: example.com IN MX +E (172.20.0.132)
[root@lab2 ~]# rndc status | grep level
debug level: 0
[root@lab2 ~]# rndc trace
[root@lab2 ~]# rndc status | grep level
debug level: 1
[root@lab2 ~]# rndc trace 5
[root@lab2 ~]# rndc status | grep level
debug level: 5
[root@lab2 ~]# rndc trace 0
[root@lab2 ~]# rndc status | grep level
debug level: 0

系统运维-18-2-bind高级应用之主从同步与反向解析

猜你喜欢