DNS基础配置

环境介绍

两台centos7.4 minimal，均关闭selinux和firewalld

hostname ip master.dns.com 10.10.84.115 slave.dns.com 10.10.84.116

master配置

• 安装软件包

[root@master ~]# yum -y install bind-libs bind-utils bind bind-chroot[root@master ~]# systemctl enable named[root@master ~]# systemctl enable named-chroot

• 修改主配置文件

[root@master ~]# vim /etc/named.confoptions {        listen-on port 53 { any; };        listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };        recursion no;        dnssec-enable yes;        dnssec-validation yes;        bindkeys-file "/etc/named.iscdlv.key";        managed-keys-directory "/var/named/dynamic";        pid-file "/run/named/named.pid";        session-keyfile "/run/named/session.key";};logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };};zone "." IN {        type hint; #直接加载进缓存        file "named.ca";};zone "dns.com." IN {        type master;        file "dns.com.zone";        forwarders {}; #不转发        allow-update {}; #不许别的服务器更新        allow-transfer { 10.10.84.116; }; #允许区域传递}[root@master data]# named-checkconf #检查是否有语法错误

• 修改域配置文件

[root@master ~]# cd /var/named/[root@master named]# cp -av named.empty dns.com.zone[root@master ~]# vim /var/named/dns.com.zone$TTL 1D@       IN SOA  master.dns.com. root.master.dns.com. (                                        0       ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H )    ; minimum            NS      master.dns.com. #dns.com.由master.dns.com.进行解析            NS      slave.dns.com.master.dns.com. A 10.10.84.115slave.dns.com.  A 10.10.84.116[root@master ~]# systemctl restart named[root@master ~]# systemctl restart named-chroot

• 测试

[root@master named]# nslookup > slave.dns.comServer:     10.10.84.115Address:    10.10.84.115#53Name:   slave.dns.comAddress: 10.10.84.116

• rndc工具

当新添加了zone文件，可以不重启named服务，使用rndc reload[root@master ~]# rndc -s 10.10.84.115 reload

slave配置

• 安装软件包

[root@master ~]# yum -y install bind-libs bind-utils bind bind-chroot[root@master ~]# systemctl enable named[root@master ~]# systemctl enable named-chroot

• 修改主配置文件

[root@slave ~]# vim /etc/named.conf    listen-on port 53 { any; };    allow-query     { any; };zone "dns.com." IN {        type slave;        masters { 10.10.84.115; };        file "slaves/dns.com.zone";};