DNS主从服务器配置及案例解析

来源：互联网发布：网络连接错误编辑：程序博客网时间：2024/06/05 20:48

DNS主服务器:192.168.88.131

从服务器：192.168.88.130

主从复制（注意点）：

1、应该为一台独立的名称服务器；

2、主服务器的区域解析库文件中必须有一条NS记录是指向从服务器；

3、从服务器只需定义区域，而无需提供解析库文件；解析库文件应该放置于/var/named/slaves/目录中

4、主服务器得允许从服务器作区域传送

5、主从服务器时间应该同步，可通过ntp进行，

6、bind程序的版本应该保持一致，否则，应该从高，主低

一、从服务器配置（192.168.88.130）

从服务器只需定义区域，而无需提供解析库文件；

主从启动后，解析库文件会自动传送并放置于/var/named/slaves/目录中

定义从区域的方法：

zone"ZONE_NAME" IN {

typeslave;

masters{ MASTER_IP; }

file"slaves/ZONE_NAME.zone";

}

[root@www ~]# ps aux | grep named

named 9199 0.0 2.6 312424 13104 ? Ssl 01:13 0:00 /usr/sbin/named -unamed

root 9232 0.0 0.7 143964 3488 pts/1 S+ 01:14 0:00 vim /etc/named.rfc1912.zones

root 9319 0.0 0.1 103268 864 pts/0 S+ 01:17 0:00 grep named

[root@www ~]# ll -d /var/named/

drwxr-x---. 5 root named 4096 11月 17 22:16 /var/named/

[root@www ~]# ll /var/named/

总用量 28

drwxrwx---. 2 named named 4096 11月 18 01:13 data

drwxrwx---. 2 named named 4096 11月 18 01:13 dynamic

-rw-r-----. 1 root named 3289 4月 11 2017 named.ca

-rw-r-----. 1 root named 152 12月 15 2009named.empty

-rw-r-----. 1 root named 152 6月 21 2007 named.localhost

-rw-r-----. 1 root named 168 12月 15 2009 named.loopback

drwxrwx---. 2 named named 4096 7月 517:55 slaves

[root@www named]# vim /etc/named.conf

options {

listen-on port 53 { 192.168.88.130;127.0.0.1; };

// listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file"/var/named/data/named_stats.txt";

memstatistics-file"/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

// dnssec-enable yes;

// dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

// managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file"data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

include"/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@www slaves]# vim /etc/named.rfc1912.zones

…….

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "1.0.0.127.in-addr.arpa" IN{

type master;

file "named.loopback";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

//定义正解从区域

zone"field.com" IN {

type slave;

masters { 192.168.88.131; };

file "slaves/field.com.zone";

};

//定义反解从区域

zone"88.168.192.in-addr.arpa" IN {

type slave;

masters { 192.168.88.131; };

file"slaves/192.168.88.zone";

[root@wwwslaves]# named-checkconf

//查看主配置文件是否有语法错误

[root@www named]# cd /var/named/slaves/

[root@www slaves]# service named restart

停止 named：.[确定]

启动 named：[确定]

二、主服务器上配置(192.168.88.131)：

注意：主服务器的区域解析库文件中必须有一条NS记录是指向从服务器；

[root@www named]# ls

192.168.88.zone data field.com.zone named.empty named.loopback

chroot dynamic named.ca named.localhost slaves

[root@www named]# vim/etc/named.rfc1912.zones

file "named.localhost";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "1.0.0.127.in-addr.arpa" IN{

type master;

file "named.loopback";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

zone"field.com" IN {

type master;

file "field.com.zone";

};

zone"88.168.192.in-addr.arpa" IN {

type master;

file "192.168.88.zone";

};

(1)、定义正解区域解析库文件：

主服务器的区域解析库文件中必须有一条NS记录是指向从服务器

[root@wwwnamed]# vim field.com.zone

$TTL86400

$ORIGINfield.com.

@ IN SOA ns1.field.com.admin.field.com (

2017111702

//序列号必须手动加1

1D )

IN NS ns1

IN NS ns2

IN MX 10 mx1

IN MX 20 mx2

ns1 IN A 192.168.88.131

ns2 IN A 192.168.88.130

//从服务器正解必须要有一个NS记录

mx1 IN A 192.168.88.131

mx2 IN A 192.168.88.130

www IN A 192.168.88.131

ftp IN CNAME www

field.com. IN A 192.168.88.131

* IN A 192.168.88.131

[root@wwwnamed]# named-checkzone "field.com" /var/named/field.com.zone

zone field.com/IN: loaded serial 2017111701

[root@www named]# cat 192.168.88.zone

//反解暂时不变

$TTL 86400

$ORIGIN 88.168.192.in-addr.arpa.

@ IN SOA ns1.field.com. admin.field.com. (

2017111701

1D )

IN NS ns1.field.com.

IN NS ns2.field.com.

131 IN PTR ns1.field.com.

131 IN PTR www.field.com.

131 IN PTR mx1.field.com.

130 IN PTR mx2.field.com.

"192.168.88.zone" 14L, 302C 已写入

[root@wwwnamed]# rndc reload

server reload successful

[root@www named]# ls

192.168.88.zone data field.com.zone named.empty named.loopback

chroot dynamic named.ca named.localhost slaves

[root@www named]# tail /var/log/messages

Nov 18 01:47:20 www named[8468]: usingdefault UDP/IPv4 port range: [1024, 65535]

Nov 18 01:47:20 www named[8468]: usingdefault UDP/IPv6 port range: [1024, 65535]

Nov 18 01:47:20 www named[8468]: sizingzone task pool based on 8 zones

Nov 18 01:47:20 www named[8468]: Warning:'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones

Nov 18 01:47:20 www named[8468]: reloadingconfiguration succeeded

Nov 18 01:47:20 www named[8468]: reloadingzones succeeded

Nov 18 01:47:20 www named[8468]: zonefield.com/IN: loaded serial 2017111702

Nov 18 01:47:20 www named[8468]: zonefield.com/IN: sending notifies (serial 2017111702)

Nov 18 01:47:20 wwwnamed[8468]: client 192.168.88.130#51283: transfer of 'field.com/IN':AXFR-style IXFR started

Nov 18 01:47:20 wwwnamed[8468]: client 192.168.88.130#51283: transfer of 'field.com/IN':AXFR-style IXFR ended

//查看日志文件是否transfer 完成

[root@www named]# ls

192.168.88.zone data field.com.zone named.empty named.loopback

chroot dynamic named.ca named.localhost slaves

从服务器上查看是否同步完成：（192.168.88.130）

[root@www named]# service named restart

停止 named：.[确定]

启动 named：[确定]

[root@wwwnamed]# tail /var/log/messages

Nov 18 01:31:19 www named[9652]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loaded serial 0

Nov 18 01:31:19 www named[9652]: zonefield.com/IN: loaded serial 2017111701

Nov 18 01:31:19 www named[9652]: zonelocalhost.localdomain/IN: loaded serial 0

Nov 18 01:31:19 www named[9652]: zonelocalhost/IN: loaded serial 0

Nov 18 01:31:19 www named[9652]:managed-keys-zone ./IN: loaded serial 2

Nov 18 01:31:19 www named[9652]: running

Nov 18 01:31:19 www named[9652]: zonefield.com/IN: sending notifies (serial 2017111701)

Nov 18 01:35:51 wwwnamed[9652]: client 192.168.88.131#42502: received notify for zone'88.168.192.in-addr.arpa': not authoritative

Nov 18 01:35:52 wwwnamed[9652]: client 192.168.88.131#13228: received notify for zone 'field.com'

Nov 18 01:35:52 wwwnamed[9652]: zone field.com/IN: notify from 192.168.88.131#13228: zone is up todate

[root@www named]# cd /var/named/slaves/

[root@www slaves]# ls

field.com.zone

[root@www slaves]# cat field.com.zone

$ORIGIN .

$TTL 86400 ; 1 day

field.com IN SOA ns1.field.com. admin.field.com.field.com. (

2017111701 ;serial

3600 ; refresh (1 hour)

300 ; retry (5 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.field.com.

NS ns2.field.com.

A 192.168.88.131

MX 10 mx1.field.com.

MX 20 mx2.field.com.

$ORIGIN field.com.

* A 192.168.88.131

ftp CNAME www

mx1 A 192.168.88.131

mx2 A 192.168.88.130

ns1 A 192.168.88.131

ns2 A 192.168.88.131

www A 192.168.88.131

(2)、定义反解区域解析库文件：

[root@wwwnamed]# vim 192.168.88.zone

$TTL86400

$ORIGIN88.168.192.in-addr.arpa.

@ IN SOA ns1.field.com.admin.field.com. (

2017111702

//序列号必须手动加1

1D )

IN NS ns1.field.com.

IN NS ns2.field.com.

131 IN PTR ns1.field.com.

130 IN PTR ns2.field.com.

//从服务器NS记录

131 IN PTR www.field.com.

131 IN PTR mx1.field.com.

130 IN PTR mx2.field.com.

133 IN PTR imap.field.com.

[root@wwwnamed]# named-checkzone "88.168.192.in-addr.arpa" 192.168.88.zone

zone 88.168.192.in-addr.arpa/IN: loadedserial 2017111702

//查看定义的区域解析库文件语法是否有错

[root@www named]# rndc reload

server reload successful

[root@www named]# tail /var/log/messages

[root@www named]#

从服务器上查看是否同步完成：（192.168.88.130）

[root@www slaves]# rndc reload

server reload successful

[root@wwwslaves]# tail /var/log/messages

Nov 18 01:57:45 www named[9932]: usingdefault UDP/IPv6 port range: [1024, 65535]

Nov 18 01:57:45 www named[9932]: sizingzone task pool based on 8 zones

Nov 18 01:57:45 www named[9932]: Warning:'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones

Nov 18 01:57:45 www named[9932]: reloadingconfiguration succeeded

Nov 18 01:57:45 www named[9932]: reloadingzones succeeded

Nov 18 01:57:45 www named[9932]: zone88.168.192.in-addr.arpa/IN: Transfer started.

Nov 18 01:57:45 www named[9932]: transferof '88.168.192.in-addr.arpa/IN' from 192.168.88.131#53: connected using192.168.88.130#54269

Nov 18 01:57:45 wwwnamed[9932]: zone 88.168.192.in-addr.arpa/IN: transferred serial 2017111701

Nov 18 01:57:45 wwwnamed[9932]: transfer of '88.168.192.in-addr.arpa/IN' from 192.168.88.131#53:Transfer completed: 1 messages, 8 records, 240 bytes, 0.001 secs (240000bytes/sec)

Nov 18 01:57:45 wwwnamed[9932]: zone 88.168.192.in-addr.arpa/IN: sending notifies (serial2017111701)

[root@www slaves]# ls

192.168.88.zone field.com.zone

[root@www slaves]# cat 192.168.88.zone

$ORIGIN .

$TTL 86400 ; 1 day

88.168.192.in-addr.arpaIN SOA ns1.field.com. admin.field.com. (

2017111701 ;serial

3600 ; refresh (1 hour)

300 ; retry (5 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.field.com.

NS ns2.field.com.

$ORIGIN88.168.192.in-addr.arpa.

130 PTR mx2.field.com.

131 PTR ns1.field.com.

PTR www.field.com.

PTR mx1.field.com.

[root@www slaves]# cat field.com.zone

$ORIGIN .

$TTL 86400 ; 1 day

field.com IN SOA ns1.field.com. admin.field.com.field.com. (

2017111701 ;serial

3600 ; refresh (1 hour)

300 ; retry (5 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.field.com.

NS ns2.field.com.

A 192.168.88.131

MX 10 mx1.field.com.

MX 20 mx2.field.com.

$ORIGIN field.com.

* A 192.168.88.131

ftp CNAME www

mx1 A 192.168.88.131

mx2 A 192.168.88.130

ns1 A 192.168.88.131

ns2 A 192.168.88.131

www A 192.168.88.131

附录：完整案例：

从服务器配置(192.168.88.130)：

[root@www named]# vim /etc/named.conf

options {

listen-on port 53 { 192.168.88.130; 127.0.0.1; };

// listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

// dnssec-enable yes;

// dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

// managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file"data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

include"/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@www slaves]# vim /etc/named.rfc1912.zones

};

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "1.0.0.127.in-addr.arpa" IN{

type master;

file "named.loopback";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

zone"field.com" IN {

type slave;

masters { 192.168.88.131; };

file "slaves/field.com.zone";

};

zone"88.168.192.in-addr.arpa" IN {

type slave;

masters { 192.168.88.131; };

file "slaves/192.168.88.zone";

[root@wwwslaves]# named-checkconf

[root@wwwslaves]# rndc reload

server reload successful

[root@test ~]# service iptables stop

主服务器配置（192.168.88.131）：

[root@www ~]# cd /var/named

[root@www named]# vim 192.168.88.zone

$TTL86400

$ORIGIN88.168.192.in-addr.arpa.

@ IN SOA ns1.field.com.admin.field.com. (

2017111705

1D )

IN NS ns1.field.com.

IN NS ns2.field.com.

131 IN PTR ns1.field.com.

130 IN PTR ns2.field.com.

129 IN PTR web2.field.com.

131 IN PTR web1.field.com.

131 IN PTR www.field.com.

130 IN PTR test.field.com.

131 IN PTR mx1.field.com.

130 IN PTR mx2.field.com.

133 IN PTR imap.field.com.

[root@wwwnamed]# vim field.com.zone

$TTL86400

$ORIGINfield.com.

@ IN SOA ns1.field.com.admin.field.com (

2017111706

1D )

IN NS ns1

IN NS ns2

IN MX 10 mx1

IN MX 20 mx2

ns1 IN A 192.168.88.131

ns2 IN A 192.168.88.130

mx1 IN A 192.168.88.131

mx2 IN A 192.168.88.130

web2 IN A 192.168.88.129

test IN A 192.168.88.130

web1 IN A 192.168.88.131

imap IN A 192.168.88.133

www IN A 192.168.88.131

pop3 IN CNAME mx1

ftp IN CNAME www

field.com. IN A 192.168.88.131

"field.com.zone" 24L, 525C 已写入

[root@wwwnamed]# named-checkzone "field.com" /var/named/field.com.zone

zone field.com/IN: loaded serial 2017111706

[root@wwwnamed]# named-checkzone "88.168.192.in-addr.arpa" 192.168.88.zone

zone 88.168.192.in-addr.arpa/IN: loadedserial 2017111705

[root@wwwnamed]# service named reload

重新载入named: [确定]

[root@wwwnamed]# tail /var/log/messages

Nov 20 11:17:03 www named[3242]: reloadingconfiguration succeeded

Nov 20 11:17:03 www named[3242]: reloadingzones succeeded

Nov 20 11:17:03 www named[3242]: zone88.168.192.in-addr.arpa/IN: loaded serial 2017111705

Nov 20 11:17:03 www named[3242]: zone88.168.192.in-addr.arpa/IN: sending notifies (serial 2017111705)

Nov 20 11:17:03 www named[3242]: zonefield.com/IN: loaded serial 2017111706

Nov 20 11:17:03 www named[3242]: zonefield.com/IN: sending notifies (serial 2017111706)

Nov 20 11:17:03 wwwnamed[3242]: client 192.168.88.130#53331: transfer of'88.168.192.in-addr.arpa/IN': AXFR-style IXFR started

Nov 20 11:17:03 wwwnamed[3242]: client 192.168.88.130#53331: transfer of'88.168.192.in-addr.arpa/IN': AXFR-style IXFR ended

Nov 20 11:17:03 wwwnamed[3242]: client 192.168.88.130#33030: transfer of 'field.com/IN':AXFR-style IXFR started

Nov 20 11:17:03 wwwnamed[3242]: client 192.168.88.130#33030: transfer of 'field.com/IN':AXFR-style IXFR ended

[root@www named]#

[root@www named]# clear

从服务查看是否同步完成（可能会有所延迟，必要时可结合ntp）：

[root@test ~]# cd /var/named/slaves/

[root@test slaves]# ls

192.168.88.zone field.com.zone

[root@testslaves]# tail /var/log/messages

Nov 18 12:11:20 test named[3732]: zonefield.com/IN: transferred serial 2017111703

Nov 18 12:11:20 test named[3732]: transferof 'field.com/IN' from 192.168.88.131#53: Transfer completed: 1 messages, 16records, 367 bytes, 0.043 secs (8534 bytes/sec)

Nov 18 12:11:20 test named[3732]: zonefield.com/IN: sending notifies (serial 2017111703)

Nov 18 12:26:00 test named[3732]: client192.168.88.131#13038: received notify for zone '88.168.192.in-addr.arpa'

Nov 18 12:26:00 test named[3732]: master192.168.88.131#53 (source 0.0.0.0#0) deleted from unreachable cache

Nov 18 12:26:00 test named[3732]: zone88.168.192.in-addr.arpa/IN: Transfer started.

Nov 18 12:26:00 test named[3732]: transferof '88.168.192.in-addr.arpa/IN' from 192.168.88.131#53: connected using192.168.88.130#41751

Nov 18 12:26:00 test named[3732]: zone88.168.192.in-addr.arpa/IN: transferred serial 2017111703

Nov 18 12:26:00 test named[3732]: transferof '88.168.192.in-addr.arpa/IN' from 192.168.88.131#53: Transfer completed: 1messages, 11 records, 296 bytes, 0.160 secs (1850 bytes/sec)

Nov 18 12:26:00 test named[3732]: zone88.168.192.in-addr.arpa/IN: sending notifies (serial 2017111703)

[root@test slaves]# cat 192.168.88.zone

$ORIGIN .

$TTL 86400 ; 1 day

88.168.192.in-addr.arpaIN SOA ns1.field.com. admin.field.com. (

2017111703 ;serial

3600 ; refresh (1 hour)

300 ; retry (5 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.field.com.

NS ns2.field.com.

$ORIGIN88.168.192.in-addr.arpa.

130 PTR ns2.field.com.

PTR test.field.com.

PTR mx2.field.com.

131 PTR ns1.field.com.

PTR www.field.com.

PTR mx1.field.com.

133 PTR imap.field.com.

[root@test slaves]# cat field.com.zone

$ORIGIN .

$TTL 86400 ; 1 day

field.com IN SOA ns1.field.com. admin.field.com.field.com. (

2017111703 ; serial

3600 ; refresh (1 hour)

300 ; retry (5 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

NS ns1.field.com.

NS ns2.field.com.

A 192.168.88.131

MX 10 mx1.field.com.

MX 20 mx2.field.com.

$ORIGIN field.com.

* A 192.168.88.131

ftp CNAME www

mx1 A 192.168.88.131

mx2 A 192.168.88.130

ns1 A 192.168.88.131

ns2 A 192.168.88.130

pop3 CNAME mx1

test A 192.168.88.130

www A 192.168.88.131

[root@test slaves]#

测试dns服务器可行性：

（1）、Linux上解析百度谷歌

[root@wwwnamed]# dig -t www.baidu.com

;; Warning, ignoring invalid typewww.baidu.com

; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t www.baidu.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 20255

;; flags: qr rd ra; QUERY: 1, ANSWER: 13,AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;. IN NS

;; ANSWER SECTION:

. 5 IN NS b.root-servers.net.

. 5 IN NS f.root-servers.net.

. 5 IN NS d.root-servers.net.

. 5 IN NS a.root-servers.net.

. 5 IN NS m.root-servers.net.

. 5 IN NS k.root-servers.net.

. 5 IN NS c.root-servers.net.

. 5 IN NS g.root-servers.net.

. 5 IN NS e.root-servers.net.

. 5 IN NS i.root-servers.net.

. 5 IN NS l.root-servers.net.

. 5 IN NS j.root-servers.net.

. 5 IN NS h.root-servers.net.

;; Query time: 14 msec

;; SERVER: 192.168.88.2#53(192.168.88.2)

;; WHEN: Sat Nov 18 14:05:57 2017

;; MSG SIZE rcvd: 228

[root@wwwnamed]# dig -x 8.8.8.8

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4<<>> -x 8.8.8.8

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 46771

;; flags: qr rd ra; QUERY: 1, ANSWER: 1,AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;8.8.8.8.in-addr.arpa. IN PTR

;; ANSWER SECTION:

8.8.8.8.in-addr.arpa. 5 IN PTR google-public-dns-a.google.com.

;; Query time: 10 msec

;; SERVER: 192.168.88.2#53(192.168.88.2)

;; WHEN: Sat Nov 18 17:21:57 2017

;; MSG SIZE rcvd: 82

（2）、从服务器作为客户机DNS服务器提供DNS解析功能：

访问新浪主页，测试是否可以解析：

注：本次所有测试均在虚拟机上执行且验证确实可行，如有纰漏，欢迎指正。

----------------------FieldYang/佐击-----------------------

阅读全文

0 0