DNS主从服务域名解析之bind
Posted 丶旋律
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了DNS主从服务域名解析之bind相关的知识,希望对你有一定的参考价值。
环境要求:
主服务器:172.31.0.38
从服务器:172.31.0.48
安装软件
[root@centos8 ~]# yum install bind
改配置文件
[root@centos8 ~]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// allow-query { localhost; };
[root@centos8 named]# vim /etc/named.rfc1912.zones
zone "longxuan.vip" {
type slave;
masters {172.31.0.38;};
file "slaves/longxuan.vip.slave";
};
重启服务
[root@centos8 named]# systemctl enable --now named
客户端绑定两个DNS
[root@centos8 ~]#vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=172.31.0.38
DNS2=172.31.0.48
重启网卡
[16:01:25 root@sz-kx-centos8 ~]# nmcli connection reload
[16:02:10 root@sz-kx-centos8 ~]# nmcli connection up eth0
DNS服务器添加slave
[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050100 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
master A 172.31.0.38
slave1 A 172.31.0.48
www CNAME cdn.longxuan.vip.
cdn CNAME vip.longxuan.vip.
vip A 172.31.0.48
注意:DNS从服务器如果没有实时同步,需要改数据的同时还要记得改序列号(版本号)
[root@localhost named]# vim /var/named/longxuan.vip.zone
$TTL 1D
@ IN SOA master admin.longxuan.vip. (
2021050101 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
NS slave1
master A 172.31.0.38
slave1 A 172.31.0.48
www CNAME cdn.longxuan.vip.
cdn CNAME vip.longxuan.vip.
vip A 172.31.0.48
* A 172.31.0.48
@ A 172.31.0.48
重启服务
[root@localhost named]# rndc reload
server reload successful
DNS从服务器执行:
[16:30:05 root@centos8 /var/named/slaves]# ll
total 4
-rw-r--r-- 1 named named 711 May 3 16:32 longxuan.vip.slave
没有改如下配置时一条命令就可以查看所有的DNS对应的ip地址
[16:03:02 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip
为了安全需要按照如下配置:
DNS主配置
[root@localhost named]# vim /etc/named.conf
# 添加一下面一条信息,允许谁可以
allow-transfer {172.31.0.48;};
重启服务
[root@localhost named]# rndc reload
server reload successful
DNS从配置
[root@localhost ~]# vim /etc/named.conf
# 添加一下面一条信息,允许谁可以,none表示没有
allow-transfer {none;};
重启服务
[root@localhost ~]# rndc reload
server reload successful
客户端验证
[16:14:22 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip @172.31.0.38
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> -t axfr longxuan.vip @172.31.0.38
;; global options: +cmd
; Transfer failed.
[16:22:10 root@sz-kx-centos8 ~]# dig -t axfr longxuan.vip @172.31.0.48
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>> -t axfr longxuan.vip @172.31.0.48
;; global options: +cmd
; Transfer failed.
以上是关于DNS主从服务域名解析之bind的主要内容,如果未能解决你的问题,请参考以下文章
DNS(BIND) 服务器主从,实现高效率域名解析(菜鸟训练)