Linux DNS主从配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux DNS主从配置相关的知识,希望对你有一定的参考价值。

Linux主从DNS配置

系统环境:CentOS 6.5

主DNS服务器:dns1.test.com 172.16.1.20

辅DNS服务器:dns2.test.com 172.16.1.30

 

主DNS配置:yum –y installbind bind-utils bind-libs bind-chroot(可选)

/etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BINDnamed(8) DNS

// server as a caching only nameserver (as a localhost DNSresolver only).

//

// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.

//

 

options {

       listen-on port 53 { any; };

       listen-on-v6 port 53 { ::1; };

       directory       "/var/named";

       dump-file      "/var/named/data/cache_dump.db";

       statistics-file"/var/named/data/named_stats.txt";

       memstatistics-file"/var/named/data/named_mem_stats.txt";

       allow-query     { any; };

       recursion yes;

//      dnssec-enable yes;

//      dnssec-validationyes;

//      dnssec-lookasideauto;

        bindkeys-file"/etc/named.iscdlv.key";

       managed-keys-directory "/var/named/dynamic";

};

 

logging {

        channeldefault_debug {

                file"data/named.run";

                severitydynamic;

        };

};

 

        file"named.ca";

};

 

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

/etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// andhttp://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.

//

 

zone "localhost.localdomain" IN {

        type master;

        file"named.localhost";

        allow-update {none; };

};

 

zone "localhost" IN {

        type master;

        file"named.localhost";

        allow-update {none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

        type master;

        file"named.loopback";

        allow-update {none; };

};

 

zone "1.0.0.127.in-addr.arpa" IN {

        type master;

        file"named.loopback";

        allow-update {none; };

};

 

zone "0.in-addr.arpa" IN {

        type master;

        file"named.empty";

        allow-update {none; };

};

 

zone "test.com" IN {

        type master;

        file "test.com.zone";

        notify yes;

        also-notify {172.16.1.30; };

        allow-transfer {172.16.1.30; };

        allow-update { none; };

};

zone "1.16.172.in-addr.arpa" IN {

        type master;

        file "1.16.172.zone";

notifyyes;

        also-notify {172.16.1.30; };

        allow-transfer {172.16.1.30; };

        allow-update { none; };

};

 

/var/named/test.com.zone

$TTL 1D

@       IN SOA  @ rname.invalid. (

                                        5       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                       3H )    ; minimum

        NS      @

        A       172.16.1.20

        A       172.16.1.30

dns1    A       172.16.1.20

dns2    A       172.16.1.30

www     A       172.16.1.40

 

/var/named/1.16.172.zone

$TTL 1D

@       IN SOA  @ rname.invalid. (

                                        5       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                       3H )    ; minimum

        NS      test.com.

20      PTR     test.com.

30      PTR     test.com.

20      PTR     dns1.test.com.

30      PTR     dns2.test.com.

40      PTR     www.test.com.

 

/etc/resolv.conf

; generated by /sbin/dhclient-script

nameserver 172.16.1.20

nameserver 172.16.1.30

 

service named restart

 

 

辅DNS配置:yum –y installbind bind-utils bind-libs bind-chroot(可选)

/etc/named.conf

//

// named.conf

//

// Provided by Red Hat bindpackage to configure the ISC BIND named(8) DNS

// server as a caching onlynameserver (as a localhost DNS resolver only).

//

// See/usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

#       listen-on port 53 { 127.0.0.1; };

#       listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file      "/var/named/data/cache_dump.db";

        statistics-file"/var/named/data/named_stats.txt";

        memstatistics-file"/var/named/data/named_mem_stats.txt";

#       allow-query     { localhost; };

        recursion yes;

 

//      dnssec-enable yes;

//      dnssec-validation yes;

//      dnssec-lookaside auto;

 

        /* Path to ISC DLV key */

        bindkeys-file"/etc/named.iscdlv.key";

 

        managed-keys-directory"/var/named/dynamic";

};

 

logging {

        channel default_debug {

                file"data/named.run";

                severity dynamic;

        };

};

 

zone "." IN {

        type hint;

        file "named.ca";

};

 

include"/etc/named.rfc1912.zones";

include"/etc/named.root.key";

 

/etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.

//

 

zone "localhost.localdomain" IN {

        type master;

        file"named.localhost";

        allow-update { none; };

};

 

zone "localhost" IN {

        type master;

        file"named.localhost";

        allow-update {none; };

};

 

zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {

        type master;

        file"named.loopback";

        allow-update {none; };

};

 

zone "1.0.0.127.in-addr.arpa" IN {

        type master;

        file"named.loopback";

        allow-update {none; };

};

zone "0.in-addr.arpa" IN {

        type master;

        file "named.empty";

        allow-update {none; };

};

zone "test.com" IN {

        type slave;

        file"slaves/slave.test.com.zone";

        masters {172.16.1.20; };

};

 

zone "1.16.172.in-addr.arpa" IN {

        type slave;

        file "slaves/slave.1.16.172.zone";

        masters {172.16.1.20; };

};

 

/etc/resolv.conf

; generated by /sbin/dhclient-script

nameserver 172.16.1.20

nameserver 172.16.1.30

 

service named restart

 

 

注意:

  1. 1.   bind-chroot这个包主要功能是将DNS服务器在chroot模式下运行,在这种模式下运行的话,它会将所有和DNS相关的文件都锁定到/var/named/chroot目录下,就是说bind的访问范围仅仅定位于这个目录中,无法进一步提升到系统中的其它目录,这样可以提高系统的安全性。这样听起来很美,但是配置起来会出现许多的问题,建议不要使用。如果你使用了的话,所有配置修改需要到/var/named/chroot下,例如配置文件在/var/named/chroot/etc/named.conf。

  2. 2.   确认一下/var/named/test.com.zone文件权限,所属组是named。

  3. 3.   放行防火墙规则,或者关闭防火墙。

  4. 4.   修改主DNS服务器上test.com.zone和1.16.172.zone区域文件时,增加主机记录,需修改serial值,修改完成后,使用service named reload重新加载配置文件,这样才能同步到辅DNS服务器。


以上是关于Linux DNS主从配置的主要内容,如果未能解决你的问题,请参考以下文章

Linux——DNS(正向解析+反向解析+多域配置+主从配置)

Linux的DNS配置2-主从服务器

配置DNS主从实验

linux的DNS反向解析,DNS缓存服务器,DNS主从域名服务的设置,DNS的分离解析

Linux网络——DNS反向解析主从服务器与分离解析

Linux 7.5 DNS 主从安装配置 正向反向解析