DNS:192.168.43.180
client:192.168.43.132
yum install bind* -y
主要哦是三个文件
[root@centos3 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
#listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@centos3 named]# vim /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "nginxtest.com" IN {
type master;
file "nginxtest.com.zone";
};
[root@centos3 named]# vim /var/named/nginxtest.com.zone
$TTL 1D
@ IN SOA dns.nginxtest.com root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.nginxtest.com.
dns A 192.168.43.180
www A 192.168.43.132
client:192.168.43.132
[root@centos1 conf]# vim /etc/resolv.conf
nameserver 192.168.43.180#添加DNS
补充:
DNS的安装
yum install bind ##服务端安装
DNS服务的启动和关闭
/etc/init.d/named start ##开启DNS服务
chkconfig named on ##开启自启
/etc/init.d/named stop ##关闭DNS服务
DNS服务主要配置文件
/etc/named.conf ##主配置文件
/etc/named.rfc1912.zones ##域名设置文件
/var/named/ ##目录包含名称服务器所使用的其他数据文件
DNS主配置文件/etc/named.conf 参数
listen-on ##控制 named 侦听的 IPv4 地址
listen-on-v6 ##控制 named 侦听的 IPv6 地址
allow-query ##控制哪些客户端可以向 DNS 服务器询问信息
DNS资源记录类型
A 地址 此记录列出特定主机名的 IPv4地址。这是名称解析的重要记录。
AAAA : 名称至 IPv6 地址
CNAME 标准名称 此记录指定标准主机名的别名。
PTR : IPv4/IPv6 地址至名称
MX:邮件交换器,此记录列出了负责接收发到域中的电子邮件的主机。
NS:名称服务器,此记录指定负责给定区域的名称服务器。
dig结果显示中status参数
NOERROR : 查询成功
NXDOMAIN : DNS 服务器提示不存在这样的名称
SERVFAIL : DNS 服务器停机或 DNSSEC 响应验证失败
REFUSED : DNS 服务器拒绝回答 ( 也许是出于访问控制原因 )
DNS搭建
vim /etc/named.conf
vim /etc/named.rfc1912.zones
cp -p /var/named/named.localhost /var/named/example.com.zone
##新建的文件属性必须与named.localhost相同
vim /var/named/example.com.zone
客户端测试
DNS反向解析
vim /etc/named.rfc1912.zones
cp -p /var/named/named.loopback /var/named/example.com.ptr
vim /var/named/example.com.ptr
客户端测试
DNS双向解析
vim /etc/named.conf
cp -p named.rfc1912.zones named.rfc1913.zones
vim named.rfc1913.zones
cp -p /var/named/example.com.zone /var/named/example.com.zone.inter
vim /var/named/example.com.zone.inter
cp -p /var/named/example.com.ptr /var/named/example.com.ptr.inter
vim /var/named/example.com.ptr.inter
/etc/init.d/named restart
客户端测试
本机测试
DNS集群
master服务器
vim /etc/named.rfc1913.zones
slave服务器
vim /etc/named.rfc1912.zones
修改完配置文件之后重启服务即在/var/named/slaves会从master里更新文件,文件中serial参数一般写日期以及修改的次数例如2016041501
DNS解析故障
把一个域名解析成一个错误的IP地址,或者根本不知道某个域名对应的IP地址是什么时,就无法通过域名访问相应的站点了,这就是DNS解析故障。出现DNS解析故障最大的症状就是访问站点对应的IP地址没有问题,然而访问他的域名就会出现错误。
(1)一致性仲裁,节点将自身的DNS记录发送给工作组内其他节点请求一致性检查,如果发现不一致,根据少数服从多数、一票否决等决定是否修改IP
(2) 如果是app,那么就可以进行域名绑定。
出处:https://blog.csdn.net/southi/article/details/51674033