一、实验环境
1、两台克隆机sever与client
server ip:192.168.75.130
client ip:192.168.75.129
2、server与client都安装了bind软件,且版本为:bind-9.8.2-0.47.rc1.el6_8.4.x86_64
3、本次实验,所以我会创建一个正向区域:fzq.com.,一个反向区域:75.168.192.in-addr.arpa
二、实验步骤
对于server:
1、修改配置文件
[root@creep ~]# cd /etc
[root@creep etc]# mv named.conf named.conf.bak //备份原始的配置文件
[root@creep etc]# cp -a named.conf.bak named.conf
[root@creep etc]# vim named.conf
options {
directory "/var/named";
notify yes; //若数据版本更新,就会将信息推送给从服务器
};
zone "." IN {
type hint;
file "named.ca";
};
zone "fzq.com." IN {
type master;
file "named.fzq";
allow-transfer {192.168.75.129;}; //只允许与从服务器进行区域传送
};
zone "75.168.192.in-addr.arpa." IN {
type master;
file "named.qzf";
allow-transfer {192.168.75.129;};
};
~
[root@creep etc]# named-checkconf //检查配置文件的语法
2、创建相应的区域文件
[root@creep ~]# cd /var/named
[root@creep named]# cp -a named.localhost named.fzq
[root@creep named]# vim named.fzq //创建正向区域文件
$TTL 1D
fzq.com. IN SOA ns1.fzq.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
fzq.com. NS ns1.fzq.com.
fzq.com. NS ns2.fzq.com. //从服务器的定义
ns1.fzq.com. A 192.168.75.130
ns2.fzq.com. A 192.168.75.129
fzq.com. MX 7 mail.fzq.com.
mail A 192.168.75.1
www A 192.168.75.2
[root@creep named]# named-checkzone fzq.com. named.fzq //检查区域文件语法
zone fzq.com/IN: loaded serial 0
OK
[root@creep named]# cp -a named.loopback named.qzf
[root@creep named]# vim named.qzf //创建反向区域文件
$TTL 1D
75.168.192.in-addr.arpa. IN SOA ns1.fzq.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
75.168.192.in-addr.arpa. NS ns1.fzq.com.
75.168.192.in-addr.arpa. NS ns2.fzq.com.
130.75.168.192.in-addr.arpa. PTR ns1.fzq.com.
129.75.168.192.in-addr.arpa. PTR ns2.fzq.com.
1.75.168.192.in-addr.arpa. PTR mail.fzq.com.
2.75.168.192.in-addr.arpa. PTR www.fzq.com.
[root@creep named]# named-checkzone 75.168.192.in-addr.arpa. named.qzf //检查区域文件语法
zone 75.168.192.in-addr.arpa/IN: loaded serial 0
OK
3、安全设置
[root@creep ~]# setenforce 0 //关闭SElinux
[root@creep ~]# getenforce
Permissive
[root@creep ~]# service iptables stop //关闭防火墙
iptables:清除防火墙规则: [确定]
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:正在卸载模块: [确定]
在client端
1、修改配置文件
[root@creep ~]# cd /etc
[root@creep etc]# mv named.conf named.conf.bak
[root@creep etc]# cp -a named.conf.bak named.conf
[root@creep etc]# vim named.conf
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "fzq.com." IN {
type slave;
file "slaves/named.fzq";
masters {192.168.75.130;}; //主服务器地址
allow-transfer {none;}; //不允许与其他主机进行数据区域传送
};
zone "75.168.192.in-addr.arpa." IN {
type slave;
file "slaves/named.qzf";
masters {192.168.75.130;};
allow-transfer {none;};
};
[root@creep etc]# named-checkconf
2、安全设置
[root@creep ~]# setenforce 0 //关闭SElinux
[root@creep ~]# getenforce
Permissive
[root@creep ~]# service iptables stop //关闭防火墙
iptables:清除防火墙规则: [确定]
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:正在卸载模块: [确定]
三、测试
1、分别启动dns服务
在server端
[root@creep ~]# service named start
Generating /etc/rndc.key: [确定]
启动 named: [确定]
在client端
[root@creep ~]# service named start
Generating /etc/rndc.key: [确定]
启动 named: [确定]
2、查看日志信息
在server端
[root@creep ~]# tail /var/log/messages
Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: managed-keys-zone ./IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: running
Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0)
Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: sending notifies (serial 0)
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR started
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR ended
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR started
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR ended
在client端
[root@creep ~]# tail /var/log/messages
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: Transfer started.
Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: connected using 192.168.75.129#41314
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: transferred serial 0
Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 8 records, 246 bytes, 0.008 secs (30750 bytes/sec)
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0)
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: Transfer started.
Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#51418
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: transferred serial 0
Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 9 records, 235 bytes, 0.002 secs (117500 bytes/sec)
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0)
[root@creep ~]# cd /var/named/slaves/
[root@creep slaves]# ls
named.fzq named.qzf //说明数据区域传送成功
[root@creep slaves]# cat named.fzq
$ORIGIN .
$TTL 86400 ; 1 day
fzq.com IN SOA ns1.fzq.com. rname.invalid. (
0 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns1.fzq.com.
NS ns2.fzq.com.
MX 7 mail.fzq.com.
$ORIGIN fzq.com.
mail A 192.168.75.1
ns1 A 192.168.75.130
ns2 A 192.168.75.129
www A 192.168.75.2
3、更新数据版本
在server端
[root@creep named]# vim named.fzq
$TTL 1D
fzq.com. IN SOA ns1.fzq.com. rname.invalid. (
1 ; serial //注意:一旦数据发生改变,就要修改版本号
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
fzq.com. NS ns1.fzq.com.
fzq.com. NS ns2.fzq.com.
ns1.fzq.com. A 192.168.75.130
ns2.fzq.com. A 192.168.75.129
fzq.com. MX 7 mail.fzq.com.
mail A 192.168.75.1
www A 192.168.75.2
ftp A 192.168.75.3 //新增添的记录
[root@creep named]# named-checkzone fzq.com. named.fzq
zone fzq.com/IN: loaded serial 0
OK
[root@creep named]# service named reload //重启服务
重新载入named:
[root@creep ~]# tail /var/log/messages //查看日志信息
Jan 21 02:51:47 creep named[2318]: reloading configuration succeeded
Jan 21 02:51:47 creep named[2318]: reloading zones succeeded
Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: loaded serial 1
Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: sending notifies (serial 1)
Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR started
Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR ended
在client端
[root@creep ~]# tail /var/log/messages //查看日志文件
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0)
Jan 21 02:42:52 creep named[2264]: client 192.168.75.130#60464: received notify for zone 'fzq.com'
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: Transfer started.
Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#50188
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: transferred serial 1
Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 10 records, 255 bytes, 0.005 secs (51000 bytes/sec)
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: sending notifies (serial 1)
[root@creep ~]# cat /var/named/slaves/named.fzq
$ORIGIN .
$TTL 86400 ; 1 day
fzq.com IN SOA ns1.fzq.com. rname.invalid. (
1 ; serial
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS ns1.fzq.com.
NS ns2.fzq.com.
MX 7 mail.fzq.com.
$ORIGIN fzq.com.
ftp A 192.168.75.3 //说明增量区域传送成功
mail A 192.168.75.1
ns1 A 192.168.75.130
ns2 A 192.168.75.129
www A 192.168.75.2
总结:在学习中,多动手,多总结,有助于理解内容,人的记忆是有限的,多做笔记。