DNS的主从:
从dns服务:
从----主(搭建好)
client 192168.2.40
主dns 192.168.2.50 主搭建好的
从dns 192.168.2.70
www.aaa.com 192.168.2.60
从dns服
[root@localhost ~]# yum -y install bind
主:
从---主:
主---允许从能复制:
修改区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "aaa.com" IN {
type master;
file "aaa.com.zone";
allow-transfer { 192.168.2.70; }; #允许从复制正向解析的数据文件
allow-update { none; }; #不让其自动更新
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "192.168.2.arpa";
allow-transfer { 192.168.2.70; };
allow-update { none; };
};
[root@localhost ~]# systemctl restart named
从:
[root@localhost ~]# vim /etc/named.conf
13 listen-on port 53 { any; };
19 allow-query { any; };
58 #include "/etc/named.root.key";
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "aaa.com" IN {
type slave; #类型
file "slaves/aaa.com.zone"; #数据文件存放的目录 因为从同步主的数据文件会放在/var/named/slaves这个目录当中 主从当中 主编写数据文件 从不用编写数据文件
masters { 192.168.2.50; }; #主的类型
};
zone "2.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.2.arpa";
masters { 192.168.2.50; };
};
[root@localhost named]# systemctl restart named
[root@localhost named]# cd /var/named/
[root@localhost named]# cd slaves/
[root@localhost slaves]# ls
192.168.2.arpa aaa.com.zone
[root@localhost slaves]# firewall-cmd --add-port=53/tcp --permanent
success
[root@localhost slaves]# firewall-cmd --add-port=53/udp --permanent
success
[root@localhost slaves]# firewall-cmd --reload
success
验证:
client
[root@localhost ~]# vim /etc/resolv.conf
nameserver 192.168.2.70 #从dns的ip
[root@localhost ~]# nslookup www.aaa.com
Server: 192.168.2.70
Address: 192.168.2.70#53
Name: www.aaa.com
Address: 192.168.2.60
[root@localhost ~]# nslookup 192.168.2.60
Server: 192.168.2.70
Address: 192.168.2.70#53
缓存dns
必须要缓存在实际环境中存在的dns
114.114.114.114 dns
虚拟机联网 nameserver 114.114.114.114
client 不需要联网 192.168.2.40 基础环境
缓存dns 联网 192.168.2.50 基础环境
缓存dns
[root@localhost ~]# yum -y install bind
联网
[root@localhost ~]# vim /etc/named.conf
13 listen-on port 53 { any; };
19 allow-query { any; };
20 forwarders { 114.114.114.114; }; #指定缓存的dns
34 dnssec-enable no; #不需要进行检测
59 #include "/etc/named.root.key";
[root@localhost ~]# systemctl restart named
[root@localhost ~]# firewall-cmd --add-port=53/tcp --permanent
success
[root@localhost ~]# firewall-cmd --add-port=53/udp --permanent
success
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# ping www.baidu.com
client
[root@localhost ~]# vim /etc/resolv.conf
nameserver 192.168.2.50 #缓存dns的地址
[root@localhost ~]# nslookup www.baidu.com
Server: 192.168.2.50
Address: 192.168.2.50#53
Non-authoritative answer:
Name: www.baidu.com
Address: 39.156.66.14
Name: www.baidu.com
Address: 39.156.66.18