修改主配置文件:
vim /etc/named.conf
options {
listen-on port 53 { localhost; }; :本机所有IP都可使用DNS
allow-query { any; }; :为所有IP提供DNS转发
allow-transfer { 192.168.27.135; }; :仅允许定义的IP从本机拉取区域文件,拒绝其他服务器
}
修改/etc/named.rfc1912.zones
vim /etc/named.rfc1912.zones
zone "cheng.com" IN {
type master;
file "shen.com.zone";
allow-update { none; };
};
创建/var/named/shen.com.zone
vim /var/named/shen.com.zone
$TTL 86400
@ IN SOA dns1 admin.shen.com. (
0
10H
1H
2D
3H )
IN NS dns1.shen.com.
dns1 IN A 192.168.27.136
www IN CNAME webser
webser IN A 192.168.27.135
@ IN A 192.168.27.135
* IN A 192.168.27.135
shen.com. IN MX 10 mail
mail IN A 192.168.27.135
修改属性:
chgrp named shen.com.zone
chmod o-r shen.com.zone
重启服务:建议使用rndc
rndc reload
systemctl restart named
检查:
named-checkconf /etc/named.rfc1912.zones
named-checkzone shen.com /var/named/cheng.com.zone
测试:将另一台主机的DNS地址设为上面定义的本机IP,然后ping www.baidu.com,查看是否能解析,能解析就说明配置没问题,通不通是网络的事,DNS只负责解析
接着使用dig命令测试
dig www.shen.com
dig -t NS shen.com
dig -t MX shen.com
2. 创建反向解析主DNS服务
修改主配置文件:
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
allow-transfer { 192.168.27.136; };
编辑区域文件/etc/named.rfc1912.zones
zone "27.168.192.in-addr.arpa" IN { #注意反向
type master;
file "192.168.27.zone";
allow-update { none; };
};
创建/var/named/192.168.27.zone
$TTL 86400
@ IN SOA dnsser admin.shen.com. ( 0 10H 30M 1D 3H )
IN NS dnsser
dnsser IN A 192.168.27.135
5 IN PTR dnsser.shen.com.
5 IN PTR www.shen.com.
10 IN PTR study.shen.com.
修改属性:
chgrp named 192.168.27.zone
chmod o-r 192.168.27.zone
重启服务:建议使用rndc
rndc reload
systemctl restart named
检查:
named-checkconf /etc/named.rfc1912.zones :检查配置文件语法,格式
named-checkzone 27.168.192.in-addr.arpa /var/named/192.168.27.zone
3. 创建从DNS服务器
修改主配置文件:
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
allow-transfer { none; };
}
编辑/etc/named.rfc1912.zones
zone "shen.com" IN {
type slave;
masters { 192.168.27.135; };
file "slaves/shen.com.zone";
};
接着在主DNS服务器27.135中数据文件内添加从服务器的NS记录和对应的A记录
@ IN NS dns2
dns2 IN A 192.168.27.137
要在客户端网卡配置文件中添加DNS记录
cat ifcfg-eth0
IPADDR=192.168.27.137
PREFIX=24
GATEWAY=192.168.27.1
DNS1=192.168.40.135
DNS2=192.168.40.137 :添加从服务器地址
测试:将主DNS服务器的网卡全部断开,使用dig命令测试是否会切换到从服务器
UDP53端口是用来提供查询数据的,UDP端口必须开放
TCP53端口是用来从服务器拉取主服务器区域文件的,主从复制
4. 子域创建
在主NDS服务器主域文件中添加NS记录。主域IP=192.168.27.135
vim /var/named/shen.com.zone
beijing IN NS dns3.shen.com. :前面的beijingi就是beijing.shen.com.的子域名称
dns3 IN A 192.168.27.138 :定义哪台主机是子域,写上子域主机的IP
重启服务:
rndc reload
systemctl restart named
在子域DNS服务器上
修改主配置文件:
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
};
编辑/etc/named.rfc1912.zones
zone "beijing.shen.com" IN {
type master;
file "beijing,shen.com.zone";
};
编辑数据库文件
vim beijing.shen.com.zone
$TTL 86400
@ IN SOA dns1 admin ( 0 1D 2H 2D 3H )
IN NS dns1
dns1 IN A 192.168.27.136
www IN A 192.168.27.137
在其他服务器上做测试
dig www.shanxi.cheng.com @192.168.27.135
5. 建立转发服务器
规划:27.135服务器shen.com主服务器也为转发服务器
27.136服务器wang.com主服务器为被转发服务器
27.137位客户端,通过shen.com访问wang.com
编辑27.135配置文件:
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
forward only;
forwarders { 192.168.27.137;};
dnssec-enable no;
dnssec-validation no;
};
区域数据库文件
$TTL 86400
@ IN SOA dns1 admin.shen.com. (
8
10H
1H
2D
3H )
IN NS dns1.shen.com.
dns1 IN A 192.168.27.135
编辑27.136配置文件
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
allow-query { any; };
};
vim /etc/named.rfc1912
zone "wang.com" {
type master;
file "wang.com.zone";
};
区域数据文件:
$TTL 86400
@ IN SOA dns1 admin ( 0 1D 1H 2D 3H )
IN NS dns1
dns1 IN A 192.168.27.136
www IN A 192.168.27.136
在27.137上测试,要确保27.136上的/etc/resolve文件中没有23.136的地址,要不没什么意义
dig www.wang.com :返回信息是27.136的地址就对了