检测文件名是否正确
[root@mail ~]# cd /var/named
[root@mail named]# named-checkconf /etc/named
编辑配置文件
[root@mail named]# vi/etc/named.rfc1912.zones
添加zone “testmail.com” IN {
type slave;
file “slaves/testmail.com.zone”;
masters {192.168.200.99;};
};
zone “200.168.192.in-addr.arpa” IN {
type slave;
file “slaves/39.200.168.192.in-addr.arpa.local”; masters {192.168.200.99;};
};
检查并生效
[root@mail named]# named-checkconf /etc/named.conf
[root@mail named]# systemctl restart named
99节点主服务器进行测试
关闭named
[root@dns named]# systemctl stop named
查看状态
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Jan 28 05:31:10 dns named[3792]: client 192.168.200....
Jan 28 05:32:30 dns systemd[1]: Stopping Berkeley In...
Jan 28 05:32:30 dns named[3792]: received control ch...
Jan 28 05:32:30 dns named[3792]: shutting down: flus...
Jan 28 05:32:30 dns named[3792]: stopping command ch...
Jan 28 05:32:30 dns named[3792]: stopping command ch...
Jan 28 05:32:30 dns named[3792]: no longer listening...
Jan 28 05:32:30 dns named[3792]: no longer listening...
Jan 28 05:32:30 dns named[3792]: no longer listening...
Jan 28 05:32:30 dns systemd[1]: Stopped Berkeley Int...
Hint: Some lines were ellipsized, use -l to show in full.
到39节点从节点
看一下文件
[root@mail named]# ll
total 16
drwxr-x---. 7 root named 56 Jan 24 04:59 chroot
drwxrwx---. 2 named named 22 Jan 24 05:00 data
drwxrwx---. 2 named named 58 Jan 24 06:30 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 70 Jan 24 06:29 slaves
查看slaves有没有内容
[root@mail named]# ll slaves(有两个文件,从主服务器跑来的,因为主已经关闭了named)
total 8
-rw-r--r--. 1 named named 282 Jan 24 06:29 39.200.168.192.in-addr.arpa.local
-rw-r--r--. 1 named named 403 Jan 24 06:29 testmail.com.zone
到主节点测试(加-x 为测试反向解析)
[root@dns named]# dig dns.testmail.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> x dns.testmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;x. IN A
;; AUTHORITY SECTION:
. 36 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2021020301 1800 900 604800 86400
;; Query time: 8 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Thu Jan 28 05:39:48 CST 2021
;; MSG SIZE rcvd: 105
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8557
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.testmail.com. IN A
;; ANSWER SECTION:
dns.testmail.com. 86400 IN A 192.168.200.39
;; AUTHORITY SECTION:
testmail.com. 86400 IN NS dns.testmail.com.
;; Query time: 1 msec
;; SERVER: 192.168.200.39#53(192.168.200.39)
;; WHEN: Thu Jan 28 05:39:49 CST 2021
;; MSG SIZE rcvd: 75
测试192.168.200.39的反向解析
[root@dns named]# dig -x 192.168.200.39
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.200.39
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46419
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.200.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
39.200.168.192.in-addr.arpa. 86400 IN PTR www.testmail.com.
39.200.168.192.in-addr.arpa. 86400 IN PTR mail.testmail.com.
;; AUTHORITY SECTION:
200.168.192.in-addr.arpa. 86400 IN NS dns.testmail.com.
;; ADDITIONAL SECTION:
dns.testmail.com. 86400 IN A 192.168.200.39
;; Query time: 1 msec
;; SERVER: 192.168.200.39#53(192.168.200.39)
(主节点关闭了所以主服务器为从节点)
;; WHEN: Thu Jan 28 05:42:24 CST 2021
;; MSG SIZE rcvd: 139
``
测试反向解析
[root@dns named]# dig -x 192.168.200.39
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.200.39
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30396
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.200.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
39.200.168.192.in-addr.arpa. 86400 IN PTR mail.testmail.com.
39.200.168.192.in-addr.arpa. 86400 IN PTR www.testmail.com.
;; AUTHORITY SECTION:
200.168.192.in-addr.arpa. 86400 IN NS dns.testmail.com.
;; ADDITIONAL SECTION:
dns.testmail.com. 86400 IN A 192.168.200.39
;; Query time: 1 msec
;; SERVER: 192.168.200.39#53(192.168.200.39)
(已经从主服务器切换到从服务器)
;; WHEN: Thu Jan 28 06:05:38 CST 2021
;; MSG SIZE rcvd: 139
去99主节点开启服务并查看状态
[root@dns named]# systemctl start named
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-01-28 05:44:45 CST; 13s ago
Process: 3864 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 3861 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 3866 (named)
CGroup: /system.slice/named.service
└─3866 /usr/sbin/named -u named
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: validating @0x7f52c...
Jan 28 05:44:48 dns named[3866]: validating @0x7f52c...
Jan 28 05:44:48 dns named[3866]: error (no valid KEY...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Jan 28 05:44:48 dns named[3866]: error (network unre...
Hint: Some lines were ellipsized, use -l to show in full.
[root@dns named]#
再次测试反向解析
[root@dns named]# dig -x 192.168.200.39
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -x 192.168.200.39
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22794
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.200.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
39.200.168.192.in-addr.arpa. 86400 IN PTR mail.testmail.com.
39.200.168.192.in-addr.arpa. 86400 IN PTR www.testmail.com.
;; AUTHORITY SECTION:
200.168.192.in-addr.arpa. 86400 IN NS dns.testmail.com.
;; ADDITIONAL SECTION:
dns.testmail.com. 86400 IN A 192.168.200.39
;; Query time: 0 msec
;; SERVER: 192.168.200.99#53(192.168.200.99)
;; WHEN: Thu Jan 28 05:46:29 CST 2021
;; MSG SIZE rcvd: 139