bind杂记（2）

最新推荐文章于 2020-07-22 11:23:29 发布

weixin_34253539

最新推荐文章于 2020-07-22 11:23:29 发布

阅读量210

点赞数

文章标签：运维开发工具网络

原文链接：http://blog.51cto.com/zhongle21/2091440

版权

反向bind配置

host

host解析

[root@qq named]# host -t A www.magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases: 

www.magedu.com has address 10.201.106.129
www.magedu.com has address 10.201.106.110

host查询NS和MX记录

[root@qq named]# host -t NS magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases: 

magedu.com name server ns2.magedu.com.
magedu.com name server ns1.magedu.com.

[root@qq named]# host -t MX magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases: 

magedu.com mail is handled by 20 mx2.magedu.com.
magedu.com mail is handled by 10 mx1.magedu.com.

nslookup

查询A记录

[root@qq named]# nslookup
> server 10.201.106.129           #指明提供解析的服务器
Default server: 10.201.106.129
Address: 10.201.106.129#53
> set q=A                         #设置要查询的记录类型
> www.magedu.com                  #输入要查询的域名
Server:     10.201.106.129
Address:    10.201.106.129#53

Name:   www.magedu.com
Address: 10.201.106.110
Name:   www.magedu.com
Address: 10.201.106.129

其它资源测试

set q=NS
magedu.com
Server: 10.201.106.129
Address: 10.201.106.129#53

magedu.com nameserver = ns1.magedu.com.
magedu.com nameserver = ns2.magedu.com.

配置反向区域

1 创建反向区域文件

[root@qq named]# vim /etc/named.rfc1912.zones
zone "106.201.10.in-addr.arpa" IN {
        type master;
        file "10.201.106.zone";
};

[root@qq named]# cat 10.201.106.zone 
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@   IN  SOA ns1.magedu.com. admin.magedu.com. (
            2015042201
            1H
            5M
            7D
            1D )
    IN  NS  ns1.magedu.com.
    IN  NS  ns2.magedu.com.
129 IN  PTR ns1.magedu.com.
129 IN  PTR www.magedu.com.
130 IN  PTR ns2.magedu.com.
130 IN  PTR www.magedu.com.
131 IN  PTR mx1.magedu.com.
132 IN  PTR mx2.magedu.com.

2 更改权限和检查语法正确性

[root@qq named]# chmod 640 10.201.106.zone 
[root@qq named]# ll 10.201.106.zone 
-rw-r----- 1 root root 337 Aug  3 04:14 10.201.106.zone
[root@qq named]# 
[root@qq named]# chown :named 10.201.106.zone 
[root@qq named]# 
[root@qq named]# ll 10.201.106.zone 
-rw-r----- 1 root named 337 Aug  3 04:14 10.201.106.zone
[root@qq named]# 
[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" 10.201.106.zone 
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042201
OK

[root@qq named]# named-checkconf 
[root@qq named]#

3 重新加载服务

[root@qq named]# service named reload
Reloading named:                                           [  OK  ]

查看状态
[root@qq named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@qq named]#

4 解析测试

[root@qq named]# host -t PTR 10.201.106.129 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases: 

129.106.201.10.in-addr.arpa domain name pointer www.magedu.com.
129.106.201.10.in-addr.arpa domain name pointer ns1.magedu.com.
[root@qq named]# 
[root@qq named]# 
[root@qq named]# dig -x 10.201.106.129 @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.129 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;129.106.201.10.in-addr.arpa.   IN  PTR

;; ANSWER SECTION:
129.106.201.10.in-addr.arpa. 86400 IN   PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.

;; AUTHORITY SECTION:
106.201.10.in-addr.arpa. 86400  IN  NS  ns1.magedu.com.
106.201.10.in-addr.arpa. 86400  IN  NS  ns2.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.     86400   IN  A   10.201.106.129
ns2.magedu.com.     86400   IN  A   10.201.106.130

;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug  3 05:06:55 2016
;; MSG SIZE  rcvd: 155

[root@qq named]# dig -x 10.201.106.130 @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.130 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25115
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;130.106.201.10.in-addr.arpa.   IN  PTR

;; ANSWER SECTION:
130.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN   PTR ns2.magedu.com.

全量区域传送

[root@qq named]# dig -t axfr magedu.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com.     86400   IN  SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com.     86400   IN  NS  ns1.magedu.com.
magedu.com.     86400   IN  NS  ns2.magedu.com.
magedu.com.     86400   IN  MX  10 mx1.magedu.com.
magedu.com.     86400   IN  MX  20 mx2.magedu.com.
ftp.magedu.com.     86400   IN  CNAME   www.magedu.com.
mx1.magedu.com.     86400   IN  A   10.201.106.131
mx2.magedu.com.     86400   IN  A   10.201.106.132
ns1.magedu.com.     86400   IN  A   10.201.106.129
ns2.magedu.com.     86400   IN  A   10.201.106.130
www.magedu.com.     86400   IN  A   10.201.106.129
www.magedu.com.     86400   IN  A   10.201.106.130
magedu.com.     86400   IN  SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 4 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug  3 05:13:47 2016
;; XFR size: 13 records (messages 1, bytes 311)

[root@qq named]# 

传送反向区域
[root@qq named]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400  IN  SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400  IN  NS  ns1.magedu.com.
106.201.10.in-addr.arpa. 86400  IN  NS  ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN   PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN   PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN   PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN   PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400  IN  SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug  3 05:21:30 2016
;; XFR size: 10 records (messages 1, bytes 277)

解析没有的记录，否定答案，后面设置泛域名（通用）域名解析

[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;pop3.magedu.com.       IN  A

;; AUTHORITY SECTION:
magedu.com.     86400   IN  SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400

增加一条全部解析记录
[root@qq named]# vi magedu.com.zone 
*   IN      A   10.201.106.129
magedu.com. IN     A    10.201.106.129   #只解析域名，只想这个IP；

重新加载
[root@qq named]# rndc reload
server reload successful

再次解析不存在的主机
[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;pop3.magedu.com.       IN  A

;; ANSWER SECTION:
pop3.magedu.com.    86400   IN  A   10.201.106.129

;; AUTHORITY SECTION:
magedu.com.     86400   IN  NS  ns1.magedu.com.
magedu.com.     86400   IN  NS  ns2.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.     86400   IN  A   10.201.106.129
ns2.magedu.com.     86400   IN  A   10.201.106.130

主从复制

1 开启从服务器，检验是否能从主服务器区域传送过来资源

[root@ns2 ~]# dig -t axfr magedu.com @10.201.106.129

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com.     86400   IN  SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com.     86400   IN  A   10.201.106.129
magedu.com.     86400   IN  NS  ns1.magedu.com.
magedu.com.     86400   IN  NS  ns2.magedu.com.
magedu.com.     86400   IN  MX  10 mx1.magedu.com.
magedu.com.     86400   IN  MX  20 mx2.magedu.com.
*.magedu.com.       86400   IN  A   10.201.106.129
ftp.magedu.com.     86400   IN  CNAME   www.magedu.com.
mx1.magedu.com.     86400   IN  A   10.201.106.131
mx2.magedu.com.     86400   IN  A   10.201.106.132
ns1.magedu.com.     86400   IN  A   10.201.106.129
ns2.magedu.com.     86400   IN  A   10.201.106.130
www.magedu.com.     86400   IN  A   10.201.106.129
www.magedu.com.     86400   IN  A   10.201.106.130
magedu.com.     86400   IN  SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 2 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:35:57 CST 2016
;; XFR size: 15 records (messages 1, bytes 345)

[root@ns2 ~]# 
[root@ns2 ~]# 
[root@ns2 ~]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400  IN  SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400  IN  NS  ns1.magedu.com.
106.201.10.in-addr.arpa. 86400  IN  NS  ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN   PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN   PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN   PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN   PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN   PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400  IN  SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 3 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:36:02 CST 2016
;; XFR size: 10 records (messages 1, bytes 277)

[root@ns2 ~]#

配置从服务器，只需要定义区域就行了

配置正向从服务器

1 首先从服务器安装bind

[root@ns2 yum.repos.d]# yum install bind -y

2 编辑缓存名称服务器的配置文件

options {
        listen-on port 53 { 10.201.106.130;127.0.0.1; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /* 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

//      dnssec-enable yes;
//      dnssec-validation yes;

        /* Path to ISC DLV key */
//      bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

//      pid-file "/run/named/named.pid";
//      session-keyfile "/run/named/session.key";
};

3 检查服务是否开启

[root@ns2 yum.repos.d]# systemctl restart named
[root@ns2 yum.repos.d]# 
[root@ns2 yum.repos.d]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-08-11 17:52:40 CST; 6s ago
  Process: 23475 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 23495 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 23490 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 23500 (named)
   CGroup: /system.slice/named.service
           └─23500 /usr/sbin/named -u named

Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: sync...
Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: unab...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 0.in-addr.arpa/IN:...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.127.in-addr....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost.localdom...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.0.0.0.0.0.0....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost/IN: load...
Aug 11 17:52:40 ns2.magedu.com named[23500]: all zones loaded
Aug 11 17:52:40 ns2.magedu.com systemd[1]: Started Berkeley Internet...
Aug 11 17:52:40 ns2.magedu.com named[23500]: running
Hint: Some lines were ellipsized, use -l to show in full.
[root@ns2 yum.repos.d]# 
[root@ns2 yum.repos.d]# ss -tnl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      10     10.201.106.130:53                  *:*                  
LISTEN      0      10     127.0.0.1:53                  *:*                  
LISTEN      0      5      192.168.122.1:53 

[root@ns2 yum.repos.d]# ss -unl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
UNCONN      0      0       *:5353                *:*                  
UNCONN      0      0      10.201.106.130:53                  *:*                  
UNCONN      0      0      127.0.0.1:53                  *:*                  
UNCONN      0      0      192.168.122.1:53                  *:*

4 选择从服务器同步过来的记录存放位置

[root@ns2 ~]# ps aux | grep named
named    23500  0.0  3.3 162736 16624 ?        Ssl  17:52   0:00 /usr/sbin/named -u named
root     24379  0.1  1.0 153632  5256 pts/1    S+   18:37   0:00 vim /etc/named.rfc1912.zones
root     24489  0.0  0.1 112644   960 pts/2    S+   18:39   0:00 grep --color=auto named
[root@ns2 ~]# 
[root@ns2 ~]# ll -d /var/named/
drwxr-x---. 5 root named 4096 Aug 11 17:46 /var/named/
[root@ns2 ~]# 
[root@ns2 ~]# ll  /var/named/
total 16
drwxrwx---. 2 named named   47 Aug 11 18:36 data
drwxrwx---. 2 named named    6 Nov 20  2015 dynamic
-rw-r-----. 1 root  named 2076 Jan 28  2013 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Nov 20  2015 slaves  #该目录专用于从服务器
[root@ns2 ~]#

5 在bind的 /etc/named.rfc1912.zones配置正向区域

[root@ns2 named]# vim /etc/named.rfc1912.zones
zone "madedu.com" IN {
type slave;
masters { 10.201.106.129； };
file "slaves/magedu.com.zone";
};

6 重载服务，同步主服务器的资源

[root@ns2 named]# rndc reload
server reload successful

[root@zz named]# tail /var/log/messages
Jul 29 13:10:48 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:10:48 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:10:48 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:10:48 zz named[2524]: reloading configuration succeeded
Jul 29 13:10:48 zz named[2524]: reloading zones succeeded
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: connected using 10.201.106.128#42070
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: transferred serial 2015042201
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 15 records, 345 bytes, 0.008 secs (43125 bytes/sec)     #15条记录
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: sending notifies (serial 2015042201)

测试主服务器修改，从服务器是否能同步

主服务器
[root@qq named]# vim /var/named/magedu.com.zone 
[root@qq named]# 
[root@qq named]# 
[root@qq named]# vim /var/named/magedu.com.zone 

$TTL 86400
$ORIGIN magedu.com.
@    IN     SOA     ns1.magedu.com. admin.magedu.com (
                    2015042203      #序列号加1

pop3 IN    CNAME    mx1             #新增一条记录

[root@qq named]# named-checkzone "magedu.com." /var/named/magedu.com.zone 
zone magedu.com/IN: loaded serial 2015042202
OK
[root@qq named]# 

主服务器更改完记录区域记录后，重加加载
[root@qq named]# rndc reload
server reload successful
[root@qq named]# 
[root@qq named]# tail /var/lo
local/      lock/       log/        lost+found/ 
[root@qq named]# tail /var/log/messages
Aug  3 09:46:04 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 09:46:04 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 09:46:04 qq named[19186]: sizing zone task pool based on 8 zones
Aug  3 09:46:04 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug  3 09:46:04 qq named[19186]: reloading configuration succeeded
Aug  3 09:46:04 qq named[19186]: reloading zones succeeded
Aug  3 09:46:04 qq named[19186]: zone magedu.com/IN: loaded serial 2015042203
Aug  3 09:46:04 qq named[19186]: zone magedu.com/IN: sending notifies (serial 2015042203)
Aug  3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR started      #IXFR：增量备份
Aug  3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR ended

从服务器
从服务器也已经同步数据过来
[root@zz slaves]# tail /var/log/messages
Jul 29 13:30:40 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:30:40 zz named[2524]: Warning: 'empty-zones-enable/disable-em
Jul 29 13:30:40 zz named[2524]: reloading configuration succeeded
Jul 29 13:30:40 zz named[2524]: reloading zones succeeded
Jul 29 13:34:26 zz named[2524]: client 10.201.106.129#16525: received n
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: transferred serial 
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201s (8704 bytes/sec)
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: sending notifies (s
[root@zz slaves]# 

[root@zz named]# 
[root@zz named]# cat slaves/magedu.comzone 
$ORIGIN .
$TTL 86400  ; 1 day
magedu.com      IN SOA  ns1.magedu.com. admin.magedu.com.magedu.com. (
                2015042203 ; serial
                3600       ; refresh (1 hour)
                300        ; retry (5 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS  ns1.magedu.com.
            NS  ns2.magedu.com.
            A   10.201.106.129
            MX  10 mx1.magedu.com.
            MX  20 mx2.magedu.com.
$ORIGIN magedu.com.
*           A   10.201.106.129
ftp         CNAME   www
mx1         A   10.201.106.131
mx2         A   10.201.106.132
ns1         A   10.201.106.129
ns2         A   10.201.106.128
pop3            CNAME   mx1
pop4            CNAME   ns1
www         A   10.201.106.129
            A   10.201.106.128

定义反向从服务器

1 查看主服务器的反向区域记录是否有从服务器的NS记录和PTR记录

[root@qq named]# vim 10.201.106.zone 

$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@       IN      SOA     ns1.magedu.com. admin.magedu.com. (
                        2015042201
                        1H
                        5M
                        7D
                        1D )
        IN      NS      ns1.magedu.com.
        IN      NS      ns2.magedu.com.
129     IN      PTR     ns1.magedu.com.
129     IN      PTR     www.magedu.com.
128     IN      PTR     ns2.magedu.com.

2 也是只需定义named.rfc1912.zones区域文件，只需要做区域定义

vim /etc/named.rfc1912.zones
 49 zone "106.201.10.in-addr.arpa" IN {
 50         type slave;
 51         masters { 10.201.106.129; };
 52         file "slaves/10.201.106.zone";
 53 };

3 检查语法，重载服务，查看日志

[root@zz named]# named-checkconf 
[root@zz named]# 
[root@zz named]# 
[root@zz named]# rndc reload
server reload successful

[root@zz named]# 
[root@zz named]# tail /var/log/messages
Jul 29 13:58:32 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:58:32 zz named[2524]: sizing zone task pool based on 8 zones
Jul 29 13:58:32 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:58:32 zz named[2524]: reloading configuration succeeded
Jul 29 13:58:32 zz named[2524]: reloading zones succeeded
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#47866
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042201
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 10 records, 277 bytes, 0.010 secs (27700 bytes/sec)
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042201)
[root@zz named]# vim /etc/named.rfc1912.zones 

root@zz named]# vim /etc/named.rfc1912.zones 
[root@zz named]# 
[root@zz named]# ll slaves/
total 8
-rw-r--r--. 1 named named 488 Jul 29 13:58 10.201.106.zone
-rw-r--r--. 1 named named 600 Jul 29 13:34 magedu.comzone
[root@zz named]#

4 主服务器主动修改，查看从服务器是否同步

主服务器
[root@qq named]# vim 10.201.106.zone 

$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@       IN      SOA     ns1.magedu.com. admin.magedu.com. (
                        2015042202      #序列号加1
10     IN      PTR     lamp.magedu.com. #增加一条记录

[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" /var/named/10.201.106.zone 
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
OK

[root@qq named]# rndc reload
[root@qq named]# 
[root@qq named]# tail /var/log/messages
Aug  3 10:23:56 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 10:23:56 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 10:23:56 qq named[19186]: sizing zone task pool based on 8 zones
Aug  3 10:23:56 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug  3 10:23:56 qq named[19186]: reloading configuration succeeded
Aug  3 10:23:56 qq named[19186]: reloading zones succeeded
Aug  3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
Aug  3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)
Aug  3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug  3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
[root@qq named]# 

反向从服务器
Jul 29 14:07:59 zz named[2524]: managed-keys-zone ./IN: Unable to fetch DNSKEY set '.': SERVFAIL
Jul 29 14:12:18 zz named[2524]: client 10.201.106.129#65218: received notify for zone '106.201.10.in-addr.arpa'
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#51457
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042202
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 11 records, 300 bytes, 0.012 secs (25000 bytes/sec)
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)

[root@zz named]# cat slaves/10.201.106.zone 
$ORIGIN .
$TTL 86400  ; 1 day
106.201.10.in-addr.arpa IN SOA  ns1.magedu.com. admin.magedu.com. (
                2015042202 ; serial
                3600       ; refresh (1 hour)
                300        ; retry (5 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS  ns1.magedu.com.
            NS  ns2.magedu.com.
$ORIGIN 106.201.10.in-addr.arpa.
110         PTR lamp.magedu.com.
……

rndc

rndc开始查询日志功能

[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON             #
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

测试：
[root@www ~]# dig -t A magedu.com @10.201.106.129

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;magedu.com.            IN  A

;; ANSWER SECTION:
magedu.com.     86400   IN  A   10.201.106.129

;; AUTHORITY SECTION:
magedu.com.     86400   IN  NS  ns1.magedu.com.
magedu.com.     86400   IN  NS  ns2.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.     86400   IN  A   10.201.106.129
ns2.magedu.com.     86400   IN  A   10.201.106.128

;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug  3 10:45:47 2016
;; MSG SIZE  rcvd: 112

[root@www ~]# 
[root@www ~]# 
[root@www ~]# tail /var/lo
local/      lock/       log/        lost+found/ 
[root@www ~]# tail /var/log/messages
Aug  3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug  3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
Aug  3 10:44:44 qq named[19186]: received control channel command 'querylog'
Aug  3 10:44:44 qq named[19186]: query logging is now on
Aug  3 10:45:14 qq named[19186]: received control channel command 'querylog'
Aug  3 10:45:14 qq named[19186]: query logging is now off
Aug  3 10:45:32 qq named[19186]: received control channel command 'querylog'
Aug  3 10:45:32 qq named[19186]: query logging is now on
Aug  3 10:45:46 qq named[19186]: client 10.201.106.128#56887: query: magedu.com IN SOA -E (10.201.106.129)          #本机自己的查询有记录到
Aug  3 10:45:47 qq named[19186]: client 10.201.106.129#41396: query: magedu.com IN A + (10.201.106.129)
[root@www ~]#       #可以从别的主机指向该服务器查询，然后查询日志

开启关闭debug日志

[root@www ~]# rndc trace 5          开启debug日志，并设置成5级
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 5
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www ~]# 
[root@www ~]# 
[root@www ~]# 
[root@www ~]# rndc tracer 0         关闭debug日志
rndc: 'tracer' failed: unknown command
[root@www ~]# rndc trace 0
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

转载于:https://blog.51cto.com/zhongle21/2091440

weixin_34253539

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
bind杂记（2）

反向bind配置hosthost解析[root@qq named]# host -t A www.magedu.com 10.201.106.129Using domain server:Name: 10.201.106.129Address: 10.201.106.129#53Aliases: www.magedu.com has address 10.201.106.129...
复制链接

扫一扫