配置DNS主从服务器,能够实现正常的正反向解析

目录

准备工作:

配置主服务器

配置从服务器

修改资源文件尝试进行主从同步

准备工作:

关闭防火墙及selinux:

[root@master ~]# systemctl stop firewalld
[root@master ~]# setenforce 0

安装软件包(主从服务器都需要):

[root@slave ~]# yum install bind -y

该软件包服务名称为named。

配置主服务器

服务文件:

        options {
        listen-on port 53 { 127.0.0.1; };//监听对象IPV4地址
        listen-on-v6 port 53 { ::1; };//IPV6地址
        directory       "/var/named";//数据文件主要路径
        dump-file       "/var/named/data/cache_dump.db";//查询数据备份文件
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { localhost; };//允许哪些主机发起域名查询

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;//是否开启递归查询

        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};//域

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置服务文件并添加域(openlab.com):

options {
        listen-on port 53 { 192.168.91.129; };//监听对象IPV4地址
        listen-on-v6 port 53 { ::1; };//IPV6地址
        directory       "/var/named";//数据文件主要路径
        dump-file       "/var/named/data/cache_dump.db";//查询数据备份文件
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { any; };//允许哪些主机发起域名查询
        allow-transfer  { 192.168.91.133; };//默认不存在;允许向那个服务器同步资源信息

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */

        recursion yes;//是否开启递归查询

        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "openlab.com" IN {
        type master;
        file "openlab";
};//添加正向域

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "openlab_re";
};//添加反向域

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

反向域的ip是一个区段,不写主机位且反着写。

创建并添加正向资源记录文件:

[root@master ~]# vim /var/named/openlab

$TTL    1D      ;;将TTL值统一设置为1天
@       IN      SOA     openlab.com.    admin.admin.com ( 2024011600
                                                                1M
                                                                1M
                                                                3M
                                                                1D )

        IN      NS      dns.openlab.com.
dns     IN      A       192.168.91.129
www     IN      A       192.168.91.111

SOA资源记录类型和NA的域名要加上根域。

每行从左到右依次是:主机名 TTL(统一后就可以省略) INTER 资源记录类型 数据。

资源记录类型

A:通过域名能够查询到对应ipv4

AAAA:通过域名能够查询到对应ipv6

CNAME:别名资源记录

PTR:指针记录Ipv4/ipv6 查询到一个域名

NS:dns解析记录类型(标记本地dns服务器的主机名)

MX:邮件解析记录类型(标记邮件服务器的主机名)

SOA:起始授权记录(主从服同步),特殊的是它有7个数据:

masterdns TTL INTER 资源记录类型 数据 邮箱地址 (版本 检查时间 重试时间 失效时间 ttl)

创建并添加反向资源记录文件:

[root@master ~]# vim /var/named/openlab_re

$TTL    1D      ;;将TTL值统一设置为1天
@       IN      SOA     openlab.com.    admin.admin.com ( 2024011600
                                                                1M
                                                                1M
                                                                3M
                                                                1D )

        IN      NS      dns.openlab.com.
129     IN      PTR     dns.openlab.com
111     IN      PTR     www.openlab.com

重启服务后进行测试:

[root@master ~]# systemctl restart named
[root@master ~]# nslookup
> server 192.168.91.129
Default server: 192.168.91.129
Address: 192.168.91.129#53
> dns.openlab.com    
Server:		192.168.91.129
Address:	192.168.91.129#53

Name:	dns.openlab.com
Address: 192.168.91.129
> www.openlab.com
Server:		192.168.91.129
Address:	192.168.91.129#53

Name:	www.openlab.com
Address: 192.168.91.111
> 192.168.91.129
129.91.168.192.in-addr.arpa	name = dns.openlab.com.91.168.192.in-addr.arpa.
> 192.168.91.111
111.91.168.192.in-addr.arpa	name = www.openlab.com.91.168.192.in-addr.arpa.

nslookup:可以指定dns服务器进行域名解析。

配置从服务器

配置服务文件并添加域(openlab.com):

options {
        listen-on port 53 { 192.168.91.133; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "openlab.com" IN {
        type slave;
        file "named.openlab";
        masters { 192.168.91.129; };
};

zone "91.168.192.in-addr.arpa" IN {
        type slave;
        file "named.openlab_re";
        masters { 192.168.91.129; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

不用添加资源文件,将会从主服务器同步过来:

[root@slave ~]# ll /var/named
total 36
drwxrwx---. 2 named named 4096 Jan 16 21:13 data
drwxrwx---. 2 named named 4096 Jan 16 21:14 dynamic
-rw-r-----. 1 root  named 2253 Sep 22 02:33 named.ca
-rw-r-----. 1 root  named  152 Sep 22 02:33 named.empty
-rw-r-----. 1 root  named  152 Sep 22 02:33 named.localhost
-rw-r-----. 1 root  named  168 Sep 22 02:33 named.loopback
-rw-r--r--. 1 named named  259 Jan 16 21:13 named.openlab    //正向
-rw-r--r--. 1 named named  393 Jan 16 21:13 named.openlab_re    //反向
drwxrwx---. 2 named named 4096 Sep 22 02:33 slaves

重启服务后进行测试:

[root@slave ~]# systemctl restart named
[root@slave ~]# nslookup
> server 192.168.91.133
Default server: 192.168.91.133
Address: 192.168.91.133#53
> dns.openlab.com
Server:		192.168.91.133
Address:	192.168.91.133#53

Name:	dns.openlab.com
Address: 192.168.91.129
> www.openlab.com
Server:		192.168.91.133
Address:	192.168.91.133#53

Name:	www.openlab.com
Address: 192.168.91.111
> 192.168.91.129
129.91.168.192.in-addr.arpa	name = dns.openlab.com.91.168.192.in-addr.arpa.
> 192.168.91.111
111.91.168.192.in-addr.arpa	name = www.openlab.com.91.168.192.in-addr.arpa.

修改资源文件尝试进行主从同步

在主服务器中添加正向解析并修改版本号为(2024011601):

ftp     IN      A       192.168.91.222

在主服务器中添加反向解析并修改版本号为(2024011601):

222     IN      PTR     ftp.openlab.com

主服务器测试:

[root@master ~]# systemctl restart named
[root@master ~]# nslookup
> server 192.168.91.129
Default server: 192.168.91.129
Address: 192.168.91.129#53
> ftp.openlab.com
Server:		192.168.91.129
Address:	192.168.91.129#53

Name:	ftp.openlab.com
Address: 192.168.91.222
> 192.168.91.222
222.91.168.192.in-addr.arpa	name = ftp.openlab.com.91.168.192.in-addr.arpa.

因为检查时间设置为1分钟,所以我们等待1分钟后在从服务器中尝试:

[root@slave ~]# nslookup
> server 192.168.91.133 
Default server: 192.168.91.133
Address: 192.168.91.133#53
> 192.168.91.222
222.91.168.192.in-addr.arpa	name = ftp.openlab.com.91.168.192.in-addr.arpa.
> ftp.openlab.com
Server:		192.168.91.133
Address:	192.168.91.133#53

Name:	ftp.openlab.com
Address: 192.168.91.222

同步成功!

相关推荐
wowocpp5 分钟前
ubuntu 22.04 硬件配置 查看 显卡
linux·运维·ubuntu
山河君18 分钟前
ubuntu使用DeepSpeech进行语音识别(包含交叉编译)
linux·ubuntu·语音识别
鹏大师运维22 分钟前
【功能介绍】信创终端系统上各WPS版本的授权差异
linux·wps·授权·麒麟·国产操作系统·1024程序员节·统信uos
筱源源24 分钟前
Elasticsearch-linux环境部署
linux·elasticsearch
萨格拉斯救世主27 分钟前
jenkins使用slave节点进行node打包报错问题处理
运维·jenkins
川石课堂软件测试38 分钟前
性能测试|docker容器下搭建JMeter+Grafana+Influxdb监控可视化平台
运维·javascript·深度学习·jmeter·docker·容器·grafana
龙哥说跨境1 小时前
如何利用指纹浏览器爬虫绕过Cloudflare的防护?
服务器·网络·python·网络爬虫
pk_xz1234562 小时前
Shell 脚本中变量和字符串的入门介绍
linux·运维·服务器
小珑也要变强2 小时前
Linux之sed命令详解
linux·运维·服务器
海绵波波1072 小时前
Webserver(4.3)TCP通信实现
服务器·网络·tcp/ip