回顾
|----|----------|--------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------|
| 编号 | 主机名 | IP地址 | 说明 | 修改 |
| 1 | web服务器 | 192.168.1.11 | 发布部署web服务 | 发布了一个nginx web服务 |
| 2 | DNS服务器 | 192.168.1.22 | 用于解析域名和IP地址 | 1、安装bind 2、配置一个conf,zones,zone 3、检查了3个文件 4、启动 |
| 3 | client主机 | 192.168.1.33 | 用于模拟客户机 | 修改dns的访问主机 临时修改echo "nameserver 192.168.1.22"永久修改:vim /etc/sysconfig/network-scripts/ifcfg-ens160将原来的DNS修改为我们现在自己配置的dns服务器主机的IP地址 |域名解析:
正向解析:将域名解析为ip
反向解析:将ip解析为域名
设置解析方式都是在zone文件中设置的
named.conf 解决权限
named.rfc1912.zone 解决解析方式
关闭动态IPsystemctl stop NetworkManager
systemctl disable NetworkManager
一、逆向解析
yum -y install bind-utils.x86_64
yum search nslookup
nslookup www.hamugua.com #域名返回ip
配置反向解析
DNS服务器:
vim /etc/named.rfc1912.zones
:set number
:30,36 co 49
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
allow-update { none; };
};cd /var/named
cp -p named.loopback 192.168.1.zone
ls
named.loopbackvim 192.168.1.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
11 PTR www.hamigua.comsystemctl restart named #重启服务
named-checkconf /etc/named.rfc1912.zones
named-checkzone 192.168.1.zone 192.168.1.zone
client客户端:
每次重启后dns数据都会被/etc/sysconfig/network-scripts/ifcfg-ens33中的dns1和dns2所覆盖
[root@client ~]# echo "nameserver 192.168.1.22" > /etc/resolv.conf
[root@client ~]# cat /etc/resolv.conf
nameserver 192.168.1.22[root@client ~]# nslookup 192.168.1.11
11.1.168.192.in-addr.arpa name = www.hamigua.com.1.168.192.in-addr.arpa.[root@client ~]# nslookup www.hamigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53Name: www.hamigua.com
Address: 192.168.1.11
二、多域名解析
DNS-server配置:
vim /etc/named.rfc1912.zones #最后一行加
zone "apples.com" IN {
type master;
file "apples.com.zone";
allow-update { none; };
};
zone "xigua.com" IN {
type master;
file "xigua.com.zone";
allow-update { none; };
};named-checkconf /etc/named.rfc1912.zones
cd /var/named
cp -p named.localhost xigua.com.zone
cp -p named.localhost apples.com.zone
vim apples.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 192.168.1.11vim xigua.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 192.168.1.11systemctl restart named
client主机测试:
echo "nameserver 192.168.1.22" > /etc/resolv.conf
nslookup www.apples.com
Server: 192.168.1.22
Address: 192.168.1.22#53Name: www.apples.com
Address: 192.168.1.11nslookup www.xigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53Name: www.xigua.com
Address: 192.168.1.11
三、NTP时间服务器搭建
client主机:
yum search ntpdate
systemctl restart network #重启网络服务,确保dns为114.114.114.114或者8.8.8.8
yum -y install ntpdate.x86_64
ntpdate cn.ntp.org.cn
date
新建一台主机------NTP-server:
要求集群服务器主机的时间同步
只放一台主机做内网
yum -y install ntp
vim /etc/ntp.conf
15 restrict 192.168.1.0 msak 255.255.255.0
ntpdate cn.ntp.org.cn
24 Jul 15:06:18 ntpdate[1231]: adjust time server 14.29.218.92 offset 0.131286 sec
systemctl start ntpd #启动ntpd服务
which ntpdate
/usr/sbin/ntpdate
crontab -e
* 4 * * * /usr/sbin/ntpdate cn.ntp.org.cn
client客户端测试:
ntpdate 192.168.1.44 #同步时间
date -s "2007-7-30 12:34:56" #修改时间
四、DNS主从配置
1、DNS主从架构服务的要求
(1)master 和 slave 的系统时间保持一致
(2)slave 服务器上安装相应的软件(系统版本,软件版本)保持一致
(3)根据需求修改相应的配置文件 master 和 slave 都应修改
(4)主从同步的核心是 slave 同步 master 上的区域文件
2、DNS主从服务器配置
|------|------------|--------------|
| 主服务器 | DNS-server | 192.168.1.22 |
| 从服务器 | slave | 192.168.1.55 |
slave从服务器配置:
yum -y install ntpdate
ntpdate 192.168.1.44 #和NTP服务器同步时间
(DNS-server(主服务器)进行一样的操作)
安装bind,因为slave服务器需要在主服务器下线的时候工作
yum -y install bind #安装bind
vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; };
named-checkconf /etc/named.confzones修改
vim /etc/named.rfc1912.zones
:set number
:12,18 co 42
44 zone "hamigua.com" IN {
45 type slave;
46 file "slaves/www.hamigua.com.zone";
47 masters { 192.168.1.22; };
48 };named-checkconf /etc/named.rfc1912.zones
systemctl start named
ls -l /var/named/slaves/
DNS-server主服务器配置:
设置允许从服务器同步文件
vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-transfer {192.168.1.55;}; #添加
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; };named-checkconf /etc/named.conf #检查是否出错
systemctl restart named
client主机测试:
echo "nameserver 192.168.1.55" > /etc/resolv.conf
nslookup www.hamigua.com
Server: 192.168.1.22
Address: 192.168.1.22#53Name: www.hamigua.com
Address: 192.168.1.11