环境说明
主 DNS 服务器:IP 150.138.83.69,负责解析域名并同步数据到从服务器
从 DNS 服务器:IP 192.168.40.100,从主服务器同步解析记录,提供冗余服务
客户端:IP 192.168.40.200,用于测试 DNS 解析
解析需求:
正向解析:www.zuiyou.com → 192.5.5.5,bbs.zuiyou.com → 192.6.6.6
反向解析:192.5.5.5 → www.zuiyou.com,192.6.6.6 → bbs.zuiyou.com一、安装 DNS 服务(主从服务器均执行)
1.安装 bind 主程序和管理工具
bash
yum install -y bind2.启动 named 服务并设置开机自启
bash
systemctl enable --now named二、配置主 DNS 服务器(150.138.83.69)
1.修改主配置文件 /etc/named.conf
bash
vim /etc/named.conf修改以下内容:
options {
listen-on port 53 { any; }; # 监听所有IP的53端口
allow-query { any; }; # 允许所有主机查询2. 添加区域配置(正向 + 反向)
编辑 /etc/named.rfc1912.zones
bash
vim /etc/named.rfc1912.zoneszone "zuiyou.com" IN {
type master;
file "zuiyou.com.zone";
allow-transfer { 192.168.40.100; };
};
zone "5.5.192.in-addr.arpa" IN {
type master;
file "192.5.5.zone";
allow-transfer { 192.168.40.100; };
};
zone "6.6.192.in-addr.arpa" IN {
type master;
file "192.6.6.zone";
allow-transfer { 192.168.40.100; };
};3.正向解析区域(域名 zuiyou.com)
bash
cp -a /var/named/named.localhost /var/named/zuiyou.com.zone
vim /var/named/zuiyou.com.zone$TTL 1D
@ IN SOA zuiyou.com. admin.zuiyou.com. (
0
1D
1H
1W
3H )
IN NS ns.zuiyou.com.
ns IN A 150.138.83.69
www IN A 192.5.5.5
bbs IN A 192.6.6.64.创建反向解析文件
bash
cp -a /var/named/named.localhost /var/named/192.5.5.zone
cp -a /var/named/named.localhost /var/named/192.6.6.zone
bash
vim /var/named/192.5.5.zone $TTL 1D
@ IN SOA zuiyou.com. admin.zuiyou.com. (
0
1D
1H
1W
3H )
NS ns.zuiyou.com.
5 IN PTR www.zuiyou.com.
bash
vim /var/named/192.6.6.zone$TTL 1D
@ IN SOA zuiyou.com. admin.zuiyou.com. (
0
1D
1H
1W
3H )
IN NS ns.zuiyou.com.
6 IN PTR bbs.zuiyou.com.5.检查配置文件语法并重启 named 服务
bash
named-checkconf
named-checkzone "zuiyou.com" /var/named/zuiyou.com.zone
named-checkzone "5.5.192.in-addr.arpa" /var/named/192.5.5.zone
named-checkzone "6.6.192.in-addr.arpa" /var/named/192.6.6.zone
systemctl restart named三、配置从 DNS 服务器(192.168.40.100)
1.修改主配置文件 /etc/named.conf
bash
vim /etc/named.confoptions {
listen-on port 53 { any; };
allow-query { any; };2.编辑 /etc/named.rfc1912.zones,添加与主服务器对应的区域,但类型为 slave:
zone "zuiyou.com" IN {
type slave; # 从服务器
masters { 150.138.83.69; }; # 主服务器IP
file "slaves/zuiyou.com.zone"; # 同步的文件存放路径(自动创建)
};
zone "5.5.192.in-addr.arpa" IN {
type slave;
masters { 150.138.83.69; };
file "slaves/192.5.5.zone";
};
zone "6.6.192.in-addr.arpa" IN {
type slave;
masters { 150.138.83.69; };
file "slaves/192.6.6.zone";
};3. 验证配置并重启服务
bash
named-checkconf
systemctl restart named通过检查是否生文件来判断
bash
ls /var/named/slaves/正确输出:
192.5.5.zone 192.6.6.zone zuiyou.com.zone四、客户端配置及检查结果(设DNS指向服务器)
1.产看网络链接名称
bash
nmcli connection show2.设置 DNS
bash
nmcli connection modify <连接名称> ipv4.dns "150.138.83.69 192.168.40.100"
nmcli connection up <连接名称>验证正向解析
bash
nslookup www.zuiyou.com
nslookup bbs.zuiyou.com验证反向解析
bash
nslookup 192.5.5.5
nslookup 192.6.6.6输出示例:
[root@client ~]# nslookup www.zuiyou.com
Server: 192.168.40.100
Address: 192.168.40.100#53
Name: www.zuiyou.com
Address: 192.5.5.5
[root@client ~]# nslookup 192.5.5.5
5.5.5.192.in-addr.arpa name = www.zuiyou.com.五、遇到的问题
主服务器53端口未开放,只能通过NAT转发内部端口到其它外部端口
产生问题:
1.从服务器无法获取主服务器DNS信息
解决方案:
在named.rfc1912.zones在主服务器IP后加上对应外部端口
masters { 150.138.83.69 port 33669; };
2.客户端DNS配置里主服务器地址无效
无有效解决方案,客户端系统的默认 DNS 配置都只支持 53 端口
修改端口后,普通客户端无法自动适配
必须手动指定端口,实用性较低。从服务器为C类IP地址,访问公网亦经过NAT转发
产生问题:
主服务器配置的allow-transfer192.168.40.100并非访问主服务器的实际IP
解决方案:
1.访问IP信息查询工具网站获取当前设备的公网IP地址
如:https://ip.cn/
后将公网IP地址替换192.168.40.100
2.若运营商可获取公网IP v6可用DDNS将自己的公网IP v6绑定域名
后将域名替换192.168.40.100