准备环境;
安装bind包文件,关闭防火墙,更改Selinux配置文件;
centos7为主DNS, centos6为从和子dns;
#yum install bind
#systemctl disable firewalld
#systemctl stop firewalld
#getenforce
#vim /etc/selinux/config
permissive
#setenforce 0
#systemctl start named
dns安装;
1、创建主dns;
2、创建从dns;
3、创建子dns;
4、安装bind-chroot;
1、主dns;
1、更改配置文件/etc/named.conf;
options {
// listen-on port 53 { localhost; }; --------可以注释掉,注释掉后允许所有或localhost代表本地ip,主dns的ip
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost;any;172.16.253.67; }; --------本地访问的ip地址,所有,指定的ip;注释掉后允许所有ip访问;
allow-transfer { 192.168.226.134; }; ---------指定从服务器的ip,放置数据传输流失,防止除从机以外抓取数据;
/*
*/
recursion yes; ---------------------允许递归查询;
allow-update { any; }; -----------允许远程更新数据库;
dnssec-enable no; ---------创建子域时需要关闭;
dnssec-validation no; ----------创建子域时需要关闭;
2、编辑数据库文件路径;
1、可以再/etc/named.conf配置文件里进行编辑修改;
2、可以在/etc/named.rfc1912.zones配置文件里进行修改,一般在此修改文件;
/etc/named.rfc1912.zones;参照格式,进行添加;
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
# zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
指明数据库,域与数据库文件对应关系;
3、创建数据库文件,拷贝/var/named/目录下的文件,进行修改;
#cp -p /var/named/named.localhost /var/named/magedu.com.zone
#vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA dns1.magedu.com. dnsadmin.magedu.com. (
202 ; serial
10M ; refresh
3M ; retry
1D ; expire
3D ) ; minimum
NS dns1
NS dns2
shanghai NS dns3
dns1 A 192.168.226.133
dns2 A 192.168.226.134 ---------指定从DNS的ip地址;
dns3 A 192.168.226.134 ---------指定子域的ip地址;
websrv A 1.1.1.1
websrv A 3.3.3.3
ftpsrv A 2.2.2.2
www CNAME websrv -------别名
@ MX 10 mailsrv
@ MX 20 mailsrv
mailsrv1 A 6.6.6.6
mailsrv2 A 7.7.7.7
4、重新加载 或 重新启动服务;
#rndc reload
#systemctl restart named
2、从dns;
1、编辑/etc/named.conf文件;
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-transfer { none; }; --------防止传输数据;
2、编辑、/etc/named.rfc1912.zones文件;
编辑添加;
zone "magedu.com" IN {
type slave;
masters { 192.168.226.133; };
file "slaves/magedu.slave";
};
3、自动生成数据库文件,在/var/named/slaves目录下;
[root@centos6 ~]# cd /var/named/slaves
[root@centos6 slaves]# ls
magedu.slave
[root@centos6 slaves]#
4、重新加载 或 重新启动服务;
#rndc reload
#service named restart
3、子dns;
1、编辑、/etc/named.conf文件;
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
2、编辑、/etc/named.rfc1912.zones文件;
/etc/named.rfc1912.zones;参照格式,进行添加;
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
# zone "shanghai.magedu.com" IN {
type master;
file "shanghai.magedu.com.zone";
};
3、创建数据库文件,拷贝/var/named/目录下的文件,进行修改;
#cp -p /var/named/named.localhost /var/named/shanghai.magedu.com.zone
#vim /var/named/shanghai.magedu.com.zone
$TTL 86400 ; 1 day
@ IN SOA dns1 dnsadmin (
202 ; serial
600 ; refresh (10 minutes)
180 ; retry (3 minutes)
86400 ; expire (1 day)
259200 ; minimum (3 days)
)
NS dns1
dns1 A 192.168.226.134
websrv A 1.1.1.1
www CNAME websrv
4、安装bind-chroot包,文件路径加深;
# systemctl start named-chroot;
[root@centos7 named]# pwd
/var/named/chroot/var/named
[root@centos7 named]# ls
chroot data dynamic magedu.com.zone named.ca named.empty named.localhost named.loopback shanghai.magedu.com.zone slaves
[root@centos7 named]#
相关命令;
Iptables -A INPUT -p tcp --dport 53 -j REJECT ------53端口; 禁用tcp
#rpm -q --scripts bind-chroot------查看脚本;生成服务的脚本;
Recursion yes; 递归查询
Rndc flush----清除DNS缓存
查询配置文件语法;
#named-checkconf
#named-checkzone shanghai.magedu.com #/var/named/shanghai.magedu.com.zone
#nsupdate ------远程更新数据库;
网友评论