雁塔免费做网站,专业医疗建站,企业黄页顺企网,嘉兴网站制作价格写在前面 分享一些 使用 bind9 配置主从权威名称服务器的笔记理解不足小伙伴帮忙指正 对每个人而言#xff0c;真正的职责只有一个#xff1a;找到自我。然后在心中坚守其一生#xff0c;全心全意#xff0c;永不停息。所有其它的路都是不完整的#xff0c;是人的逃避方式…写在前面 分享一些 使用 bind9 配置主从权威名称服务器的笔记理解不足小伙伴帮忙指正 对每个人而言真正的职责只有一个找到自我。然后在心中坚守其一生全心全意永不停息。所有其它的路都是不完整的是人的逃避方式是对大众理想的懦弱回归是随波逐流是对内心的恐惧 ——赫尔曼·黑塞《德米安》 DNS 架构
向供应商注册新的域名时必须提供该域的公共权威名称服务器的名称和IP地址。注册服务商将该信息放在父域的区域文件中(如NSA和AAAA记录)以便DNS解析器可以找到您的名称服务器。为了帮助确保可靠性应该至少有两个公共DNS服务器并且它们应位于不同的站点以避免由于网络故障而造成的中断。
外部主机如何通过缓存名称服务器和权威名称服务器进行 DNS 解析对记录执行DNS查找。假设还没有缓存的记录:
外部访问 客户的缓存名称服务器首先查询一个根名称服务器。它被定向到负责 com域的名称服务器池。其中一个服务器响应 example.com域的NS记录因此 缓存的名称服务器查询一个面向公共的次要名称服务器。
主名称服务器实际上不是公共的但是辅助名称服务器可以从主名称服务器执行区域传输以便它们拥有关于 example.com 区域的最新数据。下图说明了对于example.com 域内的内部仅缓存名称服务器该过程是相同的:
内部访问 更好的方法是提供内部名称服务器可以查询的内部授权辅助服务器。当本地域存在问题时这消除了外部查询这更安全。
内部访问 为此需要配置内部缓存名称服务器来转发对记录的请求。Com 到内部辅助服务器。(例如使用Unbound时您需要配置适当的forward-zone块。)
# forward-zone:
# name: example.com
# forward-addr: 192.0.2.68
# forward-addr: 192.0.2.735355 # forward to port 5355.
# forward-first: no
# forward-tls-upstream: no
# forward-zone:
# name: example.org
# forward-host: fwd.example.com主从权威 DNS 部署
配置主 DNS 服务器
安装 bind9
[rootserverb ~]# yum install bind -y一些准备工作
[rootserverb ~]# vim /etc/named.conf
[rootserverb ~]# chmod 640 /etc/named.conf
[rootserverb ~]# chgrp named /etc/named.conf
[rootserverb ~]# firewall-cmd --add-servicedns --permanent
success
[rootserverb ~]# firewall-cmd --reload
success
[rootserverb ~]# systemctl enable named.service --now
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[rootserverb ~]#在serverb配置主 DNS并且添加几条记录
配置正向解析servera.blog.liruilong.com.,serverc.blog.liruilong.com. 地址分别为172.25.250.10, 172.25.250.12配置反向解析servera,serverc
编辑配置文件 /etc/named.conf
options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory /var/named;dump-file /var/named/data/cache_dump.db;statistics-file /var/named/data/named_stats.txt;memstatistics-file /var/named/data/named_mem_stats.txt;secroots-file /var/named/data/named.secroots;recursing-file /var/named/data/named.recursing;allow-query { any; };.....
添加对应的 zone
zone blog.liruilong.com IN {type master;file blog.liruilong.com.zone;forwarders {};
};添加对应的 zone 数据
[rootserverb ~]# cat /var/named/blog.liruilong.com.zone
$TTL 300IN SOA serverb.blog.liruilong.com. dnslab.example.com. (2023072900 ; serial1H ; refresh5M ; retry1W ; expire1M ) ; minimum600 IN NS serverb.blog.liruilong.com.serverb IN A 172.25.250.11
serverc IN A 172.25.250.12
servera IN A 172.25.250.10[rootserverb ~]#检测 zone 文件
[rootserverb ~]# vim /var/named/blog.liruilong.com.zone
[rootserverb ~]# named-checkzone blog.liruilong.com.zone /var/named/blog.liruilong.com.zone
zone blog.liruilong.com.zone/IN: loaded serial 2023072900
OK确认无误后重启服务测试
[rootserverb ~]# systemctl restart named
[rootserverb ~]# dig serverc.blog.liruilong.com. serverb; DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 serverc.blog.liruilong.com. serverb
;; global options: cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 9608
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 196c643e805924a3ea772e3264c649cef6a873b5c3803907 (good)
;; QUESTION SECTION:
;serverc.blog.liruilong.com. IN A;; ANSWER SECTION:
serverc.blog.liruilong.com. 300 IN A 172.25.250.12;; AUTHORITY SECTION:
blog.liruilong.com. 600 IN NS serverb.blog.liruilong.com.;; ADDITIONAL SECTION:
serverb.blog.liruilong.com. 300 IN A 172.25.250.11;; Query time: 0 msec
;; SERVER: 172.25.250.11#53(172.25.250.11)
;; WHEN: Sun Jul 30 19:30:22 CST 2023
;; MSG SIZE rcvd: 137[rootserverb ~]# dig servera.blog.liruilong.com. 172.25.250.11; DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 servera.blog.liruilong.com. 172.25.250.11
;; global options: cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 37549
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7e67c9a9f9d30b3df695a33864c64a1bb0d653a623775fd6 (good)
;; QUESTION SECTION:
;servera.blog.liruilong.com. IN A;; ANSWER SECTION:
servera.blog.liruilong.com. 300 IN A 172.25.250.10;; AUTHORITY SECTION:
blog.liruilong.com. 600 IN NS serverb.blog.liruilong.com.;; ADDITIONAL SECTION:
serverb.blog.liruilong.com. 300 IN A 172.25.250.11;; Query time: 0 msec
;; SERVER: 172.25.250.11#53(172.25.250.11)
;; WHEN: Sun Jul 30 19:31:39 CST 2023
;; MSG SIZE rcvd: 137[rootserverb ~]#反向解析配置
zone 25.172.in-addr.arpa IN {type master;file 25.172.loopbackallow-update { none; };};这里修改完 配置文件提示上面的报错缺少; 号
[rootserverb ~]# named-checkconf /etc/named.conf
/etc/named.conf:67: missing ; before allow-update
[rootserverb ~]# vim /etc/named.conf
[rootserverb ~]# named-checkconf /etc/named.conf
[rootserverb ~]#重新编辑后测试OK
zone 25.172.in-addr.arpa IN {type master;file 25.172.loopback;allow-update { none; };};编写对应的 zone 数据文件
[rootserverb ~]# cat /var/named/25.172.loopback
$TTL 1DIN SOA serverb.blog.liruilong.com rname.invalid. (2023073000 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS serverb.blog.liruilong.com.
10.250 PTR servera.blog.liruilong.com.
11.250 PTR serverb.blog.liruilong.com.
12.250 PTR serverc.blog.liruilong.com.
[rootserverb ~]#重启服务测试
[rootserverb ~]# vim /var/named/25.172.loopback
[rootserverb ~]# systemctl restart named
[rootserverb ~]# host serverc.blog.liruilong.com 172.25.250.11
Using domain server:
Name: 172.25.250.11
Address: 172.25.250.11#53
Aliases:serverc.blog.liruilong.com has address 172.25.250.12
[rootserverb ~]# host servera.blog.liruilong.com 172.25.250.11
Using domain server:
Name: 172.25.250.11
Address: 172.25.250.11#53
Aliases:servera.blog.liruilong.com has address 172.25.250.10
[rootserverb ~]# host 172.25.250.10 172.25.250.11
Using domain server:
Name: 172.25.250.11
Address: 172.25.250.11#53
Aliases:10.250.25.172.in-addr.arpa domain name pointer servera.blog.liruilong.com.
[rootserverb ~]#配置 DNS从服务器
[rootserverc ~]# yum install bind -y复制 配置文件
[rootserverc ~]# scp serverb:/etc/named.conf /etc/named.conf需要修改的部分
将每个主要 (master) 区域条⽬转换为次要 (slave) 区域条⽬。将 type 指令的值更改为 slave。添加 masters 指令以指向 serverb(主DNS) 后端接⼝ 192.168.0.11为⽂件位置加上前缀以便在 slaves/ ⼦⽬录中创建区域⽂件。⽣成的⽂件应当包含以下内容
zone blog.liruilong.com IN {type slave;file slaves/blog.liruilong.com.zone;masters { 192.168.0.11; };
};zone 25.172.in-addr.arpa IN {type slave;file slaves/25.172.loopback;masters { 192.168.0.11; };
};
修改配置文件配置防火墙
[rootserverc ~]# vim /etc/named.conf
[rootserverc ~]# chmod 640 /etc/named.conf
[rootserverc ~]# chgrp named /etc/named.conf
[rootserverc ~]# firewall-cmd --add-servicedns --permanent
success
[rootserverc ~]# firewall-cmd --reload
success
[rootserverc ~]# systemctl enable named.service --now
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[rootserverc ~]#查看 zone 数据是否同步
[rootserverc named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[rootserverc named]# cd slaves/
[rootserverc slaves]# ls
25.172.loopback blog.liruilong.com.zone
[rootserverc slaves]#这个同步过来的zone数据是乱码的直接看不了
[rootserverc ~]# host servera.blog.liruilong.com 172.25.250.11
Using domain server:
Name: 172.25.250.11
Address: 172.25.250.11#53
Aliases:servera.blog.liruilong.com has address 172.25.250.10
[rootserverc ~]# host servera.blog.liruilong.com 172.25.250.12
Using domain server:
Name: 172.25.250.12
Address: 172.25.250.12#53
Aliases:servera.blog.liruilong.com has address 172.25.250.10
[rootserverc ~]#关于 DNS 主从服务器搭建就和小伙伴们分享到这里简单介绍更多配置小伙伴们可以查看帮助文档
博文部分内容参考
© 文中涉及参考链接内容版权归原作者所有如有侵权请告知 https://www.isc.org/bind/
RH358 授课课堂笔记 © 2018-2023 liruilongergmail.com, All rights reserved. 保持署名-非商用-相同方式共享(CC BY-NC-SA 4.0)
