DNS(二)使用bind搭建DNS
一、 环境信息
1、操作系统信息
# uname -r 3.10.0-1062.9.1.el7.x86_64 # more /etc/redhat-release CentOS Linux release 7.7.1908 (Core)
2、IP地址信息
1)主DNS:10.30.20.118
2)从DNS:10.30.20.74
二、DNS部署
1、软件部署,如下操作主从DNS操作都一样
# yum install bind-utils bind bind-devel bind-chroot # echo QNObIlVlY4cNir | base64 UU5PYklsVmxZNGNOaXIK # vim /etc/named.conf options { version "1.1.1"; listen-on port 53 {any;}; directory "/var/named/chroot/etc/"; allow-query { any; }; Dump-file "/var/named/chroot/var/log/binddump.db"; Statistics-file "/var/named/chroot/var/log/named_stats"; zone-statistics yes; memstatistics-file "log/mem_stats"; empty-zones-enable no; forwarders {223.5.5.5;223.6.6.6; }; }; key "rndc-key" { algorithm hmac-md5; secret "UU5PYklsVmxZNGNOaXIK"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; logging { channel warning { file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m; severity warning; print-category yes; print-severity yes; print-time yes; }; channel general_dns { file "/var/named/chroot/var/log/dns_log" versions 10 size 100m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; }; category queries { general_dns; }; }; include "/var/named/chroot/etc/view.conf"; # vim /etc/rndc.key key "rndc-key" { algorithm hmac-md5; secret "UU5PYklsVmxZNGNOaXIK"; }; # vim /etc/rndc.conf key "rndc-key" { algorithm hmac-md5; secret "UU5PYklsVmxZNGNOaXIK"; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };
2、主DNS
# vim /var/named/chroot/etc/view.conf view "View" { zone "ts.lan" { type master; file "ts.lan.zone"; allow-transfer { 10.30.20.74; }; notify yes; also-notify { 10.30.20.74; }; }; }; # more /var/named/chroot/etc/ts.lan.zone $ORIGIN . $TTL 3600 ; 1 hour DNS缓存时间 ts.lan IN SOA op.ts.lan. dns.ts.lan. ( 2000 ; serial 序列号,代表数据的新旧,用于主从DNS的数据同步 900 ; refresh (15 minutes) 从DNS多长时间跟主DNS同步一次 600 ; retry (10 minutes) 如果从DNS无法与主DNS通信,多久后进行重试 86400 ; expire (1 day) 如果从DNS超过此时间无法与主DNS通信,就不再与主DNS通信了,直到重启从DNS服务 3600 ; minimum (1 hour) ) NS op.ts.lan. $ORIGIN ts.lan. op A 10.30.20.118 test A 10.30.20.118 测试 # dig @127.0.0.1 test.ts.lan
3、从DNS
# more /var/named/chroot/etc/view.conf view "View" { zone "ts.lan" { type slave; file "ts.lan.zone"; masters {10.30.20.118; }; }; }; # systemctl start named # dig @10.30.20.74 test.ts.lan
4、主从DNS同步测试
在主DNS修改dns记录,并更新serial+1
# systemctl reload named # host test.ts.lan 10.30.20.118 Using domain server: Name: 10.30.20.118 Address: 10.30.20.118#53 Aliases: test.ts.lan has address 192.168.1.1 # host test.ts.lan 10.30.20.74 Using domain server: Name: 10.30.20.74 Address: 10.30.20.74#53 Aliases: test.ts.lan has address 192.168.1.1