DNS主从服务器搭建实施笔记

 

目录

 

一、搭建主服务器

1.配置yum,安装所需软件包

2.修改dns配置文件

3.修改配置文件,下面是我的配置实例

4.配置正反向解析文件,正反向解析文件的名字从上面指定

5.关闭selinux 和防火墙

 、配置从服务器

1.配置yum,安装所需软件包

2.配置从服务器文件

3.关闭防火墙 selinux

三、客户端配置

1.以上主从dns配好之后启动dns服务

2.配置网卡文件

3.配置resolv.conf

4.chkconfig named on

 

 

 

 

一、搭建主服务器

1.配置yum,安装所需软件包

[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs    DNS服务器所需的软件包

 

2. dns配置文件参数解释

文件详解

/etc/named.conf

 

options {

        listen-on port 53 { 192.168.1.24; };      使用53端口监听DNS,监听的ip地址192.168.1.24

        listen-on-v6 port 53 { ::1; };            监听ipv6的IP地址选项

        directory       "/var/named";            DNS的根目录,由于安装了bind-chroot的所致,                                            因此服务的实际工作目录为/var/named/chroot/var/named

        dump-file       "/var/named/data/cache_dump.db";    缓存转储文件

        statistics-file "/var/named/data/named_stats.txt";    记录了内存使用的统计信息

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };        允许查询的主机,默认为localhost

        recursion yes;                    可以递归查询

        dnssec-enable yes;

        dnssec-validation yes;

        dnssec-lookaside auto;

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};




logging {                               named服务的日志文件信息

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {                        根(.)域的配置及信息(也可以通过其它上级域名转发功能来

                                     配置缓存域名服务器,可以自己去了解)                                

        type hint;

        file "named.ca";

};

 

xx银行DNS主服务器配置实例

:1、修改处进行加粗红色标注

2、xx银行DNS主:10.1.120.63

xx银行DNS备:10.1.120.64

3、xx银行RAC环境网段:10.1.50.180/181/182

4、域名xxrac-scan.xxbank.com

 

[root@dns etc]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { any; };

recursion yes;

 

allow-query-cache { any; };       

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

 

managed-keys-directory "/var/named/dynamic";

};

 

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

 

zone "." IN {

type hint;

file "named.ca";

};

 

 

 

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

 

3.修改zone配置文件,以下为xx银行zone文件配置实例

:修改处进行加粗红色标注

 

[root@dns etc]# cat /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

zone "localhost.localdomain" IN {

type master;

file "named.localhost";

allow-update { none; };

};

 

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

 

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

 

zone "1.0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

 

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

 

zone "xxbank.com" IN {

      type master;

  notify yes;

  also-notify {10.1.120.64};

      file "xxbank.com.zone";

      allow-update { none; };

  allow-transfer {10.1.120.64};

};

 

zone"50.1.10.in-addr.arpa" IN {

        type master;

        file "50.1.10.local";

        allow-update { none; };

allow-transfer {10.1.120.64;};

};

 

4.配置正反向解析文件正反向解析文件的名字从上面指定

下面是xx银行正反向解析文件的配置实例:

[root@dns named]# cat xxbank.com.zone

$TTL 86400

@ IN SOA ns.xxbank.com. root.xxbank.com. (

43 ; serial

60 ; refresh

15M ; retry

1W ; expire

1D ) ; minimum

IN NS ns.xxbank.com.

ns IN A 10.1.120.63 

dns       IN A 10.1.120.63

xxrac1  IN A 10.1.50.180

xxrac2  IN A 10.1.50.181

xxrac3  IN A 10.1.50.182

xxrac1-priv  IN A 192.168.50.180

xxrac2-priv  IN A 192.168.50.181

xxrac3-priv  IN A 192.168.50.182

xxrac1-vip  IN A 10.1.50.183

xxrac2-vip  IN A 10.1.50.184

xxrac3-vip  IN A 10.1.50.185

xxrac-scan  IN A 10.1.50.186

xxrac-scan  IN A 10.1.50.187

xxrac-scan  IN A 10.1.50.188

 [root@dns named]# cat 50.1.10.local

$TTL    86400

 

@               IN SOA  dns.xxbank.com.      root.xxbank.com. (

 

                                      1997022700 ; Serial

 

                                      28800      ; Refresh

 

                                       14400      ; Retry

 

                                      3600000    ; Expire

 

                                       86400)    ; Minimum

 

       IN      NS     dns.xxbank.com.

 

63     IN     PTR     dns.xxbank.com.

 

64     IN     PTR     gns.xxbank.com.

[root@dns named]#

 

 

5.关闭selinux 防火墙

二 、配置从服务器

1.配置yum,安装所需软件包

[root@localhost ~]# yum -y install bind bind-chroot bind-util bind-libs    DNS服务器所需的软件包

2.配置DNS从服务器named.conf文件

 

[root@dns etc]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     { any; };

recursion yes;

 

allow-query-cache { any; };       

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

 

managed-keys-directory "/var/named/dynamic";

};

 

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

 

zone "." IN {

type hint;

file "named.ca";

};

 

 

 

 

 

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

3.配置DNS从服务器zone文件

 

只需要修改named.rfc1912.zones ,下面是配置实例

[root@db11g slaves]# cat /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

zone "localhost.localdomain" IN {

type master;

file "named.localhost";

allow-update { none; };

};

 

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

 

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

 

zone "1.0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

 

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

 

zone "zyr.com" IN {

type master;

file "zyr.com";

allow-update { none; };

};

 

zone "xxbank.com" IN {

 

type slave;

 

masters { 10.1.120.63; };

 

file "slaves/xxbank.com.zone";

 

allow-update { none; };

 

};

 

 

 

zone"50.1.10.in-addr.arpa" IN {

 

type slave;

 

masters { 10.1.120.63; };

 

file "slaves/50.1.10.local";

 

allow-update { none; };

 

};

 

在此文件中要指明master主机是哪个,还要表明主机类型以及master传输过来的文件放在哪个目录下。

服务启动之后正反向解析文件会传输过来,记得检查。

 

3.关闭防火墙 selinux

 

三、客户端配置

 

1.以上主从dns配好之后启动dns服务

service named start

 

--2.配置网卡文件(可忽略,仅配置resolv.conf即可)

 [root@db11g slaves]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

HWADDR=08:00:27:5A:94:04

TYPE=Ethernet

UUID=892c388d-c38e-403c-9bf9-e63dffb67555

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=none

IPADDR=192.168.56.111

NETMASK=255.255.255.0

GATEWAY=192.168.56.1

DNS1=192.168.56.91

DNS2=192.168.56.111

 

3.配置resolv.conf

:rac数据库到dns服务器的53端口需放开

 

[root@db11g slaves]# cat /etc/resolv.conf

# Generated by NetworkManager

 

 

# No nameservers found; try putting DNS servers into your

# ifcfg files in /etc/sysconfig/network-scripts like so:

#

# DNS1=xxx.xxx.xxx.xxx

# DNS2=xxx.xxx.xxx.xxx

# DOMAIN=lab.foo.com bar.foo.com

nameserver 10.1.120.63

nameserver 10.1.120.64

 

4.chkconfig named on

在这种工作模式下,从服务器的解析文件是从主服务器传输过来的能够保证一致,客户端的dns指定这两个服务器一个连接不上的时候会连接另一个

 

posted @   Eddie小陈  阅读(219)  评论(0编辑  收藏  举报
相关博文:
· AIX7.1下安装Oracle RAC 12c步骤
· OGG for Oracle to Oracle迁移实施笔记
· 搭建DNS主从架构服务
· DNS服务
· bind搭建DNS服务(主从)
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛