DNS部署(centos 6)
- DNS部署(主从)
安装环境:CentOS 6.8
准备两台主机:192.168.137.13(主DNS)、192.168.137.14(从DNS)
EPEL仓库使用阿里源
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
192.168.137.13(主DNS)安装
yum install -y bind-utils bind bind-devel bind-chroot
检查
rpm -qa |grep bind
配置named.conf文件
mv /etc/named.conf /etc/named.conf.bak vim /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
配置rndc.key文件
vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
配置rndc.conf文件
vim /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
配置view.conf文件
vim /var/named/chroot/etc/view.conf
view "View" {
zone "swj.com" {
type master;
file "shhnwangjian.com.zone";
allow-transfer {
192.168.137.14;
};
notify yes;
also-notify {
192.168.137.14;
};
};
};
配置shhnwangjian.com.zone文件
vim /var/named/chroot/etc/shhnwangjian.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
swj.com IN SOA op.swj.com. dns.swj.com. (
2000 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.swj.com.
$ORIGIN swj.com.
shanks A 1.2.3.4
op A 1.2.3.4
a A 1.2.3.4
1)Serial:只是一个序号,但这个序号可被用来作为slave与master更新的依据。
举例来说,master序号为100但slave序号为90时,那么这个zone file的资料就会被传送到slave来更新了。由于这个序号代表新旧资料,通常我们建议你可以利用日期来设定。例如上面的资料是在2015/10/20所写的第一次,所以用2015102001作为序号代表。(yyyymmddnn,nn代表这一天是第几次修改)
2)Refresh:除了根据Serial来判断新旧之外,我们可以利用这个refresh(更新)命令slave多久进行一次主动更新、
3)Retry:如果到了Refresh的时间,但是slave却无法连接到master时,那么在多久之后,slave会再次的主动尝试与主机连接。
4)Expire:如果slave一直无法与master连接上,那么经过多久的时间之后,则命令slave不要再连接了。也就是说,此时我们假设masterDNS可能遇到重大问题而无法上线,则等待系统管理员处理完毕后,再重新到slaveDNS重启bind。
5)Minimum:这个类似TTL。
修改目录权限,并启动服务
cd /var && chown -R named.named named/ /etc/init.d/named start chkconfig named on
解析测试
dig @127.0.0.1 a.swj.com
备注:修改配置文件可以执行rndc reload
192.168.137.14(从DNS)
yum install -y bind-utils bind bind-devel bind-chroot
配置named.conf文件
mv /etc/named.conf /etc/named.conf.bak vim /etc/named.conf
options {
version "1.1.1";
listen-on port 53 {any;};
directory "/var/named/chroot/etc/";
pid-file "/var/named/chroot/var/run/named/named.pid";
allow-query { any; };
Dump-file "/var/named/chroot/var/log/binddump.db";
Statistics-file "/var/named/chroot/var/log/named_stats";
zone-statistics yes;
memstatistics-file "log/mem_stats";
empty-zones-enable no;
forwarders {202.106.196.115;8.8.8.8; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel warning {
file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns {
file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
warning;
};
category queries {
general_dns;
};
};
include "/var/named/chroot/etc/view.conf";
配置rndc.key文件
vim /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
配置rndc.conf文件
vim /etc/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Eqw4hClGExUWeDkKBX/pBg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
备注:主从DNS主机配置named.conf、rndc.key、rndc.conf文件一样
配置view.conf文件
vim /var/named/chroot/etc/view.conf
view "SlaveView" {
zone "swj.com" {
type slave;
masters {192.168.137.13; };
file "slave.shhnwangjian.com.zone";
};
};
修改目录权限,并启动服务
cd /var && chown -R named.named named/ /etc/init.d/named start chkconfig named on
添加A、CNAME、MX、PTR记录(主DNS)
A记录
编辑master节点/var/named/chroot/etc/shhnwangjian.com.zone,在文件末尾添加记录
a A 192.168.1.100 将serial + 1
执行rndc reload
检查从DNS主机,slave.shhnwangjian.com.zone文件已同步更新。
CNAME记录
编辑master节点/var/named/chroot/etc/shhnwangjian.com.zone,在文件末尾添加记录
cname CNAME a.swj.com. 将serial + 1
执行rndc reload
检查从DNS主机,slave.shhnwangjian.com.zone文件已同步更新。
测试 host a.swj.com 127.0.0.1
MX记录
编辑master节点/var/named/chroot/etc/shhnwangjian.com.zone,在文件末尾添加记录
mx MX 5 192.168.1.101 将serial + 1
执行rndc reload
检查从DNS主机,slave.shhnwangjian.com.zone文件已同步更新。
测试 host mx.swj.com 127.0.0.1
PTR记录(反向解析)
编辑master节点/var/named/chroot/etc/view.conf,加入ptr的zone配置
zone "168.192.in-addr.arpa" {
type master;
file "168.192.zone";
allow-transfer{
192.168.137.14;
};
notify yes;
also-notify{
192.168.137.14;
};
};
编辑master节点/var/named/chroot/etc/168.192.zone
$TTL 3600 ; 1 hour
@ IN SOA op.swj.com. dns.swj.com. (
2003 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.swj.com.
100.1 IN PTR a.swj.com.
修改168.192.zone文件属主
chown named.named 168.192.zone rndc reload
编辑slave节点/var/named/chroot/etc/view.conf,加入ptr的zone配置
zone "168.192.in-addr.arpa" {
type slave;
masters {192.168.137.13; };
file "slave.168.192.zone";
};
执行rndc reload
slava节点/var/named/chroot/etc目录下生成slave.168.192.zone文件。
解析测试: host 192.168.1.100 127.0.0.1
DNS实现服务的负载均衡
编辑master节点/var/named/chroot/etc/shhnwangjian.com.zone,在文件末尾添加记录
a A 192.168.1.102 将serial + 1
执行rndc reload
master和slave执行解析:nslookup a.swj.com 127.0.0.1,结果如下(轮询)
- 配置DNS视图(智能DNS)
编辑master节点/var/named/chroot/etc/named.conf,在include上面添加(对客户端IP分组)
acl group1 {
192.168.137.13;
};
acl group2 {
192.168.137.14;
};
编辑master节点/var/named/chroot/etc/view.conf
view "GROUP1" {
match-clients { group1; };
zone "viewswj.com" {
type master;
file "group1.viewswj.com.zone";
};
};
view "GROUP2" {
match-clients { group2; };
zone "viewswj.com" {
type master;
file "group2.viewswj.com.zone";
};
};
编辑master节点/var/named/chroot/etc/group1.viewswj.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewswj.com IN SOA op.viewswj.com. dns.viewswj.com. (
2000 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewswj.com.
$ORIGIN viewswj.com.
view A 192.168.122.1
op A 192.168.122.1
编辑master节点/var/named/chroot/etc/group2.viewswj.com.zone
$ORIGIN .
$TTL 3600 ; 1 hour
viewswj.com IN SOA op.viewswj.com. dns.viewswj.com. (
2000 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS op.viewswj.com.
$ORIGIN viewswj.com.
view A 192.168.122.2
op A 192.168.122.2
修改文件属主,加载配置
chown named.named /var/named/chroot/etc/group*.zone rndc reload
测试,在192.168.137.13主机上执行host view.viewswj.com 192.168.137.13
在192.168.137.14主机上执行host view.viewswj.com 192.168.137.13
