22040113_DNS搭建实战-基于双主后端同步管理方案
环境拓扑
前端DNS1,DNS2为主端,做为DNS缓存(SLAVE)使用,为linux系统
后端DNS3为Windows系统,方便图形化添加域名主机,为保证安全,主机不设置密码,从虚拟化平台控制台空密友登陆
前端DNS缓存服务器配置
DNS1与DNS2配置相同,仅IP地址不一样
环境情况
操作系统:CentOS 6.5 64位系统
| 名称 | IP | 描述 |
|---|---|---|
| DNS1 | 80.128.0.10 | 主DNS |
| DNS2 | 80.128.0.11 | 备DNS |
安装named
配置好yum源,事先,不然安装很慢
[root@dns8 /]# yum install bind* -y
版本为:
[root@dns8 /]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.7
允许防火墙放行53端口
[root@localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 953 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT配置上流转发地址
完成这步,如果没有自定义本级域名,就可以正常转发并解析互联网域名
[root@localhost ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders {
114.114.114.114; //这里为转发上流地址1
8.8.8.8; //这里为转发上流地址2
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";添加本地自定义域名
主体文件
[root@localhost ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "test.com" IN {
type master;
file "test.com.zone";
allow-update { none; };
};
zone "lss.sc" IN {
type slave;
file "slaves/lss.sc.zone";
masters {192.168.2.33; };
};将DNS角色设置为本教程图示SLAVE角色
以lss.sc域为例,masters中为接收更新通知IP地址,type为slave,这里允许主机192.168.2.33有权限更新子域配置数据
那么子域配置文件在 /var/named/slaves/lss.sc.zone
注意看,可以默认二级、三级,四级域配置,这里添加的A记录主机,格式为 子域 A IP地址, 注意看这里如何写默认空主机,这里ping lss.sc 为IP地址80.128.0.9
[root@localhost ~]# cat /var/named/slaves/lss.sc.zone
$ORIGIN .
$TTL 3600 ; 1 hour
lss.sc IN SOA dns.lss.sc. admin. (
218 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS dns.lss.sc.
NS ns2.lss.sc.
A 80.128.0.9
$ORIGIN lss.sc.
cr A 10.66.196.139
$ORIGIN cr.lss.sc.
www A 10.66.196.139
$ORIGIN lss.sc.
dns A 80.128.0.10
ebx A 10.66.235.9
$ORIGIN ebx.lss.sc.
ftp A 10.66.235.8
mail A 10.66.235.7
www A 80.129.18.9如果只想一台DNS,不想教程中这么成体系的,直接参看test.com域,type为master为例
那么子域配置文件在 /var/named/slaves/lss.sc.zone
注意看,可以默认二级、三级,四级域配置,这里添加的A记录主机,格式为 子域 A IP地址, 特殊是@表默认空主机,这里ping test.com 为IP地址192.168.2.35
[root@localhost ~]# cat /var/named/test.com.zone
$TTL 1D
@ IN SOA test.com. root (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.test.com.
@ IN A 192.168.2.35
ns IN A 192.168.2.32
www IN A 192.168.2.31
ftp IN A 192.168.2.31
spe.www IN A 192.168.2.21
a.s.www IN A 192.168.3.39后端主推DNS服务器
操作系统:Windows 2003
