使用bind软件构建自己DNS主从服务器,需要两台服务器都安装好bind,bind的默认主配置文件在/etc/named.conf。区域配置文件在/var/named/。主服务器IP:192.168.153.128;从服务器IP:192.168.153.129。
1、主服务器的配置文件如下:
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; }; //关闭IPv6
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 192.168.2.1;
202.103.224.68; };
recursion yes;
dnssec-enable no; //必须关闭,否则无法解析外网DNS
dnssec-validation no; //必须关闭,否则无法解析外网DNS
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "lancy.com" IN {
type master;
allow-transfer { 192.168.153.129; };
also-notify { 192.168.153.129; };
notify yes;
file "lancy.com.zone";
};
zone "153.168.192.in-addr.arpa" IN {
type master;
allow-transfer { 192.168.153.129; };
also-notify { 192.168.153.129; };
notify yes;
file "192.168.153.arpa"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";2、从服务器的主配置文件如下:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
// forwarders { 192.168.2.1;
// 202.103.224.68; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic; };
};
zone "." IN {
type hint;
file "named.ca"; };
zone "lancy.com" IN {
type slave;
masters { 192.168.153.128; };
file "slaves/lancy.com.zone"; };
zone "153.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.153.128; };
file "slaves/192.168.153.arpa"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";3、主服务器的区域配置文件
[root@T1 ~]# cat /var/named/lancy.com.zone
$TTL 3H
@ IN SOA lancy.com. root.lancy.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.lancy.com. ; # 写的是下方的相邻域名
ns1 A 192.168.153.138
www A 192.168.100.221 ; # A代表 正向解析的IPV4的地址
www A 192.168.100.222
www A 192.168.100.223
www A 192.168.100.224
a A 192.168.100.22
* A 192.168.100.100[root@T1 ~]# cat /var/named/192.168.153.arpa
$TTL 3H
@ IN SOA lancy.com. root.lancy.com. (
111 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.lancy.com. ; # 写的是下方的相邻域名
138 PTR ns1.lancy.com.
224 PTR a.lancy.com.
88 PTR abc.lancy.com注意事项:
1、 dnssec-enable 、 dnssec-validation 这两个选项必须关闭,现在很多DNS服务器没有开启加密和认证功能,不关闭会无法连接上级DNS服务器。
2、recursion yes;开启递归查询,不可以关闭,否则域名解析为自己域名的子域名。
3、forwarders 设置转发服务器,可以不设置。
4、区域配置文件中的必须有NS记录,并且NS主机指向自己服务器的IP
5、区域配置文件每一页记录开头必须顶格书写,不能留有空格,否则报错。
6、主服务器每次修改区域文件后需要增加序列号(serial)的数值。
7、主服务器修改区域文件后需要重载(systemctl reoad named)才能生效,才能同步到从服务器上。
Leave a Reply