linux主从配置里io是no,配置正、反向解析域，主从配置，子域授权

配置解析一个正向区域&＃xff1a;

1、定义区域

在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.conf)中实现&＃xff1a;

(1) 在/etc/named.rfc1912.cnof中实现

[root&＃64;pxe120 named]# vim /etc/named.rfc1912.zones

type master;

file “named.loopback”;

allow-update { none; };

};

zone “0.in-addr.arpa” IN {

type master;

file “named.empty”;

allow-update { none; };

};

zone “ilinux.io” IN {

type master;

file “ilinux.io.zone”;

};

注意写入的时候一定要加“&＃xff1b;”号

(2) 在/etc/named.conf中实现

[root&＃64;pxe120 named]# vim /etc/named.conf

options {

listen-on port 53 { 0.0.0.0; };                此行需要将后面的地址改为 0.0.0.0&＃xff1b;(注意0前的空格和“&＃xff1b;”号后的空格)

listen-on-v6 port 53 { ::1; };

directory       “/var/named”;

dump-file       “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

//allow-query     { localhost; };        此行需要注释掉或将花括号内更改为{ any&＃xff1b; } (注意输入空格和“&＃xff1b;”号)

/*

– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

– If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

– If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

*/

recursion yes;

//dnssec-enable yes;                此行需要注释掉&＃xff0c;用//

//dnssec-validation yes;            此行需要注释掉&＃xff0c;用//

/* Path to ISC DLV key */

bindkeys-file “/etc/named.iscdlv.key”;

managed-keys-directory “/var/named/dynamic”;

pid-file “/run/named/named.pid”;

session-keyfile “/run/named/session.key”;

};

logging {

channel default_debug {

file “data/named.run”;

severity dynamic;

};

};

zone “.” IN {

type hint;

file “named.ca”;

};

include “/etc/named.rfc1912.zones”;

include “/etc/named.root.key”;

2、建立区域数据文件(主要记录为A或AAAA记录)在/var/named目录下建立区域数据文件&＃xff1b;

# vim /var/named/ilinux.io.zone

$TTL    600

ilinux.io.      IN      SOA     ilinux.io.     nsadmin.ilinux.io. (

2017052301

1H

5M

1W

6H )

IN      NS      dns1.ilinux.io.

IN      NS      dns2.ilinux.io.           此行若没有其他可以不写

IN      MX 10   mail

dns1.ilinux.io. IN      A       172.16.253.120      此处IP地址为本地IP

dns2.ilinux.io. IN      A       172.16.253.121      此行没有其他的可以不写

www.ilinux.io.  IN      A       172.16.0.1

web             IN      CNAME   www

ftp             IN      A       172.16.0.2

mail            IN      A       172.16.0.3

(注意加”.” &＃xff0c;不加就意味着词句是可以自动补全的)

3、检查语法错误

named-checkconf

named-checkzone “ilinux.io” ilinux.io.zone

4、权限及属组修改&＃xff1a;

chown :named ilinux.io.zone

chmod  o&＃61;  /var/named/ilinux.io.zone

5、让服务器重载配置文件和区域数据文件

rndc  reload

配置解析一个反向区域

1、定义区域

在主配置文件中(/etc/named.conf)或主配置文件辅助配置文件(/etc/named.rfc1912.conf)中实现&＃xff1a;

(1) 在/etc/named.rfc1912.cnof中实现

# vim /etc/named.rfc1912.zones

type master;

file “named.loopback”;

allow-update { none; };

};

zone “0.in-addr.arpa” IN {

type master;

file “named.empty”;

allow-update { none; };

};

zone “ilinux.io” IN {

type master;

file “ilinux.io.zone”;

};

zone “16.172.in-addr.arpa” IN {           注意&＃xff1a;反向区域的名字反写的网段地址  16.172.in-addr.arpa

type master;

file “172.16.zone”;

};

2、定义区域解析库文件(主要记录为PTR)

创建&＃xff1a;在/var/named目录下创建172.16.zone$TTL 1200

&＃64;       IN      SOA     ilinux.io.      nsadmin.ilinux.io. (

2017052301

3H

20M

1W

1D )

&＃64;               IN      NS      dns1.ilinux.io.

&＃64;               IN      NS      dns2.ilinux.io.

120.253         IN      PTR     dns1.ilinux.io.

121.253         IN      PTR     dns2.ilinux.io.

1.0             IN      PTR     www.ilinux.io.

注意事项与正向相同

3、检查语法错误

named-checkconf

named-checkzone “1.0.16.172.in-addr.arpa” 172.16.zone

4、权限及属组修改&＃xff1a;

chown :named 172.16.zone

chmod  o&＃61;  /var/named/172.16.zone

5、让服务器重载配置文件和区域数据文件

rndc  reload

或 systemctl reload name.service

主从服务器配置(需要在两台或多台服务器上操作)

1、同步时间(如果时间不同步后续会产生不必要的一些麻烦)

$ ntpdate NTP_SERVER

因为在上面的实验里&＃xff0c;我们已经配置好了一台具有DNS解析功能的服务器了&＃xff0c;所以我们就把那一台机器作为主服务器使用。

配置从服务器

2、使用yum 安装bind

3、修改配置文件

# vim /etc/named.conf

ptions {

//      listen-on port 53 { 127.0.0.1; };        将此行用//注释掉

listen-on-v6 port 53 { ::1; };

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query     { any; };                    将花括号内更改为any

dnssec-enable no;                             将yes更改为no

dnssec-validation no;                         将yes更改为no

4、定义一个从域

# vim /etc/named.rfc1912.zones

zone “ilinux.io” IN {

type slave;

file “slaves/ilinux.io.zone”;

masters { 172.16.253.120; };

};

zone “16.172.in-addr.apra” IN {

type slave;

file “slaves/172.16.zone”;

masters { 172.16.253.120; };

};

检查语法&＃xff1a; named-checkconf

开启服务&＃xff1a;systemctl start named.service

测试&＃xff1a;dig -t A www.ilinux.io &＃64;172.16.251.5

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.ilinux.io &＃64;172.16.251.5

;; global options: &＃43;cmd

;; Got answer:

;; ->>HEADER<

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.ilinux.io. IN A

;; ANSWER SECTION:

www.ilinux.io. 600 IN A 172.16.0.1

;; AUTHORITY SECTION:

ilinux.io. 600 IN NS dns1.ilinux.io.

ilinux.io. 600 IN NS dns2.ilinux.io.

;; ADDITIONAL SECTION:

dns1.ilinux.io. 600 IN A 172.16.253.120

dns2.ilinux.io. 600 IN A 172.16.253.121

;; Query time: 2 msec

;; SERVER: 172.16.251.5#53(172.16.251.5)

;; WHEN: Fri May 26 17:12:17 CST 2017

;; MSG SIZE  rcvd: 128

dig -t NS ilinux.io &＃64;172.16.251.5

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t NS ilinux.io &＃64;172.16.251.5

;; global options: &＃43;cmd

;; Got answer:

;; ->>HEADER<

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ilinux.io. IN NS

;; ANSWER SECTION:

ilinux.io. 600 IN NS dns1.ilinux.io.

ilinux.io. 600 IN NS dns2.ilinux.io.

;; ADDITIONAL SECTION:

dns1.ilinux.io. 600 IN A 172.16.253.120

dns2.ilinux.io. 600 IN A 172.16.253.121

;; Query time: 1 msec

;; SERVER: 172.16.251.5#53(172.16.251.5)

;; WHEN: Fri May 26 18:07:19 CST 2017

;; MSG SIZE  rcvd: 108

子域授权

在主DNS服务器上进行授权

1、将以下内容添加到ilinux.io.zone

# vim /var/named/ilinux.io.zone

ops.ilinux.com. IN      NS      dns1.ops.ilinux.io

ops.ilinux.com. IN      NS      dns2.ops.ilinux.io

dns1.ops.ilinux.com.    IN      A       172.16.251.5

dns2.ops.ilinux.com.    IN      A       172.16.251.6

2、在子域DNS服务器上配置

使用yum安装bind

修改配置文件

# vim /etc/named.conf

options {

//      listen-on port 53 { 127.0.0.1; };        使用//注释掉此行

listen-on-v6 port 53 { ::1; };

dump-file       “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query     { any; };                将括号内的内容更改为any

dnssec-enable no;                         将此行与下一行的yes更改为no

dnssec-validation no;

3、在/etc/named.rfc1912.zones中添加子域信息

# vim /etc/named.rfc1912.zones

zone “ops.ilinux.com” IN {

type master;

file “ops.ilinux.zone”;

};

4、定义子域解析库&＃xff1a;

# vim /var/named/ops.ilinux.zone

$TTL 300

&＃64;       IN      SOA     ilinux.com.     nsadmin.ilinux.com. (

2017052301

1H

2M

3D

1D )

IN      NS      dns1.ops.ilinux.com.

IN      NS      dns2.ops.ilinux.com.

dns1            IN      A       172.16.251.5

dns2            IN      A       172.16.251.6

www            IN      A       172.16.251.13

5、配置完成后测试&＃xff1a;

# systemctl restart named

通过本机解析本域主机名

#  host -t A www.ops.ilinux.com 172.16.251.5

Using domain server:

Name: 172.16.251.5

Address: 172.16.251.5#53

Aliases:

www.ops.ilinux.com has address 172.16.251.13

原创文章&＃xff0c;作者&＃xff1a;木&＃xff0c;如若转载&＃xff0c;请注明出处&＃xff1a;http://www.178linux.com/76827