配置DNS的正反向解析与主从同步
准备:
本实验基于两台centos6.5其内核版本号为2.6.32-431.el6.x86_64
配置时间同步
# echo "#update system date by jiajie at 20170506" >>/var/spool/cron/root
# echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1" >>/var/spool/cron/root
关闭防火墙和SELINUX
# service iptables stop
# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
本实验的主DNS服务器IP是:192.168.1.16,从DNS服务器的IP是192.168.1.20。
主服务器:支持正反向解析,从服务器:从正反向解析
开始 配置主服务器(IP:192.168.1.16)
安装软件 # yum -y install bind bind-libs bind-utils 版本:bind.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.1
配置正向解析的数据库文件 ; 配置主DNS服务器的配置文件(只列出修改的):
# cat /etc/named.conf
options {
listen-on port 53 { 192.168.1.16; 127.0.0.1; };//or delete this line
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
*定义正向区域
*在该文件内添加下面的ZONE(注意格式和符号)
# tail /etc/named.rfc1912.zones
zone "jiajie.com" IN {
type master;
file "jiajie.zone";
};
创建区域解析库文件:
# vim /var/named/jiajie.com.zone
$TTL 1D
$ORIGIN jiajie.com.
@ IN SOA ns1.jiajie.com. jjzgood.126.com. (
20170507
1H
10M
5D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.1.16
ns2 IN A 192.168.1.20
mx1 IN A 192.168.1.17
mx2 IN A 192.168.1.18
www IN A 192.168.1.16
www IN A 192.169.1.20
ftp IN CNAME www
修改权限和属组:
# chown :named /var/named/jiajie.zone
# chmod 640 /var/named/jiajie.zone
查错和重启服务:
# named-checkconf
# named-checkzone "jiajie.com" /var/named/jiajie.zone
准备:
本实验基于两台centos6.5其内核版本号为2.6.32-431.el6.x86_64
配置时间同步
# echo "#update system date by jiajie at 20170506" >>/var/spool/cron/root
# echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov > /dev/null 2>&1" >>/var/spool/cron/root
关闭防火墙和SELINUX
# service iptables stop
# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
本实验的主DNS服务器IP是:192.168.1.16,从DNS服务器的IP是192.168.1.20。
主服务器:支持正反向解析,从服务器:从正反向解析
开始 配置主服务器(IP:192.168.1.16)
安装软件 # yum -y install bind bind-libs bind-utils 版本:bind.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.1
配置正向解析的数据库文件 ; 配置主DNS服务器的配置文件(只列出修改的):
# cat /etc/named.conf
options {
listen-on port 53 { 192.168.1.16; 127.0.0.1; };//or delete this line
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
copyright 无奈人生
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
};
*定义正向区域
*在该文件内添加下面的ZONE(注意格式和符号)
# tail /etc/named.rfc1912.zones
zone "jiajie.com" IN {
type master;
file "jiajie.zone";
};
创建区域解析库文件:
# vim /var/named/jiajie.com.zone
$TTL 1D
$ORIGIN jiajie.com.
@ IN SOA ns1.jiajie.com. jjzgood.126.com. (
20170507
本文来自无奈人生安全网
1H
10M
5D
1D )
IN NS ns1
IN NS ns2
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.1.16
ns2 IN A 192.168.1.20 copyright 无奈人生
mx1 IN A 192.168.1.17
mx2 IN A 192.168.1.18
www IN A 192.168.1.16
www IN A 192.169.1.20
ftp IN CNAME www
修改权限和属组:
# chown :named /var/named/jiajie.zone
# chmod 640 /var/named/jiajie.zone
查错和重启服务:
# named-checkconf
# named-checkzone "jiajie.com" /var/named/jiajie.zone
copyright 无奈人生