【DNS】CenOS7.x上基于Bind9的DNS主从安装配置
2023-06-02 本文已影响0人
Bogon
一、环境信息
DNS 主: 192.168.1.111
DNS 从: 192.168.1.112
二、安装Bind9主从
# yum -y install bind bind-utils
# mkdir /opt/bind9/
# chown -R named:named /opt/bind9
# yum info bind bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.11.4
Release : 26.P2.el7_9.13
Size : 5.4 M
Repo : installed
From repo : updates
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : MPLv2.0
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
Name : bind-utils
Arch : x86_64
Epoch : 32
Version : 9.11.4
Release : 26.P2.el7_9.13
Size : 584 k
Repo : installed
From repo : updates
Summary : Utilities for querying DNS name servers
URL : http://www.isc.org/products/BIND/
License : MPLv2.0
Description : Bind-utils contains a collection of utilities for querying DNS (Domain
: Name System) name servers to find out information about Internet
: hosts. These tools will provide you with the IP addresses for given
: host names, as well as other information about registered domains and
: network addresses.
:
: You should install bind-utils if you need to get information from DNS name
: servers.
三、配置Bind9主从
1.在 192.168.1.111 bind9 master
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
version "no banner";
listen-on port 53 { 127.0.0.1;192.168.1.111; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
zone-statistics yes;
dnssec-enable no;
dnssec-validation no;
forwarders {
xx.xx.xx.xx;
};
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel b_log {
file "/opt/bind9/bind.log" versions 30 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel b_debug {
file "/opt/bind9/debug.log" versions 3 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel b_query {
file "/opt/bind9/query.log" versions 3 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category default { b_log; b_debug; };
category config { b_log; b_debug; };
category queries { b_query; };
};
zone "example1.com" IN {
type master;
file "/var/named/example1.com";
notify yes;
allow-update { none; };
};
zone "example2.com" IN {
type master;
file "/var/named/example2.com";
notify yes;
allow-update { none; };
};
# vim /var/named/example1.com
; Hash: e38ba61112fe382f3aa83e5def14b568 1638775844
; Zone file for example1.com
;
; Ansible managed
;
$ORIGIN example1.com.
$TTL 20
@ IN SOA ns1.example1.com. admin.example1.com. (
1638775844
1H
5M
1W
10M )
IN NS ns1.example1.com.
www IN A 192.168.1.101
ns1 IN A 192.168.1.111
# cp -pr /var/named/example1.com /var/named/example2.com
# vim /var/named/example2.com
; Hash: e38ba61112fe382f3aa83e5def14b568 1638775844
; Zone file for example2.com
;
; Ansible managed
;
$ORIGIN example2.com.
$TTL 20
@ IN SOA ns1.example2.com. admin.example2.com. (
1638775844
1H
5M
1W
10M )
IN NS ns1.example2.com.
www IN A 192.168.1.102
ns1 IN A 192.168.1.111
2.在 192.168.1.112 bind9 slave
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
version "no banner";
listen-on port 53 { 127.0.0.1;192.168.1.112; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
zone-statistics yes;
dnssec-enable no;
dnssec-validation no;
forwarders {
xx.xx.xx.xx;
};
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel b_log {
file "/opt/bind9/bind.log" versions 30 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel b_debug {
file "/opt/bind9/debug.log" versions 3 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel b_query {
file "/opt/bind9/query.log" versions 3 size 5G;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
category default { b_log; b_debug; };
category config { b_log; b_debug; };
category queries { b_query; };
};
zone "example1.com.com" IN {
type slave;
masters { 192.168.1.111; };
file "slaves/example1.com.com";
};
zone "example2.com" IN {
type slave;
masters { 192.168.1.111; };
file "slaves/example2.com";
};
3. .在 192.168.1.111 192.168.1.112
配置完主从,重启需named: systemctl restart named
# systemctl restart named
# systemctl status named
4.在 192.168.1.112 bind9 slave
# ll /etc/named.conf
-rw-r----- 1 named named 1985 5月 29 11:17 /etc/named.conf
# ll /var/named/
总用量 0
drwxrwx---. 2 root named 6 12月 6 2021 data
drwxrwx---. 2 root named 6 12月 6 2021 dynamic
drwxrwx---. 2 root named 59 5月 29 11:21 slaves
# ll /var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 289 5月 29 13:11 example1.com
-rw-r--r-- 1 named named 330 5月 29 13:23 example2.com
# file /var/named/slaves/*
/var/named/slaves/example1.com: data
/var/named/slaves/example2.com: data
注意:
bind9 slave 不需要配置 /var/named/example1.com /var/named/example2.com
bind9 slave 上 /var/named/slaves/example1.com /var/named/slaves/example2.com 是bind9 master 同步的数据,非文本文件
bind9 master / bind9 slave 上 /etc/named.conf /var/named/ 文件、目录 所有者 所属组 需要是 named
四、测试
将1台测试机机器的 DNS服务器地址改为 :
主: 192.168.1.111
主: 192.168.1.112
Windows:
image.png
Linux:
# cat /etc/resolv.conf
nameserver 192.168.1.111
nameserver 192.168.1.112
五、参考
WeiyiGeek Blog
https://space.bilibili.com/385802642/article
DNS域名解析服务器企业DNS主从服务搭建配置实践
https://www.jianshu.com/p/152a7a7efa45
DNS域名解析服务器基础概念和安装配置
https://www.bilibili.com/read/cv13605206
DNS域名解析服务器BIND9解析配置
https://www.bilibili.com/read/cv13645145
DNS域名解析服务器企业DNS主从服务搭建配置实践
https://www.bilibili.com/read/cv13645448/
BIND9详解之日志篇
https://www.cnblogs.com/fjping0606/p/4428736.html
从零开始的 BIND9, DNS服务搭建及其原理
https://www.cnblogs.com/doherasyang/p/14464999.html
DNS-Bind日志详述
https://www.cnblogs.com/sunnydou/p/15067571.html
