搭建DNS服务
2020-03-25 本文已影响0人
Liang_JC
环境说明:
3台机器:master-server:192.168.37.7,slave-server:192.168.37.17,client:192.168.37.27
基于magedu.com 主DNS服务器
#server
[root@Centos7 ~]# yum install -y bind #安装DNS服务
[root@Centos7 ~]# cd /var/named
[root@Centos7 named]# cp -p /etc/named.conf /etc/named.conf.bak
[root@Centos7 named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
[root@Centos7 named]# vim /etc/named.conf
listen-on port 53 { localhost }; #提供服务
allow-query { any }; #允许为谁解析
[root@Centos7 ~]# cd /var/named
[root@Centos7 named]# cp -a named.localhost magedu.com.zone
[root@Centos7 named]# vim magedu.com.zone
@ IN SOA master.magedu.com admin.magedu.com (
0 ;版本号(同步作用)
1D ;刷新时间
1H ;重试时间
1W ;过期时间
3H ) ;不存在记录的缓存的时间
NS master
master A 192.168.37.7
@ MX 10 mailsrv
mailsrv A 192.168.37.123
ftp A 1.1.1.1
db A 2.2.2.2
www CNAME websrv
websrv A 192.168.37.17
websrv A 192.168.37.27
[root@Centos7 named]#cat >> /etc/named.rfc1912.zones <<EOF
> zone "magedu.com" IN {
> type master;
> file "magedu.com.zone";
> };
> EOF
[root@Centos7 named]# named-checkconf
[root@Centos7 named]# named-checkzone magedu.com /var/named/magedu.com.zone
zone magedu.com/IN: loaded serial 0
OK
[root@Centos7 named]# systemctl restart named
#client
[root@Centos7 ~]# nmcli connection modify eth0 ipv4.dns 192.168.37.7
[root@Centos7 ~]# nmcli connection down eth0 ; nmcli connection up eth0
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
[root@Centos7 ~]# nslookup master.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Name: master.magedu.com
Address: 192.168.37.7
[root@Centos7 ~]# dig master.magedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> master.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41688
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;master.magedu.com. IN A
;; ANSWER SECTION:
master.magedu.com. 86400 IN A 192.168.37.7
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
;; Query time: 0 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Mar 24 17:11:08 CST 2020
;; MSG SIZE rcvd: 76
[root@Centos7 ~]# nslookup websrv.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Name: websrv.magedu.com
Address: 192.168.37.17
Name: websrv.magedu.com
Address: 192.168.37.27
[root@Centos7 ~]# dig websrv.magedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> websrv.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16365
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;websrv.magedu.com. IN A
;; ANSWER SECTION:
websrv.magedu.com. 86400 IN A 192.168.37.17 #解析成功
websrv.magedu.com. 86400 IN A 192.168.37.27 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS master.magedu.com.
;; ADDITIONAL SECTION:
master.magedu.com. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Mar 24 17:13:47 CST 2020
;; MSG SIZE rcvd: 115
反向解析
#server
[root@Centos7 named]# cat >> /etc/named.rfc1912.zones <<EOF
> zone "37.168.192.in-addr.arpa" IN {
> type master;
> file "192.168.37.zone";
> };
> EOF
[root@Centos7 named]# vim magedu.com.zone
$TTL 1D
@ IN SOA master.magedu.com admin.magedu.com (
0 ;版本号(同步作用)
1D ;刷新时间
1H ;重试时间
1W ;过期时间
3H ) ;不存在记录的缓存的时间
NS ns1
ns1 A 192.168.37.7
[root@Centos7 named]# vim 192.168.37.zone
$TTL 1D
@ IN SOA ns1 admin ( 1 1D 1H 1W 2D )
NS ns1
ns1 A 192.168.37.7
7 PTR ns1.magedu.com
[root@Centos7 named]# rndc reload
#client
[root@Centos7 ~]# dig ns1.magedu.com #正向查询
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> ns1.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21269
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.magedu.com. IN A
;; ANSWER SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.7 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Mar 24 18:05:43 CST 2020
;; MSG SIZE rcvd: 73
[root@Centos7 ~]# dig -x 192.168.37.7 #反向查询
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> -x 192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50381
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;7.37.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
7.37.168.192.in-addr.arpa. 86400 IN PTR ns1.magedu.com.37.168.192.in-addr.arpa. #解析成功
;; AUTHORITY SECTION:
37.168.192.in-addr.arpa. 86400 IN NS ns1.37.168.192.in-addr.arpa.
;; ADDITIONAL SECTION:
ns1.37.168.192.in-addr.arpa. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Tue Mar 24 18:05:47 CST 2020
;; MSG SIZE rcvd: 117
[root@Centos7 ~]# nslookup ns1.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Name: ns1.magedu.com
Address: 192.168.37.7
[root@Centos7 ~]# nslookup 192.168.37.7
Server: 192.168.37.7
Address: 192.168.37.7#53
7.37.168.192.in-addr.arpa name = ns1.magedu.com.37.168.192.in-addr.arpa.
主从服务器实现
#主server
[root@Centos7 named]# vim /etc/named.conf
//listen-on port 53 { localhost; }; #注释(等于localhost)
//allow-query { any; }; #注释(等于any的意思)
allow-transfer { 192.168.37.17; }; #仅传给从服务器
[root@Centos7 named]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
zone "37.168.192.in-addr.arpa" IN {
type master;
file "192.168.37.zone";
};
[root@Centos7 named]# vim magedu.com.zone
$TTL 1D
@ IN SOA master.magedu.com admin.magedu.com (
0 ;版本号(同步作用)
1D ;刷新时间
1H ;重试时间
1W ;过期时间
3H ) ;不存在记录的缓存的时间
NS ns1
NS ns2
ns1 A 192.168.37.7
ns2 A 192.168.37.17
ftp A 1.1.1.1
www CNAME websrv
websrv A 2.2.2.2
websrv A 3.3.3.3
@ A 2.2.2.2
* A 3.3.3.3
[root@Centos7 named]# rndc reload
#从server
[root@Centos7 ~]# yum install bind -y
[root@Centos7 ~]# vim /etc/named.conf
options {
// listen-on port 53 { localhost; } //注释(等于localhost)
// allow-query { any; }; //注释(等于any的意思)
allow-transfer { none; }; //禁止传输
};
[root@Centos7 ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters { 192.168.37.7; };
file "slaves/magedu.com.zone";
};
zone "37.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.37.7; };
file "slaves/192.168.37.zone";
};
[root@Centos7 ~]# systemctl restart named #重启服务后文件自动从主上复制过来
#client
#测试主从解析
[root@centos7 ~]# nslookup ns2.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Name: ns2.magedu.com
Address: 192.168.37.17
[root@centos7 ~]# nslookup ns1.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Name: ns1.magedu.com
Address: 192.168.37.7
[root@centos7 ~]# vim /etc/resolv.conf #修改DNS
nameserver 192.168.37.17
[root@centos7 ~]# nslookup ns1.magedu.com
Server: 192.168.37.17
Address: 192.168.37.17#53
Name: ns1.magedu.com
Address: 192.168.37.7
[root@centos7 ~]# nslookup ns2.magedu.com
Server: 192.168.37.17
Address: 192.168.37.17#53
Name: ns2.magedu.com
Address: 192.168.37.17
子域委派
#委派服务器
vim /etc/name.conf
options {
// listen-on port 53 { localhost }
// allow-query { any };
allow-transfer { none; }; //禁止传输
dnssec-enable no; //必须关闭
dnssec-validation no; //必须关闭
};
[root@Centos7 named]# vim magedu.com.zone
$TTL 1D
@ IN SOA master.magedu.com admin.magedu.com (
0 ;版本号(同步作用)
1D ;刷新时间
1H ;重试时间
1W ;过期时间
3H ) ;不存在记录的缓存的时间
NS ns1
gz NS ns2 #子域
ns1 A 192.168.37.7
ns2 A 192.168.37.17
ftp A 1.1.1.1
www CNAME websrv
websrv A 2.2.2.2
websrv A 3.3.3.3
@ A 2.2.2.2
* A 3.3.3.3
#被委派服务器
[root@Centos7 ~]# vim /etc/named.rfc1912.zones #把从服务器的全部清掉
zone "gz.magedu.com" IN {
type master;
file "gz.magedu.com.zone";
};
[root@Centos7 named]# vim gz.magedu.com.zone
$TTL 1D
@ IN SOA ns1 admin ( 4 3H 10M 12H 1H )
NS ns1
ns1 A 192.168.37.17
websrv A 5.5.5.5
www CNAME websrv
[root@Centos7 named]# systemctl restart named
[root@centos7 ~]# nslookup www.gz.magedu.com
Server: 192.168.37.17
Address: 192.168.37.17#53
www.gz.magedu.com canonical name = websrv.gz.magedu.com.
Name: websrv.gz.magedu.com
Address: 5.5.5.5
#客户端测试
[root@centos7 ~]# vim /etc/resolv.conf #修改DNS
nameserver 192.168.37.7
[root@centos7 ~]# nslookup www.gz.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Non-authoritative answer:
www.gz.magedu.com canonical name = websrv.gz.magedu.com.
Name: websrv.gz.magedu.com
Address: 5.5.5.5
[root@centos7 ~]# nslookup ns1.gz.magedu.com
Server: 192.168.37.7
Address: 192.168.37.7#53
Non-authoritative answer:
Name: ns1.gz.magedu.com
Address: 192.168.37.17
实现DNS forward 功能
#slave-server还原配置文件
[root@Centos7 named]# cp /etc/named.conf.bak /etc/named.conf
[root@Centos7 named]# cp /etc/named.rfc1912.zones.bak /etc/named.rfc1912.zones
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
//first|only,first指本地可以联网解析就让本机进行解析,本机不能解析转发到其他主机,only指仅转发
forward only;
forwarders { 192.168.37.7; };
[root@Centos7 named]# systemctl restart named
#client
[root@centos7 ~]# vim /etc/resolv.conf #修改DNS
nameserver 192.168.37.17
[root@centos7 ~]# dig www.baidu.com @192.168.37.17
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.baidu.com @192.168.37.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26120
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 191 IN CNAME www.a.shifen.com.
www.a.shifen.com. 191 IN A 14.215.177.39 #解析成功
www.a.shifen.com. 191 IN A 14.215.177.38 #解析成功
;; Query time: 62 msec
;; SERVER: 192.168.37.17#53(192.168.37.17)
;; WHEN: Wed Mar 25 16:14:36 CST 2020
;; MSG SIZE rcvd: 101
[root@centos7 ~]# ping qq.com -c3
PING qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=128 time=43.1 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=128 time=42.9 ms
64 bytes from no-data (125.39.52.26): icmp_seq=3 ttl=128 time=40.5 ms
--- qq.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 40.571/42.227/43.153/1.185 ms
智能DNS(CDN)
#master-server还原配置文件
[root@Centos7 ~]# cp -p /etc/named.conf.bak /etc/named.conf
[root@Centos7 ~]# cp -p /etc/named.rfc1912.zones.bak /etc/named.rfc1912.zones
[root@Centos7 ~]# cd /var/named/
#修改主配置文件
[root@Centos7 named]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
acl beijingnet {
192.168.37.0/24;
192.168.38.0/24;
};
acl shanghainet {
172.16.44.0/24;
172.16.45.0/24;
};
acl othernet {
any;
};
view view_beijing {
match-clients { beijingnet; };
include "/etc/named.rfc1912.zones.bj";
};
view view_shanghai {
match-clients { shanghainet; };
include "/etc/named.rfc1912.zones.sh";
};
view view_other {
match-clients { othernet; };
include "/etc/named.rfc1912.zones.other";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//zone "." IN {
// type hint;
// file "named.ca";
//};
//include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#配置区域文件
[root@Centos7 named]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone.other";
};
zone "." IN {
type hint;
file "named.ca";
};
[root@Centos7 named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bj
[root@Centos7 named]# cp -p /etc/named.rfc1912.zones /etc/named.rfc1912.zones.sh
[root@Centos7 named]# vim /etc/named.rfc1912.zones.bj
zone "magedu.com" IN {
type master;
file "magedu.com.zone.bj";
};
zone "." IN {
type hint;
file "named.ca";
};
[root@Centos7 named]# vim /etc/named.rfc1912.zones.sh
zone "magedu.com" IN {
type master;
file "magedu.com.zone.sh";
};
zone "." IN {
type hint;
file "named.ca";
};
#添加解析
[root@Centos7 named]# vim magedu.com.zone.bj
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H )
NS ns1
ns1 A 192.168.37.7
www A 192.168.37.100
[root@Centos7 named]# chown :named magedu.com.zone.bj
[root@Centos7 named]# cp -p magedu.com.zone.bj magedu.com.zone.sh
[root@Centos7 named]# cp -p magedu.com.zone.bj magedu.com.zone.other
[root@Centos7 named]# vim magedu.com.zone.sh
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H )
NS ns1
ns1 A 192.168.37.7
www A 172.16.44.100
[root@Centos7 named]# vim magedu.com.zone.other
$TTL 1D
@ IN SOA ns1 admin ( 1 1H 1H 1D 3H )
NS ns1
ns1 A 192.168.37.7
www A 8.8.8.8
#配完重启服务
[root@Centos7 named]# systemctl restart named
#临时添加ip供测试
[root@Centos7 named]# ip addr add 172.16.44.7/24 dev eth0
[root@Centos7 named]# ip addr add 10.10.10.7/24 dev eth0
#client测试
[root@centos7 ~]# vim /etc/resolv.conf #修改DNS
nameserver 192.168.37.7
[root@centos7 ~]# dig www.magedu.com @192.168.37.7
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.magedu.com @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32497
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.100 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Wed Mar 25 17:38:08 CST 2020
;; MSG SIZE rcvd: 93
[root@centos7 ~]# ip addr add 172.16.44.27/24 dev eth0
[root@centos7 ~]# dig www.magedu.com @172.16.44.7
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.magedu.com @172.16.44.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59012
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 172.16.44.100 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 172.16.44.7#53(172.16.44.7)
;; WHEN: Wed Mar 25 17:40:41 CST 2020
;; MSG SIZE rcvd: 93
[root@centos7 ~]# ip addr add 10.10.10.27/24 dev eth0
[root@centos7 ~]# dig www.magedu.com @10.10.10.7
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> www.magedu.com @10.10.10.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19381
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 8.8.8.8 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.7
;; Query time: 1 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Wed Mar 25 17:44:01 CST 2020
;; MSG SIZE rcvd: 93
实现Internet架构的dns解析
#8台机器,A:192.168.37.7(forward-dns) B:192.168.37.17(internet-host) C:192.168.37.27(root-dns) D:192.168.37.37(domain-dns) E:192.168.37.47(master-dns)
#F:192.168.37.57(slave-dns) G:192.168.37.67(http) H:B:192.168.37.6(client)
#http-server
[root@httpd ~]# yum install httpd -y
[root@httpd ~]# systemctl start httpd
[root@httpd ~]# echo "welcome to magedu" > /var/www/html/index.html
#master-dns
[root@master ~]# yum install bind -y
[root@master ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
allow-transfer { 192.168.37.57; };
};
[root@master ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
[root@master ~]# vim /var/named/magedu.com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1H 10M 1D 1D)
NS ns1
NS ns2
ns1 A 192.168.37.47
ns2 A 192.168.37.57
www A 192.168.37.67
[root@master ~]# chown :named /var/named/magedu.com.zone
[root@master ~]# chmod 640 /var/named/magedu.com.zone
[root@master ~]# systemctl restart named
#slave-server
[root@slave ~]# yum install bind -y
[root@slave ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
allow-transfer { none; };
};
[root@slave ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type slave;
masters {192.168.37.47;};
file "slaves/magedu.com.zone.slave";
};
[root@slave ~]# systemctl restart named
#domain-dns
[root@comdns ~]# yum install bind -y
[root@comdns ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
};
[root@comdns ~]# vim /etc/named.rfc1912.zones
zone "com" IN {
type master;
file "com.zone";
};
[root@comdns ~]# vim /var/named/com.zone
$TTL 1D
@ IN SOA ns1 admin (1 1H 10M 1D 1D)
NS ns1
magedu NS ns2
magedu NS ns3
ns1 A 192.168.37.37
ns2 A 192.168.37.47
ns3 A 192.168.37.57
[root@comdns ~]# chown :named /var/named/com.zone
[root@comdns ~]# chmod 640 /var/named/com.zone
[root@comdns ~]# systemctl restart named
#root-dns
[root@rootdns ~]# yum install bind -y
[root@rootdns ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
};
zone "." IN {
type master;
file "root.zone";
};
[root@rootdns ~]# chmod 640 /var/named/root.zone
[root@rootdns ~]# chown :named /var/named/root.zone
[root@rootdns ~]# systemctl restart named
#internet-host
[root@Centos7 ~]# yum install bind -y
[root@Centos7 ~]# cp -a /var/named/named.ca /var/named/named.ca.bak
[root@Centos7 ~]# vim /var/named/named.ca
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17380
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 192.168.37.27
[root@Centos7 ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
dnssec-enable no;
dnssec-validation no;
};
[root@Centos7 ~]# systemctl restart named
#forward
[root@Centos7 ~]# vim /etc/named.conf
options {
//listen-on port 53 { 127.0.0.1; };
//allow-query { localhost; };
forward only;
forwarders { 192.168.37.17; };
dnssec-enable no;
dnssec-validation no;
};
[root@Centos7 ~]# systemctl restart named
#client
[root@centos6 ~]$ vim /etc/resolv.conf
nameserver 192.168.37.7
[root@centos6 ~]$ dig www.magedu.com @192.168.37.7
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> www.magedu.com @192.168.37.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16174
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.37.67 #解析成功
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.37.47
ns2.magedu.com. 86400 IN A 192.168.37.57
;; Query time: 17 msec
;; SERVER: 192.168.37.7#53(192.168.37.7)
;; WHEN: Wed Mar 25 22:09:08 2020
;; MSG SIZE rcvd: 116
