标签:linux
系统环境:CentOS 6.5
主DNS服务器:dns1.test.com 172.16.1.20
辅DNS服务器:dns2.test.com 172.16.1.30
主DNS配置:yum –y installbind bind-utils bind-libs bind-chroot(可选)
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BINDnamed(8) DNS
// server as a caching only nameserver (as a localhost DNSresolver only).
//
// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validationyes;
// dnssec-lookasideauto;
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channeldefault_debug {
file"data/named.run";
severitydynamic;
};
};
file"named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// andhttp://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.
//
zone "localhost.localdomain" IN {
type master;
file"named.localhost";
allow-update {none; };
};
zone "localhost" IN {
type master;
file"named.localhost";
allow-update {none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update {none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file"named.loopback";
allow-update {none; };
};
zone "0.in-addr.arpa" IN {
type master;
file"named.empty";
allow-update {none; };
};
zone "test.com" IN {
type master;
file "test.com.zone";
notify yes;
also-notify {172.16.1.30; };
allow-transfer {172.16.1.30; };
allow-update { none; };
};
zone "1.16.172.in-addr.arpa" IN {
type master;
file "1.16.172.zone";
notifyyes;
also-notify {172.16.1.30; };
allow-transfer {172.16.1.30; };
allow-update { none; };
};
/var/named/test.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 172.16.1.20
A 172.16.1.30
dns1 A 172.16.1.20
dns2 A 172.16.1.30
www A 172.16.1.40
/var/named/1.16.172.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
5 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS test.com.
20 PTR test.com.
30 PTR test.com.
20 PTR dns1.test.com.
30 PTR dns2.test.com.
40 PTR www.test.com.
/etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 172.16.1.20
nameserver 172.16.1.30
service named restart
辅DNS配置:yum –y installbind bind-utils bind-libs bind-chroot(可选)
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bindpackage to configure the ISC BIND named(8) DNS
// server as a caching onlynameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
# allow-query { localhost; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
managed-keys-directory"/var/named/dynamic";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
/etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example namedconfiguration files.
//
zone "localhost.localdomain" IN {
type master;
file"named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file"named.localhost";
allow-update {none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file"named.loopback";
allow-update {none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file"named.loopback";
allow-update {none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update {none; };
};
zone "test.com" IN {
type slave;
file"slaves/slave.test.com.zone";
masters {172.16.1.20; };
};
zone "1.16.172.in-addr.arpa" IN {
type slave;
file "slaves/slave.1.16.172.zone";
masters {172.16.1.20; };
};
/etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 172.16.1.20
nameserver 172.16.1.30
service named restart
注意:
1. bind-chroot这个包主要功能是将DNS服务器在chroot模式下运行,在这种模式下运行的话,它会将所有和DNS相关的文件都锁定到/var/named/chroot目录下,就是说bind的访问范围仅仅定位于这个目录中,无法进一步提升到系统中的其它目录,这样可以提高系统的安全性。这样听起来很美,但是配置起来会出现许多的问题,建议不要使用。如果你使用了的话,所有配置修改需要到/var/named/chroot下,例如配置文件在/var/named/chroot/etc/named.conf。
2. 确认一下/var/named/test.com.zone文件权限,所属组是named。
3. 放行防火墙规则,或者关闭防火墙。
4. 修改主DNS服务器上test.com.zone和1.16.172.zone区域文件时,增加主机记录,需修改serial值,修改完成后,使用service named reload重新加载配置文件,这样才能同步到辅DNS服务器。
标签:linux
原文地址:http://11145151.blog.51cto.com/11135151/1963005
