DNS主從服務器配置
阿新 • • 發佈:2018-10-11
forward -a nim rip net 區域 boot masters table 一. 主DNS服務部署
1.1修改網絡配置,主機名
vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=192.168.1.30 NETMASK=255.255.255.0 DNS1=192.168.1.30 DNS2=192.168.1.40 /etc/init.d/network restar vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=ns1.duanyufei.org
1.2安裝服務,修改主配置文件
mount /dev/sr0 /mnt/ vim /etc/yum.repos.d/CentOS-Base.repo [local] name=local baseurl=file:///mnt enabled=1 gpgcheck=0 yum –y install bind bind-utils vim /etc/named.conf options { listen-on port 53 { 192.168.1.30; }; directory "/var/named"; allow-query {localhost;}; dnssec-enable no; dnssec-validation no; zone "duanyufei.org" IN { type master; file "duanyufei.org.zone"; allow-transfer {192.168.1.40;}; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.arpa"; allow-transfer {192.168.1.40;}; };
1.3配置區域正向解析文件
cp /var/named/named.empty /var/named/duanyufei.org.zone vim /var/named/duanyufei.org.zone $TTL 86400 @ IN SOA duanyufei.org. admin.duanyufei.org.(管理員郵箱) ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.duanyufei.org. //主DNS從DNS服務器的主機名 IN NS ns2.duanyufei.org. ns1 IN A 192.168.1.30 //DNS服務器對應的IP地址 ns2 IN A 192.168.1.40 www IN A 192.168.1.100 //www.duanyufei.org對應的IP ftp IN CNAME www
1.4配置區域反向解析文件
cp /var/named/duanyufei.org.zone /var/named/192.168.1.arpa
vim /var/named/192.168.1.arpa
$TTL 86400
@ IN SOA duanyufei.org. admin.duanyufei.org.(管理員郵箱) (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.duanyufei.org.
IN NS ns2.duanyufei.org.
10 IN PTR ns1.duanyufei.org.
20 IN PTR ns2.duanyufei.org.
100 IN PTR www.duanyufei.org.
ftp IN CNAME www
1.5更改區域配置文件的屬主屬組
chown named:named /var/named/192.168.1.arpa /var/named/duanyufei.org.zone
1.6開啟服務,並設置開機自啟
/etc/init.d/named start && chkconfig --level 35 named on
二.從DNS服務部署
2.1修改網絡配置
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.40
NETMASK=255.255.255.0
DNS1=192.168.1.40
DNS2=192.168.1.30
/etc/init.d/network restart
vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns2.duanyufei.org
2.2安裝bind軟件包
yum -y install bind bind-utils
2.3編輯主配置文件
scp [email protected]:/etc/named.conf /etc/
vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.40; };
directory "/var/named";
zone "duanyufei.org" IN {
type slave;
file "slaves/duanyufei.org.zone";
masters {192.168.1.30;};
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.1.arpa";
masters {192.168.1.30;};
};
2.4啟動named服務並設置為開機自啟
/etc/init.d/named start && chkconfig --level 35 named on
2.5驗證是否有拷貝的文件
ll /var/named/slaves/
客戶端驗證配置
一塊網卡vmnet1、首選DNS 192.168.1.30、 備用DNS 192.168.1.40
cmd --> nslookup duanyufei.org
三.緩存DNS服務部署
3.1構建網絡
兩塊網卡,第一塊網卡為橋接,第二塊vmnet1
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.254
NETMASK=255.255.255.0
/etc/init.d/network restart
vim /etc/sysctl.conf
7 net.ipv4.ip_forward = 1 (開啟路由轉發)
sysctl -p
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.20.186(換為橋接獲取的IP //允許192.168.1.0上網) 編輯iptables防護墻規則
3.2安裝DNS服務
mount /dev/sr0 /mnt/
yum -y install bind bind-utils
3.3修改主配置文件
cp /etc/named.conf /etc/named.conf.bak
vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.254; };
directory "/var/named";
allow-query {any;};
forwarders {114.114.114.114;8.8.8.8;};
dnssec-enable no;
dnssec-validation no;
zone "." IN {
type hint;
file "named.ca";
/etc/init.d/named start && chkconfig --level 35 named on
3.4客戶端配置、測試
一塊網卡vmnet1、網關192.168.1.254、首選DNS 192.168.1.254
DNS主從服務器配置