dns主从服务器搭建-多域名正向域名解析

dns主从服务器搭建-多域名正向域名解析

0.机器规划：

主dns:  192.168.27.128

从dns:  192.168.27.129

客户端机器： 192.168.27.130

测试域名： test.com  aaa.com

要求结果：  

1).将域名www1.test.com 解析到ip: 192.168.27.100

2).将域名www2.test.com 解析到ip: 192.168.27.200

3).将域名www1.aaa.com 解析到ip: 192.168.27.101

4).将域名www2.aaa.com 解析到ip: 192.168.27.201

1.搭建主dns服务器(192.168.27.128上)

[root@dns-master ~]# ifconfig |grep 192

        inet 192.168.27.128  netmask 255.255.255.0  broadcast 192.168.27.255

[root@dns-master ~]# yum -y install bind bind-chroot

[root@dns-master ~]# vim /etc/named.conf            #修改主配置文件

options {

        listen-on port 53 { 192.168.27.128; };  #监听的ip,ip也可以改成any,用该机器的任何ip都能连接进来

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";           #定义数据文件存放路径

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { any; };   #谁可以查询DNS，任何一台机器都能使用我们的dns

...

}

[root@dns-master ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak

[root@dns-master ~]# vim /etc/named.rfc1912.zones   #修改次配置文件,区域文件

zone "test.com" IN {                        //定义test.com

        type master;                        //服务器类型为主服务器

        file "test.com.zone";               //定义数据文件名

        allow-transfer { 192.168.27.129; };  //定义从服务器IP

};

zone "aaa.com" IN {                         //定义aaa.com

        type master;                        //服务器类型为主服务器  

        file "aaa.com.zone";                //定义数据文件名  

        allow-transfer { 192.168.27.129; };  //定义从服务器IP

};

[root@dns-master ~]# vim /var/named/test.com.zone   #定义区域数据文件名，配置域名正向解析

$TTL 1D                                ;设置有效地址解析记录的默认缓存时间,1D或3600,3600是秒

@       IN SOA  @ 144110.qq.com. (     ;设置SOA标记(起始授权机构的资源记录,描述了域名的管理员,电子邮件地址)

                                 0     ;序列号,修改次序,每次修改值手动增加1,最大位数为11位,当salve进行数据同步时,会比较这个号码,比salve号码大就进行更新,否则忽略

                                 3H    ;refresh刷新时间,告诉salve,要隔多久进行数据同步 (3h)

                                 15M   ;retry重试时间,salve更新失败后,多久后重试 (15min)

                                 1W    ;expire记录逾越时间,当salve一直未能成功与master取得联系,将会放弃,同时数据也将标记为过期(expired),失效时间:1周

                                 3H )  ;minimum,最小TTL值,如果没有定义$TTL,就会以此值为标准

NS dns.test.com.        ;权威dns,dns管理员

dns.test.com. A 192.168.27.128

www1.test.com. A 192.168.27.100

www2.test.com. A 192.168.27.200

[root@dns-master ~]# vim /var/named/aaa.com.zone    #定义区域数据文件名，配置域名正向解析

$TTL 1D                                ;设置有效地址解析记录的默认缓存时间,1D或3600,3600是秒

@       IN SOA  @ 144110.qq.com. (     ;设置SOA标记(起始授权机构的资源记录,描述了域名的管理员,电子邮件地址)

                                 0     ;序列号,修改次序,每次修改值手动增加1,最大位数为11位,当salve进行数据同步时,会比较这个号码,比salve号码大就进行更新,否则忽略

                                 3H    ;refresh刷新时间,告诉salve,要隔多久进行数据同步 (3h)

                                 15M   ;retry重试时间,salve更新失败后,多久后重试 (15min)

                                 1W    ;expire记录逾越时间,当salve一直未能成功与master取得联系,将会放弃,同时数据也将标记为过期(expired),失效时间:1周

                                 3H )  ;minimum,最小TTL值,如果没有定义$TTL,就会以此值为标准

NS dns.aaa.com.   ;权威dns,dns管理员

dns.aaa.com. A 192.168.27.128

www1.aaa.com. A 192.168.27.101

www2.aaa.com. A 192.168.27.201

[root@dns-master ~]# systemctl enable named

[root@dns-master ~]# systemctl start named

[root@dns-master ~]# systemctl status named

● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2023-03-20 04:16:46 CST; 31s ago

 

2.搭建从dns服务器(192.168.27.129上)  主要修改主配置文件和次配置文件,域名解析文件会从主自动同步过来

[root@dns-slave ~]# ifconfig |grep 192

        inet 192.168.27.129  netmask 255.255.255.0  broadcast 192.168.27.255

[root@dns-slave ~]# yum -y install bind bind-chroot

[root@dns-slave ~]# vim /etc/named.conf            #修改主配置文件

options {

        listen-on port 53 { 192.168.27.129; };  #监听的ip,ip也可以改成any,用该机器的任何ip都能连接进来

        listen-on-v6 port 53 { ::1; };

        directory       "/var/named";           #定义数据文件存放路径

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        recursing-file  "/var/named/data/named.recursing";

        secroots-file   "/var/named/data/named.secroots";

        allow-query     { any; };   #谁可以查询DNS，任何一台机器都能使用我们的dns

...

}

[root@dns-slave ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak

[root@dns-slave ~]# vim /etc/named.rfc1912.zones   #修改次配置文件,区域文件

zone "test.com" IN {                      //定义test.com

        type slave;                       //服务器类型为主服务器

        file "slaves/test.com.zone";      //定义数据文件名,不用手动创建,启动服务后会自动同步主dns的文件

        masters { 192.168.27.128; };      //指向主dns服务器IP

};

zone "aaa.com" IN {                        //定义aaa.com

        type slave;                        //服务器类型为主服务器  

        file "slaves/aaa.com.zone";        //定义数据文件名,不用手动创建,启动服务后会自动同步主dns的文件

        masters { 192.168.27.128; };       //指向主dns服务器IP

};

[root@dns-slave ~]# ls /var/named/slaves/   #启动从dns服务前，查看正向域名解析文件还没有同步过来

空

[root@dns-slave ~]# systemctl enable named

[root@dns-slave ~]# systemctl start named

[root@dns-slave ~]# systemctl status named

● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2023-03-20 04:29:01 CST; 10s ago

[root@dns-slave ~]# ls /var/named/slaves/   #启动从dns服务后，查看正向域名解析文件已经同步过来

aaa.com.zone  test.com.zone

3.客户端测试域名解析

[root@client ~]# ifconfig |grep 192

        inet 192.168.27.130  netmask 255.255.255.0  broadcast 192.168.27.255

[root@client ~]# yum -y install bind-utils          #安装nslookup命令

1).测试test.com和aaa.com域名解析(将dns指向主从两个dns服务器)

[root@client ~]# cat /etc/resolv.conf     #将dns指向主从两个dns服务器

nameserver 192.168.27.128

nameserver 192.168.27.129

[root@client ~]# nslookup www1.test.com

Server:  192.168.27.128

Address: 192.168.27.128#53

Name: www1.test.com

Address: 192.168.27.100

[root@client ~]# nslookup www2.test.com

Server:  192.168.27.128

Address: 192.168.27.128#53

Name: www2.test.com

Address: 192.168.27.200

[root@client ~]# nslookup www1.aaa.com

Server:  192.168.27.128

Address: 192.168.27.128#53

Name: www1.aaa.com

Address: 192.168.27.101

[root@client ~]# nslookup www2.aaa.com

Server:  192.168.27.128

Address: 192.168.27.128#53

Name: www2.aaa.com

Address: 192.168.27.201

[root@client ~]# ping www1.test.com

PING www1.test.com (192.168.27.100) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www2.test.com

PING www2.test.com (192.168.27.200) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www1.aaa.com

PING www1.aaa.com (192.168.27.101) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www2.aaa.com

PING www2.aaa.com (192.168.27.201) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

2).停止主dns服务，模拟主dns挂掉（192.168.27.128停止主dns服务）

[root@dns-master ~]# systemctl stop named

[root@dns-master ~]# systemctl status named

● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)

   Active: inactive (dead) since Mon 2023-03-20 04:45:28 CST; 7s ago

3).测试test.com和aaa.com域名解析(也是正常的能解析，不过指向的dns服务器地址改成了从dns)

[root@client ~]# cat /etc/resolv.conf     #将dns指向主从两个dns服务器

nameserver 192.168.27.128

nameserver 192.168.27.129

[root@client ~]# nslookup www1.test.com

Server:  192.168.27.129

Address: 192.168.27.129#53

Name: www1.test.com

Address: 192.168.27.100

[root@client ~]# nslookup www2.test.com

Server:  192.168.27.129

Address: 192.168.27.129#53

Name: www2.test.com

Address: 192.168.27.200

[root@client ~]# nslookup www1.aaa.com

Server:  192.168.27.129

Address: 192.168.27.129#53

Name: www1.aaa.com

Address: 192.168.27.101

[root@client ~]# nslookup www2.aaa.com

Server:  192.168.27.129

Address: 192.168.27.129#53

Name: www2.aaa.com

Address: 192.168.27.201

[root@client ~]# ping www1.test.com

PING www1.test.com (192.168.27.100) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www2.test.com

PING www2.test.com (192.168.27.200) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www1.aaa.com

PING www1.aaa.com (192.168.27.101) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable

[root@client ~]# ping www2.aaa.com

PING www2.aaa.com (192.168.27.201) 56(84) bytes of data.

From client (192.168.27.130) icmp_seq=1 Destination Host Unreachable

From client (192.168.27.130) icmp_seq=2 Destination Host Unreachable