1、准備
例:兩台192.168.11.10(主),192.168.11.11(從),域名www.test1.com
# 主從DNS服務器均需要安裝bind、bind-chroot、bind-utils yum -y install bind bind-utils bind-chroot
# 如果防火牆開啟,配置防火牆,添加服務(防火牆已禁用則忽略)
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
2、主DNS服務器(192.168.11.10)配置
# 編輯配置文件
vim /etc/named.conf
# 找到其中兩行
listen-on port 53 { 127.0.0.1; };
allow-query { localhost; };
# 修改為
listen-on port 53 { any; };
allow-query { any; };
3、配置正向解析
# 編輯文件/etc/named.rfc1912.zones,在末尾添加需要解析的域 zone "test1.com" IN { type master; file "data/test1.com.zone"; }; # 創建test1.com.zone解析域 vim /var/named/data/test1.com.zone $TTL 3H @ IN SOA test1.com. root ( 20180928 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS @ IN A 192.168.11.10 www IN A 192.168.11.10 ftp IN A 192.168.11.10
# 編輯/etc/resolv.conf,添加
search localdomain
nameserver 192.168.11.10
4、重啟DNS服務器
# 重啟named
systemctl restart named
# 查看狀態
systemctl status named
5、檢查解析是否成功
# ping命令驗證 ping -c 4 www.test1.com
# 輸出如下即解析成功 PING www.test1.com (192.168.11.10) 56(84) bytes of data. 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=1 ttl=64 time=0.033 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=2 ttl=64 time=0.058 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=4 ttl=64 time=0.057 ms --- www.test1.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.033/0.053/0.066/0.014 ms
# nslookup命令驗證 nslookup >www.test1.com # 輸出如下即解析成功
Server: 192.168.11.10 Address: 192.168.11.10#53 Name: www.test1.com Address: 192.168.11.10
6、配置反向解析
# 編輯文件/etc/named.rfc1912.zones,在末尾添加 vim etc/named.rfc1912.zones zone "11.168.192.in-addr.arpa" IN { type master; file "data/11.168.192.zone"; }; # 創建11.168.192.zone解析域 vim /var/named/data/11.168.192.zone $TTL 3H @ IN SOA web3.com. root ( 20180928; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS www.test1.com. 10 IN PTR www.test1.com. 10 IN PTR ftp.test1.com.
7、重啟DNS服務器
# 重啟named
systemctl restart named
# 查看狀態
systemctl status named
8、檢查解析是否成功
# ping命令驗證 ping -c 4 192.168.11.10 # 輸出如下即解析成功 PING 192.168.11.10 (192.168.11.10) 56(84) bytes of data. 64 bytes from 192.168.11.10: icmp_seq=1 ttl=64 time=0.061 ms 64 bytes from 192.168.11.10: icmp_seq=2 ttl=64 time=0.058 ms 64 bytes from 192.168.11.10: icmp_seq=3 ttl=64 time=0.081 ms 64 bytes from 192.168.11.10: icmp_seq=4 ttl=64 time=0.060 ms --- 192.168.11.10 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.058/0.065/0.081/0.009 ms # nslookup命令驗證 nslookup 192.168.11.10 # 輸出如下即解析成功 Server: 192.168.11.10 Address: 192.168.11.10#53 10.11.168.192.in-addr.arpa name = ftp.test1.com. 10.11.168.192.in-addr.arpa name = www.test1.com.
9、配置從DNS服務器(192.168.11.11)
# 先修改主DNS服務器(192.168.11.10)的配置/etc/named.rfc1912.zones vim /etc/named.rfc1912.zones zone "test1.com" IN { type master; file "data/test1.com.zone"; allow-transfer {192.168.11.11;}; notify yes; also-notify {192.168.11.11;}; }; zone "11.168.192.in-addr.arpa" IN { type master; file "data/11.168.192.zone"; allow-transfer {192.168.11.11;}; notify yes; also-notify {192.168.11.11;}; };
10、配置從DNS服務器(192.168.11.11)正向解析
# 編輯named.conf文件 vim /etc/named.conf # 找到其中兩行 listen-on port 53 { 127.0.0.1; }; allow-query { localhost; }; # 修改為 listen-on port 53 { any; }; allow-query { any; }; # 編輯文件/etc/named.rfc1912.zones,在末尾添加需要解析的域 vim /etc/named.rfc1912.zones
zone "test1.com" IN { type slave; file "data/test1.com.zone"; }; masters { 192.168.11.10; }; # 創建test1.com.zonek空文件 touch /var/named/data/test1.com.zone # 設置所有者 chown named:named test1.com.zone # 編輯/etc/resolv.conf,添加
vim /etc/resolv.conf search localdomain nameserver 192.168.11.11
11、重啟DNS服務器
# 重啟named
systemctl restart named
# 查看狀態
systemctl status named
12、檢測解析是否成功
# ping命令驗證 ping -c 4 www.test1.com # 輸出如下即解析成功 PING www.test1.com (192.168.11.10) 56(84) bytes of data. 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=1 ttl=64 time=0.033 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=2 ttl=64 time=0.058 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from ftp.test1.com (192.168.11.10): icmp_seq=4 ttl=64 time=0.057 ms --- www.test1.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.033/0.053/0.066/0.014 ms # nslookup命令驗證 nslookup >www.test1.com # 輸出如下即解析成功 Server: 192.168.11.11 Address: 192.168.11.11#53 Name: www.test1.com Address: 192.168.11.10
13、配置從DNS服務器(192.168.11.11)反向解析
# 在文件/etc/named.rfc1912.zones中添加 vim etc/named.rfc1912.zones zone "11.168.192.in-addr.arpa" IN { type slave; file "data/11.168.192.zone"; masters { 192.168.11.10; }; }; # 創建空文件11.168.192.zone
touch /var/named/data/11.168.192.zone
# 設置所有者
chown named:named 11.168.192.zone
14、重啟DNS服務器
# 重啟named systemctl restart named # 查看狀態 systemctl status named
15、查看文件/var/named/data/test1.com.zone和/var/named/data/11.168.192.zone是否有二進制數據
cat /var/named/data/test1.com.zone cat /var/named/data/11.168.192.zone
16、檢查解析是否成功
# ping命令驗證 ping -c 4 192.168.11.11 # 輸出如下即解析成功 PING 192.168.11.11 (192.168.11.11) 56(84) bytes of data. 64 bytes from 192.168.11.11: icmp_seq=1 ttl=64 time=0.061 ms 64 bytes from 192.168.11.11: icmp_seq=2 ttl=64 time=0.058 ms 64 bytes from 192.168.11.11: icmp_seq=3 ttl=64 time=0.081 ms 64 bytes from 192.168.11.11: icmp_seq=4 ttl=64 time=0.060 ms --- 192.168.11.11 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.058/0.065/0.081/0.009 ms # nslookup命令驗證 nslookup 192.168.11.11 # 輸出如下即解析成功 Server: 192.168.11.11 Address: 192.168.11.11#53 10.11.168.192.in-addr.arpa name = ftp.test1.com. 10.11.168.192.in-addr.arpa name = www.test1.com.