由于DNS服务器是最重要的网络服务之一,一旦出现问题就会造成许多域名不能解析,导致网站不能访问,所以设置多个DNS服务器是绝佳的选择,比如世界上有十三台根服务器,google有五台DNS服务器,所以下面会介绍设置DNS的从服务器,通常除了一部主要 Master DNS 之外,其他的 DNS 会使用 slave 的模式,slave DNS 服务器本身并没有数据库,他的数据库是由 master DNS 所提供的。
首先先准备好两个虚拟机,
设置文件已经将192.168.1.2设置为从服务器了,
在配置文件中已经在feiyu.com域设置了允许从服务器进行传送:
<code> allow-transfer { 192.168.1.2;}; /* 允许此ns服务器进行区域传送*/ </code>
在1.168.192.in-addr.arpa也已经设置了:
<code> allow-transfer {192.168.1.2; 192.168.1.1;}; /*允许从服务进行区域传送*/ </code>
在从服务器上安装bind,并设置从服务器的配置文件,其实从服务器的配置文件只需要将主服务器的配置文件稍作修改就行,
设置成以下的样子。
<code> [root@localhost slaves]# vim /etc/named.conf options { directory "/var/named"; /*recursion no; /*允许递归,默认开启*/ allow-recursion {192.168.0.0/16; }; /*定义递归网段*/ /*allow-query 拒绝传送 */ /*allow-transfer 定义在此则允许所有主机进行传送*/ }; zone "." IN { /*解析根*/ type hint; file "named.ca"; /*allow-transfer { none;}; /*没有从服务器不传送*/ }; zone "localhost" IN { /*解析自己*/ type master; file "named.localhost"; allow-transfer { none; }; /*没有从服务器不传送*/ }; zone "0.0.127.in-addr.arpa" IN { /*反向解析自己*/ type master; file "named.loopback"; allow-transfer {none;}; }; zone "feiyu.com" IN { type slave; file "slaves/feiyu.com.zone"; masters { 192.168.1.1; }; allow-transfer { none;}; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.1.zone"; masters { 192.168.1.1; }; allow-transfer {none;}; /*允许从服务进行区域传送*/ }; </code>
启动从服务器的named:
<code> [root@localhost slaves]# service named start </code>
启动主服务器的named服务
<code> [root@localhost slaves]# service named start </code>
查看主服务器的日志文件,已经发送通知给从服务器进行文件传输
<code> [root@localhost named]# tail -20 /var/log/messages Apr 27 05:48:05 localhost named[10391]: command channel listening on 192.168.1.1#953 Apr 27 05:48:05 localhost named[10391]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0 Apr 27 05:48:05 localhost named[10391]: zone 1.168.192.in-addr.arpa/IN: loaded serial 20150419 Apr 27 05:48:05 localhost named[10391]: zone feiyu.com/IN: loaded serial 20150422 Apr 27 05:48:05 localhost named[10391]: zone localhost/IN: loaded serial 0 Apr 27 05:48:05 localhost named[10391]: managed-keys-zone ./IN: loaded serial 4 Apr 27 05:48:05 localhost named[10391]: running Apr 27 05:48:05 localhost named[10391]: zone feiyu.com/IN: sending notifies (serial 20150422) Apr 27 05:48:05 localhost named[10391]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 20150419) </code>
以下为从服务器的日志文件说明其开始传送
<code> [root@localhost slaves]# tail /var/log//messages Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: Transfer started. Apr 27 06:08:28 localhost named[11479]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.1#53: connected using 192.168.1.2#45481 Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: transferred serial 20150419 Apr 27 06:08:28 localhost named[11479]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.1#53: Transfer completed: 1 messages, 11 records, 299 bytes, 0.001 secs (299000 bytes/sec) Apr 27 06:08:28 localhost named[11479]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 20150419) Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: Transfer started. Apr 27 06:08:29 localhost named[11479]: transfer of 'feiyu.com/IN' from 192.168.1.1#53: connected using 192.168.1.2#47222 Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: transferred serial 20150422 Apr 27 06:08:29 localhost named[11479]: transfer of 'feiyu.com/IN' from 192.168.1.1#53: Transfer completed: 1 messages, 20 records, 447 bytes, 0.003 secs (149000 bytes/sec) Apr 27 06:08:29 localhost named[11479]: zone feiyu.com/IN: sending notifies (serial 20150422) </code>
查看从服务器的解析文件,从服务器的解析文件放在 /var/named/slaves/目录下,如果是下面这样说明已经完成传送,如果刚修改过主服务器的解析文件,重启服务后,从服务器没有完成传送,可能原因是刷新时间没到,可以删除从服务器/var/named/slaves/目录下的文件并重启从服务器解决。
<code> [root@localhost ~]# ls -l /var/named/slaves/ total 8 -rw-r--r--. 1 named named 499 Apr 27 06:08 192.168.1.zone -rw-r--r--. 1 named named 724 Apr 27 06:39 feiyu.com.zone </code>
使用从服务器解析域,解析前先修改从服务器的/etc/resolv.conf中的第一条nameserver记录为自己。
<code> [root@localhost slaves]# dig -t NS feiyu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS feiyu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40205 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;feiyu.com. IN NS ;; ANSWER SECTION: feiyu.com. 600 IN NS ns2.feiyu.com. feiyu.com. 600 IN NS ns1.feiyu.com. ;; ADDITIONAL SECTION: ns1.feiyu.com. 600 IN A 192.168.1.1 ns2.feiyu.com. 600 IN A 192.168.1.2 ;; Query time: 1 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Mon Apr 27 06:10:14 2015 ;; MSG SIZE rcvd: 95 </code>
解析域的A记录
<code> [root@localhost slaves]# dig -t A www.feiyu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t A www.feiyu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61903 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.feiyu.com. IN A ;; ANSWER SECTION: www.feiyu.com. 600 IN A 192.168.1.1 www.feiyu.com. 600 IN A 192.168.1.3 ;; AUTHORITY SECTION: feiyu.com. 600 IN NS ns1.feiyu.com. feiyu.com. 600 IN NS ns2.feiyu.com. ;; ADDITIONAL SECTION: ns1.feiyu.com. 600 IN A 192.168.1.1 ns2.feiyu.com. 600 IN A 192.168.1.2 ;; Query time: 4 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Mon Apr 27 06:26:00 2015 ;; MSG SIZE rcvd: 131 </code>
子域授权设置
除了 Master/Slave 需要协同 DNS 服务器共同提供服务之外,DNS 之间如果有上层、下属的关系时,上层的 DNS 希望要将某些域的解析直接交给下层负责人来负责,要怎么设定呢?很简单,1.设置上层DNS服务器的授权,2,设置下层 DNS 服务器的解析。
主服务器端上层 DNS 服务器设置授权,修改 /var/named/feiyu.com.zone 文件,
<code> [root@localhost ~]# vim /var/named/feiyu.com.zone 1 $TTL 600 2 feiyu.com. IN SOA ns1.feiyu.com. admin.feiyu.com. ( 3 20150422 4 1M 5 5M 6 2D 7 1H) 8 9 IN NS ns1 10 IN NS ns2 11 IN MX 10 mail 12 ns1 IN A 192.168.1.1 13 ns2 IN A 192.168.1.2 14 mail IN A 192.168.1.2 15 www IN A 192.168.1.1 16 www IN A 192.168.1.3 17 pop IN A 192.168.1.4 18 ftp1 IN CNAME www 19 ftp IN A 192.168.1.1 20 imap IN A 192.168.1.5 21 hello IN A 192.168.1.6 22 asd IN A 192.168.1.7 23 24 fin IN NS ns1.fin --->添加此条记录 25 ns1.fin IN A 192.168.1.8 --->添加此条记录 </code>
为了简单起见,先不添加PTR记录,然后设置子域下层 DNS 服务器的配置文件:
<code> [root@localhost named]# vim /etc/named.conf 1 options { 2 3 directory "/var/named"; 4 /*recursion no; /*允许递归,默认开启*/ 5 /*allow-query 拒绝传送 */ 6 /*allow-transfer 定义在此则允许所有主机进行传送*/ 7 8 }; 9 10 11 zone "." IN { /*解析根*/ 12 13 type hint; 14 file "named.ca"; 15 /*allow-transfer { none;}; /*没有从服务器不传送*/ 16 }; 17 18 zone "localhost" IN { /*解析自己*/ 19 type master; 20 file "named.localhost"; 21 allow-transfer { none; }; /*没有从服务器不传送*/ 22 }; 23 24 zone "0.0.127.in-addr.arpa" IN { /*反向解析自己*/ 25 type master; 26 file "named.loopback"; 27 allow-transfer {none;}; 28 }; 29 30 zone "fin.feiyu.com" IN { /*定义子域,不设置反解*/ 31 type master; 32 file "fin.feiyu.com.zone"; 33 }; 34 35 zone "feiyu.com" IN { 36 type forward; ----->设置主服务器为其转发 37 forward first; 38 forwarders {192.168.1.1; }; 39 }; 40 </code>
设置正向解析文件,与上面的设置方法相同
<code> [root@localhost ~]# vim /var/named/fin.feiyu.com.zone 1 $TTL 600 2 @ IN SOA ns1.fin.feiyu.com. admin.fin.feiyu.com. ( 3 20150420 4 1M 5 5M 6 2D 7 1H) 8 9 IN NS ns1 10 IN MX 10 mail 11 ns1 IN A 192.168.1.8 12 mail IN A 192.168.1.9 13 www IN A 192.168.1.10 </code>
启动服务前先设置/etc/resolv.conf 指向自己,否则解析不到
<code> [root@localhost ~]# service named start </code>
开始解析自定义的域
<code> [root@localhost named]# dig -t NS fin.feiyu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS fin.feiyu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27403 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;fin.feiyu.com. IN NS ;; ANSWER SECTION: fin.feiyu.com. 600 IN NS ns1.fin.feiyu.com. ;; ADDITIONAL SECTION: ns1.fin.feiyu.com. 600 IN A 192.168.1.8 ;; Query time: 1 msec ;; SERVER: 192.168.1.8#53(192.168.1.8) ;; WHEN: Mon Apr 27 06:53:41 2015 ;; MSG SIZE rcvd: 65 [root@localhost named]# dig -t A www.fin.feiyu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t A www.fin.feiyu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59996 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.fin.feiyu.com. IN A ;; ANSWER SECTION: www.fin.feiyu.com. 600 IN A 192.168.1.10 ;; AUTHORITY SECTION: fin.feiyu.com. 600 IN NS ns1.fin.feiyu.com. ;; ADDITIONAL SECTION: ns1.fin.feiyu.com. 600 IN A 192.168.1.8 ;; Query time: 2 msec ;; SERVER: 192.168.1.8#53(192.168.1.8) ;; WHEN: Mon Apr 27 06:53:51 2015 ;; MSG SIZE rcvd: 85 </code>
通过转发也可以解析到feiyu域的NS服务器
<code> [root@localhost ~]# dig -t NS feiyu.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> -t NS feiyu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65337 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;feiyu.com. IN NS ;; ANSWER SECTION: feiyu.com. 571 IN NS ns1.feiyu.com. feiyu.com. 571 IN NS ns2.feiyu.com. ;; ADDITIONAL SECTION: ns1.feiyu.com. 571 IN A 192.168.1.1 ns2.feiyu.com. 571 IN A 192.168.1.2 ;; Query time: 1 msec ;; SERVER: 192.168.1.8#53(192.168.1.8) ;; WHEN: Mon Apr 27 07:06:36 2015 ;; MSG SIZE rcvd: 95 </code>
到此就OK了!!!