(Linux下的主辅DNS服务器同步)
一、系统环境介绍
系统:rhel8.0 control:192.168.200.150 -》主DNS(已配置) node1:192.168.200.135 -》辅助DNS node2:192.168.200.136
二、辅助DNS搭建
1.安装yum包
[root@node1 ~]# yum -y install bind bind-chroot
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repository AppStream is listed more than once in the configuration
Repository BaseOS is listed more than once in the configuration
Repository AppStream is listed more than once in the configuration
Repository BaseOS is listed more than once in the configuration
AppStream 165 kB/s | 3.2 kB 00:00
BaseOS 155 kB/s | 2.7 kB 00:00
ansiable 0.0 B/s | 0 B 00:00
Zabbix 1.3 kB/s | 2.9 kB 00:02
Failed to synchronize cache for repo 'ansiable', ignoring this repo.
Dependencies resolved.
===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
bind x86_64 32:9.11.4-16.P2.el8 AppStream 2.1 M
bind-chroot x86_64 32:9.11.4-16.P2.el8 AppStream 99 k
Transaction Summary
===============================================================================================================================================
Install 2 Packages
Total size: 2.2 M
Installed size: 4.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2
Installing : bind-32:9.11.4-16.P2.el8.x86_64 1/2
Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2
Installing : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Running scriptlet: bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Verifying : bind-32:9.11.4-16.P2.el8.x86_64 1/2
Verifying : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Installed products updated.
Installed:
bind-32:9.11.4-16.P2.el8.x86_64 bind-chroot-32:9.11.4-16.P2.el8.x86_64
Complete!
2.设置服务自启
[root@node1 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
3.编辑dns主配置文件
[root@node1 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
4.编辑区域文件
[root@node1 ~]# vim /etc/named.rfc1912.zones
zone "huaxia.com" IN {
type slave;
masters { 192.168.200.150; };
file "slaves/named.zx";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.200.150; };
file "slaves/named.fx";
};
5.配置正向文件
[root@node1 named]# cp -p named.localhost slaves/named.zx
[root@node1 named]# cp -p named.loopback slaves/named.fx
$TTL 1D
@ IN SOA ns.huaxia.com. root. (
20212401 ; serial
10 ; refresh
1H ; retry
10 ; expire
10 ) ; minimum
@ NS ns.huaxia.com.
ns IN A 192.168.200.150
server0 IN A 192.168.200.150
~
备注:,正向、反向数据库文件主辅同步时间频率改为 10 秒,增加序列号,为方便快速看到同步效果,并且重启 named 服务。(生产环境中保持默认即可。)
6.配置反向文件
$TTL 1D
@ IN SOA ns.huaxia.com. root. (
20212413 ; serial
10 ; refresh
10 ; retry
1W ; expire
10 ) ; minimum
@ NS ns.huaxia.com
ns IN A 192.168.200.150
150 PTR server0.example.com
7.重启服务和放行防火墙
[root@node1 named]# systemctl restart named
[root@node1 named]# firewall-cmd --permanent --add-service=dns
success
[root@node1 named]# firewall-cmd --reload
success
三、客户端指向DNS服务器
[root@node2 ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search example.com ilt.example
nameserver 192.168.200.135
四、测试正向解析和反向解析
[root@node2 ~]# nslookup
> server0.huaxia.com
Server: 192.168.200.135
Address: 192.168.200.135#53
Name: server0.huaxia.com
Address: 192.168.200.150
> 192.168.200.150
150.200.168.192.in-addr.arpa name = www.huaxia.com.
六、测试主从同步
1.修改主DNS的正、反向配置文件
$TTL 1D
@ IN SOA ns.huaxia.com. root. (
2021062211 ; serial
10 ; refresh
10 ; retry
1W ; expire
30 ) ; minimum
@ IN NS ns.huaxia.com.
ns IN A 192.168.200.150
server0 IN A 192.168.200.150
www IN A 192.168.200.150
web IN CNAME web.huaxia.com.
* IN A 192.168.200.150
mail IN A 192.168.200.150
@ MX 10 mail.huaxia.com.
$TTL 1D
@ IN SOA ns root.huaxia.com (
2021062211 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.huaxia.com.
ns IN A 192.168.200.150
150 PTR www.huaxia.com.
150 PTR mail.huaxia.com.
150 PTR server0.example.com.
2.客户端检查是否dns同步
150.200.168.192.in-addr.arpa name = server0.example.com.
150.200.168.192.in-addr.arpa name = www.huaxia.com.
150.200.168.192.in-addr.arpa name = mail.huaxia.com.
[root@node2 ~]# nslookup server0.huaxia.com
Server: 192.168.200.135
Address: 192.168.200.135#53
Name: server0.huaxia.com
Address: 192.168.200.150
[root@node2 ~]# nslookup www.huaxia.com
Server: 192.168.200.135
Address: 192.168.200.135#53
Name: www.huaxia.com
Address: 192.168.200.150