exianhufu

http://g8akg8.riyuangf.com/comexianhufu/

相关列表

DNS主从复制+正向反向解析实现

文章列表

暂无文章

推荐文章

联系方式

联系人：肖苏凤
电话：86 0755 36604319

首页 > 文章中心

DNS主从复制+正向反向解析实现

发布时间：2024-11-18 浏览次数：0 返回列表

192.168.100.9：mstaer 192.168.100.10：slave 192.168.100.5：测试机关闭防火墙以及selinux 时间同步

DNS主从复制+正向反向解析实现

1、查看本机是否有bind，如果没有就下载

2、配置DNS数据库

3、检查DNS数据库是否正确 [root@centos_9 named]# named-checkzone xzcdc.com.zone xzcdc.com.zone zone xzcdc.com.zone/IN: loaded serial 1 OK 4、配置xzcdc.com域 zone "xzcdc.com" { type master; file "xzcdc.com.zone"; }; 5、检查域配置文件

6、修改主配置文件 [root@centos_9 named]# vim /etc/named.conf options { listen-on port 53 { localhost; }; 表示监听端口，可以写多个IP，或者是用localhost代替 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; 允许那个IP主机访问 allow-transfer { 192.168.100.10; }; # 表示允许slave在master上抓取数据，其他人不允许 }

1、配置区域 vim /etc/named.rfc1912.zones zone "100.168.192.in-addr.arpa"{ type maste; file "192.168.100.zone";

};

2、配置数据库 [root@centos_9 named]# cat 192.168.100.zone $TTL 1D @ IN SOA master admin.ns1. ( 4 1D 1H 1W 3D ) NS master NS slave

master A 192.168.100.9 slave A 192.168.100.10 122 PTR web.xzcdc.com 120 PTR ftp.xzcdc.com 121 PTR web.xzcdc.com 123 PTR mao.xzcdc.com

[root@centos_9 named]# named-checkzone 192.168.100.zone 192.168.100.zone zone 192.168.100.zone/IN: loaded serial 4 OK

1、启动 [root@centos_9 named]# systemctl start named && systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2021-11-28 19:29:08 CST; 7s ago Process: 3002 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 3000 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 3004 (named) Tasks: 5 CGroup: /system.slice/named.service └─3004 /usr/sbin/named -u named -c /etc/named.conf

Nov 28 19:29:08 centos_9 named[3004]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Nov 28 19:29:08 centos_9 named[3004]: zone localhost.localdomain/IN: loaded serial 0 Nov 28 19:29:08 centos_9 named[3004]: zone localhost/IN: loaded serial 0 Nov 28 19:29:08 centos_9 named[3004]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Nov 28 19:29:08 centos_9 named[3004]: zone xzcdc.com/IN: loaded serial 1 Nov 28 19:29:08 centos_9 systemd[1]: Started Berkeley Internet Name Domain (DNS). Nov 28 19:29:08 centos_9 named[3004]: all zones loaded Nov 28 19:29:08 centos_9 named[3004]: running Nov 28 19:29:08 centos_9 named[3004]: zone xzcdc.com/IN: sending notifies (serial 1) Nov 28 19:29:09 centos_9 named[3004]: error (network unreachable) resolving 'https://www.cnblogs.com/xzy-xin/p/NS/IN': 2001:500:12::d0d#53

1、修改配置文件 [root@centos_9 named]# vim /etc/named.conf options { listen-on port 53 { localhost; }; 表示监听端口，可以写多个IP，或者是用localhost代替，可以注释 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; 允许那个IP主机访问 allow-transfer {none;}; } 2、配置域 zone "xzcdc.com" { type slave; masters { 192.168.100.9; }; file "slave/xzcdc.com.zone.slave"; };

3、检查配置文件 [root@centos_10 ~]# named-checkconf /etc/named.rfc1912.zones

4、当启动的时候会自动生成从数据库，但是master得先启动 [root@centos_10 ~]# systemctl start named [root@centos_10 ~]# ll /var/named/slaves/ total 4 -rw-r--r-- 1 named named 403 Nov 28 19:49 xzcdc.com.zone.slave

vim /etc/named.rfc1912.zones zone "100.168.192.in-addr.arpa"{ 这个名字一定要和Master一样 type slave; masters {192.168.100.17;}; file "slaves/192.168.100.zone.slave"; # 启动生成

};

1、修改master数据库的编号，一定要比现有的大，并让配置文件生效，在次查看slave配置文件是否增大 [root@centos_10 slaves]# ll total 4 -rw-r--r-- 1 named named 403 Nov 28 19:52 xzcdc.com.zone.slave [root@centos_10 slaves]# ll total 4 -rw-r--r-- 1 named named 444 Nov 28 19:55 xzcdc.com.zone.slave

[root@centos_5 ~]# dig ftp.xzcdc.com @192.168.100.9

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> ftp.xzcdc.com @192.168.100.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58860 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.xzcdc.com. IN A

;; ANSWER SECTION: ftp.xzcdc.com. 86400 IN A 192.168.100.120

;; AUTHORITY SECTION: xzcdc.com. 86400 IN NS master.xzcdc.com. xzcdc.com. 86400 IN NS slave.xzcdc.com.

;; ADDITIonAL SECTION: master.xzcdc.com. 86400 IN A 192.168.100.9 slave.xzcdc.com. 86400 IN A 192.168.100.10

;; Query time: 2 msec ;; SERVER: 192.168.100.9#53(192.168.100.9) ;; WHEN: Sun Nov 28 20:42:32 CST 2021 ;; MSG SIZE rcvd: 131

[root@centos_5 ~]# dig -x 192.168.100.123 @192.168.100.9

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.100.123 @192.168.100.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 980 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;123.100.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION: 123.100.168.192.in-addr.arpa. 86400 IN PTR mao.xzcdc.com.100.168.192.in-addr.arpa.

;; AUTHORITY SECTION: 100.168.192.in-addr.arpa. 86400 IN NS slave.100.168.192.in-addr.arpa. 100.168.192.in-addr.arpa. 86400 IN NS master.100.168.192.in-addr.arpa.

;; ADDITIonAL SECTION: master.100.168.192.in-addr.arpa. 86400 IN A 192.168.100.9 slave.100.168.192.in-addr.arpa. 86400 IN A 192.168.100.10

;; Query time: 1 msec ;; SERVER: 192.168.100.9#53(192.168.100.9) ;; WHEN: Sun Nov 28 20:40:49 CST 2021 ;; MSG SIZE rcvd: 158

[root@centos_5 ~]# dig -x 192.168.100.120 @192.168.100.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 192.168.100.120 @192.168.100.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17647 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;120.100.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION: 120.100.168.192.in-addr.arpa. 86400 IN PTR ftp.xzcdc.com.100.168.192.in-addr.arpa.

;; AUTHORITY SECTION: 100.168.192.in-addr.arpa. 86400 IN NS slave.100.168.192.in-addr.arpa. 100.168.192.in-addr.arpa. 86400 IN NS master.100.168.192.in-addr.arpa.

;; ADDITIonAL SECTION: master.100.168.192.in-addr.arpa. 86400 IN A 192.168.100.9 slave.100.168.192.in-addr.arpa. 86400 IN A 192.168.100.10

;; Query time: 1 msec ;; SERVER: 192.168.100.10#53(192.168.100.10) ;; WHEN: Sun Nov 28 20:41:41 CST 2021 ;; MSG SIZE rcvd: 158

安全加固代码如下： master： vim /etc/named.conf options{ allow-transfer {192.168.100.16;}; 谁是从就把数据传给谁，只让从来抓取数据

} slave： vim /etc/named.conf options{ allow-transfer {none;};

}

[root@centos_5 ~]# dig -t axfr xzcdc.com @192.168.100.10

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr xzcdc.com @192.168.100.10 ;; global options: +cmd ; Transfer failed. [root@centos_5 ~]# dig -t axfr xzcdc.com @192.168.100.9

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr xzcdc.com @192.168.100.9 ;; global options: +cmd ; Transfer failed.

[root@centos_5 ~]# dig -t axfr xzcdc.com @192.168.100.9

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t axfr xzcdc.com @192.168.100.9 ;; global options: +cmd xzcdc.com. 86400 IN SOA master.xzcdc.com. admin.ns1. 4 86400 3600 604800 259200 xzcdc.com. 86400 IN NS master.xzcdc.com. xzcdc.com. 86400 IN NS slave.xzcdc.com. ftp.xzcdc.com. 86400 IN A 1.1.1.1 mao.xzcdc.com. 86400 IN A 4.4.4.3 master.xzcdc.com. 86400 IN A 192.168.100.9 slave.xzcdc.com. 86400 IN A 192.168.100.10 web.xzcdc.com. 86400 IN A 3.3.3.3 web.xzcdc.com. 86400 IN A 4.4.4.4 www.xzcdc.com. 86400 IN CNAME web.xzcdc.com. xzcdc.com. 86400 IN SOA master.xzcdc.com. admin.ns1. 4 86400 3600 604800 259200 ;; Query time: 0 msec ;; SERVER: 192.168.100.9#53(192.168.100.9) ;; WHEN: Sun Nov 28 20:08:09 CST 2021 ;; XFR size: 11 records (messages 1, bytes 275)

[root@centos_5 ~]# dig -t axfr xzcdc.com @192.168.100.10

管理入口| 返回顶部

声明：迅易网特别提示：本信息由相关用户自行提供，真实性未证实，仅供参考。请谨慎采用，风险自负。