DNS 主從協作及配置父子域實驗

jslijb ? 2016-08-15 12:10 ? Linux干貨

實驗：DNS主從協作及配置父子域實驗

實驗拓撲圖

實驗準備

1、所有主機關閉防火墻和selinux

service iptables stop

chkconfig iptables off

setenforce 0

2、所有主機安裝上bind bind-chroot

yum -y install bind bind-chroot

3、所有主機的DNS設置

cat /etc/resolv.conf

search centos6.cn

nameserver 192.168.91.67

nameserver 192.168.91.68

Master 主配置文件

[root@node1 ~]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

allow-transfer { none; };

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type master;

file "named.centos.cn";

allow-transfer { 192.168.91.68; }; #指定slave

};

zone "91.168.192.in-addr.arpa" IN {

type master;

file "named.192.168.91";

allow-transfer { 192.168.91.68; }; #指定slave

};

include "/etc/named.rfc1912.zones";

Master 正向配置文件

[root@node1 ~]# cat /var/named/named.centos.cn

$TTL 86400

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080505

3H

15M

1W

1D

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

master.centos6.cn. IN A 192.168.91.67

slave.centos6.cn. IN A 192.168.91.68

@ IN MX 10 mail.centos6.cn.

www.centos6.cn. IN A 192.168.91.67

node1.centos6.cn. IN A 192.168.91.67

node2.centos6.cn. IN A 192.168.91.68

node3.centos6.cn. IN A 192.168.91.69

node4.centos6.cn. IN A 192.168.91.70

niki IN NS dns.niki #下面兩行子域相關的配置

dns.niki IN A 192.168.91.69

Master 反向配置文件

[root@node1 ~]# cat /var/named/named.192.168.91

$TTL 86400

@ IN SOA master.centos6.cn. www.centos6.cn. (

2016080504

3H

15M

1W

1D

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

67 IN PTR master.centos6.cn.

68 IN PTR slave.centos6.cn.

67 IN PTR www.centos6.cn.

67 IN PTR node1.centos6.cn.

68 IN PTR node2.centos6.cn.

69 IN PTR node3.centos6.cn.

70 IN PTR node4.centos6.cn.

啟動DNS服務

/etc/init.d/named start。

chkocnfig named on

至此Master配置完成

Slave 主配置文件

[root@node2 slaves]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type slave;

file "slaves/named.centos.cn";

masters { 192.168.91.67; }; #指定Master

};

zone "91.168.192.in-addr.arpa" IN {

type slave;

file "slaves/named.192.168.91";

masters { 192.168.91.67; }; #指定Master

};

include "/etc/named.rfc1912.zones";

Slave 不需要正向和反向解析文件，啟動DNS服務后會自動從Master復制過來。查看 /var/named/slave 目錄下有兩個文件，是Master正向和反向解析文件

[root@node2 slaves]# /etc/init.d/named start

[root@node2 slaves]# chkconfig named on

[root@node2 slaves]# ll /var/named/slaves/

-rw-r–r–. 1 named named 528 Aug 10 10:04 named.192.168.91

-rw-r–r–. 1 named named 574 Aug 10 11:36 named.centos.cn

測試

master主機

[root@node1 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:54:37 2016

;; MSG SIZE rcvd: 101

[root@node1 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:55:20 2016

;; MSG SIZE rcvd: 121

slave 主機

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:13 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS master.centos6.cn.

centos6.cn. 86400 IN NS slave.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:28 2016

;; MSG SIZE rcvd: 121

現在將master關機，模擬master發生故障，再次測試

slave主機

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn. #會發現master和slave位置發生了變化

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:22:54 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:23:00 2016

;; MSG SIZE rcvd: 121

由此可以看出slave DNS是起作用的

從域的域名：niki.centos6.cn。里面有臺主機也叫www。FWQN：www.niki.centos6.cn。IP：192.168.91.70

配置子域：

1、在父域的master 正向解析文件里增加指定的NS并指向子域的主機名和IP地址即可，同時需要修改更新序列號，以便從服務器能夠

[root@node1 ~]# cat /var/named/named.centos.cn

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080502 3H 15M 1W 1D ) # 序號增大

#增加下面兩行

niki IN NS dns.niki

dns.niki IN A 192.168.91.69

[root@node1 ~]# service named restart

2、配置子域，主配置文件和正向解析文件

主配置文件

[root@node3 named]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "niki.centos6.cn" IN {

type master;

file "named.niki.centos6.cn";

};

#將針對父域的查詢請求轉發給父域

zone "centos6.cn" IN {

type forward;

forwarders { 192.168.91.67; 192.168.91.68; };

};

include "/etc/named.rfc1912.zones";

正向解析文件。

[root@node3 named]# cat named.niki.centos6.cn

$TTL 86400

@ IN SOA dns.niki.centos6.cn. root.niki.centos6.cn. (

2016080901

3H

15M

1W

1D)

IN NS dns

dns IN A 192.168.91.69

www IN A 192.168.91.70

IN MX 10 mail

mail IN A 192.168.91.69

先在子域上測試

[root@node3 ~]# dig -t ns niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19172

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:

;niki.centos6.cn. IN NS

;; ANSWER SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:15 2016

;; MSG SIZE rcvd: 67

[root@node3 ~]# dig -t A www.niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64869

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.niki.centos6.cn. IN A

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:38 2016

;; MSG SIZE rcvd: 87

測試成功

然后在父域Master上測試

使用dig 和 nslookup 都可以測試，效果差不多，只是為了復習下其他的命令而已。這里也可以使用dig測試.dig -t ns niki.centos6.cn @192.168.91.67

[root@node1 ~]# nslookup

> set type=ns

> niki.centos6.cn

Server: 192.168.91.67

Address: 192.168.91.67#53

Non-authoritative answer:

niki.centos6.cn nameserver = dns.niki.centos6.cn.

Authoritative answers can be found from:

dns.niki.centos6.cn internet address = 192.168.91.69

還需要在Slave上測試

[root@node2 ~]# host -a www.niki.centos6.cn 192.168.91.68

Trying "www.niki.centos6.cn"

Using domain server:

Name: 192.168.91.68

Address: 192.168.91.68#53

Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56586

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:

;www.niki.centos6.cn. IN ANY

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN MX 10 mail.niki.centos6.cn.

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86369 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

mail.niki.centos6.cn. 86400 IN A 192.168.91.69

dns.niki.centos6.cn. 86369 IN A 192.168.91.69

Received 124 bytes from 192.168.91.68#53 in 3 ms

如果Slave上測試不成功，嘗試將Master的更新序列號調大，然后重啟named 進程

最后測試在子域上查詢父域管轄的區域

[root@node3 ~]# dig -t ns centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28967

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 3 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:19:08 2016

;; MSG SIZE rcvd: 101

至此DNS主從協作及父子域實驗完成

原創文章，作者：jslijb，如若轉載，請注明出處：http://www.www58058.com/32507

DNS；主從；父子域

贊 (0)

0

N22_慈悲_text

上一篇 2016-08-15 12:07

下一篇 2016-08-15 12:10

LVM 與快照

LVM: Logical Volume Manager 概念它就是通過將底層的物理硬盤抽象的封裝起來，然后以邏輯卷的方式呈現給上層應用。允許對卷進行方便操作的抽象層，包括重新設定文件系統的大小允許在多個物理設備間重新組織文件系統 ? 將設備指定為物理卷 ? 用一個或者多個物理卷來創建一個卷組 ? 物理卷是用固…

Linux干貨 2016-09-05
Linux干貨

用“逐步排除”的方法定位Java服務線上“系統性”故障

一、摘要由于硬件問題、系統資源緊缺或者程序本身的BUG，Java服務在線上不可避免地會出現一些“系統性”故障，比如：服務性能明顯下降、部分（或所有）接口超時或卡死等。其中部分故障隱藏頗深，對運維和開發造成長期困擾。筆者根據自己的學習和實踐，總結出一套行之有效的“逐步排除”的方法，來快速定位Java 服務線上“系統性”故障。二、導言 Java 語言是廣…

2015-02-28
關于man的幾個重要命令

接觸Linux有很多年了，以前對于linux我覺得自己懂得的還算一般吧，可是聽了馬哥的關于linux的視頻課程，發現自己就是一個還沒入門的菜鳥，所以果斷的狠心的報了馬哥的網絡班，拜在馬哥旗下，以后就打著馬哥的旗號到外面混，哈哈最初的這幾天學習，因為工作和時間的等等等的關系，所以才到現在還在趕著寫我的博客作業，現在就最有感觸的幾個命令串聯一下。學習linux肯…

Linux干貨 2016-10-31
Linux干貨

Liunx學習第一周之對目錄及文件的操作總結

Liunx學習的第一周已經結束，回顧這一周的學習，已經對Linux的發展歷史有了初步的了解，也在老師的指導下成功的在虛擬機上安裝了兩個Liunx系統：centos6和centos7,然后在這兩個Liunx系統的CLI模式下輸入一個個命令，讓系統執行各種任務，下面是第一周學習的幾種命令的總結。 &nbsp…

2017-07-15
Linux的終端類型

Linux的終端類型 Linux終端的定義 Linux終端的分類 &nb…

Linux干貨 2016-10-18
DNS基礎及使用BIND搭建域名服務器

本文主線是DNS服務相關概念和服務器搭建，在此之前了解一下域名這個東東很有其必要性，因為DNS服務就是應域名而生的。那么域名是什么哪？域名域名是用一串用點分開的字符串來表示的internet上的某一臺或者一組計算機的名稱，用于在數據傳輸時標識計算機的電子方位。舉…

Linux干貨 2015-06-11

欧美性久久久久