DNS 主從協作及配置父子域實驗

jslijb ? 2016-08-15 12:10 ? Linux干貨

實驗：DNS主從協作及配置父子域實驗

實驗拓撲圖

實驗準備

1、所有主機關閉防火墻和selinux

service iptables stop

chkconfig iptables off

setenforce 0

2、所有主機安裝上bind bind-chroot

yum -y install bind bind-chroot

3、所有主機的DNS設置

cat /etc/resolv.conf

search centos6.cn

nameserver 192.168.91.67

nameserver 192.168.91.68

Master 主配置文件

[root@node1 ~]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

allow-transfer { none; };

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type master;

file "named.centos.cn";

allow-transfer { 192.168.91.68; }; #指定slave

};

zone "91.168.192.in-addr.arpa" IN {

type master;

file "named.192.168.91";

allow-transfer { 192.168.91.68; }; #指定slave

};

include "/etc/named.rfc1912.zones";

Master 正向配置文件

[root@node1 ~]# cat /var/named/named.centos.cn

$TTL 86400

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080505

3H

15M

1W

1D

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

master.centos6.cn. IN A 192.168.91.67

slave.centos6.cn. IN A 192.168.91.68

@ IN MX 10 mail.centos6.cn.

www.centos6.cn. IN A 192.168.91.67

node1.centos6.cn. IN A 192.168.91.67

node2.centos6.cn. IN A 192.168.91.68

node3.centos6.cn. IN A 192.168.91.69

node4.centos6.cn. IN A 192.168.91.70

niki IN NS dns.niki #下面兩行子域相關的配置

dns.niki IN A 192.168.91.69

Master 反向配置文件

[root@node1 ~]# cat /var/named/named.192.168.91

$TTL 86400

@ IN SOA master.centos6.cn. www.centos6.cn. (

2016080504

3H

15M

1W

1D

)

@ IN NS master.centos6.cn.

@ IN NS slave.centos6.cn.

67 IN PTR master.centos6.cn.

68 IN PTR slave.centos6.cn.

67 IN PTR www.centos6.cn.

67 IN PTR node1.centos6.cn.

68 IN PTR node2.centos6.cn.

69 IN PTR node3.centos6.cn.

70 IN PTR node4.centos6.cn.

啟動DNS服務

/etc/init.d/named start。

chkocnfig named on

至此Master配置完成

Slave 主配置文件

[root@node2 slaves]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "centos6.cn" IN {

type slave;

file "slaves/named.centos.cn";

masters { 192.168.91.67; }; #指定Master

};

zone "91.168.192.in-addr.arpa" IN {

type slave;

file "slaves/named.192.168.91";

masters { 192.168.91.67; }; #指定Master

};

include "/etc/named.rfc1912.zones";

Slave 不需要正向和反向解析文件，啟動DNS服務后會自動從Master復制過來。查看 /var/named/slave 目錄下有兩個文件，是Master正向和反向解析文件

[root@node2 slaves]# /etc/init.d/named start

[root@node2 slaves]# chkconfig named on

[root@node2 slaves]# ll /var/named/slaves/

-rw-r–r–. 1 named named 528 Aug 10 10:04 named.192.168.91

-rw-r–r–. 1 named named 574 Aug 10 11:36 named.centos.cn

測試

master主機

[root@node1 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:54:37 2016

;; MSG SIZE rcvd: 101

[root@node1 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 11:55:20 2016

;; MSG SIZE rcvd: 121

slave 主機

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:13 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS master.centos6.cn.

centos6.cn. 86400 IN NS slave.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 2 msec

;; SERVER: 192.168.91.67#53(192.168.91.67)

;; WHEN: Wed Aug 10 14:18:28 2016

;; MSG SIZE rcvd: 121

現在將master關機，模擬master發生故障，再次測試

slave主機

[root@node2 ~]# dig -t ns centos6.cn

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn. #會發現master和slave位置發生了變化

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:22:54 2016

;; MSG SIZE rcvd: 101

[root@node2 ~]# dig -t A www.centos6.cn

;; QUESTION SECTION:

;www.centos6.cn. IN A

;; ANSWER SECTION:

www.centos6.cn. 86400 IN A 192.168.91.67

;; AUTHORITY SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 0 msec

;; SERVER: 192.168.91.68#53(192.168.91.68)

;; WHEN: Wed Aug 10 14:23:00 2016

;; MSG SIZE rcvd: 121

由此可以看出slave DNS是起作用的

從域的域名：niki.centos6.cn。里面有臺主機也叫www。FWQN：www.niki.centos6.cn。IP：192.168.91.70

配置子域：

1、在父域的master 正向解析文件里增加指定的NS并指向子域的主機名和IP地址即可，同時需要修改更新序列號，以便從服務器能夠

[root@node1 ~]# cat /var/named/named.centos.cn

@ IN SOA master.centos6.cn. test.www.centos6.cn. (

2016080502 3H 15M 1W 1D ) # 序號增大

#增加下面兩行

niki IN NS dns.niki

dns.niki IN A 192.168.91.69

[root@node1 ~]# service named restart

2、配置子域，主配置文件和正向解析文件

主配置文件

[root@node3 named]# cat /etc/named.conf

options {

listen-on port 53 { any; };

#listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

zone "niki.centos6.cn" IN {

type master;

file "named.niki.centos6.cn";

};

#將針對父域的查詢請求轉發給父域

zone "centos6.cn" IN {

type forward;

forwarders { 192.168.91.67; 192.168.91.68; };

};

include "/etc/named.rfc1912.zones";

正向解析文件。

[root@node3 named]# cat named.niki.centos6.cn

$TTL 86400

@ IN SOA dns.niki.centos6.cn. root.niki.centos6.cn. (

2016080901

3H

15M

1W

1D)

IN NS dns

dns IN A 192.168.91.69

www IN A 192.168.91.70

IN MX 10 mail

mail IN A 192.168.91.69

先在子域上測試

[root@node3 ~]# dig -t ns niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19172

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:

;niki.centos6.cn. IN NS

;; ANSWER SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:15 2016

;; MSG SIZE rcvd: 67

[root@node3 ~]# dig -t A www.niki.centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.niki.centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64869

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.niki.centos6.cn. IN A

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86400 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

dns.niki.centos6.cn. 86400 IN A 192.168.91.69

;; Query time: 0 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:05:38 2016

;; MSG SIZE rcvd: 87

測試成功

然后在父域Master上測試

使用dig 和 nslookup 都可以測試，效果差不多，只是為了復習下其他的命令而已。這里也可以使用dig測試.dig -t ns niki.centos6.cn @192.168.91.67

[root@node1 ~]# nslookup

> set type=ns

> niki.centos6.cn

Server: 192.168.91.67

Address: 192.168.91.67#53

Non-authoritative answer:

niki.centos6.cn nameserver = dns.niki.centos6.cn.

Authoritative answers can be found from:

dns.niki.centos6.cn internet address = 192.168.91.69

還需要在Slave上測試

[root@node2 ~]# host -a www.niki.centos6.cn 192.168.91.68

Trying "www.niki.centos6.cn"

Using domain server:

Name: 192.168.91.68

Address: 192.168.91.68#53

Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56586

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:

;www.niki.centos6.cn. IN ANY

;; ANSWER SECTION:

www.niki.centos6.cn. 86400 IN MX 10 mail.niki.centos6.cn.

www.niki.centos6.cn. 86400 IN A 192.168.91.70

;; AUTHORITY SECTION:

niki.centos6.cn. 86369 IN NS dns.niki.centos6.cn.

;; ADDITIONAL SECTION:

mail.niki.centos6.cn. 86400 IN A 192.168.91.69

dns.niki.centos6.cn. 86369 IN A 192.168.91.69

Received 124 bytes from 192.168.91.68#53 in 3 ms

如果Slave上測試不成功，嘗試將Master的更新序列號調大，然后重啟named 進程

最后測試在子域上查詢父域管轄的區域

[root@node3 ~]# dig -t ns centos6.cn @192.168.91.69

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t ns centos6.cn @192.168.91.69

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28967

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:

;centos6.cn. IN NS

;; ANSWER SECTION:

centos6.cn. 86400 IN NS slave.centos6.cn.

centos6.cn. 86400 IN NS master.centos6.cn.

;; ADDITIONAL SECTION:

master.centos6.cn. 86400 IN A 192.168.91.67

slave.centos6.cn. 86400 IN A 192.168.91.68

;; Query time: 3 msec

;; SERVER: 192.168.91.69#53(192.168.91.69)

;; WHEN: Wed Aug 10 15:19:08 2016

;; MSG SIZE rcvd: 101

至此DNS主從協作及父子域實驗完成

原創文章，作者：jslijb，如若轉載，請注明出處：http://www.www58058.com/32507

DNS；主從；父子域

贊 (0)

0

N22_慈悲_text

上一篇 2016-08-15

下一篇 2016-08-15

計算機操作系統簡史以及終端類型

計算機及操作系統發展史 1.計算機的主要部件：ENIARC Cpu:運算器控制器（控制內存，IO總線）存儲器是寄存器（鎖存數據）緩存（加速功能）內存：ram （random access mem…

Linux干貨 2016-10-19
實現NFS為lamp環境web站點提供共享存儲

1.實驗需求（1）nfs server導出/data/application/web,在目錄中提供wordpress; （2）nfs client掛載nfs server導出的文件系統，至/var/www/html; （3）客戶端1(lamp)部署wordpress，并讓其正常訪問，要確保正常發文章，上傳圖片。（4）客戶端2(lamp),掛載nfs se…

Linux干貨 2017-05-02
Linux終端類型

Linux終端類型 Linux的終端類型包括控制臺終端、虛擬終端、偽終端、串行終端、控制終端、圖形終端。終端要理解偽終端(Pseudo Terminal)，先來看看什么是“終端”(Terminal)。終端是一種字符型設備，它有多種類型，通常使用tty來簡稱各種類型的終端設備。 1、串行端口終端（/dev/ttySx）串行端口終端（Ser…

Linux干貨 2016-10-14
Linux系統啟動流程初識

centos系統啟動流程本篇僅僅講解centos5和6 centos7并不適用 Linux系統的組成部分：內核+根文件系統內核功能：進程管理內存管理網絡管理驅動程序文件系統安全功能有以下目錄結構的文件系統可以被識別為根文件系統，但根文件系統本身不存在 rootfs：/bin/ /sbin /etc/ /sys/…

Linux干貨 2016-09-11
Linux干貨

初識linux：計算機的組成及功能

一、描述計算機的組成及功能。由馮諾伊曼提出計算機體系結構（5大部件）控制器（Controller）：是整個計算機的中樞神經，其功能是對程序規定的控制信息進行解釋，根據其要求進行控制，調度程序、數據、地址，協調計算機各部分工作及內存與外設的訪問等。運算器(Datapath)：運算器的功能是對數據進行各種算術運算和邏輯運算，即對數據進行加工處理。（cpu由控…

2017-12-03
bash腳本編程練習：判斷、循環

1、寫一個腳本，判斷當前系統上所有用戶的shell是否為可登錄shell（即用戶的shell不是/sbin/nologin）；分別這兩類用戶的個數；通過字符串比較來實現； #!/bin/bash # declare -i sumlogin=0 declare -i sumnologin=0 for&nbs…

Linux干貨 2016-11-22

欧美性久久久久