Linux 基础知识(十)DNS服务器主从复制，子域授权

2022-10-15 07:55:09

DNS域名系统是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库，能够使人更方便地访问互联网。DNS使用TCP和UDP端口53

DNS服务器主从复制，子域授权
主服务器:10.120.123.13
从服务器:10.120.123.250
子服务器:10.120.123.251

从服务器的主配置文件：/etc/named.conf

options {
        listen-on port 53 { 10.120.123.250; };  //定义监听的端口以及监听ip
        //listen-on-v6 port 53 { ::1; };      //关闭IPv6 查询
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

        recursion yes;  //允许递归

        dnssec-enable no;  //关闭DNS安全相关
        dnssec-validation no;  //关闭DNS安全相关

        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {                             //日志相关的配置
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {                        //定义根区域
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

从服务器定义区域解析库文件：/etc/named.rfc1912.zones

zone "test.com" IN {
        type slave;     //定义服务类型slave
        file "slaves/test.com.zone"; 
        masters { 10.120.123.13; };   //定义主服务器地址
        masterfile-format text;       //定义格式，解决服务器区域文件乱码
};

zone "123.120.10.in-addr.arpa" IN {
        type slave;     //定义服务类型slave
        file "slaves/10.120.123.zone";   
        masters { 10.120.123.13; };      //定义主服务器地址
        masterfile-format text;         //定义格式，解决服务器区域文件乱码
};

主服务器区域解析库文件(/var/named/test.com.zone)：增加NS记录

$TTL 3600
$ORIGIN test.com.
@       IN      SOA     ns1.test.com.   dnsadmin.test.com. (
        2019010818
        1H
        10M
        3D
        1D )
        IN      NS      ns1
        IN      NS      ns2   //从服务器
        IN      MX   10 mx1
        IN      MX   20 mx2
ns1     IN      A       10.120.123.13
ns2     IN      A       10.120.123.250   //从服务器
mx1     IN      A       10.120.123.252
mx2     IN      A       10.120.123.253
www     IN      A       10.120.123.254
web     IN      CNAME   www
ops     IN      NS      ns1.ops         //子域授权
ns1.ops IN      A       10.120.123.251

$TTL 3600
$ORIGIN 123.120.10.in-addr.arpa.
@       IN      SOA     ns1.test.com.  nsadmin.test.com. (
        2019010802
        1H
        10M
        3D
        12H )
        IN      NS      ns1.test.com.
        IN      NS      ns2.test.com. //从服务器
13      IN      PTR     ns1.test.com.
250     IN      PTR     ns2.test.com. //从服务器
252     IN      PTR     mx1.test.com.
253     IN      PTR     mx2.test.com.
254     IN      PTR     www.test.com.

子域区域解析库文件(/var/named/ops.test.com.zone)

$TTL 3600 
$ORIGIN ops.test.com.
@       IN      SOA     ns1.ops.test.com.     nsadmin.ops.test.com. (
                2019022401
                1H
                10M
                1D
                2H )
        IN      NS      ns1
ns1     IN      A       10.120.123.251
www     IN      A       10.120.123.251

主服务器重载主配置

rndc reload

从服务器开启服务

systemctl restart  named.service

从服务器测试

完全区域传送
dig -t axfr test.com @10.120.123.13
正向解析
dig -t A www.test.com @10.120.123.250
反向解析
dig -x 10.120.123.13 @10.120.123.250

子域测试

dig www.ops.test.com @10.120.123.13   //主
dig www.ops.test.com @10.120.123.250 //从
dig www.ops.test.com @10.120.123.251 //子

码农公寓

相关文章