简单的dns主从服务器搭建实验
2017-01-23 13:08
495 查看
一、实验环境
1、两台克隆机sever与client
server ip:192.168.75.130
client ip:192.168.75.129
2、server与client都安装了bind软件,且版本为:bind-9.8.2-0.47.rc1.el6_8.4.x86_64
3、本次实验,所以我会创建一个正向区域:fzq.com.,一个反向区域:75.168.192.in-addr.arpa
二、实验步骤
对于server:
1、修改配置文件
2、创建相应的区域文件
3、安全设置
在client端
1、修改配置文件
2、安全设置
三、测试
1、分别启动dns服务
在server端
在client端
2、查看日志信息
在server端
在client端
3、更新数据版本
在server端
在client端
总结:在学习中,多动手,多总结,有助于理解内容,人的记忆是有限的,多做笔记。
1、两台克隆机sever与client
server ip:192.168.75.130
client ip:192.168.75.129
2、server与client都安装了bind软件,且版本为:bind-9.8.2-0.47.rc1.el6_8.4.x86_64
3、本次实验,所以我会创建一个正向区域:fzq.com.,一个反向区域:75.168.192.in-addr.arpa
二、实验步骤
对于server:
1、修改配置文件
[root@creep ~]# cd /etc [root@creep etc]# mv named.conf named.conf.bak //备份原始的配置文件 [root@creep etc]# cp -a named.conf.bak named.conf [root@creep etc]# vim named.conf options { directory "/var/named"; notify yes; //若数据版本更新,就会将信息推送给从服务器 }; zone "." IN { type hint; file "named.ca"; }; zone "fzq.com." IN { type master; file "named.fzq"; allow-transfer {192.168.75.129;}; //只允许与从服务器进行区域传送 }; zone "75.168.192.in-addr.arpa." IN { type master; file "named.qzf"; allow-transfer {192.168.75.129;}; }; ~ [root@creep etc]# named-checkconf //检查配置文件的语法
2、创建相应的区域文件
[root@creep ~]# cd /var/named [root@creep named]# cp -a named.localhost named.fzq [root@creep named]# vim named.fzq //创建正向区域文件 $TTL 1D fzq.com. IN SOA ns1.fzq.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum fzq.com. NS ns1.fzq.com. fzq.com. NS ns2.fzq.com. //从服务器的定义 ns1.fzq.com. A 192.168.75.130 ns2.fzq.com. A 192.168.75.129 fzq.com. MX 7 mail.fzq.com. mail A 192.168.75.1 www A 192.168.75.2 [root@creep named]# named-checkzone fzq.com. named.fzq //检查区域文件语法 zone fzq.com/IN: loaded serial 0 OK [root@creep named]# cp -a named.loopback named.qzf [root@creep named]# vim named.qzf //创建反向区域文件 $TTL 1D 75.168.192.in-addr.arpa. IN SOA ns1.fzq.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum 75.168.192.in-addr.arpa. NS ns1.fzq.com. 75.168.192.in-addr.arpa. NS ns2.fzq.com. 130.75.168.192.in-addr.arpa. PTR ns1.fzq.com. 129.75.168.192.in-addr.arpa. PTR ns2.fzq.com. 1.75.168.192.in-addr.arpa. PTR mail.fzq.com. 2.75.168.192.in-addr.arpa. PTR www.fzq.com. 4000 [root@creep named]# named-checkzone 75.168.192.in-addr.arpa. named.qzf //检查区域文件语法 zone 75.168.192.in-addr.arpa/IN: loaded serial 0 OK
3、安全设置
[root@creep ~]# setenforce 0 //关闭SElinux [root@creep ~]# getenforce Permissive [root@creep ~]# service iptables stop //关闭防火墙 iptables:清除防火墙规则: [确定] iptables:将链设置为政策 ACCEPT:filter [确定] iptables:正在卸载模块: [确定]
在client端
1、修改配置文件
[root@creep ~]# cd /etc [root@creep etc]# mv named.conf named.conf.bak [root@creep etc]# cp -a named.conf.bak named.conf [root@creep etc]# vim named.conf options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; }; zone "fzq.com." IN { type slave; file "slaves/named.fzq"; masters {192.168.75.130;}; //主服务器地址 allow-transfer {none;}; //不允许与其他主机进行数据区域传送 }; zone "75.168.192.in-addr.arpa." IN { type slave; file "slaves/named.qzf"; masters {192.168.75.130;}; allow-transfer {none;}; }; [root@creep etc]# named-checkconf
2、安全设置
[root@creep ~]# setenforce 0 //关闭SElinux [root@creep ~]# getenforce Permissive [root@creep ~]# service iptables stop //关闭防火墙 iptables:清除防火墙规则: [确定] iptables:将链设置为政策 ACCEPT:filter [确定] iptables:正在卸载模块: [确定]
三、测试
1、分别启动dns服务
在server端
[root@creep ~]# service named start Generating /etc/rndc.key: [确定] 启动 named: [确定]
在client端
[root@creep ~]# service named start Generating /etc/rndc.key: [确定] 启动 named: [确定]
2、查看日志信息
在server端
[root@creep ~]# tail /var/log/messages Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: loaded serial 0 Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: loaded serial 0 Jan 21 02:41:17 creep named[2318]: managed-keys-zone ./IN: loaded serial 0 Jan 21 02:41:17 creep named[2318]: running Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0) Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: sending notifies (serial 0) Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR started Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR ended Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR started Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR ended
在client端
[root@creep ~]# tail /var/log/messages Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: Transfer started. Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: connected using 192.168.75.129#41314 Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: transferred serial 0 Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 8 records, 246 bytes, 0.008 secs (30750 bytes/sec) Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0) Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: Transfer started. Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#51418 Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: transferred serial 0 Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 9 records, 235 bytes, 0.002 secs (117500 bytes/sec) Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0) [root@creep ~]# cd /var/named/slaves/ [root@creep slaves]# ls named.fzq named.qzf //说明数据区域传送成功 [root@creep slaves]# cat named.fzq $ORIGIN . $TTL 86400 ; 1 day fzq.com IN SOA ns1.fzq.com. rname.invalid. ( 0 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns1.fzq.com. NS ns2.fzq.com. MX 7 mail.fzq.com. $ORIGIN fzq.com. mail A 192.168.75.1 ns1 A 192.168.75.130 ns2 A 192.168.75.129 www A 192.168.75.2
3、更新数据版本
在server端
[root@creep named]# vim named.fzq $TTL 1D fzq.com. IN SOA ns1.fzq.com. rname.invalid. ( 1 ; serial //注意:一旦数据发生改变,就要修改版本号 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum fzq.com. NS ns1.fzq.com. fzq.com. NS ns2.fzq.com. ns1.fzq.com. A 192.168.75.130 ns2.fzq.com. A 192.168.75.129 fzq.com. MX 7 mail.fzq.com. mail A 192.168.75.1 www A 192.168.75.2 ftp A 192.168.75.3 //新增添的记录 [root@creep named]# named-checkzone fzq.com. named.fzq zone fzq.com/IN: loaded serial 0 OK [root@creep named]# service named reload //重启服务 重新载入named: [root@creep ~]# tail /var/log/messages //查看日志信息 Jan 21 02:51:47 creep named[2318]: reloading configuration succeeded Jan 21 02:51:47 creep named[2318]: reloading zones succeeded Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: loaded serial 1 Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: sending notifies (serial 1) Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR started Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR ended
在client端
[root@creep ~]# tail /var/log/messages //查看日志文件 Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0) Jan 21 02:42:52 creep named[2264]: client 192.168.75.130#60464: received notify for zone 'fzq.com' Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: Transfer started. Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#50188 Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: transferred serial 1 Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 10 records, 255 bytes, 0.005 secs (51000 bytes/sec) Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: sending notifies (serial 1) [root@creep ~]# cat /var/named/slaves/named.fzq $ORIGIN . $TTL 86400 ; 1 day fzq.com IN SOA ns1.fzq.com. rname.invalid. ( 1 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 604800 ; expire (1 week) 10800 ; minimum (3 hours) ) NS ns1.fzq.com. NS ns2.fzq.com. MX 7 mail.fzq.com. $ORIGIN fzq.com. ftp A 192.168.75.3 //说明增量区域传送成功 mail A 192.168.75.1 ns1 A 192.168.75.130 ns2 A 192.168.75.129 www A 192.168.75.2
总结:在学习中,多动手,多总结,有助于理解内容,人的记忆是有限的,多做笔记。
相关文章推荐
- DNS笔记&主从服务器搭建实验
- DNS浅析-搭建一个简单的主从服务器
- Linux下使用bind搭建DNS主从服务器
- DNS服务器的搭建和应用实验(一)
- 主从DNS服务器的搭建八步骤
- DNS主从服务器的搭建
- 例题解析DNS主从服务器简单配置2
- 使用BIND安装智能DNS服务器(一)---基本的主从DNS服务器搭建
- 【Linux】DNS服务器搭建,主从服务器配置同步!
- 简单dns服务器搭建
- centos6.5环境DNS-本地DNS主从服务器bind的搭建
- DNS-实验1_简单配置和主从DNS
- CentOS6服务管理之DNS-主从DNS服务器的搭建 推荐
- dns的主从服务器的简单配置
- 使用Bind9搭建DNS主从服务器
- 快速告诉你如何搭建中小型企业主dns(域名解析)服务器以及实现主副dns同步实验!
- Linux DNS (3)搭建DNS主从服务器
- Centos 6.5 BIND 主从 DNS 服务器搭建(测试用, 没有授权)
- mysql主从服务器搭建,简单,实用!
- Linux下使用 bind搭建DNS主从服务器