简单的dns主从服务器搭建实验

一、实验环境

1、两台克隆机sever与client

server ip:192.168.75.130

client ip:192.168.75.129

2、server与client都安装了bind软件，且版本为:bind-9.8.2-0.47.rc1.el6_8.4.x86_64

3、本次实验，所以我会创建一个正向区域:fzq.com.，一个反向区域:75.168.192.in-addr.arpa

二、实验步骤

对于server:

1、修改配置文件

[root@creep ~]# cd /etc
[root@creep etc]# mv named.conf named.conf.bak   //备份原始的配置文件
[root@creep etc]# cp -a named.conf.bak named.conf
[root@creep etc]# vim named.conf
options {
directory       "/var/named";
notify  yes;    //若数据版本更新，就会将信息推送给从服务器
};

zone "." IN {
type hint;
file "named.ca";
};

zone "fzq.com." IN {
type    master;
file    "named.fzq";
allow-transfer  {192.168.75.129;};    //只允许与从服务器进行区域传送
};

zone "75.168.192.in-addr.arpa." IN {
type    master;
file    "named.qzf";
allow-transfer  {192.168.75.129;};
};
~
[root@creep etc]# named-checkconf   //检查配置文件的语法

2、创建相应的区域文件

[root@creep ~]# cd /var/named
[root@creep named]# cp -a named.localhost named.fzq
[root@creep named]# vim named.fzq    //创建正向区域文件
$TTL 1D
fzq.com.        IN SOA  ns1.fzq.com. rname.invalid. (
0       ; serial
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
fzq.com.        NS      ns1.fzq.com.
fzq.com.        NS      ns2.fzq.com.    //从服务器的定义
ns1.fzq.com.    A       192.168.75.130
ns2.fzq.com.    A       192.168.75.129
fzq.com.        MX      7       mail.fzq.com.
mail    A       192.168.75.1
www     A       192.168.75.2
[root@creep named]# named-checkzone fzq.com. named.fzq  //检查区域文件语法
zone fzq.com/IN: loaded serial 0
OK
[root@creep named]# cp -a named.loopback named.qzf
[root@creep named]# vim named.qzf   //创建反向区域文件
$TTL 1D
75.168.192.in-addr.arpa.        IN SOA  ns1.fzq.com. rname.invalid. (
0       ; serial
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
75.168.192.in-addr.arpa.        NS      ns1.fzq.com.
75.168.192.in-addr.arpa.        NS      ns2.fzq.com.
130.75.168.192.in-addr.arpa.    PTR     ns1.fzq.com.
129.75.168.192.in-addr.arpa.    PTR     ns2.fzq.com.
1.75.168.192.in-addr.arpa.      PTR     mail.fzq.com.
2.75.168.192.in-addr.arpa.      PTR     www.fzq.com.
4000

[root@creep named]# named-checkzone 75.168.192.in-addr.arpa. named.qzf   //检查区域文件语法
zone 75.168.192.in-addr.arpa/IN: loaded serial 0
OK

3、安全设置

[root@creep ~]# setenforce 0   //关闭SElinux
[root@creep ~]# getenforce
Permissive
[root@creep ~]# service iptables stop   //关闭防火墙
iptables：清除防火墙规则：                                 [确定]
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：正在卸载模块：                                   [确定]

在client端

1、修改配置文件

[root@creep ~]# cd /etc
[root@creep etc]# mv named.conf named.conf.bak
[root@creep etc]# cp -a named.conf.bak named.conf
[root@creep etc]# vim named.conf
options {
directory       "/var/named";
};

zone "." IN {
type hint;
file "named.ca";
};

zone "fzq.com." IN {
type    slave;
file    "slaves/named.fzq";
masters {192.168.75.130;};    //主服务器地址
allow-transfer  {none;};     //不允许与其他主机进行数据区域传送
};

zone "75.168.192.in-addr.arpa." IN {
type    slave;
file    "slaves/named.qzf";
masters {192.168.75.130;};
allow-transfer  {none;};
};
[root@creep etc]# named-checkconf

2、安全设置

[root@creep ~]# setenforce 0   //关闭SElinux
[root@creep ~]# getenforce
Permissive
[root@creep ~]# service iptables stop   //关闭防火墙
iptables：清除防火墙规则：                                 [确定]
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：正在卸载模块：                                   [确定]

三、测试

1、分别启动dns服务

在server端

[root@creep ~]# service named start
Generating /etc/rndc.key:                            [确定]
启动 named：                                          [确定]

在client端

[root@creep ~]# service named start
Generating /etc/rndc.key:                            [确定]
启动 named：                                          [确定]

2、查看日志信息

在server端

[root@creep ~]# tail /var/log/messages
Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: managed-keys-zone ./IN: loaded serial 0
Jan 21 02:41:17 creep named[2318]: running
Jan 21 02:41:17 creep named[2318]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0)
Jan 21 02:41:17 creep named[2318]: zone fzq.com/IN: sending notifies (serial 0)
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR started
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#41314: transfer of '75.168.192.in-addr.arpa/IN': AXFR ended
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR started
Jan 21 02:42:23 creep named[2318]: client 192.168.75.129#51418: transfer of 'fzq.com/IN': AXFR ended

在client端

[root@creep ~]# tail /var/log/messages
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: Transfer started.
Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: connected using 192.168.75.129#41314
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: transferred serial 0
Jan 21 02:33:28 creep named[2264]: transfer of '75.168.192.in-addr.arpa/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 8 records, 246 bytes, 0.008 secs (30750 bytes/sec)
Jan 21 02:33:28 creep named[2264]: zone 75.168.192.in-addr.arpa/IN: sending notifies (serial 0)
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: Transfer started.
Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#51418
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: transferred serial 0
Jan 21 02:33:28 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 9 records, 235 bytes, 0.002 secs (117500 bytes/sec)
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0)
[root@creep ~]# cd /var/named/slaves/
[root@creep slaves]# ls
named.fzq  named.qzf      //说明数据区域传送成功
[root@creep slaves]# cat named.fzq
$ORIGIN .
$TTL 86400 ; 1 day
fzq.com         IN SOA  ns1.fzq.com. rname.invalid. (
0          ; serial
86400      ; refresh (1 day)
3600       ; retry (1 hour)
604800     ; expire (1 week)
10800      ; minimum (3 hours)
)
NS  ns1.fzq.com.
NS  ns2.fzq.com.
MX  7 mail.fzq.com.
$ORIGIN fzq.com.
mail            A   192.168.75.1
ns1         A   192.168.75.130
ns2         A   192.168.75.129
www         A   192.168.75.2

3、更新数据版本

在server端

[root@creep named]# vim named.fzq
$TTL 1D
fzq.com.        IN SOA  ns1.fzq.com. rname.invalid. (
1       ; serial   //注意:一旦数据发生改变，就要修改版本号
1D      ; refresh
1H      ; retry
1W      ; expire
3H )    ; minimum
fzq.com.        NS      ns1.fzq.com.
fzq.com.        NS      ns2.fzq.com.
ns1.fzq.com.    A       192.168.75.130
ns2.fzq.com.    A       192.168.75.129
fzq.com.        MX      7       mail.fzq.com.
mail    A       192.168.75.1
www     A       192.168.75.2

ftp     A       192.168.75.3   //新增添的记录
[root@creep named]# named-checkzone fzq.com. named.fzq
zone fzq.com/IN: loaded serial 0
OK
[root@creep named]# service named reload    //重启服务
重新载入named:
[root@creep ~]# tail /var/log/messages   //查看日志信息
Jan 21 02:51:47 creep named[2318]: reloading configuration succeeded
Jan 21 02:51:47 creep named[2318]: reloading zones succeeded
Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: loaded serial 1
Jan 21 02:51:47 creep named[2318]: zone fzq.com/IN: sending notifies (serial 1)
Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR started
Jan 21 02:51:47 creep named[2318]: client 192.168.75.129#50188: transfer of 'fzq.com/IN': AXFR-style IXFR ended

在client端

[root@creep ~]# tail /var/log/messages     //查看日志文件
Jan 21 02:33:28 creep named[2264]: zone fzq.com/IN: sending notifies (serial 0)
Jan 21 02:42:52 creep named[2264]: client 192.168.75.130#60464: received notify for zone 'fzq.com'
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: Transfer started.
Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: connected using 192.168.75.129#50188
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: transferred serial 1
Jan 21 02:42:52 creep named[2264]: transfer of 'fzq.com/IN' from 192.168.75.130#53: Transfer completed: 1 messages, 10 records, 255 bytes, 0.005 secs (51000 bytes/sec)
Jan 21 02:42:52 creep named[2264]: zone fzq.com/IN: sending notifies (serial 1)
[root@creep ~]# cat /var/named/slaves/named.fzq
$ORIGIN .
$TTL 86400 ; 1 day
fzq.com         IN SOA  ns1.fzq.com. rname.invalid. (
1          ; serial
86400      ; refresh (1 day)
3600       ; retry (1 hour)
604800     ; expire (1 week)
10800      ; minimum (3 hours)
)
NS  ns1.fzq.com.
NS  ns2.fzq.com.
MX  7 mail.fzq.com.
$ORIGIN fzq.com.
ftp         A   192.168.75.3    //说明增量区域传送成功
mail            A   192.168.75.1
ns1         A   192.168.75.130
ns2         A   192.168.75.129
www         A   192.168.75.2

总结:在学习中，多动手，多总结，有助于理解内容，人的记忆是有限的，多做笔记。