域名服务器是internat服务,在企业内部有着非常重要的作用,现在我就将其搭建与配置相关内容描述如下。
一 安装
yum install bind bind-chroot bind-utils
现在主要来实现主、从域名服务器,智能解析-分离解析功能。还有域名应用实例 主要特例:基于域名解析的负载均衡,泛域名解析,子域授权。
二 环境拓扑
三 主从复制过程
master DNS服务器更新完配置后,首先会向slave DNS服务器发送notify消息。随后slave DNS服务器向master DNS服务器发送SOA查询请求,网站空间,主DNS服务器返回结果给从DNS服务器,slave DNS服务器会对比其serial,如果小于自己的serial就结束同步过程。如果返回的查询结果中的serial号比自己的大,香港虚拟主机,向master DNS服务器发送zone transfer请求,香港服务器租用,master DNS响应后会发送结果,slave DNS服务器接收数据,完成更新。
四 bind配置过程
1.将主从DNS服务器的域名设置成自己的ipaddress
master的/etc/reslov.conf加入:nameserver 192.168.4.44
slave的/etc/reslov.conf加入:nameserver 192.168.4.70
2.配置master DNS服务器
2.1 其/etc/named.conf配置如下
// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//
options {listen-on port 53 {any;}; //监听ip,192.168.4.44 172.16.100.80listen-on-v6 port 53 { ::1; };directory"/var/named";dump-file"/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query{ any; };recursion yes;
forwarders {221.130.13.133;}; 转发给上级DNSdnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;
/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";};
logging {channel default_debug {file "data/named.run";severity dynamic;};};
//172.16.100.0/24模拟内网,192.168.4.0/24模拟外网。
key "lan" {algorithm hmac-md5 ;secret "1Zgap+bwH5Yjtj0mo+Bj9g==";};
key "wan"{algorithm hmac-md5;secret "1TK0ThAdgiQ8IrJBm+SQZA==";};
view "lan" {match-clients { 172.16.100.0/24; }; //匹配客户端server 172.16.100.70 {keys "lan";}; //slave服务器地址allow-transfer {key lan;};include "/etc/named/lan.conf"; //zone配置文件};
view "wan"{match-clients { any; };server 192.168.4.70 {keys wan;};allow-transfer {key wan;};include "/etc/named/wan.conf";};
2.2 视图lan配置文件lan.conf
zone "longining.com." IN {type master;allow-transfer {172.16.100.70;};file "/var/named/longining.lan";};zone "100.16.172.in-addr.arpa." IN {type master;allow-transfer {172.16.100.70;};file "/var/named/100.16.172.arpa";};
2.3 视图wan配置文件wan.conf
zone "longining.com." IN {type master;allow-transfer {192.168.4.70;};file "/var/named/longining.wan";};zone "4.168.192.in-addr.arpa." IN {type master;allow-transfer {192.168.4.70;};file "/var/named/4.168.192.arpa";};
2.4 lan.conf对应的正反向解析文件
2.4.1 longining.lan内容如下
//longining.lan内容
$TTL 1D@IN SOA dns.longining.com. root@longining.com (0; serial1D; refresh1H; retry1W; expire3H ) ; minimumIN NSdns.longining.com.IN MX10 mail.longining.com.dns IN A172.16.100.70dns IN A192.168.4.44www IN A192.168.4.44time IN A172.16.100.70mail IN A192.168.4.44
2.4.2100.16.172.arpa内容如下
$TTL 1D@IN SOA dns.longining.com. root.longining.com ( 0; serial 1D; refresh 1H; retry 1W; expire 3H ) ; minimum IN NS dns.longining.com.70IN PTR dns.longining.com. 70 IN PTR time.longining.com. 70 IN PTR ftp.longining.com.
2.4.3 longining.wan配置如下
我知道有一种爱情,叫做与你白头,有一种幸福,叫做和你相伴。
