Bind Version: 9.11.4
[TOC]
Primary DNS Server
一个域的主服务器保存着该域的zone文件. 该域所有的配置和更改都是在主服务器上进行.
Secondary DNS Server
一个域的从服务器通常作为冗余负载使用, 从该域的主服务器上同步zone文件. 从服务器不会进行任何信息的更改, zone文件的修改只能在主DNS服务器上进行, 所有的修改都由主服务器同步.
AXFR
第一次传送区域文件, 通常是传送完整的区域文件, 这叫作“完全区域传送” .
IXFR
后续传送区域文件, 通常是传送增量的区域文件, 这叫作“增量区域传送”.
区域文件, 一方面是定期由从服务器去向主服务器询问和拉取; 一方面当主服务器发生更新时, 会向从服务器发送更新通知, 让从服务器来拉取.
如果主服务器出现故障, 不响应从服务器的询问, 经过一段时间的尝试, 发现仍然没有响应, 则从服务器不会取而代之, 而是不再对DNS请求做应答, 并且放弃解析服务.
访问控制列表
build-in ACLs
| ACL_NAME | COMMENT |
|---|---|
| any | 任何主机 |
| none | 无一主机 |
| local | 本机 |
| localnet | 本机所在网络 |
ACL Syntax
acl "ACL_NAME" {
IP/PREFIX;
IP/PREFIX;
...
};
安全控制选项
allow-query { ACL_NAMEs;|IP; };
允许哪些主机查询当前DNS服务器
allow-recursion { ACL_NAMEs;|IP; };
允许哪些主机向当前DNS服务器发起递归查询请求
allow-transfer { ACL_NAMEs;|IP; };
允许从服务器拉取区域文件
allow-update { ACL_NAMEs;|IP; };
允许动态更新区域文件内容
| HOSTNAME | IP ADDRESS | ROLE |
|---|---|---|
| mac | 192.168.199.103 | DNS Client |
| ns0.zakzhu.com | 192.168.199.200 | Primary DNS Server |
| ns1.zakzhu.com | 192.168.199.201 | Secondary DNS Server |
主机: ns0.zakzhu.com
主机: ns1.zakzhu.com
[root@ns0 ~]# yum install bind bind-utils -y
[root@ns0 ~]# vim /etc/named.conf
options { listen-on port 53 { 192.168.199.200; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; recursion yes; dnssec-enable no; dnssec-validation no; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; ... ... ... ...
[root@ns0 ~]# vim /etc/named.rfc1912.zones
... ... ... ... zone "zakzhu.com" IN { type master; file "zakzhu.com.zone"; allow-update { none; }; allow-transfer { 192.168.199.201; }; }; zone "199.168.192.in-addr.arpa" IN { type master; file "199.168.192.in-addr.arpa.zone"; allow-update { none; }; allow-transfer { 192.168.199.201; }; };
[root@ns0 ~]# cd /var/named/
[root@ns0 named]# touch zakzhu.com.zone
[root@ns0 named]# chmod 640 zakzhu.com.zone && chown root:named !$
[root@ns0 named]# vim zakzhu.com.zone
$TTL 86400 $ORIGIN zakzhu.com. @ IN SOA ns0.zakzhu.com. hostmaster.zakzhu.com. ( 2020031700 ; serial 1H ; refresh (1 hours) 15M ; retry (15 mins) 7D ; expire (7 days) 20M ) ; minimum (20 mins) IN NS ns0.zakzhu.com. IN NS ns1.zakzhu.com. ns0 IN A 192.168.199.200 ns1 IN A 192.168.199.201 www IN A 192.168.199.200 mx1 IN A 192.168.199.200 mx2 IN A 192.168.199.201 web IN CNAME www @ IN MX 10 mx1 @ IN MX 20 mx2
[root@ns0 named]# touch 199.168.192.in-addr.arpa.zone
[root@ns0 named]# chmod 640 199.168.192.in-addr.arpa.zone && chown root:named !$
[root@ns0 named]# vim 199.168.192.in-addr.arpa.zone
$TTL 86400 $ORIGIN 199.168.192.in-addr.arpa. @ IN SOA ns0.zakzhu.com. hostmaster.zakzhu.com. ( 2020031700 ; serial 1H ; refresh (1 hours) 15M ; retry (15 mins) 7D ; expire (7 days) 20M ) ; minimum (20 mins) IN NS ns0.zakzhu.com. IN NS ns1.zakzhu.com. 200 IN PTR ns0.zakzhu.com. 201 IN PTR ns1.zakzhu.com. 200 IN PTR www.zakzhu.com.
[root@ns0 named]# named-checkconf
[root@ns0 named]# named-checkzone -d zakzhu.com zakzhu.com.zone
[root@ns0 named]# named-checkzone -d 199.168.192.in-addr.arpa 199.168.192.in-addr.arpa.zone
[root@ns0 ~]# systemctl enable named
[root@ns0 ~]# systemctl restart named
[root@ns1 ~]# yum install bind bind-utils -y
[root@ns1 ~]# vim /etc/named.conf
options { listen-on port 53 { 192.168.199.201; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; recursion yes; dnssec-enable no; dnssec-validation no; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; ... ... ... ...
[root@ns1 ~]# vim /etc/named.rfc1912.zones
... ... ... ... zone "zakzhu.com" IN { type slave; file "slaves/zakzhu.com.zone"; masters { 192.168.199.200; }; }; zone "199.168.192.in-addr.arpa" IN { type slave; file "slaves/199.168.192.in-addr.arpa.zone"; masters { 192.168.199.200; }; };
[root@ns1 ~]# named-checkconf
[root@ns1 ~]# systemctl enable named
[root@ns1 ~]# systemctl restart named
[root@ns1 ~]# tail -f /var/named/data/named.run
[root@ns0 ~]# dig -t axfr zakzhu.com @192.168.199.201
测试主服务器
[zak@mac ~ 00:59:32]
$ dig -t a www.zakzhu.com. @192.168.199.200
测试从服务器
[zak@mac ~ 01:00:09]
$ dig -t a www.zakzhu.com. @192.168.199.201
测试主服务器
[zak@mac ~ 01:08:28]
$ dig -t a www.zakzhu.com. @192.168.199.200
测试从服务器
[zak@mac ~ 01:08:38]
$ dig -x 192.168.199.200 @192.168.199.201
## 新增"hr.zakzhu.com."的A记录
[root@ns0 named]# vim zakzhu.com.zone
[root@ns0 named]# named-checkzone -d zakzhu.com zakzhu.com.zone
[root@ns0 named]# rndc reload
[zak@mac ~ 01:26:01]
$ dig -t a hr.zakzhu.com. @192.168.199.201
原文:https://www.cnblogs.com/zakzhu/p/12521625.html