DNS的配置
我准备的网络环境如下
目标:配置DNSMaster和DNSSlave两台dns服务器,形成主从配置,为本网络提供名称解析服务。
过程:通过脚本为2台服务器自动配置所需环境(文章最后附上此次脚本)
操作系统:CentOS6.6 x32_64
DNSMaster
/etc/sysconfig/network-scripts/ifcfg-eth0 配置
/etc/named.conf options段配置 
启动named服务,查看53端口。
/etc/named.rfc1912.zones 中新添加的子域
子域文件
/var/named/test.com.zone
子域的反解文件
/var/named/172.16.32.zone
对test.com域的正解和反解
将注释取消掉后不允许进行反解
DNSSlave主机
/etc/sysconfig/network-scripts/ifcfg-eth0 配置
/var/named/test.com.zone 文件的配置情况
会自动从下载解析文件
/var/named/slaves/test.com.zone 文件
/var/named/slaves/172.16.32.zone 文件
查看域的正解
查看域的反解
将DNSMaster的服务关闭后
会发现提供解析的服务器已转为DNSSlave
#!/bin/bash
# 基于yum安装bind
rpm -ql bind &>/dev/null || yum install -y bind bind-utils
# 修改默认配置文件
conf=/etc/named.conf
[ -f $conf.bak ] && cp -f $conf.bak $conf || cp $conf $conf.bak
sed -i ‘s@\(^[[:space:]]*listen-on.*\)@//\1@‘ $conf
sed -i ‘s/localhost;/any;/g‘ $conf
sed -i ‘s/dnssec-enable yes/dnssec-enable no/‘ $conf
sed -i ‘s/dnssec-validation yes/dnssec-validation no/‘ $conf
sed -i ‘s/auto/no/‘ $conf
sed -i ‘s@\(^[[:space:]]*bindkeys\)@//\1@‘ $conf
sed -i ‘s@\(^[[:space:]]*managed\)@//\1@‘ $conf
# 设置一个黑名单
blackhole=192.168.0.0/24
[ ! -z $blackhole ] && sed -i "s@\(recursion yes;\)@\1\n\tblackhole { `echo $blackhole`; };@" $conf
# 域名称
zonename=test.com
# 域的网段地址
zoneIP=172.16.32.0
# 主域
NS=(ns1 ns2)
masterip=172.16.32.251
slaveip=172.16.32.252
# 子域
SUBNS=()
# 邮件列表
MX=(mail)
# A记录
A=(ns1=172.16.32.251 ns2=172.16.32.252 www1=172.16.32.241 www2=172.16.32.242 php=172.16.32.231 mysqlM=172.16.32.221 mysqlS=172.16.32.222 ftp=172.16.0.1 )
# 别名列表
CNAME=(pop3=mail imaps=mail www=www1)
# SOA ns and mail
soaNS=ns
soaMail=mail
ser=01
ttl=3600
serial=`date +"%Y%m%d"`$ser
refresh=1H
retry=5M
expire=7D
mttl=1H
zonefile=/var/named
sed -i ‘43,$d‘ /etc/named.rfc1912.zones
ptrip=`echo $zoneIP | cut -d‘.‘ -f3`"."`echo $zoneIP | cut -d‘.‘ -f2`"."`echo $zoneIP | cut -d‘.‘ -f1`
if [ ${1:-master} == "slave" ];then
cat >> /etc/named.rfc1912.zones <<EOF
zone "$zonename" IN {
type slave;
file "slaves/$zonename.zone";
masters { $masterip; };
allow-transfer { 172.16.32.0/16; };
};
zone "$ptrip.in-addr.arpa" IN {
type slave;
file "slaves/${zoneIP%.*}.zone";
masters { $masterip; };
// allow-transfer { none; };
};
zone "example.com" IN {
type forward;
forward only;
forwarders { 172.16.0.1; };
};
EOF
else
cat >> /etc/named.rfc1912.zones <<EOF
zone "$zonename" IN {
type master;
file "$zonename.zone";
allow-transfer { 172.16.32.0/16; };
};
zone "$ptrip.in-addr.arpa" IN {
type master;
file "${zoneIP%.*}.zone";
// allow-transfer { none; };
};
zone "example.com" IN {
type forward;
forward only;
forwarders { 172.16.0.1; };
};
EOF
zoneNS=""
zoneSUBNS=""
zoneMX=""
zoneA=""
zoneCNAME=""
for i in ${NS[@]};do
zoneNS=$zoneNS"\tIN\tNS\t"$i"\n"
done
for i in ${SUBNS[@]};do
zoneSUBNS=$zoneNS$i"\tIN\tNS\t"$i"\n"
done
nice=10
for i in ${MX[@]};do
zoneMX=$zoneMX"\tIN\tMX\t$nice\t$i\n"
nice=$[$nice+10]
done
for i in ${A[@]};do
zoneA=$zoneA`echo $i | cut -d‘=‘ -f1`"\tIN\tA\t"`echo $i | cut -d‘=‘ -f2`"\n"
done
for i in ${CNAME[@]};do
zoneCNAME=$zoneCNAME`echo $i | cut -d‘=‘ -f1`"\tIN\tCNAME\t"`echo $i | cut -d‘=‘ -f2`"\n"
done
function getptr(){
ptr=`echo $1|cut -d‘.‘ -f4`"."`echo $1|cut -d‘.‘ -f3`"."`echo $1|cut -d‘.‘ -f2`"."`echo $1|cut -d‘.‘ -f1`.in-addr.arpa.;
echo -n $ptr
}
ptrNS=""
for i in ${NS[@]};do
ptrNS=$ptrNS"\tIN\tNS\t"$i.$zonename."\n"
done
function ptrA(){
for i in ${A[@]};do
getptr `echo $i | cut -d‘=‘ -f2`
echo -en "\tIN\tPTR\t`echo $i | cut -d‘=‘ -f1`.$zonename.\n"
done
}
cat > $zonefile/$zonename.zone <<EOF
\$TTL $ttl
\$ORIGIN $zonename.
@ IN SOA $soaNS $soaMail (
$serial
$refresh
$retry
$expire
$mttl )
`echo -e $zoneNS`
`echo -e $zoneMX`
`echo -e $zoneA`
`echo -e $zoneCNAME`
`echo -e $zoneSUBNS`
EOF
cat > $zonefile/${zoneIP%.*}.zone <<EOF
\$TTL $ttl
\$ORIGIN $ptrip.in-addr.arpa.
@ IN SOA $soaNS.$zonename. $soaMail.$zonename. (
$serial
$refresh
$retry
$expire
$mttl )
`echo -e $ptrNS`
`ptrA`
EOF
fi
chown :named $zonefile/$zonename.zone $zonefile/${zoneIP%.*}.zone
chmod 640 $zonefile/$zonename.zone $zonefile/${zoneIP%.*}.zone
chkconfig named on
pidof named &>/dev/null && service named restart || service named start本文出自 “ttqq” 博客,请务必保留此出处http://473008.blog.51cto.com/463008/1595640
原文:http://473008.blog.51cto.com/463008/1595640