Linux下的主輔DNS服務器同步

• 一、系統環境介紹
• 二、輔助DNS搭建
• • 1.安裝yum包
  • 2.設置服務自啟
  • 3.編輯dns主配置文件
  • 4.編輯區域文件
  • 5.配置正向文件
  • 6.配置反向文件
  • 7.重啟服務和放行防火墻
• 三、客戶端指向DNS服務器
• 四、測試正向解析和反向解析
• 六、測試主從同步
• • 1.修改主DNS的正、反向配置文件
  • 2.客戶端檢查是否dns同步
• 七、主DNS服務器搭建鏈接

一、系統環境介紹

系統：rhel8.0
control：192.168.200.150 -》主DNS（已配置）
node1:192.168.200.135 -》輔助DNS
node2:192.168.200.136

二、輔助DNS搭建

1.安裝yum包

[root@node1 ~]# yum -y install bind bind-chroot Updating Subscription Management repositories. Unable to read consumer identity This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Repository AppStream is listed more than once in the configuration Repository BaseOS is listed more than once in the configuration Repository AppStream is listed more than once in the configuration Repository BaseOS is listed more than once in the configuration AppStream 165 kB/s | 3.2 kB 00:00 BaseOS 155 kB/s | 2.7 kB 00:00 ansiable 0.0 B/s | 0 B 00:00 Zabbix 1.3 kB/s | 2.9 kB 00:02 Failed to synchronize cache for repo 'ansiable', ignoring this repo. Dependencies resolved. ===============================================================================================================================================Package Arch Version Repository Size =============================================================================================================================================== Installing:bind x86_64 32:9.11.4-16.P2.el8 AppStream 2.1 Mbind-chroot x86_64 32:9.11.4-16.P2.el8 AppStream 99 kTransaction Summary =============================================================================================================================================== Install 2 PackagesTotal size: 2.2 M Installed size: 4.7 M Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transactionPreparing : 1/1 Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2 Installing : bind-32:9.11.4-16.P2.el8.x86_64 1/2 Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2 Installing : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2 Running scriptlet: bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2 Verifying : bind-32:9.11.4-16.P2.el8.x86_64 1/2 Verifying : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2 Installed products updated.Installed:bind-32:9.11.4-16.P2.el8.x86_64 bind-chroot-32:9.11.4-16.P2.el8.x86_64 Complete!

2.設置服務自啟

[root@node1 ~]# systemctl enable --now named Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

3.編輯dns主配置文件

[root@node1 ~]# vim /etc/named.conf options {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";secroots-file "/var/named/data/named.secroots";recursing-file "/var/named/data/named.recursing";allow-query { any; };

4.編輯區域文件

[root@node1 ~]# vim /etc/named.rfc1912.zones zone "huaxia.com" IN {type slave;masters { 192.168.200.150; };file "slaves/named.zx"; };zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; }; };zone "200.168.192.in-addr.arpa" IN {type slave;masters { 192.168.200.150; };file "slaves/named.fx"; };

5.配置正向文件

[root@node1 named]# cp -p named.localhost slaves/named.zx [root@node1 named]# cp -p named.loopback slaves/named.fx $TTL 1D @ IN SOA ns.huaxia.com. root. (20212401 ; serial10 ; refresh1H ; retry10 ; expire10 ) ; minimum @ NS ns.huaxia.com. ns IN A 192.168.200.150 server0 IN A 192.168.200.150 ~

備注：，正向、反向數據庫文件主輔同步時間頻率改為 10 秒，增加序列號，為方便快速看到同步效果，并且重啟 named 服務。（生產環境中保持默認即可。）

6.配置反向文件

$TTL 1D @ IN SOA ns.huaxia.com. root. (20212413 ; serial10 ; refresh10 ; retry1W ; expire10 ) ; minimum @ NS ns.huaxia.com ns IN A 192.168.200.150 150 PTR server0.example.com

7.重啟服務和放行防火墻

[root@node1 named]# systemctl restart named [root@node1 named]# firewall-cmd --permanent --add-service=dns success [root@node1 named]# firewall-cmd --reload success

三、客戶端指向DNS服務器

[root@node2 ~]# vim /etc/resolv.conf # Generated by NetworkManager search example.com ilt.example nameserver 192.168.200.135

四、測試正向解析和反向解析

[root@node2 ~]# nslookup > server0.huaxia.com Server: 192.168.200.135 Address: 192.168.200.135#53Name: server0.huaxia.com Address: 192.168.200.150 > 192.168.200.150 150.200.168.192.in-addr.arpa name = www.huaxia.com.

六、測試主從同步

1.修改主DNS的正、反向配置文件

$TTL 1D @ IN SOA ns.huaxia.com. root. (2021062211 ; serial10 ; refresh10 ; retry1W ; expire30 ) ; minimum @ IN NS ns.huaxia.com. ns IN A 192.168.200.150 server0 IN A 192.168.200.150 www IN A 192.168.200.150 web IN CNAME web.huaxia.com. * IN A 192.168.200.150 mail IN A 192.168.200.150 @ MX 10 mail.huaxia.com. $TTL 1D @ IN SOA ns root.huaxia.com (2021062211 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ IN NS ns.huaxia.com. ns IN A 192.168.200.150 150 PTR www.huaxia.com. 150 PTR mail.huaxia.com. 150 PTR server0.example.com.

2.客戶端檢查是否dns同步

150.200.168.192.in-addr.arpa name = server0.example.com. 150.200.168.192.in-addr.arpa name = www.huaxia.com. 150.200.168.192.in-addr.arpa name = mail.huaxia.com.[root@node2 ~]# nslookup server0.huaxia.com Server: 192.168.200.135 Address: 192.168.200.135#53Name: server0.huaxia.com Address: 192.168.200.150[root@node2 ~]# nslookup www.huaxia.com Server: 192.168.200.135 Address: 192.168.200.135#53Name: www.huaxia.com Address: 192.168.200.150

七、主DNS服務器搭建鏈接

Linux下的DNS服務器搭建

總結

以上是生活随笔為你收集整理的Linux下的主辅DNS服务器同步的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。