目录
配置DNS主架构
一、配置主服务器
主服务器配置(IP为192.168.58.131)
1、安装bind服务
[root@bogon ~]# yum install -y bind 已加载插件:fastestmirror, priorities Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 正在解决依赖关系 --> 正在检查事务 ---> 软件包 bind.x86_64.32.9.11.4-26.P2.el7_9.16 将被 安装 --> 正在处理依赖关系 python-ply,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在处理依赖关系 policycoreutils-python,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在处理依赖关系 policycoreutils-python,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在检查事务 ---> 软件包 policycoreutils-python.x86_64.0.2.5-34.el7 将被 安装 --> 正在处理依赖关系 setools-libs >= 3.3.8-4,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libsemanage-python >= 2.5-14,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 audit-libs-python >= 2.1.3-4,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 python-IPy,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1(VERS_1.4)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1(VERS_1.2)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libcgroup,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libapol.so.4(VERS_4.0)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 checkpolicy,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1()(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libapol.so.4()(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 ---> 软件包 python-ply.noarch.0.3.4-11.el7 将被 安装 --> 正在检查事务 ---> 软件包 audit-libs-python.x86_64.0.2.8.5-4.el7 将被 安装 ---> 软件包 checkpolicy.x86_64.0.2.5-8.el7 将被 安装 ---> 软件包 libcgroup.x86_64.0.0.41-21.el7 将被 安装 ---> 软件包 libsemanage-python.x86_64.0.2.5-14.el7 将被 安装 ---> 软件包 python-IPy.noarch.0.0.75-6.el7 将被 安装 ---> 软件包 setools-libs.x86_64.0.3.3.8-4.el7 将被 安装 --> 解决依赖关系完成 依赖关系解决 ================================================================================================= Package 架构 版本 源 大小 ================================================================================================= 正在安装: bind x86_64 32:9.11.4-26.P2.el7_9.16 updates 2.3 M 为依赖而安装: audit-libs-python x86_64 2.8.5-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k libcgroup x86_64 0.41-21.el7 base 66 k libsemanage-python x86_64 2.5-14.el7 base 113 k policycoreutils-python x86_64 2.5-34.el7 base 457 k python-IPy noarch 0.75-6.el7 base 32 k python-ply noarch 3.4-11.el7 base 123 k setools-libs x86_64 3.3.8-4.el7 base 620 k 事务概要 ================================================================================================= 安装 1 软件包 (+8 依赖软件包) 总下载量:4.1 M 安装大小:11 M Downloading packages: (1/9): audit-libs-python-2.8.5-4.el7.x86_64.rpm | 76 kB 00:00:00 (2/9): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00 (3/9): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00 (4/9): policycoreutils-python-2.5-34.el7.x86_64.rpm | 457 kB 00:00:00 (5/9): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00 (6/9): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00 (7/9): bind-9.11.4-26.P2.el7_9.16.x86_64.rpm | 2.3 MB 00:00:01 libcgroup-0.41-21.el7.x86_64.r FAILED http://mirrors.aliyuncs.com/centos/7/os/x86_64/Packages/libcgroup-0.41-21.el7.x86_64.rpm: [Errno 14] curl#7 - "Failed connect to mirrors.aliyuncs.com:80; Connection refused" 正在尝试其它镜像。 (8/9): libcgroup-0.41-21.el7.x86_64.rpm | 66 kB 00:00:00 checkpolicy-2.5-8.el7.x86_64.r FAILED http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/Packages/checkpolicy-2.5-8.el7.x86_64.rpm: [Errno 14] curl#7 - "Failed connect to mirrors.cloud.aliyuncs.com:80; Connection refused" 正在尝试其它镜像。 (9/9): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00 ------------------------------------------------------------------------------------------------- 总计 191 kB/s | 4.1 MB 00:00:21 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在安装 : setools-libs-3.3.8-4.el7.x86_64 1/9 正在安装 : libcgroup-0.41-21.el7.x86_64 2/9 正在安装 : audit-libs-python-2.8.5-4.el7.x86_64 3/9 正在安装 : checkpolicy-2.5-8.el7.x86_64 4/9 正在安装 : python-IPy-0.75-6.el7.noarch 5/9 正在安装 : libsemanage-python-2.5-14.el7.x86_64 6/9 正在安装 : policycoreutils-python-2.5-34.el7.x86_64 7/9 正在安装 : python-ply-3.4-11.el7.noarch 8/9 正在安装 : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 9/9 验证中 : python-ply-3.4-11.el7.noarch 1/9 验证中 : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 2/9 验证中 : libsemanage-python-2.5-14.el7.x86_64 3/9 验证中 : python-IPy-0.75-6.el7.noarch 4/9 验证中 : checkpolicy-2.5-8.el7.x86_64 5/9 验证中 : policycoreutils-python-2.5-34.el7.x86_64 6/9 验证中 : audit-libs-python-2.8.5-4.el7.x86_64 7/9 验证中 : libcgroup-0.41-21.el7.x86_64 8/9 验证中 : setools-libs-3.3.8-4.el7.x86_64 9/9 已安装: bind.x86_64 32:9.11.4-26.P2.el7_9.16 作为依赖被安装: audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7 完毕!
2、关闭防火墙、SElinux
[root@bogon ~]# systemctl stop firewalld [root@bogon ~]# systemctl disable --now firewalld [root@bogon ~]# setenforece 0 [root@bogon ~]# getenforce Disabled
3、服务主文件配置
[root@bogon ~]#vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
#找到此内容,更改自己的参数
options {
listen-on port 53 { 192.168.58.131; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
4、定义区域文件配置
[root@bogon ~]# vim /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
#保留这两段内容,更改相关参数,其余内容注释掉
zone "c2505.com" IN {
type master;
file "c2505.com.zones";
allow-update { none; };
};
zone "58.168.192.in-addr.arpa" IN {
type master;
file "192.168.58.zones";
allow-update { none; };
};
5、配置解析文件
#保留属性权限复制文件并改名为区域文件配置中设置的名字 [root@bogon ~]# cd /var/named/ [root@bogon named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@bogon named]# cp -p named.empty c2505.com.zones [root@bogon named]# cp -p named.empty 192.168.58.131.zones [root@bogon named]# ls -l 总用量 24 -rw-r----- 1 root named 152 12月 15 2009 192.168.58.131.zones -rw-r----- 1 root named 152 12月 15 2009 c2505.com.zones drwxrwx--- 2 named named 6 6月 11 2024 data drwxrwx--- 2 named named 6 6月 11 2024 dynamic -rw-r----- 1 root named 2253 4月 5 2018 named.ca -rw-r----- 1 root named 152 12月 15 2009 named.empty -rw-r----- 1 root named 152 6月 21 2007 named.localhost -rw-r----- 1 root named 168 12月 15 2009 named.loopback drwxrwx--- 2 named named 6 6月 11 2024 slaves
正向解析文件配置
[root@bogon named]# vim c2505.com.zones $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
$TTL 3H @ IN SOA c2505.com. admin.c2505.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ NS dns1.c2505.com. dns1 A 192.168.58.131 dns01 CNAME dns1.c2505.com. mail A 192.168.58.132 mail MX 10 mail.c2505.com
反向解析文件配置
[root@bogon named]# vim 192.168.58.131.zones $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1
#先删掉反向解析 $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum
先不启用反向解析,注释掉
[root@bogon named]# vim /etc/named.rfc1912.zones
//zone "58.168.192.in-addr.arpa" IN {
// type master;
// file "192.168.58.zones";
// allow-update { none; };
//};
开启named服务
[root@bogon named]# systemctl start named
二、客户端配置
客户端测试(IP为192.168.58.132)
1、把域名解析配置文件中的域名IP改为主服务器的IP
[root@bogon ~]# cat /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.58.2
# Generated by NetworkManager nameserver 192.168.58.131
[root@bogon ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.58.131 [root@bogon ~]# nslookup > dns1.c2505.com Server: 192.168.58.131 Address: 192.168.58.131#53 Name: dns1.c2505.com Address: 192.168.58.131 #成功正向解析域名
2、配置反向解析
反向解析文件配置
#192。168.58.131# [root@bogon named]# vim 192.168.58.131.zones $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum
$TTL 3H @ IN SOA c2505.com. admin.c2505.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ NS dns1.c2505.com. 131 PTR dns1.c2505.com. 132 PTR mail.c2505.com. 131 PTR dns01.c2505.com.
定义区域文件配置
把反向解析的配置注释去掉
#192。168.58.131#
[root@bogon named]# vim /etc/named.rfc1912.zones
zone "58.168.192.in-addr.arpa" IN {
type master;
file "192.168.58.zones";
allow-update { none; };
};
[root@bogon named]# systemctl restart named
#192。168.58.131# [root@bogon named]# netstat -anptu | grep :53 tcp 0 0 192.168.58.131:53 0.0.0.0:* LISTEN 17670/named tcp 0 0 192.168.58.131:52144 203.119.25.1:53 TIME_WAIT - tcp 0 0 192.168.58.131:50807 203.119.25.1:53 TIME_WAIT - tcp 0 0 192.168.58.131:35682 203.119.25.1:53 TIME_WAIT - tcp 0 0 192.168.58.131:41779 203.119.25.1:53 TIME_WAIT - tcp 0 0 192.168.58.131:60215 203.119.25.1:53 TIME_WAIT - tcp 0 0 192.168.58.131:51304 203.119.25.1:53 TIME_WAIT - udp 0 0 192.168.58.131:53 0.0.0.0:* 17670/named
客户端测试
#192。168.58.132# [root@bogon ~]# nslookup > 192.168.58.131 131.58.168.192.in-addr.arpa name = dns01.c2505.com. 131.58.168.192.in-addr.arpa name = dns1.c2505.com.
配置DNS主从架构
配置从服务器(IP为192.168.58.134)
1、安装bind服务
#192.168.58.134# [root@bogon ~]# yum install -y bind 已加载插件:fastestmirror, priorities Determining fastest mirrors epel/x86_64/metalink | 4.8 kB 00:00:00 * base: mirrors.aliyun.com * epel: ftp-stud.hs-esslingen.de * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Ceph | 1.5 kB 00:00:00 Ceph-noarch | 1.5 kB 00:00:02 base | 3.6 kB 00:00:00 ceph-source | 1.5 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 正在解决依赖关系 --> 正在检查事务 ---> 软件包 bind.x86_64.32.9.11.4-26.P2.el7_9.16 将被 安装 --> 正在处理依赖关系 python-ply,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在处理依赖关系 policycoreutils-python,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在处理依赖关系 policycoreutils-python,它被软件包 32:bind-9.11.4-26.P2.el7_9.16.x86_64 需要 --> 正在检查事务 ---> 软件包 policycoreutils-python.x86_64.0.2.5-34.el7 将被 安装 --> 正在处理依赖关系 setools-libs >= 3.3.8-4,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libsemanage-python >= 2.5-14,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 audit-libs-python >= 2.1.3-4,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 python-IPy,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1(VERS_1.4)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1(VERS_1.2)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libcgroup,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libapol.so.4(VERS_4.0)(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 checkpolicy,它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libqpol.so.1()(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 --> 正在处理依赖关系 libapol.so.4()(64bit),它被软件包 policycoreutils-python-2.5-34.el7.x86_64 需要 ---> 软件包 python-ply.noarch.0.3.4-11.el7 将被 安装 --> 正在检查事务 ---> 软件包 audit-libs-python.x86_64.0.2.8.5-4.el7 将被 安装 ---> 软件包 checkpolicy.x86_64.0.2.5-8.el7 将被 安装 ---> 软件包 libcgroup.x86_64.0.0.41-21.el7 将被 安装 ---> 软件包 libsemanage-python.x86_64.0.2.5-14.el7 将被 安装 ---> 软件包 python-IPy.noarch.0.0.75-6.el7 将被 安装 ---> 软件包 setools-libs.x86_64.0.3.3.8-4.el7 将被 安装 --> 解决依赖关系完成 依赖关系解决 ================================================================================================= Package 架构 版本 源 大小 ================================================================================================= 正在安装: bind x86_64 32:9.11.4-26.P2.el7_9.16 updates 2.3 M 为依赖而安装: audit-libs-python x86_64 2.8.5-4.el7 base 76 k checkpolicy x86_64 2.5-8.el7 base 295 k libcgroup x86_64 0.41-21.el7 base 66 k libsemanage-python x86_64 2.5-14.el7 base 113 k policycoreutils-python x86_64 2.5-34.el7 base 457 k python-IPy noarch 0.75-6.el7 base 32 k python-ply noarch 3.4-11.el7 base 123 k setools-libs x86_64 3.3.8-4.el7 base 620 k 事务概要 ================================================================================================= 安装 1 软件包 (+8 依赖软件包) 总下载量:4.1 M 安装大小:11 M Downloading packages: (1/9): audit-libs-python-2.8.5-4.el7.x86_64.rpm | 76 kB 00:00:00 (2/9): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00 (3/9): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00 (4/9): policycoreutils-python-2.5-34.el7.x86_64.rpm | 457 kB 00:00:00 (5/9): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00 (6/9): bind-9.11.4-26.P2.el7_9.16.x86_64.rpm | 2.3 MB 00:00:01 (7/9): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00 checkpolicy-2.5-8.el7.x86_64.r FAILED http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/Packages/checkpolicy-2.5-8.el7.x86_64.rpm: [Errno 14] curl#7 - "Failed connect to mirrors.cloud.aliyuncs.com:80; Connection refused" 正在尝试其它镜像。 libcgroup-0.41-21.el7.x86_64.r FAILED http://mirrors.aliyuncs.com/centos/7/os/x86_64/Packages/libcgroup-0.41-21.el7.x86_64.rpm: [Errno 14] curl#7 - "Failed connect to mirrors.aliyuncs.com:80; Connection refused" 正在尝试其它镜像。 (8/9): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00 (9/9): libcgroup-0.41-21.el7.x86_64.rpm | 66 kB 00:00:00 ------------------------------------------------------------------------------------------------- 总计 187 kB/s | 4.1 MB 00:00:22 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在安装 : setools-libs-3.3.8-4.el7.x86_64 1/9 正在安装 : libcgroup-0.41-21.el7.x86_64 2/9 正在安装 : audit-libs-python-2.8.5-4.el7.x86_64 3/9 正在安装 : checkpolicy-2.5-8.el7.x86_64 4/9 正在安装 : python-IPy-0.75-6.el7.noarch 5/9 正在安装 : libsemanage-python-2.5-14.el7.x86_64 6/9 正在安装 : policycoreutils-python-2.5-34.el7.x86_64 7/9 正在安装 : python-ply-3.4-11.el7.noarch 8/9 正在安装 : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 9/9 验证中 : python-ply-3.4-11.el7.noarch 1/9 验证中 : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 2/9 验证中 : libsemanage-python-2.5-14.el7.x86_64 3/9 验证中 : python-IPy-0.75-6.el7.noarch 4/9 验证中 : checkpolicy-2.5-8.el7.x86_64 5/9 验证中 : policycoreutils-python-2.5-34.el7.x86_64 6/9 验证中 : audit-libs-python-2.8.5-4.el7.x86_64 7/9 验证中 : libcgroup-0.41-21.el7.x86_64 8/9 验证中 : setools-libs-3.3.8-4.el7.x86_64 9/9 已安装: bind.x86_64 32:9.11.4-26.P2.el7_9.16 作为依赖被安装: audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7 完毕! [root@bogon ~]# cd /var/named [root@bogon named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@bogon named]# cd slaves [root@bogon slaves]# ls [root@bogon slaves]#
2、服务主文件配置
#192.168.58.134#
[root@bogon slaves]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.58.134; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
[root@bogon slaves]# vim /etc/named.rfc1912.zones
zone "c2505.com." IN {
type slave;
file "slaves/c2505.com.zones";
masters { 192.168.58.131; };
};
zone "58.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.58.zones";
masters { 192.168.58.131; };
};
[root@bogon slaves]# systemctl enable --now named
3、定义区域文件配置
#192.168.58.131#
[root@bogon named]# vim /etc/named.rfc1912.zones
zone "c2505.com" IN {
type master;
file "c2505.com.zones";
allow-update { none; };
allow-transfer { 192.168.58.134; };
};
zone "58.168.192.in-addr.arpa" IN {
type master;
file "192.168.58.zones";
allow-update { none; };
allow-transfer { 192.168.58.134; };::
};
[root@bogon named]# systemctl restart named
4、客户端测试成果
在客户端中把域名IP改为从服务器的IP
#192.168.58.132# [root@bogon ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.58.134 [root@bogon ~]# nslookup > mail.c2505.com Server: 192.168.58.134 Address: 192.168.58.134#53 Name: mail.c2505.com Address: 192.168.58.132 > exit [root@bogon ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.58.131 nameserver 192.168.58.134 [root@bogon ~]# nslookup > mail.c2505.com Server: 192.168.58.131 Address: 192.168.58.131#53 Name: mail.c2505.com Address: 192.168.58.132
关掉主服务器的named服务
#192.168.58.131# root@bogon named]# systemctl stop named
#192.168.58.132# [root@bogon ~]# nslookup > mail.c2505.com Server: 192.168.58.134 Address: 192.168.58.134#53 Name: mail.c2505.com Address: 192.168.58.132
脚本编写
1、DNS主服务器脚本编写
#!/bin/bash
#安装bind服务
yum install -y bind > /dev/null
#关闭防火墙、SElinux
systemctl stop firewalld
systemctl disable --now firewalld
setenforce 0 > /dev/null
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#服务主文件配置
ip=`ifconfig | grep "inet " | grep -v "255.0.0.0" | awk '{print $2}'`
sed -i "s/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { $ip; };/" /etc/named.conf
sed -i 's/{ localhost; };/{ any; };/' /etc/named.conf
#定义区域文件配置
read -p "请输入要设置的域名:" dn
read -p "请输入从服务器的ip地址:" ip1
result=$(echo $ip | awk -F. '{print $3"."$2"."$1}')
result2=$(echo $ip | awk -F. '{print $1"."$2"."$3}')
reverse_file="${result}.zones"
echo "
zone \"${dn}.com\" IN {
type master;
file \"${dn}.com.zones\";
allow-update { none; };
allow-transfer { $ip1; };
};
zone \"${result}.in-addr.arpa\" IN {
type master;
file \"${reverse_file}\";
allow-update { none; };
allow-transfer { $ip1; };
};
" > /etc/named.rfc1912.zones
#配置解析文件
cd /var/named/
cp -p named.empty "$dn".com.zones
cp -p named.empty "$result".zones
read -p "请输入客户端的ip地址:" ip2
echo "
\$TTL 3H
@ IN SOA $dn.com. admin.$dn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1.$dn.com.
dns1 A $ip
dns01 CNAME dns1.$dn.com.
mail A $ip2
mail MX 10 mail.$dn.com.
" > /var/named/"$dn".com.zones
a=$(echo $ip | awk -F. '{print $4}')
b=$(echo $ip2 | awk -F. '{print $4}')
echo "
\$TTL 3H
@ IN SOA $dn.com. admin.$dn.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns1.$dn.com.
$a PTR dns1.$dn.com.
$b PTR mail.$dn.com.
$a PTR dns01.$dn.com.
" > /var/named/"$result".zones
systemctl restart named
2、从服务器脚本编写
#!/bin/bash
#安装bind服务
yum install -y bind > /dev/null
systemctl restart named
#服务主文件配置
cd /var/named/slaves
ip=`ifconfig | grep "inet " | grep -v "255.0.0.0" | awk '{print $2}'`
sed -i "s/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { $ip; };/" /etc/named.conf
sed -i 's/{ localhost; };/{ any; };/' /etc/named.conf
#定义区域文件配置
read -p "请输入要设置的域名:" dn
read -p "请输入主服务器的ip地址:" ip1
result=$(echo $ip | awk -F. '{print $3"."$2"."$1}')
result2=$(echo $ip | awk -F. '{print $1"."$2"."$3}')
reverse_file="${result}.zones"
echo "
zone \"${dn}.com\" IN {
type slave;
file \"slaves/${dn}.com.zones\";
masters { $ip1; };
};
zone \"${result}.in-addr.arpa\" IN {
type slave;
file \"slaves/${reverse_file}\";
masters { $ip1; };
};
" > /etc/named.rfc1912.zones
systemctl enable --now named
systemctl restart named
3、客户端脚本编写
#!/bin/bash read -p "请输入要主服务器IP:" ip1 read -p "请输入要从服务器IP:" ip2 echo " nameserver $ip1 nameserver $ip2" > /etc/resolv.conf