centos7 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
centos6 关闭防火墙
service iptables stop
chkconfig iptables off
关闭selinux安全机制
sed -i '7 s/enforcing/disabled' /etc/selinux/config
setenforce 0
iptables -F
主DNS域名解析服务器
[root@ns1 ~]# systemctl stop firewalld
[root@ns1 ~]# iptables -F
[root@ns1 ~]# setenforce 0
yum安装bind
[root@ns1 ~]# cat /etc/resolv.conf 指定DNS服务器地址
# Generated by NetworkManager
search chenyu.com
nameserver 202.106.0.20
nameserver 192.168.12.12
nameserver 192.168.12.13
[root@ns1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.12.12 ns1.chenyu.com
192.168.12.13 ns2.chenyu.com
[root@ns1 ~]#
[root@ns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.12.12; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};
zone "chenyu.com" IN {
type master; 3种类型 master用于正向 slave用于反向 hint配缓存服务器使用
file "chenyu.com.zheng";
allow-transfer { 192.168.12.13; };
};
zone "12.168.192.in-addr.arpa" IN { 网段反着写
type master;
file "chenyu.com.fan";
allow-transfer { 192.168.12.13; };
};
named-checkconf /etc/named.conf 检测主配置文件有没有语法错误
[root@ns1 ~]# cat /var/named/chenyu.com.zheng
$TTL 86400
@ IN SOA chenyu.com. root.chenyu.com. (
432343 序号
3H 3小时 更新时间间隔
15M 15分 更新失败再次尝试的间隔时间
1W 1周 若一直失败,尝试一周后放弃
1D 1天 无效解析记录的生存周期
)
IN NS ns1.chenyu.com. NS name server
IN NS ns2.chenyu.com.
IN MX 10 mail.chenyu.com. 邮件交换 10是优先级 数字越大优先级越低
ns1 IN A 192.168.12.12 A 用于正向
ns2 IN A 192.168.12.13
www IN A 192.168.12.113
* IN A 192.168.12.12 泛域名解析 解析文件中不存在的全部指向192.168.12.12
abc IN A 192.168.12.114
abc IN A 192.168.12.115 负载均衡abc可以指向3个ip 减小压力
abc IN A 192.168.12.116
named-checkzone chenyu.com. /var/named/chenyu.com.zheng 检测正反解析文件有无语法错误
[root@ns1 ~]# cat /var/named/chenyu.com.fan
$TTL 86400
@ IN SOA chenyu.com. root.chenyu.com. (
432343
3H
15M
1W
1D
)
IN NS ns1.chenyu.com.
IN NS ns2.chenyu.com.
IN MX 10 mail.chenyu.com.
12 IN PTR ns1.chenyu.com. PTR用于反向解析
13 In PTR ns2.chenyu.com.
113 IN PTR www.chenyu.com.
named-checkzone chenyu.com. /var/named/chenyu.com.zheng 检测正反解析文件有无语法错误
[root@ns1 ~]# ll /var/named/chenyu.com.*
-rw-r--r--. 1 root named 236 8月 19 13:29 /var/named/chenyu.com.fan
-rw-r--r--. 1 root named 258 8月 19 13:56 /var/named/chenyu.com.zheng 将数组改为named
[root@ns1 ~]# systemctl restart named
systemctl enable named 设置开机启动
从DNS域名解析服务器
[root@ns1 ~]# scp /etc/named.conf /etc/hosts /etc/resolv.conf 192.168.12.13:/etc 从主中将文件复制过来
The authenticity of host '192.168.12.13 (192.168.12.13)' can't be established.
ECDSA key fingerprint is SHA256:j3DsbsQelzcLR3oXnXGiKnjghgDQETijR2jc/MHZzdw.
ECDSA key fingerprint is MD5:9c:e1:fc:67:98:78:23:b0:fa:b9:59:8f:b7:1e:4f:46.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.12.13' (ECDSA) to the list of known hosts.
root@192.168.12.13's password:
named.conf 100% 595 415.7KB/s 00:00
hosts 100% 216 132.0KB/s 00:00
resolv.conf 100% 72 26.9KB/s 00:00
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
yum安装bind
[root@localhost ~]# cat /etc/named.conf
options {
directory "/var/named";
};
zone "chenyu.com" IN {
type slave;
file "slaves/chenyu.com.zheng";
masters { 192.168.12.12; };
};
zone "12.168.192.in-addr.arpa" IN {
type slave;
file "slaves/chenyu.com.fan";
masters { 192.168.12.12; };
};
[root@localhost ~]# systemctl restart named