美文网首页centoswen网络
【DNS】CenOS7.x上基于Bind9的DNS主从安装配置

【DNS】CenOS7.x上基于Bind9的DNS主从安装配置

作者: Bogon | 来源:发表于2023-06-02 00:01 被阅读0次

    一、环境信息

    DNS 主: 192.168.1.111
    DNS 从: 192.168.1.112

    二、安装Bind9主从

    #  yum  -y install bind bind-utils

# mkdir    /opt/bind9/
# chown -R  named:named  /opt/bind9

    # yum  info bind  bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
Name        : bind
Arch        : x86_64
Epoch       : 32
Version     : 9.11.4
Release     : 26.P2.el7_9.13
Size        : 5.4 M
Repo        : installed
From repo   : updates
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL         : http://www.isc.org/products/BIND/
License     : MPLv2.0
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
            : (Domain Name System) protocols. BIND includes a DNS server (named),
            : which resolves host names to IP addresses; a resolver library
            : (routines for applications to use when interfacing with DNS); and
            : tools for verifying that the DNS server is operating properly.

Name        : bind-utils
Arch        : x86_64
Epoch       : 32
Version     : 9.11.4
Release     : 26.P2.el7_9.13
Size        : 584 k
Repo        : installed
From repo   : updates
Summary     : Utilities for querying DNS name servers
URL         : http://www.isc.org/products/BIND/
License     : MPLv2.0
Description : Bind-utils contains a collection of utilities for querying DNS (Domain
            : Name System) name servers to find out information about Internet
            : hosts. These tools will provide you with the IP addresses for given
            : host names, as well as other information about registered domains and
            : network addresses.
            :
            : You should install bind-utils if you need to get information from DNS name
            : servers.

    三、配置Bind9主从

    1.在 192.168.1.111 bind9 master

    # cat /etc/named.conf

    //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
 
options {
        version "no banner";
        listen-on port 53 { 127.0.0.1;192.168.1.111; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        zone-statistics yes;
        dnssec-enable no;
        dnssec-validation no;
        forwarders {
          xx.xx.xx.xx;
        };
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
 
        managed-keys-directory "/var/named/dynamic";
};
 
logging {
         channel b_log {
                 file "/opt/bind9/bind.log" versions 30 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
 
         channel b_debug {
                 file "/opt/bind9/debug.log" versions 3 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity dynamic;
         };
 
         channel b_query {
                 file "/opt/bind9/query.log" versions 3 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity dynamic;
         };
 
         category default { b_log; b_debug; };
         category config { b_log; b_debug; };
         category queries { b_query; };
   };
 
 
 
zone "example1.com" IN {
  type master;
  file "/var/named/example1.com";
  notify yes;
  allow-update { none; };
};
 
 
zone "example2.com" IN {
  type master;
  file "/var/named/example2.com";
  notify yes;
  allow-update { none; };
};

    # vim /var/named/example1.com

    ; Hash: e38ba61112fe382f3aa83e5def14b568 1638775844
; Zone file for example1.com
;
; Ansible managed
;
 
$ORIGIN example1.com.
$TTL 20
 
@ IN SOA ns1.example1.com. admin.example1.com. (
  1638775844
  1H
  5M
  1W
  10M )
 
                     IN  NS     ns1.example1.com.
 
 
 
www                  IN  A      192.168.1.101
ns1                  IN  A      192.168.1.111

    # cp -pr /var/named/example1.com /var/named/example2.com

    # vim /var/named/example2.com

    ; Hash: e38ba61112fe382f3aa83e5def14b568 1638775844
; Zone file for example2.com
;
; Ansible managed
;
 
$ORIGIN example2.com.
$TTL 20
 
@ IN SOA ns1.example2.com. admin.example2.com. (
  1638775844
  1H
  5M
  1W
  10M )
 
                     IN  NS     ns1.example2.com.
 
 
 
www                  IN  A      192.168.1.102
ns1                  IN  A      192.168.1.111

    2.在 192.168.1.112 bind9 slave

    # cat /etc/named.conf

    //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
 
options {
        version "no banner";
        listen-on port 53 { 127.0.0.1;192.168.1.112; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;
        zone-statistics yes;
        dnssec-enable no;
        dnssec-validation no;
        forwarders {
          xx.xx.xx.xx;
        };
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
 
        managed-keys-directory "/var/named/dynamic";
};
 
logging {
         channel b_log {
                 file "/opt/bind9/bind.log" versions 30 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
 
         channel b_debug {
                 file "/opt/bind9/debug.log" versions 3 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity dynamic;
         };
 
         channel b_query {
                 file "/opt/bind9/query.log" versions 3 size 5G;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity dynamic;
         };
 
         category default { b_log; b_debug; };
         category config { b_log; b_debug; };
         category queries { b_query; };
   };
 
 
zone "example1.com.com" IN {
  type slave;
  masters { 192.168.1.111; };
  file "slaves/example1.com.com";
};
 
 
zone "example2.com" IN {
  type slave;
  masters { 192.168.1.111; };
  file "slaves/example2.com";
};

    3. .在 192.168.1.111 192.168.1.112

    配置完主从,重启需named: systemctl restart named

    # systemctl restart  named 
# systemctl status   named

    4.在 192.168.1.112 bind9 slave

    # ll /etc/named.conf
-rw-r----- 1 named named 1985 5月  29 11:17 /etc/named.conf
 
 
# ll /var/named/
总用量 0
drwxrwx---. 2 root named  6 12月  6 2021 data
drwxrwx---. 2 root named  6 12月  6 2021 dynamic
drwxrwx---. 2 root named 59 5月  29 11:21 slaves
 
# ll /var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 289 5月  29 13:11 example1.com
-rw-r--r-- 1 named named 330 5月  29 13:23 example2.com
 
# file  /var/named/slaves/*
/var/named/slaves/example1.com:      data
/var/named/slaves/example2.com:      data

    注意:

    bind9 slave 不需要配置 /var/named/example1.com /var/named/example2.com

    bind9 slave 上 /var/named/slaves/example1.com /var/named/slaves/example2.com 是bind9 master 同步的数据,非文本文件

    bind9 master / bind9 slave 上 /etc/named.conf /var/named/ 文件、目录 所有者 所属组 需要是 named

    四、测试

    将1台测试机机器的 DNS服务器地址改为 :

    主: 192.168.1.111
主: 192.168.1.112

    Windows:

    image.png

    Linux:

    # cat /etc/resolv.conf

    
nameserver   192.168.1.111
nameserver   192.168.1.112

    五、参考

    WeiyiGeek Blog

    https://blog.weiyigeek.top/

    https://space.bilibili.com/385802642/article

    DNS域名解析服务器企业DNS主从服务搭建配置实践
    https://www.jianshu.com/p/152a7a7efa45

    DNS域名解析服务器基础概念和安装配置

    https://www.bilibili.com/read/cv13605206

    DNS域名解析服务器BIND9解析配置

    https://www.bilibili.com/read/cv13645145

    DNS域名解析服务器企业DNS主从服务搭建配置实践

    https://www.bilibili.com/read/cv13645448/

    BIND9详解之日志篇
    https://www.cnblogs.com/fjping0606/p/4428736.html

    从零开始的 BIND9, DNS服务搭建及其原理
    https://www.cnblogs.com/doherasyang/p/14464999.html

    DNS-Bind日志详述
    https://www.cnblogs.com/sunnydou/p/15067571.html

    相关文章

      网友评论

        本文标题:【DNS】CenOS7.x上基于Bind9的DNS主从安装配置

        本文链接:https://www.haomeiwen.com/subject/gckpedtx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        centos

        wen

        网络

        关于我们|服务条款|联系我们|【DNS】CenOS7.x上基于Bind9的DNS主从安装配置|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!