CentOS部署DNS主从

作者: 带着小猪闯天下 | 来源:发表于2021-08-05 10:52 被阅读0次

CentOS部署DNS主从
centos7+mysql5.7主从配置
mysql主从配置（读写分离）
dns及数据库相关练习
Mycat 实现读写分离
Redis部署
linux快速搭建docker部署gitlab
第十一周
Redis集群部署
第十周作业

1，环境准备

关闭防火墙，selinux
systemctl stop firewalld
systemctl disabled firewalld
setenforce 0

2，安装服务

yum install bind-* -y

3，修改主服务器配置文件

[root@dns-1 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { any; };    ##此处就是any
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };  ##此处也是any

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
##下面是自己新加的正向解析，复制上面修改就好
zone "zjht100.com" IN {      ##zjht100.com为自定义
    type master;                   ##角色为master
    file "zjht100.com.zone";    ##指定对应的文件（创建该文件名要相同）
    allow-transfer { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

4，创建解析文件

cd /var/named
cp named.localhost zjht100.com.zone
**修改文件权限 **
chown named.named zjht100.com.zone
vim zjht100.com.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
www     IN      A       192.168.3.252  ##前面不动，此处为新加解析

5，重启服务

systemctl restart named
验证
[root@dns-1 named]# named-checkzone "zjht100.com" /var/named/zjht100.com.zone 
zone zjht100.com/IN: loaded serial 0
OK   ——>输出OK表示正确

6，从DNS配置

[root@dns-2 named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
##新加解析
zone "zjht100.com" IN {   
    type slave;     ##此处角色为slave
    file "zjht100.com.zone";
    masters {192.168.3.234;}; ##此处写master节点IP
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

7，重启服务

systemctl restart named

网友评论

本文标题：CentOS部署DNS主从

本文链接：https://www.haomeiwen.com/subject/nskmvltx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

CentOS部署DNS主从

1，环境准备

2，安装服务

3，修改主服务器配置文件

4，创建解析文件

5，重启服务

6，从DNS配置

7，重启服务

相关文章

CentOS部署DNS主从

centos7+mysql5.7主从配置

mysql主从配置（读写分离）

dns及数据库相关练习

Mycat 实现读写分离

Redis部署

linux快速搭建docker部署gitlab

第十一周

Redis集群部署

第十周作业

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读