DNS 服务器配置03
2024-05-07 15:19:29
本次主要配置主从复制
泛域名解析
[root@paly named]#host -t a www.test.tontom.com
www.test.tontom.com has address 192.168.1.123
[root@paly named]#[root@paly ~]#dig +norecurse -t A www.baidu.com @192.168.31.224 #非递归
;; QUESTION SECTION:
;www.baidu.com. IN A;; AUTHORITY SECTION:
. 201017 IN NS i.root-servers.net.
. 201017 IN NS b.root-servers.net.
. 201017 IN NS j.root-servers.net.
. 201017 IN NS a.root-servers.net.
. 201017 IN NS m.root-servers.net.
. 201017 IN NS c.root-servers.net.
. 201017 IN NS k.root-servers.net.
. 201017 IN NS g.root-servers.net.
. 201017 IN NS d.root-servers.net.
. 201017 IN NS f.root-servers.net.
. 201017 IN NS h.root-servers.net.
. 201017 IN NS e.root-servers.net.
. 201017 IN NS l.root-servers.net.;; ADDITIONAL SECTION:
b.root-servers.net. 142042 IN A 199.9.14.201
j.root-servers.net. 54632 IN A 192.58.128.30
k.root-servers.net. 201017 IN AAAA 2001:7fd::1[root@paly ~]#dig +norecurse -t A www.baidu.com @i.root-servers.net.
;; QUESTION SECTION:
;www.baidu.com. IN A;; ANSWER SECTION:
www.baidu.com. 1108 IN CNAME www.a.shifen.com.
www.a.shifen.com. 268 IN A 110.242.68.3
www.a.shifen.com. 268 IN A 110.242.68.4
配置递归
配置可递归网段,本机及192.168.31网段可递归
[root@paly named]#service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@paly ~]#dig -t A www.baidu.com @192.168.1.254
;; QUESTION SECTION:
;www.baidu.com. IN A;; Query time: 0 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Wed May 11 08:56:37 2022
;; MSG SIZE rcvd: 31[root@paly ~]#dig -t A www.baidu.com @192.168.31.224
;; QUESTION SECTION:
;www.baidu.com. IN A;; ANSWER SECTION:
www.baidu.com. 908 IN CNAME www.a.shifen.com.
www.a.shifen.com. 8 IN A 110.242.68.4
www.a.shifen.com. 8 IN A 110.242.68.3;; AUTHORITY SECTION:
. 200717 IN NS i.root-servers.net.
. 200717 IN NS m.root-servers.net.
. 200717 IN NS c.root-servers.net.
. 200717 IN NS h.root-servers.net.
. 200717 IN NS b.root-servers.net.
. 200717 IN NS l.root-servers.net.
. 200717 IN NS g.root-servers.net.
. 200717 IN NS j.root-servers.net.
. 200717 IN NS e.root-servers.net.
. 200717 IN NS a.root-servers.net.
. 200717 IN NS d.root-servers.net.
. 200717 IN NS k.root-servers.net.
. 200717 IN NS f.root-servers.net.;; ADDITIONAL SECTION:
a.root-servers.net. 518200 IN A 198.41.0.4
a.root-servers.net. 518200 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 141742 IN A 199.9.14.201
b.root-servers.net. 518200 IN AAAA 2001:500:200::b
c.root-servers.net. 518200 IN A 192.33.4.12
c.root-servers.net. 518200 IN AAAA 2001:500:2::c
d.root-servers.net. 518200 IN A 199.7.91.13
d.root-servers.net. 518200 IN AAAA 2001:500:2d::d
e.root-servers.net. 518200 IN A 192.203.230.10
dig trace
[root@paly named]#dig +trace -t A www.csdn.net #访问步骤
[root@paly ~]#dig +trace -t A www.csdn.net @i.root-servers.net. ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> +trace -t A www.csdn.net @i.root-servers.net.
;; global options: +cmd
. 518400 IN NS c.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
;; Received 504 bytes from 192.36.148.17#53(192.36.148.17) in 158 mswww.csdn.net. 58 IN A 39.106.226.142
;; Received 46 bytes from 199.9.14.201#53(199.9.14.201) in 3 ms
传送
[root@paly named]#dig -t axfr tontom.com #完全区域传送; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -t axfr tontom.com
;; global options: +cmd
tontom.com. 600 IN SOA ns1.tontom.com.tontom.com. admin.tontom.com.tontom.com. 2022041401 3600 300 172800 21600
tontom.com. 600 IN A 192.168.1.123
tontom.com. 600 IN NS ns1.tontom.com.
tontom.com. 600 IN MX 10 mail.tontom.com.
*.tontom.com. 600 IN A 192.168.1.123
ftp.tontom.com. 600 IN CNAME www.tontom.com.
mail.tontom.com. 600 IN A 192.168.1.124
ns1.tontom.com. 600 IN A 192.168.1.123
www.tontom.com. 600 IN A 192.168.1.123
www.tontom.com. 600 IN A 192.168.1.125
tontom.com. 600 IN SOA ns1.tontom.com.tontom.com. admin.tontom.com.tontom.com. 2022041401 3600 300 172800 21600
;; Query time: 0 msec
;; SERVER: 192.168.31.224#53(192.168.31.224)
;; WHEN: Sat May 7 16:44:46 2022
;; XFR size: 11 records (messages 1, bytes 280)[root@paly named]#
[root@paly named]#dig -t IXFR=2022041402 tontom.com #增量区域传送; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -t IXFR=2022041402 tontom.com
;; global options: +cmd
tontom.com. 600 IN SOA ns1.tontom.com.tontom.com. admin.tontom.com.tontom.com. 2022041401 3600 300 172800 21600
;; Query time: 0 msec
;; SERVER: 192.168.31.224#53(192.168.31.224)
;; WHEN: Sat May 7 16:48:22 2022
;; XFR size: 1 records (messages 1, bytes 85)
[root@paly dhcp]#dig -t axfr tontom.com #配置allow-transfer后本机传送失败; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> -t axfr tontom.com
;; global options: +cmd
; Transfer failed.
[root@paly dhcp]#
DNS主服务器
[root@client ~]#vim /etc/named.conf
[root@client ~]#service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@client ~]#service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@client ~]#ifconfig | grep "inet addr"inet addr:192.168.1.123 Bcast:192.168.1.255 Mask:255.255.255.0inet addr:127.0.0.1 Mask:255.0.0.0
[root@client ~]#[root@client ~]#tail /var/log/messages
May 13 20:54:04 client named[4527]: client 192.168.1.123#47570: query (cache) '0.asia.pool.ntp.org/AAAA/IN' denied
May 13 20:54:04 client named[4527]: client 192.168.1.123#39464: query (cache) '0.asia.pool.ntp.org.centos.tom/A/IN' denied
May 13 20:54:04 client named[4527]: client 192.168.1.123#39464: query (cache) '0.asia.pool.ntp.org.centos.tom/AAAA/IN' denied
May 13 20:54:04 client named[4527]: client 192.168.1.123#39464: query (cache) '0.asia.pool.ntp.org.centos.tom/A/IN' denied
May 13 20:54:04 client named[4527]: client 192.168.1.123#39464: query (cache) '0.asia.pool.ntp.org.centos.tom/AAAA/IN' denied
May 13 20:58:39 client named[4527]: client 192.168.1.222#45285: transfer of '1.168.192.in-addr.arpa/IN': AXFR started
May 13 20:58:39 client named[4527]: client 192.168.1.222#45285: transfer of '1.168.192.in-addr.arpa/IN': AXFR ended
May 13 20:58:40 client named[4527]: client 192.168.1.222#58730: transfer of 'tontom.com/IN': AXFR started
May 13 20:58:40 client named[4527]: client 192.168.1.222#58730: transfer of 'tontom.com/IN': AXFR ended
May 13 20:58:40 client named[4527]: client 192.168.1.222#21892: received notify for zone 'tontom.com'
测试,更改正解文件。新增域名,并更改版本号,区域传送实验。
[root@client named]#tail /var/log/messages
May 13 21:59:44 client named[6466]: sizing zone task pool based on 5 zones
May 13 21:59:44 client named[6466]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
May 13 21:59:44 client named[6466]: reloading configuration succeeded
May 13 21:59:44 client named[6466]: reloading zones succeeded
May 13 21:59:44 client named[6466]: tontom.com.zone:18: ignoring out-of-zone data (tonixtom.com)
May 13 21:59:44 client named[6466]: zone tontom.com/IN: loaded serial 2022041404
May 13 21:59:44 client named[6466]: zone tontom.com/IN: sending notifies (serial 2022041404)
May 13 21:59:44 client named[6466]: client 192.168.1.222#59007: transfer of 'tontom.com/IN': AXFR-style IXFR started
May 13 21:59:44 client named[6466]: client 192.168.1.222#59007: transfer of 'tontom.com/IN': AXFR-style IXFR ended
May 13 21:59:45 client named[6466]: client 192.168.1.222#10503: received notify for zone 'tontom.com'
[root@client named]#
DNS从服务端
从服务器端配置
全局区域传送
[root@ton named]#tail /var/log/messages
May 13 21:10:55 ton named[4130]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
May 13 21:10:55 ton named[4130]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.123#53: connected using 192.168.1.222#60192
May 13 21:10:55 ton named[4130]: zone 1.168.192.in-addr.arpa/IN: transferred serial 2022041401
May 13 21:10:55 ton named[4130]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.123#53: Transfer completed: 1 messages, 7 records, 238 bytes, 0.001 secs (238000 bytes/sec)
May 13 21:10:55 ton named[4130]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2022041401)
May 13 21:10:56 ton named[4130]: zone tontom.com/IN: Transfer started.
May 13 21:10:56 ton named[4130]: transfer of 'tontom.com/IN' from 192.168.1.123#53: connected using 192.168.1.222#53928
May 13 21:10:56 ton named[4130]: zone tontom.com/IN: transferred serial 2022041402
May 13 21:10:56 ton named[4130]: transfer of 'tontom.com/IN' from 192.168.1.123#53: Transfer completed: 1 messages, 11 records, 280 bytes, 0.004 secs (70000 bytes/sec)
May 13 21:10:56 ton named[4130]: zone tontom.com/IN: sending notifies (serial 2022041402)
增量区域传送,这里需要关闭iptables,或者更改过滤规则。
[root@ton slaves]#tail /var/log/messages
May 13 21:44:49 ton named[4545]: sizing zone task pool based on 5 zones
May 13 21:44:49 ton named[4545]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
May 13 21:44:49 ton named[4545]: reloading configuration succeeded
May 13 21:44:49 ton named[4545]: reloading zones succeeded
May 13 21:59:44 ton named[4545]: client 192.168.1.123#15083: received notify for zone 'tontom.com'
May 13 21:59:44 ton named[4545]: zone tontom.com/IN: Transfer started.
May 13 21:59:44 ton named[4545]: transfer of 'tontom.com/IN' from 192.168.1.123#53: connected using 192.168.1.222#59007
May 13 21:59:44 ton named[4545]: zone tontom.com/IN: transferred serial 2022041404
May 13 21:59:44 ton named[4545]: transfer of 'tontom.com/IN' from 192.168.1.123#53: Transfer completed: 1 messages, 16 records, 379 bytes, 0.001 secs (379000 bytes/sec)
May 13 21:59:44 ton named[4545]: zone tontom.com/IN: sending notifies (serial 2022041404)
[root@ton slaves]#
[root@ton slaves]#ls
192.168.1.zone tontom.com.zone
[root@ton slaves]#cat tontom.com.zone
$ORIGIN .
$TTL 600 ; 10 minutes
tontom.com IN SOA ns1.tontom.com.tontom.com. admin.tontom.com.tontom.com. (2022041404 ; serial3600 ; refresh (1 hour)300 ; retry (5 minutes)172800 ; expire (2 days)21600 ; minimum (6 hours))NS ns1.tontom.com.NS ns2.tontom.com.A 192.168.1.123MX 10 mail.tontom.com.
$ORIGIN tontom.com.
* A 192.168.1.123
ftp CNAME www
hell2 A 192.168.1.219
hello A 192.168.1.229
mail A 192.168.1.124
ns1 A 192.168.1.123
ns2 A 192.168.1.222
test A 192.168.1.129
www A 192.168.1.123A 192.168.1.125
[root@ton slaves]#
rndc
[root@client ~]#rndc-confgen > /etc/rndc.conf
[root@client ~]#cat /etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {algorithm hmac-md5;secret "QBxh6JnKtHvTUPeZ7L0x1g==";
};options {default-key "rndc-key";default-server 127.0.0.1;default-port 953;
};
# End of rndc.conf# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "QBxh6JnKtHvTUPeZ7L0x1g==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
[root@client ~]#
[root@client ~]#rm -rf /etc/rndc.key
[root@client ~]#service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
[root@client ~]# rndc -c /etc/rndc.conf status
version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 2/100
server is up and running
[root@client ~]# rndc -c /etc/rndc.conf notify "tontom.com"
zone notify queued
[root@client ~]#tail /var/log/messages
May 14 02:19:15 client named[7704]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2022041401
May 14 02:19:15 client named[7704]: tontom.com.zone:18: ignoring out-of-zone data (tonixtom.com)
May 14 02:19:15 client named[7704]: zone tontom.com/IN: loaded serial 2022041404
May 14 02:19:15 client named[7704]: zone localhost/IN: loaded serial 0
May 14 02:19:15 client named[7704]: managed-keys-zone ./IN: loaded serial 50
May 14 02:19:15 client named[7704]: running
May 14 02:19:15 client named[7704]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2022041401)
May 14 02:19:15 client named[7704]: zone tontom.com/IN: sending notifies (serial 2022041404)
May 14 02:19:56 client named[7704]: received control channel command 'notify tontom.com'
May 14 02:19:56 client named[7704]: zone tontom.com/IN: sending notifies (serial 2022041404)
[root@client ~]# rndc -c /etc/rndc.conf flush
[root@client ~]#
配置rndc远程控制
- 主机
[root@client ~]#netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1205/rpcbind
tcp 0 0 0.0.0.0:50580 0.0.0.0:* LISTEN 1227/rpc.statd
tcp 0 0 192.168.1.123:53 0.0.0.0:* LISTEN 7872/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 7872/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1397/sshd
tcp 0 0 192.168.1.123:953 0.0.0.0:* LISTEN 7872/named
tcp 0 0 :::3306 :::* LISTEN 1602/mysqld
tcp 0 0 :::111 :::* LISTEN 1205/rpcbind
tcp 0 0 :::80 :::* LISTEN 1416/httpd
tcp 0 0 :::22 :::* LISTEN 1397/sshd
tcp 0 0 :::23 :::* LISTEN 1408/xinetd
tcp 0 0 :::38487 :::* LISTEN 1227/rpc.statd
[root@client ~]#
- 从机
[root@paly ~]#rndc -c rndc.conf status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
DNS 服务器配置03相关推荐
- windows2003 DNS服务器配置
windows2003 DNS服务器配置(图文详解) 实验前准备: 首先把本机的TCP/IP属性改好,例如(DNS的IP要填上本机的IP,本机IP一定是固定IP) 安装好DNS组件 一 配置DNS服务 ...
- 配置DNS服务器的需要修改的配置文件为,dns服务器配置教程
在WIN2003怎么安装部署DNS服务器(DNS服务是全称 域名服务器,是把域名地址主机名解析到网络地址的一项服务).下面是学习啦小编收集整理的dns服务器配置教程,希望对大家有帮助~~ dns服务器 ...
- redhat 7中DNS 服务器配置与测试
实例: 假设某单位所在的域"gztzy. org"内有三台主机,主机名分别为:jwc. gztzy.org,yds. gztzy.org和 cys.gztzy.org.其中 DNS ...
- DNS服务器配置:DNS服务器配置:正反解析,主从服务器,子域授权,
DNS服务器配置:正反解析,主从服务器,子域授权, 控制列表,bind view 配置前的设置:在172.16.59.1服务器上 安装bind: 配置好yum源后,用 # yum install bi ...
- DNS服务器配置项目,项目3 DNS服务器配置.doc
项目3 DNS服务器配置 项目4 DNS服务器配置 [项目目标] 以链接克隆方式,获得已经安装服务器的克隆备份.并在克隆机上进行练习. 修改克隆机网卡名称. 配置网络参数(练习使用命令或图形方式). ...
- linux dns中文域名,中国互联网协会-中文域名的使用:DNS服务器配置
中文域名的使用:DNS服务器配置 更新时间:2012-02-19 18:53:48 用户注册完一个中文域名之后,需要配置相应的DNS服务器来完成对该中文域名的解析.具体步骤如下: 在线转码或者利用离线 ...
- DNS服务器配置和测试
DNS服务器配置和测试 一.环境 两台服务器分别为:172.20.0.140和172.20.0.130,用yum install bind安装DNS服务. 二.程序配置 2.1 测试机配置 安装140 ...
- Windows server DNS服务器配置与管理
在互联网中IP是计算机在网络世界的通信证,依靠IP地址来识别网络中的每一台计算机.当我们访问Internet上的服务器,并须要知道对方的ip地址.在互连网中服务器的数量很庞大ip地址太多了要让用户记住 ...
- DNS服务器配置- windows2012
第一步.DNS服务器配置- windows2012 在开始菜单找到"服务器配置" 在添加角色和功能向导中下一步直到服务器角色中勾选DNS服务器 点击下一步 右下角工具中找到DNS, ...
最新文章
- Android开发之android_apk 在线安装(源代码分享)
- 5G 在物联网中的需求
- Py之moviepy:python库之moviepy的简介、安装、使用方法详细攻略
- 世界第一台电脑_再述东芝的传奇霸业:当年造出世界上首台笔记本,现在却为何放弃...
- java 子类中this,请问子类中的构造方法中 this(name,beijing,school);是啥意思
- 操作方法:Maven的Spring Boot和Thymeleaf
- LeetCode 783. 二叉搜索树结点最小距离(中序遍历)
- springboot + vue项目跨域请求解决方案
- Express 4.x Node.js的Web框架----《转载》
- java 接口 同名方法_java 实现多个接口 方法重名的解决办法——内部类
- mysql concat函数进行模糊查询
- 喜讯 | 大势智慧获得全球软件领域最高权威CMMI5认证
- python w3cschool_python|w3cschool菜鸟教程
- 基于混合策略改进的樽海鞘群算法
- 电池管理系统(BMS)
- 什么样的人适合3D打印培训课程——宁波清车3D打印培训
- Error: Unbalanced delimiter found in string
- 毕业后第二份工作:进军外企 赴新加坡工作 月薪18K
- Appium(Python)测试混血App
- 【人工智能】对贝叶斯网络进行吉布斯采样