DNS反向決議
- DNS反向決議
- 1.修改區域組態檔,添加反向區域配置
- 2.配置反向資料檔案
- 3.指定DNS服務器地址并進行測驗
- DNS主從服務器配置
- 1.修改主域名服務器的正、反區域組態檔
- 2.修改從域名服務器的主組態檔
- 3.在從域名服務器區域組態檔里添加正、反區域配置
- 4.重啟主、從服務器的服務,并查看區域資料檔案是否已下載成功
- 5.在測驗機的域名決議組態檔中添加主從DNS服務器地址
- 6.進行主服務器故障測驗
DNS反向決議
1.修改區域組態檔,添加反向區域配置
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0
[root@localhost ~]# yum install -y bind
[root@localhost ~]# vim /etc/named.rfc1912.zones (此組態檔里有模板,可直接使用)
zone "131.168.192.in-addr.arpa" IN { (反向決議的地址倒過來寫,這里代表決議192.168.131網段的地址)
type master;
file "qz.com.zone.local"; (指定區域資料檔案為qz.com.zone.local)
allow-update { none; };
};
2.配置反向資料檔案
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost qz.com.zone.local(加-p選項保留源檔案的權限和屬主的屬性復制)
[root@localhost named]# ls
data named.empty qz.com.zone.local
dynamic named.localhost slaves
named.ca named.loopback
[root@localhost named]# vim qz.com.zone.local
$TTL 1D
@ IN SOA qz.com. admin.qz.com. ( (這里的“@”代表192.168.131的網段地址)
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS qz.com.
A 192.168.131.10
200 IN PTR www.qz.com. (PTR為反向指標,反向決議192.168.131.200地址結果
為www.qz.com.)
118 IN PTR mail.qz.com.
3.指定DNS服務器地址并進行測驗
[root@localhost named]# vim /etc/resolv.conf (指定DNS服務器地址)
[root@localhost named]# systemctl restart named
[root@localhost named]# netstat -natup | grep 53 (使用netstat命令查看埠的網路的連接情況)
tcp 0 0 192.168.131.10:53 0.0.0.0:* LISTEN 3913/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3913/named
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1218/dnsmasq
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3913/named
tcp 0 36 192.168.131.10:22 192.168.131.1:53472 ESTABLISHED 3068/sshd: root@pts
tcp6 0 0 ::1:953 :::* LISTEN 3913/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 600/avahi-daemon: r
udp 0 0 192.168.122.1:53 0.0.0.0:* 3913/named
udp 0 0 192.168.131.10:53 0.0.0.0:* 3913/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 3913/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 1218/dnsmasq
[root@localhost named]# host 192.168.131.118
118.131.168.192.in-addr.arpa domain name pointer mail.qz.com.
[root@localhost named]# host 192.168.131.200
200.131.168.192.in-addr.arpa domain name pointer www.qz.com.
DNS主從服務器配置
1.修改主域名服務器的正、反區域組態檔
[root@localhost /]# vim /etc/named.rfc1912.zones
zone "qz.com" IN {
type master; (型別為主區域)
file "qz.com.zone";
allow-transfer { 192.168.131.11; }; (允許從服務器下載正向區域資料,這里添加從服務器的IP地址)
};
zone "131.168.192.in-addr.arpa" IN {
type master;
file "qz2.com.zone.local";
allow-transfer { 192.168.131.11; };
};
2.修改從域名服務器的主組態檔
[root@localhost ~]# yum -y install bind
options {
listen-on port 53 { 192.168.131.11; }; (監聽53埠,IP地址使用提供從服務器服務的本地
IP即可,也可用any代表所有)
#listen-on-v6 port 53 { ::1; }; (IPV6,注釋或洗掉)
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; (允許使用本DNS決議服務的網段,也可用
any代表所有)
3.在從域名服務器區域組態檔里添加正、反區域配置
zone "qz.com" IN {
type slave; (此處將型別修改成從區域)
file "slaves/qz.com.zone"; (下載的區域資料檔案保存到slaves/目錄下)
masters { 192.168.131.10; }; (指定主服務器的IP地址)
};
zone "131.168.192.in-addr.arpa" IN {
type slave;
file "slaves/qz2.com.zone.local";
masters { 192.168.131.10; };
};
4.重啟主、從服務器的服務,并查看區域資料檔案是否已下載成功
[root@localhost /]# systemctl restart named
[root@localhost /]# ls -l /var/named/slaves/
總用量 8
-rw-r--r--. 1 named named 353 1月 17 18:22 qz2.com.zone.local
-rw-r--r--. 1 named named 327 1月 17 18:22 qz.com.zone
5.在測驗機的域名決議組態檔中添加主從DNS服務器地址
[root@localhost ~]# vim /etc/resolv.conf (也可用echo命令對/etc/resolv.conf進行覆寫)
# Generated by NetworkManager
nameserver 192.168.131.10
nameserver 192.168.131.11
6.進行主服務器故障測驗
[root@localhost /]# systemctl stop named.service (停止主服務器的服務)
[root@localhost ~]# nslookup 192.168.131.166
Server: 192.168.131.11
Address: 192.168.131.11#53
166.131.168.192.in-addr.arpa name = mail.qz.com.
[root@localhost ~]# nslookup www.qz.com
Server: 192.168.131.11
Address: 192.168.131.11#53
Name: www.qz.com
Address: 192.168.131.30
[root@localhost /]# systemctl restart named.service (重啟主服務器的服務)
[root@localhost ~]# nslookup 192.168.131.166
Server: 192.168.131.10
Address: 192.168.131.10#53
166.131.168.192.in-addr.arpa name = mail.qz.com.
[root@localhost ~]# nslookup www.qz.com
Server: 192.168.131.10
Address: 192.168.131.10#53
Name: www.qz.com
Address: 192.168.131.30
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/264771.html
標籤:其他
上一篇:作業系統之調度演算法
下一篇:Manjaro 安裝 IC617