- DNS--主从复制:
- 实验环境:
- DNS--分离解析:
- 实验环境:
- 开启centos的缓存:
主服务器地址:192.168.59.131
从服务器地址:192.168.59.138
#在用yum安装bind软件包时,遇到问题: #已加载插件:fastestmirror, langpacks #/var/run/yum.pid 已被锁定,PID 为 13801 的另一个程序正在运行。 #Another app is currently holding the yum lock; waiting for it to exit... #解决方法:删除文件后再次运行yum可用 [root@localhost ~]# rm -f /var/run/yum.pid
主服务器:
#要先用yum安装bind
[root@localhost ~]# yum install bind bind-utils.x86_64 -y
#进入/etc/named.conf下修改配置文件
[root@localhost named]# vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
[root@localhost named]# cp -p named.localhost kgc.com.zone
$TTL 1D
@ IN SOA master.kgc.com. admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master.kgc.com.
master IN A 192.168.59.131
www A 192.168.59.132
#重启一下服务
[root@localhost named]# systemctl start named
从服务器:
#要先用yum安装bind
[root@localhost ~]# rpm -q bind
未安装软件包 bind
[root@localhost ~]# yum install bind bind-utils.x86_64 -y
#进入/etc/named.conf下修改配置文件
[root@localhost named]# vim /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
// allow-query { localhost; };
[root@localhost named]# vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type slave;
file "slaves/kgc.com.zone";
masters { 192.168.59.131; };
};
[root@localhost named]# ls /var/named/slaves/
kgc.com.zone
[root@localhost named]# dig www.kgc.com @192.168.59.138
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> www.kgc.com @192.168.59.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50092
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.kgc.com. IN A
;; ANSWER SECTION:
www.kgc.com. 86400 IN A 192.168.59.132
;; AUTHORITY SECTION:
kgc.com. 86400 IN NS master.kgc.com.
;; ADDITIonAL SECTION:
master.kgc.com. 86400 IN A 192.168.59.131
;; Query time: 0 msec
;; SERVER: 192.168.59.138#53(192.168.59.138)
;; WHEN: 一 10月 11 15:06:11 CST 2021
;; MSG SIZE rcvd: 93
DNS–分离解析:
实验环境:
将linux服务器配置两块网卡,都仅主机模式;
ens33:192.168.5.1
ens37:12.0.0.1
win7做为外网: 12.0.0.10 255.0.0.0 12.0.0.1
win10 作为内网:192.168.5.100 255.255.255.0 192.168.5.1
#先使用yum安装bind
[root@localhost ~]# rpm -q bind
未安装软件包 bind
[root@localhost ~]# yum install bind bind-utils.x86_64 -y
#服务器设置双网卡
[root@localhost ~]# cd /etc/sysconfig/network-scripts
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-post ifup-eth ifup-sit
ifcfg-ens37 ifdown-ppp ifup-ib ifup-Team
[root@localhost network-scripts]# vim ifcfg-ens33
IPADDR=192.168.5.1
NETMASK=255.255.255.0
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens37
[root@localhost network-scripts]# vim ifcfg-ens37
IPADDR=12.0.0.1
NETMASK=255.255.255.0
[root@test5 ~]# vim /etc/named.conf
#修改配置文件
listen-on port 53 { any; };
allow-query { any; };
#删除这个配置
zone "." IN {
type hint;
file "named.ca";
};
[root@test5 named]# vim /etc/named.rfc1912.zones
#编写配置文件
view "lan" {
match-clients { 192.168.5.0/24; };
#匹配网段
zone "kgc.com" IN {
type master;
file "kgc.com.lan";
};
zone "." IN {
type hint;
file "named.ca";
};
};
view "wan" {
match-clients { 12.0.0.0/24; };
zone "kgc.com" IN {
type master;
file "kgc.com.wan";
};
zone "." IN {
type hint;
file "named.ca";
};
};
[root@localhost named]# vim kgc.com.lan
$TTL 1D
@ IN SOA master admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master IN A 192.168.5.1
www IN A 192.168.5.20
[root@localhost named]# vim kgc.com.wan
$TTL 1D
@ IN SOA master admin.kgc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master IN A 12.0.0.1
www IN A 12.0.0.1
测试:
#使用内网的win10测试 ping 192.168.5.1 #先ping一下内网地址 nslookup www.kgc.com #使用外网的win7测试 ping 12.0.0.1 #ping一下外网地址 nslookup www.kgc.com
CentOS 默认没有启用DNS客户端缓存,安装nscd(Name Service Cache Daemon,名称服务缓存守护进程)包可以支持DNS缓存功能减少DNS服务器压力,提高DNS查询速度;
[root@centos7 ~]#yum -y install nscd [root@centos7 ~]#systemctl enable --now nscd #查看缓存统计信息 [root@centos7 ~]#nscd -g #清除DNS客户端缓存 [root@centos7 ~]#nscd -i hosts
