Debain搭建主从DNS服务器

Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

从服务器是主服务器的克隆，所以系统是一样的

主服务器IP地址：172.16.0.3
从路由器IP地址：172.16.0.1

主服务器和从路由器都安装bind9

apt install -y bind9

cd /etc/bind
vim named.conf.default-zones

添加以下内容

zone "test.com" {
        type master;
        allow-update {172.16.0.1;};   //这里填从服务器的IP地址
        file "/etc/bind/test.com";
};

zone "0.16.172.in-addr.arpa" {
        type master;
        allow-update {172.16.0.1;};
        file "/etc/bind/db.0.16.172";
};

 新建正向和反向解析文件

cp db.local test.com
cp db.127 db.0.16.172

vim test.com

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     test.com. admin.test.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      test.com.
@       IN      AAAA    ::1
www     IN      A       172.16.0.1
ftp     IN      A       172.16.0.3

vim db.0.16.172

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     test.com. admin.test.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      test.com.
1       IN      PTR     www.test.com.
3       IN      PTR     ftp.test.com.

修改/etc/resolv.conf文件，使用本机进行dns解析 

echo nameserver 172.16.0.3 > /etc/resolv.conf

重启named服务，让配置文件生效

systemctl restart named.service

验证

nslookup www.test.com

Server:         172.16.0.3
Address:        172.16.0.3#53

Name:   www.test.com
Address: 172.16.0.1



nslookup ftp.test.com

Server:         172.16.0.3
Address:        172.16.0.3#53

Name:   ftp.test.com
Address: 172.16.0.3



nslookup 172.16.0.1
1.0.16.172.in-addr.arpa name = www.test.com.



nslookup 172.16.0.3
3.0.16.172.in-addr.arpa name = ftp.test.com.

本地的dns解析是没什么问题的，接下来就到从服务器上进行设置

cd /etc/bind
vim named.conf.default-zones 

添加以下内容  masters跟的IP地址就是主服务器的IP地址

zone "test.com" {
        type slave;
        masters {172.16.0.3;};
};

zone "0.16.172.in-addr.arpa" {
        type slave;
        masters {172.16.0.3;};
};

然后修改/etc/resolv.conf，写入从服务器IP地址

echo nameserver 172.16.0.1 > /etc/resolv.conf

这里写的是从服务器的IP地址，所以从服务器如果能正常解析域名就说明没问题了

最后进行测试

nslookup www.test.com

Server:         172.16.0.1
Address:        172.16.0.1#53

Name:   www.test.com
Address: 172.16.0.1



nslookup ftp.test.com

Server:         172.16.0.1
Address:        172.16.0.1#53

Name:   ftp.test.com
Address: 172.16.0.3



nslookup 172.16.0.1
1.0.16.172.in-addr.arpa name = www.test.com.



nslookup 172.16.0.3
3.0.16.172.in-addr.arpa name = ftp.test.com.

可以看到这里提供域名解析的是172.16.0.1，也就是从服务器，这就说明从服务器也可以正常工作了，大功告成