1. 介绍
将使用 CentOS 7 上的 BIND 9 配置主用(主)和辅助(备)DNS服务器。本文只介绍如何搭建主/从 DNS 服务器系统
2. 环境配置
2.1 主用DNS服务器
- 主机名:dns1.joinmedia.net
- IP地址:172.21.110.254
2.2 备用DNS服务器
- 主机名:dns2.joinmedia.net
- IP地址:172.21.110.253
3. BIND服务安装
yum install -y bind bind-utils
4. 主用 DNS 服务器的配置
- BIND 的配置文件为”/etc/named.conf”,将其中如下内容进行修改:
listen-on port 53 { any;};
allow-query { 0.0.0.0/0;};
- 为了让配置文件保持整洁,我们新建一个本地解析文件”named.conf.local”,当然我们也可以修改”/etc/named.rfc1912.zones”文件来增加解析区域,因为这个文件是默认生效的,不过还是建议新建一个文件,这样看起来要清爽一些。将如下内容添加到”named.conf.local”文件中:
touch /etc/named.conf.local
zone "joinmedia.net" {
type master;
masterfile-format text;
file "/var/named/joinmedia.net";
allow-transfer {172.21.110.253; };
also-notify {172.21.110.253; };
};
zone "southbaytech.co" {
type master;
masterfile-format text;
file "/var/named/southbaytech.co";
allow-transfer {172.21.110.253; };
also-notify {172.21.110.253; };
};
zone "110.21.172.in-addr.arpa" {
type master;
masterfile-format text;
file "/var/named/110.21.172.in-addr.arpa";
allow-transfer {172.21.110.253; };
also-notify {172.21.110.253; };
};
zone "100.21.172.in-addr.arpa" {
type master;
masterfile-format text;
file "/var/named/100.21.172.in-addr.arpa";
allow-transfer {172.21.110.253; };
also-notify {172.21.110.253; };
};
- 以上我们定义了4个DNS区域,2个域名正向解析,2个网段的反向解析。然后把文件写入到主配置。
echo 'include "/etc/named.conf.local";' >> /etc/named.conf
- 分别添加4个区域的文件:
touch /var/named/joinmedia.net
touch /var/named/southbaytech.co
touch /var/named/110.21.172.in-addr.arpa
touch /var/named/100.21.172.in-addr.arpa
- 以/var/named/joinmedia.net为例:
$TTL 1h
@ IN SOA joinmedia.net. root.joinmedia.net. (
2021041303 ; Serial YYYYMMDDnn
24h ; Refresh
2h ; Retry
28d ; Expire
10m ) ; Minimum TTL
;Name Servers
@ IN NS dns1
@ IN NS dns2
dns1 IN A 172.21.110.254
dns2 IN A 172.21.110.253
conference IN A 192.168.0.142
www IN A 192.168.0.219
;outside
jiawo IN A 115.239.233.26
- 以100.21.172.in-addr.arpa为例:
$TTL 1h
@ IN SOA 100.21.172.in-addr.arpa root.joinmedia.net. (
2021041219 ; Serial YYYYMMDDnn
24h ; Refresh
1h ; Retry
28d ; Expire
10m ) ; Minimum TTL
@ IN NS dns1
@ IN NS dns2
dns1 IN A 172.21.110.254
dns2 IN A 172.21.110.253
;PTR Records
8 IN PTR mail.southbaytech.co
10 IN PTR ftp.southbaytech.co
- 修改区域文件的拥有者
chown named:named /var/named/joinmedia.net
chown named:named /var/named/southbaytech.co
chown named:named /var/named/110.21.172.in-addr.arpa
chown named:named /var/named/100.21.172.in-addr.arpa
5. 备用 DNS 服务器的配置
- BIND 的配置文件为”/etc/named.conf”,将其中如下内容进行修改:
listen-on port 53 { any;};
allow-query { 0.0.0.0/0;};
- 同样新建一个本地解析文件”named.conf.local”,添加以下内容
zone "joinmedia.net" {
type slave;
masters {172.21.110.254;};
masterfile-format text;
file "/var/named/joinmedia.net";
};
zone "southbaytech.co" {
type slave;
masters {172.21.110.254;};
masterfile-format text;
file "/var/named/southbaytech.co";
};
zone "110.21.172.in-addr.arpa" {
type slave;
masters {172.21.110.254;};
masterfile-format text;
file "/var/named/110.21.172.in-addr.arpa";
};
zone "100.21.172.in-addr.arpa" {
type slave;
masters {172.21.110.254;};
masterfile-format text;
file "/var/named/100.21.172.in-addr.arpa";
};
6. 启动主备DNS服务器
systemctl enable --now named.service