反向bind配置
host
host解析
[root@qq named]# host -t A www.magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
www.magedu.com has address 10.201.106.129
www.magedu.com has address 10.201.106.110
host查询NS和MX记录
[root@qq named]# host -t NS magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
magedu.com name server ns2.magedu.com.
magedu.com name server ns1.magedu.com.
[root@qq named]# host -t MX magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
magedu.com mail is handled by 20 mx2.magedu.com.
magedu.com mail is handled by 10 mx1.magedu.com.
nslookup
查询A记录
[root@qq named]# nslookup
> server 10.201.106.129 #指明提供解析的服务器
Default server: 10.201.106.129
Address: 10.201.106.129#53
> set q=A #设置要查询的记录类型
> www.magedu.com #输入要查询的域名
Server: 10.201.106.129
Address: 10.201.106.129#53
Name: www.magedu.com
Address: 10.201.106.110
Name: www.magedu.com
Address: 10.201.106.129
其它资源测试
set q=NS magedu.com Server: 10.201.106.129 Address: 10.201.106.129#53
magedu.com nameserver = ns1.magedu.com. magedu.com nameserver = ns2.magedu.com.
配置反向区域
1 创建反向区域文件
[root@qq named]# vim /etc/named.rfc1912.zones
zone "106.201.10.in-addr.arpa" IN {
type master;
file "10.201.106.zone";
};
[root@qq named]# cat 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
129 IN PTR ns1.magedu.com.
129 IN PTR www.magedu.com.
130 IN PTR ns2.magedu.com.
130 IN PTR www.magedu.com.
131 IN PTR mx1.magedu.com.
132 IN PTR mx2.magedu.com.
2 更改权限和检查语法正确性
[root@qq named]# chmod 640 10.201.106.zone
[root@qq named]# ll 10.201.106.zone
-rw-r----- 1 root root 337 Aug 3 04:14 10.201.106.zone
[root@qq named]#
[root@qq named]# chown :named 10.201.106.zone
[root@qq named]#
[root@qq named]# ll 10.201.106.zone
-rw-r----- 1 root named 337 Aug 3 04:14 10.201.106.zone
[root@qq named]#
[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" 10.201.106.zone
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042201
OK
[root@qq named]# named-checkconf
[root@qq named]#
3 重新加载服务
[root@qq named]# service named reload
Reloading named: [ OK ]
查看状态
[root@qq named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@qq named]#
4 解析测试
[root@qq named]# host -t PTR 10.201.106.129 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
129.106.201.10.in-addr.arpa domain name pointer www.magedu.com.
129.106.201.10.in-addr.arpa domain name pointer ns1.magedu.com.
[root@qq named]#
[root@qq named]#
[root@qq named]# dig -x 10.201.106.129 @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.129 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;129.106.201.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
;; AUTHORITY SECTION:
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:06:55 2016
;; MSG SIZE rcvd: 155
[root@qq named]# dig -x 10.201.106.130 @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.130 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25115
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;130.106.201.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.
全量区域传送
[root@qq named]# dig -t axfr magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN MX 10 mx1.magedu.com.
magedu.com. 86400 IN MX 20 mx2.magedu.com.
ftp.magedu.com. 86400 IN CNAME www.magedu.com.
mx1.magedu.com. 86400 IN A 10.201.106.131
mx2.magedu.com. 86400 IN A 10.201.106.132
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
www.magedu.com. 86400 IN A 10.201.106.129
www.magedu.com. 86400 IN A 10.201.106.130
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 4 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:13:47 2016
;; XFR size: 13 records (messages 1, bytes 311)
[root@qq named]#
传送反向区域
[root@qq named]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:21:30 2016
;; XFR size: 10 records (messages 1, bytes 277)
解析没有的记录,否定答案,后面设置泛域名(通用)域名解析
[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;pop3.magedu.com. IN A
;; AUTHORITY SECTION:
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
增加一条全部解析记录
[root@qq named]# vi magedu.com.zone
* IN A 10.201.106.129
magedu.com. IN A 10.201.106.129 #只解析域名,只想这个IP;
重新加载
[root@qq named]# rndc reload
server reload successful
再次解析不存在的主机
[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pop3.magedu.com. IN A
;; ANSWER SECTION:
pop3.magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
主从复制
1 开启从服务器,检验是否能从主服务器区域传送过来资源
[root@ns2 ~]# dig -t axfr magedu.com @10.201.106.129
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com. 86400 IN A 10.201.106.129
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN MX 10 mx1.magedu.com.
magedu.com. 86400 IN MX 20 mx2.magedu.com.
*.magedu.com. 86400 IN A 10.201.106.129
ftp.magedu.com. 86400 IN CNAME www.magedu.com.
mx1.magedu.com. 86400 IN A 10.201.106.131
mx2.magedu.com. 86400 IN A 10.201.106.132
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
www.magedu.com. 86400 IN A 10.201.106.129
www.magedu.com. 86400 IN A 10.201.106.130
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 2 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:35:57 CST 2016
;; XFR size: 15 records (messages 1, bytes 345)
[root@ns2 ~]#
[root@ns2 ~]#
[root@ns2 ~]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 3 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:36:02 CST 2016
;; XFR size: 10 records (messages 1, bytes 277)
[root@ns2 ~]#
配置从服务器,只需要定义区域就行了
配置正向 从服务器
1 首先从服务器安装bind
[root@ns2 yum.repos.d]# yum install bind -y
2 编辑缓存名称服务器的配置文件
options {
listen-on port 53 { 10.201.106.130;127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
3 检查服务是否开启
[root@ns2 yum.repos.d]# systemctl restart named
[root@ns2 yum.repos.d]#
[root@ns2 yum.repos.d]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-08-11 17:52:40 CST; 6s ago
Process: 23475 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 23495 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 23490 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 23500 (named)
CGroup: /system.slice/named.service
└─23500 /usr/sbin/named -u named
Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: sync...
Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: unab...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 0.in-addr.arpa/IN:...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.127.in-addr....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost.localdom...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.0.0.0.0.0.0....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost/IN: load...
Aug 11 17:52:40 ns2.magedu.com named[23500]: all zones loaded
Aug 11 17:52:40 ns2.magedu.com systemd[1]: Started Berkeley Internet...
Aug 11 17:52:40 ns2.magedu.com named[23500]: running
Hint: Some lines were ellipsized, use -l to show in full.
[root@ns2 yum.repos.d]#
[root@ns2 yum.repos.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 10.201.106.130:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 5 192.168.122.1:53
[root@ns2 yum.repos.d]# ss -unl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 10.201.106.130:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:*
4 选择从服务器同步过来的记录存放位置
[root@ns2 ~]# ps aux | grep named
named 23500 0.0 3.3 162736 16624 ? Ssl 17:52 0:00 /usr/sbin/named -u named
root 24379 0.1 1.0 153632 5256 pts/1 S+ 18:37 0:00 vim /etc/named.rfc1912.zones
root 24489 0.0 0.1 112644 960 pts/2 S+ 18:39 0:00 grep --color=auto named
[root@ns2 ~]#
[root@ns2 ~]# ll -d /var/named/
drwxr-x---. 5 root named 4096 Aug 11 17:46 /var/named/
[root@ns2 ~]#
[root@ns2 ~]# ll /var/named/
total 16
drwxrwx---. 2 named named 47 Aug 11 18:36 data
drwxrwx---. 2 named named 6 Nov 20 2015 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Nov 20 2015 slaves #该目录专用于从服务器
[root@ns2 ~]#
5 在bind的 /etc/named.rfc1912.zones配置正向区域
[root@ns2 named]# vim /etc/named.rfc1912.zones zone "madedu.com" IN { type slave; masters { 10.201.106.129; }; file "slaves/magedu.com.zone"; };
6 重载服务,同步主服务器的资源
[root@ns2 named]# rndc reload
server reload successful
[root@zz named]# tail /var/log/messages
Jul 29 13:10:48 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:10:48 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:10:48 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:10:48 zz named[2524]: reloading configuration succeeded
Jul 29 13:10:48 zz named[2524]: reloading zones succeeded
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: connected using 10.201.106.128#42070
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: transferred serial 2015042201
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 15 records, 345 bytes, 0.008 secs (43125 bytes/sec) #15条记录
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: sending notifies (serial 2015042201)
测试主服务器修改,从服务器是否能同步
主服务器
[root@qq named]# vim /var/named/magedu.com.zone
[root@qq named]#
[root@qq named]#
[root@qq named]# vim /var/named/magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. admin.magedu.com (
2015042203 #序列号加1
pop3 IN CNAME mx1 #新增一条记录
[root@qq named]# named-checkzone "magedu.com." /var/named/magedu.com.zone
zone magedu.com/IN: loaded serial 2015042202
OK
[root@qq named]#
主服务器更改完记录区域记录后,重加加载
[root@qq named]# rndc reload
server reload successful
[root@qq named]#
[root@qq named]# tail /var/lo
local/ lock/ log/ lost+found/
[root@qq named]# tail /var/log/messages
Aug 3 09:46:04 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug 3 09:46:04 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug 3 09:46:04 qq named[19186]: sizing zone task pool based on 8 zones
Aug 3 09:46:04 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug 3 09:46:04 qq named[19186]: reloading configuration succeeded
Aug 3 09:46:04 qq named[19186]: reloading zones succeeded
Aug 3 09:46:04 qq named[19186]: zone magedu.com/IN: loaded serial 2015042203
Aug 3 09:46:04 qq named[19186]: zone magedu.com/IN: sending notifies (serial 2015042203)
Aug 3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR started #IXFR:增量备份
Aug 3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR ended
从服务器
从服务器也已经同步数据过来
[root@zz slaves]# tail /var/log/messages
Jul 29 13:30:40 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:30:40 zz named[2524]: Warning: 'empty-zones-enable/disable-em
Jul 29 13:30:40 zz named[2524]: reloading configuration succeeded
Jul 29 13:30:40 zz named[2524]: reloading zones succeeded
Jul 29 13:34:26 zz named[2524]: client 10.201.106.129#16525: received n
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: transferred serial
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201s (8704 bytes/sec)
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: sending notifies (s
[root@zz slaves]#
[root@zz named]#
[root@zz named]# cat slaves/magedu.comzone
$ORIGIN .
$TTL 86400 ; 1 day
magedu.com IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. (
2015042203 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.magedu.com.
NS ns2.magedu.com.
A 10.201.106.129
MX 10 mx1.magedu.com.
MX 20 mx2.magedu.com.
$ORIGIN magedu.com.
* A 10.201.106.129
ftp CNAME www
mx1 A 10.201.106.131
mx2 A 10.201.106.132
ns1 A 10.201.106.129
ns2 A 10.201.106.128
pop3 CNAME mx1
pop4 CNAME ns1
www A 10.201.106.129
A 10.201.106.128
定义反向 从服务器
1 查看主服务器的反向区域记录是否有从服务器的NS记录和PTR记录
[root@qq named]# vim 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
129 IN PTR ns1.magedu.com.
129 IN PTR www.magedu.com.
128 IN PTR ns2.magedu.com.
2 也是只需定义named.rfc1912.zones区域文件,只需要做区域定义
vim /etc/named.rfc1912.zones
49 zone "106.201.10.in-addr.arpa" IN {
50 type slave;
51 masters { 10.201.106.129; };
52 file "slaves/10.201.106.zone";
53 };
3 检查语法,重载服务,查看日志
[root@zz named]# named-checkconf
[root@zz named]#
[root@zz named]#
[root@zz named]# rndc reload
server reload successful
[root@zz named]#
[root@zz named]# tail /var/log/messages
Jul 29 13:58:32 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:58:32 zz named[2524]: sizing zone task pool based on 8 zones
Jul 29 13:58:32 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:58:32 zz named[2524]: reloading configuration succeeded
Jul 29 13:58:32 zz named[2524]: reloading zones succeeded
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#47866
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042201
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 10 records, 277 bytes, 0.010 secs (27700 bytes/sec)
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042201)
[root@zz named]# vim /etc/named.rfc1912.zones
root@zz named]# vim /etc/named.rfc1912.zones
[root@zz named]#
[root@zz named]# ll slaves/
total 8
-rw-r--r--. 1 named named 488 Jul 29 13:58 10.201.106.zone
-rw-r--r--. 1 named named 600 Jul 29 13:34 magedu.comzone
[root@zz named]#
4 主服务器主动修改,查看从服务器是否同步
主服务器
[root@qq named]# vim 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042202 #序列号加1
10 IN PTR lamp.magedu.com. #增加一条记录
[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" /var/named/10.201.106.zone
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
OK
[root@qq named]# rndc reload
[root@qq named]#
[root@qq named]# tail /var/log/messages
Aug 3 10:23:56 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug 3 10:23:56 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug 3 10:23:56 qq named[19186]: sizing zone task pool based on 8 zones
Aug 3 10:23:56 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug 3 10:23:56 qq named[19186]: reloading configuration succeeded
Aug 3 10:23:56 qq named[19186]: reloading zones succeeded
Aug 3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
Aug 3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
[root@qq named]#
反向从服务器
Jul 29 14:07:59 zz named[2524]: managed-keys-zone ./IN: Unable to fetch DNSKEY set '.': SERVFAIL
Jul 29 14:12:18 zz named[2524]: client 10.201.106.129#65218: received notify for zone '106.201.10.in-addr.arpa'
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#51457
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042202
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 11 records, 300 bytes, 0.012 secs (25000 bytes/sec)
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)
[root@zz named]# cat slaves/10.201.106.zone
$ORIGIN .
$TTL 86400 ; 1 day
106.201.10.in-addr.arpa IN SOA ns1.magedu.com. admin.magedu.com. (
2015042202 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.magedu.com.
NS ns2.magedu.com.
$ORIGIN 106.201.10.in-addr.arpa.
110 PTR lamp.magedu.com.
……
rndc
rndc开始查询日志功能
[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON #
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
测试:
[root@www ~]# dig -t A magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN A
;; ANSWER SECTION:
magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.128
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 10:45:47 2016
;; MSG SIZE rcvd: 112
[root@www ~]#
[root@www ~]#
[root@www ~]# tail /var/lo
local/ lock/ log/ lost+found/
[root@www ~]# tail /var/log/messages
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
Aug 3 10:44:44 qq named[19186]: received control channel command 'querylog'
Aug 3 10:44:44 qq named[19186]: query logging is now on
Aug 3 10:45:14 qq named[19186]: received control channel command 'querylog'
Aug 3 10:45:14 qq named[19186]: query logging is now off
Aug 3 10:45:32 qq named[19186]: received control channel command 'querylog'
Aug 3 10:45:32 qq named[19186]: query logging is now on
Aug 3 10:45:46 qq named[19186]: client 10.201.106.128#56887: query: magedu.com IN SOA -E (10.201.106.129) #本机自己的查询有记录到
Aug 3 10:45:47 qq named[19186]: client 10.201.106.129#41396: query: magedu.com IN A + (10.201.106.129)
[root@www ~]# #可以从别的主机指向该服务器查询,然后查询日志
开启关闭debug日志
[root@www ~]# rndc trace 5 开启debug日志,并设置成5级
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 5
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www ~]#
[root@www ~]#
[root@www ~]#
[root@www ~]# rndc tracer 0 关闭debug日志
rndc: 'tracer' failed: unknown command
[root@www ~]# rndc trace 0
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
