主DNS部署+辅助DNS服务器部署
主DNS部署+辅助DNS服务器部署
主DNS
DNS(Domain Name System,域名系统)是互联网的核心基础设施之一,简单来说,它的作用是将人类容易记忆的域名(如www.baidu.com)翻译成计算机能识别的 IP 地址(如 180.101.50.242),从而实现网络设备之间的通信
为什么需要 DNS?
计算机在网络中通信时,依赖的是 IP 地址(一串数字,如 IPv4 的192.168.1.1或 IPv6 的2001:0db8:85a3:0000:0000:8a2e:0370:7334),但数字形式的 IP 地址对人类来说很难记忆
而域名(如google.com、github.io)由字母、数字和符号组成,更符合人类的记忆习惯
因此,DNS 就像一本 “网络电话簿”:当你在浏览器输入域名时,DNS 会自动查询并返回对应的 IP 地址,让你的设备能找到目标服务器,加载网页或使用网络服务
DNS 的工作原理(简化)
-
本地查询:当你访问一个域名时,设备会先检查本地缓存(如浏览器缓存、操作系统缓存),如果有记录直接返回 IP
-
递归查询:若本地无缓存,设备会向 “本地 DNS 服务器”(通常由运营商或你手动设置,如 114.114.114.114)发送查询请求
-
层级解析
本地 DNS 服务器若没有记录,会逐层向上查询:
- 先问 “根域名服务器”(全球共 13 组,管理顶级域名如
.com、.cn) - 根服务器指引到对应的 “顶级域名服务器”(如
.com服务器) - 顶级服务器再指引到 “权威域名服务器”(该域名的实际管理服务器,如
baidu.com的专属服务器) - 权威服务器返回准确的 IP 地址,最终传递到你的设备
- 先问 “根域名服务器”(全球共 13 组,管理顶级域名如
辅助DNS
在 CentOS 7 中,辅助 DNS(Secondary DNS) 是相对于主 DNS(Primary DNS) 而言的概念,它是主 DNS 服务器的 “备份” 或 “副本”,用于同步和存储主 DNS 服务器上的域名解析记录(Zone 文件),并在主 DNS 服务器不可用时提供解析服务
辅助 DNS 的核心作用:
- 冗余备份:当主 DNS 服务器故障(如宕机、网络中断)时,辅助 DNS 可以替代主服务器提供解析服务,保证域名解析不中断
- 负载分担:减少主 DNS 服务器的查询压力,将部分解析请求分流到辅助 DNS
- 数据一致性:通过 “区域传送(Zone Transfer)” 机制自动同步主 DNS 的解析记录,确保数据一致
工作原理:
- 主 DNS 服务器存储域名解析的权威记录(如 A 记录、CNAME 记录等),并允许指定的辅助 DNS 服务器同步这些记录
- 辅助 DNS 服务器会定期(或在主服务器记录更新时)向主 DNS 请求同步解析记录(即 “区域传送”),并将数据缓存到本地
- 当客户端查询域名时,辅助 DNS 可以直接返回解析结果(与主 DNS 一致);若主 DNS 不可用,客户端仍能通过辅助 DNS 获取解析结果
在 CentOS 7 中配置辅助 DNS 的关键点:
- 需在主 DNS 服务器的配置中(
/etc/named.conf或区域文件)允许辅助 DNS 的 IP 地址进行区域传送(通过allow-transfer参数指定) - 辅助 DNS 服务器的配置中,需指定主 DNS 的 IP 地址和要同步的域名区域(Zone),并声明自身为该区域的 “辅助服务器”
进行主DNS部署:
如果没有部署DNS之前:
[root@syf ~]# ping 192.168.100.20 //地址能够ping通
PING 192.168.100.20 (192.168.100.20) 56(84) bytes of data.
64 bytes from 192.168.100.20: icmp_seq=1 ttl=64 time=0.311 ms
64 bytes from 192.168.100.20: icmp_seq=2 ttl=64 time=0.870 ms
64 bytes from 192.168.100.20: icmp_seq=3 ttl=64 time=0.998 ms
64 bytes from 192.168.100.20: icmp_seq=4 ttl=64 time=1.49 ms
^Z
[2]+ Stopped ping 192.168.100.20
[root@syf ~]# ping syf2.example.com //完全合格域名ping不通
ping: syf2.example.com: Name or service not known
[root@syf2 ~]# hostname
syf2.example.com
如果想要访问完全合格域名,必须激活解析服务
[root@syf ~]# vim /etc/hosts //本地的解析文件
...
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.20 syf2.example.com
...
[root@syf ~]# ping syf2.example.com
PING syf2.example.com (192.168.100.20) 56(84) bytes of data.
64 bytes from syf2.example.com (192.168.100.20): icmp_seq=1 ttl=64 time=0.723 ms
64 bytes from syf2.example.com (192.168.100.20): icmp_seq=2 ttl=64 time=0.799 ms
64 bytes from syf2.example.com (192.168.100.20): icmp_seq=3 ttl=64 time=1.02 ms
64 bytes from syf2.example.com (192.168.100.20): icmp_seq=4 ttl=64 time=1.05 ms
^C
--- syf2.example.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.723/0.900/1.057/0.145 ms
另一边:
[root@syf2 ~]# ping shenyifeng.example.com
ping: shenyifeng.example.com: Name or service not known
原因是这一台的本地文件解析没有shenyifeng.example.com
如果现在有100台主机
配置yum仓库
[root@syf ~]# cd /etc/yum.repos.d/
[root@syf yum.repos.d]# ls
ovo.repo
[root@syf yum.repos.d]# rm -rf *
[root@syf yum.repos.d]# vim syf.repo
[root@syf yum.repos.d]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@syf yum.repos.d]# cd
[ovo]
name=ovo1
baseurl=file:///mnt
enabled=1
gpgcheck=0
进行安装bind、bind-chroot
[root@syf ~]# yum -y install bind bind-chroot
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-72.el7 will be installed
---> Package bind-chroot.x86_64 32:9.9.4-72.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved=====================================================================Package Arch Version RepositorySize
=====================================================================
Installing:bind x86_64 32:9.9.4-72.el7 ovo 1.8 Mbind-chroot x86_64 32:9.9.4-72.el7 ovo 88 kTransaction Summary
=====================================================================
Install 2 PackagesTotal download size: 1.9 M
Installed size: 4.5 M
Downloading packages:
---------------------------------------------------------------------
Total 94 MB/s | 1.9 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionInstalling : 32:bind-9.9.4-72.el7.x86_64 1/2 Installing : 32:bind-chroot-9.9.4-72.el7.x86_64 2/2 Verifying : 32:bind-9.9.4-72.el7.x86_64 1/2 Verifying : 32:bind-chroot-9.9.4-72.el7.x86_64 2/2 Installed:bind.x86_64 32:9.9.4-72.el7 bind-chroot.x86_64 32:9.9.4-72.el7 Complete!
配置DNS:
[root@syf ~]# vim /etc/named.conf
...
options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { any; };
...
最下面
include "/etc/named.rfc1912.zones"; //DNS全局配置文件
include "/etc/named.root.key";
[root@syf ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
////不要直接在模板上改,复制到下面改
zone "localhost.localdomain" IN { //正向解析模板type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN { //复制到下面type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { //反向解析模版type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN { //复制到下面type master;file "named.empty";allow-update { none; };
};zone "example.com" IN { //复制过来改type master; //主类型是:master 辅类型是:slavefile "ovo.com"; //文件不存在allow-update { none; };
};zone "100.168.192.in-addr.arpa" IN { //复制过来改type master;file "com.ovo"; //文件不存在allow-update { none; };
};
[root@syf named]# ls
chroot data named.ca named.localhost ovo.com
com.ovo dynamic named.empty named.loopback slaves
[root@syf named]# ll //所属组是named
total 24
drwxr-x---. 7 root named 61 Aug 11 16:31 chroot
-rw-r-----. 1 root named 281 Aug 11 11:23 com.ovo
drwxrwx---. 2 named named 23 Oct 31 2018 data
drwxrwx---. 2 named named 31 Oct 31 2018 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty //
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost //
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 246 Aug 11 11:37 ovo.com
drwxrwx---. 2 named named 6 Oct 31 2018 slaves
[root@syf named]# cp -p named.localhost ovo.com //加-p保持属性不发生变化
cp: overwrite ‘ovo.com’? yes
[root@syf named]# cp -p named.empty com.ovo
cp: overwrite ‘com.ovo’? yes
[root@syf named]# ls
chroot data named.ca named.localhost ovo.com
com.ovo dynamic named.empty named.loopback slaves
[root@syf named]# vim ovo.com //SOA 起始授权机构$TTL 1D //修改后
@ IN SOA shenyifeng.example.com. root.example.com. (2025081101 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS shenyifeng.example.com.
shenyifeng IN A 192.168.100.10
lisi IN A 192.168.100.10[root@syf named]# vim com.ovo$TTL 3H
@ IN SOA shenyifeng.example.com. root.example.com. (2025081101 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS shenyifeng.example.com.
10 IN PTR shenyifeng.example.com.
10 IN PTR lisi.example.com.[root@syf named]# systemctl restart named
[root@syf named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@syf named]# cd
[root@syf ~]# systemctl stop firewalld
[root@syf ~]# systemctl disable firewalld
[root@syf ~]# getenforce
Permissive
DNS全局配置文件 /etc/named.rfc1912.zones
作用:确定DNS类型 主DNS 辅助DNS
定义域与网段的映射关系
具体的解析条目的文件名在哪 包括:正向解析数据库、反向解析数据库放在/var/named/
接下来进行验证:
[root@syf2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
...
DNS1=192.168.100.10 /只改DNS
...
[root@syf2 ~]# systemctl restart network
[root@syf2 ~]# nslookup
> shenyifeng.example.com
Server: 192.168.100.10
Address: 192.168.100.10#53Name: shenyifeng.example.com
Address: 192.168.100.10
> lisi.example.com
Server: 192.168.100.10
Address: 192.168.100.10#53Name: lisi.example.com
Address: 192.168.100.10 //反向解析
> 192.168.100.10
Server: 192.168.100.10
Address: 192.168.100.10#5310.100.168.192.in-addr.arpa name = lisi.example.com.
10.100.168.192.in-addr.arpa name = shenyifeng.example.com.
>
辅助DNS服务器部署:
首先配置yum仓库
[root@syf2 ~]# cd /etc/yum.repos.d/
[root@syf2 yum.repos.d]# ls
ovo.repo
[root@syf2 yum.repos.d]# rm -rf *
[root@syf2 yum.repos.d]# vim qaq.repo
[qwq]
name=qwq1
baseurl=file:///mnt
enabled=1
gpgcheck=0[root@syf2 yum.repos.d]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@syf2 yum.repos.d]# cd
[root@syf2 ~]# yum -y install bind bind-chroot
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
qwq | 3.6 kB 00:00
(1/2): qwq/group_gz | 166 kB 00:00
(2/2): qwq/primary_db | 3.1 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-72.el7 will be installed
--> Processing Dependency: python-ply for package: 32:bind-9.9.4-72.el7.x86_64
---> Package bind-chroot.x86_64 32:9.9.4-72.el7 will be installed
--> Running transaction check
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved=====================================================================Package Arch Version RepositorySize
=====================================================================
Installing:bind x86_64 32:9.9.4-72.el7 qwq 1.8 Mbind-chroot x86_64 32:9.9.4-72.el7 qwq 88 k
Installing for dependencies:python-ply noarch 3.4-11.el7 qwq 123 kTransaction Summary
=====================================================================
Install 2 Packages (+1 Dependent package)Total download size: 2.0 M
Installed size: 5.1 M
Downloading packages:
---------------------------------------------------------------------
Total 9.3 MB/s | 2.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionInstalling : python-ply-3.4-11.el7.noarch 1/3 Installing : 32:bind-9.9.4-72.el7.x86_64 2/3 Installing : 32:bind-chroot-9.9.4-72.el7.x86_64 3/3 Verifying : 32:bind-9.9.4-72.el7.x86_64 1/3 Verifying : python-ply-3.4-11.el7.noarch 2/3 Verifying : 32:bind-chroot-9.9.4-72.el7.x86_64 3/3 Installed:bind.x86_64 32:9.9.4-72.el7 bind-chroot.x86_64 32:9.9.4-72.el7 Dependency Installed:python-ply.noarch 0:3.4-11.el7 Complete!
[root@syf2 ~]# vim /etc/named.conf
...
options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { any; };
...
[root@syf2 ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN { //复制type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN { //复制type master;file "named.empty";allow-update { none; };
};zone "example.com" IN { //复制过来进行修改type slave;file "slaves/ovo.com";masters { 192.168.100.10; };
};zone "100.168.192.in-addr.arpa" IN { //复制过来进行修改type slave;file "slaves/com.ovo";masters { 192.168.100.10; };
};
[root@syf2 named]# cd /var/named
[root@syf2 named]# ls
chroot dynamic named.empty named.loopback
data named.ca named.localhost slaves
[root@syf2 named]# cd
[root@syf2 ~]# systemctl stop firewalld
[root@syf2 ~]# systemctl disable firewalld
[root@syf2 ~]# setenforce 0
[root@syf2 ~]# vim /etc/selinux/config //下次状态关掉
...
SELINUX=disabled //修改后
...
[root@syf2 ~]# systemctl restart named
[root@syf2 ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@syf2 ~]# cd /var/named/
[root@syf2 named]# ls
chroot dynamic named.empty named.loopback
data named.ca named.localhost slaves
[root@syf2 named]# cd slaves/
[root@syf2 slaves]# ls
com.ovo ovo.com
[root@syf2 slaves]# cat ovo.com
eͩxamplecom>
examplecom0;Qmplecomrootexamplecomx´I
shenyifengexamplecom,Qlisiexamplecom(d
2Q
shenyifengexamplecom(d
[root@syf2 slaves]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
...
DNS1=192.168.100.10
DNS2=192.168.100.20 //添加
...
[root@syf2 slaves]# systemctl restart network