当前位置: 首页 > news >正文

主从DNS服务器

news 2025/11/17 11:30:03

配置dns主从服务。
要求从服务器能够定时从主服务器同步数据。

主服务器:192.168.187.129

从服务器:192.168.187.128

两个服务器恢复快照,预处理、安装软件、设置网卡信息

[root@localhost ~]# systemctl stop firewalld.service 
[root@localhost ~]# setenforce 0
[root@localhost ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@localhost ~]# yum install bind -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.BaseOS           1.5 MB/s | 2.7 kB     00:00    
AppStream        3.1 MB/s | 3.2 kB     00:00    
Dependencies resolved.
=================================================PackageArch   Version            Repo       Size
=================================================
Installing:bind  x86_64 32:9.16.23-5.el9_1 AppStream 507 k
Installing dependencies:bind-dnssec-docnoarch 32:9.16.23-5.el9_1 AppStream  50 kpython3-bindnoarch 32:9.16.23-5.el9_1 AppStream  72 kpython3-plynoarch 3.11-14.el9        AppStream 111 k
Installing weak dependencies:bind-dnssec-utilsx86_64 32:9.16.23-5.el9_1 AppStream 121 kTransaction Summary
=================================================
Install  5 PackagesTotal size: 861 k
Installed size: 2.5 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transactionPreparing        :                         1/1 Installing       : python3-ply-3.11-14.e   1/5 Installing       : python3-bind-32:9.16.   2/5 Installing       : bind-dnssec-doc-32:9.   3/5 Installing       : bind-dnssec-utils-32:   4/5 Running scriptlet: bind-32:9.16.23-5.el9   5/5 Installing       : bind-32:9.16.23-5.el9   5/5 Running scriptlet: bind-32:9.16.23-5.el9   5/5 
uavc:  op=setenforce lsm=selinux enforcing=0 res=  Verifying        : bind-32:9.16.23-5.el9   1/5 Verifying        : bind-dnssec-doc-32:9.   2/5 Verifying        : bind-dnssec-utils-32:   3/5 Verifying        : python3-bind-32:9.16.   4/5 Verifying        : python3-ply-3.11-14.e   5/5 
Installed products updated.Installed:bind-32:9.16.23-5.el9_1.x86_64                 bind-dnssec-doc-32:9.16.23-5.el9_1.noarch      bind-dnssec-utils-32:9.16.23-5.el9_1.x86_64    python3-bind-32:9.16.23-5.el9_1.noarch         python3-ply-3.11-14.el9.noarch                 Complete!

主服务器IP信息

[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses '192.168.187.129/24' ipv4.gateway '192.168.187.2' ipv4.dns '192.168.187.129'
[root@localhost ~]# nmcli c reload
[root@localhost ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

从服务器IP信息

[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses '192.168.187.128/24' ipv4.gateway '192.168.187.2' ipv4.dns '192.168.187.128'
[root@localhost ~]# nmcli c reload
[root@localhost ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

主服务端操作,编辑主配置文件设置监听IP

[root@localhost ~]# vim  /etc/named.conf
listen-on port 53 { any; };allow-query     { any; };

主服务端操作打开区域配置文件,添加如下内容,重点允许从服务器的同步请求,即修改为 allow-transfer {允许同步区域信息的主机IP;};参数

[root@localhost ~]# vim  /etc/named.rfc1912.zones
zone "openlab.com" IN {type master;file "openlab.com.zone";allow-transfer { 192.168.187.128; }; 
};
zone "187.168.192.in-addr.arpa" IN {type master;file "192.168.187.arpa";allow-transfer { 192.168.187.128; }; 
};

主服务端操作,设置正反向解析数据配置文件

正向解析

[root@localhost ~]# cd /var/named
[root@localhost named]# ls
data     named.ca     named.localhost  slaves
dynamic  named.empty  named.loopback
[root@localhost named]# cp -a named.localhost openlab.com.zone
[root@localhost named]# vim openlab.com.zone
$TTL 1D
@       IN SOA  ns.openlab.com. admin.openlab.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      ns.openlab.com.NS      slave.openlab.com.
ns      IN      A       192.168.187.129
www     IN      A       192.168.187.129
bbs     IN      A       192.168.187.129
ftp     IN      CNAME   www
slave   IN      A       192.168.187.128

反向解析

[root@localhost named]# cp -a named.loopback 192.168.187.arpa
[root@localhost named]# vim /var/named/192.168.187.arpa
$TTL 1D
@       IN SOA  ns.openlab.com. admin.openlab.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      ns.openlab.com.NS      slave.openlab.com.
129     IN      PTR     ns.openlab.com.
129     IN      PTR     www.openlab.com.
129     IN      PTR     bbs.openlab.com.
129     IN      PTR     ftp.openlab.com.
128     IN      PTR     slave.openlab.com.

主服务端操作,重启服务

[root@localhost ~]# systemctl restart named

从服务端操作,修改主配置文件

[root@localhost ~]# vim   /etc/named.conf
listen-on port 53 { 192.168.187.128; }; 
allow-query    { any; };

从服务端操作,修改区域配置文件,填写主服务器的 IP 地址与要抓取的区域信息,注意此时的服务类型应该是 slave(从)

[root@localhost ~]# vim /etc/named.rfc1912.zones
# 清空后,添加以下内容
zone "openlab.com" IN {type slave;masters { 192.168.187.129; };file "slaves/openlab.com.zone";
};
zone "187.168.192.in-addr.arpa" IN {type slave;masters { 192.168.187.129; };file "slaves/192.168.187.arpa";
};

从服务端操作,重启服务,注意:当从服务器的 DNS 服务程序在重启后,就自动从主服务器上同步了数据配置文件,且该文件默认会放置在区域配置文件中所定义的目录位置中

[root@localhost ~]# cd /var/named/slaves
[root@localhost slaves]# ls
[root@localhost slaves]# systemctl start named
[root@localhost slaves]# ls
192.168.187.arpa  openlab.com.zone

从服务端操作,确认从服务端的网卡DNS地址修改为自己的IP:192.168.187.128,使从服务器自身也能提供的 DNS 域名解析服务,再进行测试

[root@localhost slaves]# nslookup www.openlab.com
Server:		192.168.187.128
Address:	192.168.187.128#53Name:	www.openlab.com
Address: 192.168.187.129
[root@localhost slaves]# nslookup 192.168.187.129
129.187.168.192.in-addr.arpa	name = bbs.openlab.com.
129.187.168.192.in-addr.arpa	name = www.openlab.com.
129.187.168.192.in-addr.arpa	name = ns.openlab.com.
129.187.168.192.in-addr.arpa	name = ftp.openlab.com.
[root@localhost slaves]# dig @192.168.187.129; <<>> DiG 9.16.23-RH <<>> @192.168.187.129
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34628
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 732ede84dc91b72c0100000069199eace2b62a73309c929e (good)
;; QUESTION SECTION:
;.				IN	NS;; ANSWER SECTION:
.			517950	IN	NS	l.root-servers.net.
.			517950	IN	NS	e.root-servers.net.
.			517950	IN	NS	b.root-servers.net.
.			517950	IN	NS	g.root-servers.net.
.			517950	IN	NS	c.root-servers.net.
.			517950	IN	NS	m.root-servers.net.
.			517950	IN	NS	i.root-servers.net.
.			517950	IN	NS	k.root-servers.net.
.			517950	IN	NS	a.root-servers.net.
.			517950	IN	NS	f.root-servers.net.
.			517950	IN	NS	h.root-servers.net.
.			517950	IN	NS	j.root-servers.net.
.			517950	IN	NS	d.root-servers.net.;; ADDITIONAL SECTION:
a.root-servers.net.	517949	IN	A	198.41.0.4
b.root-servers.net.	517949	IN	A	170.247.170.2
c.root-servers.net.	517949	IN	A	192.33.4.12
d.root-servers.net.	517949	IN	A	199.7.91.13
e.root-servers.net.	517949	IN	A	192.203.230.10
f.root-servers.net.	517949	IN	A	192.5.5.241
g.root-servers.net.	517949	IN	A	192.112.36.4
h.root-servers.net.	517949	IN	A	198.97.190.53
i.root-servers.net.	517949	IN	A	192.36.148.17
j.root-servers.net.	517949	IN	A	192.58.128.30
k.root-servers.net.	517949	IN	A	193.0.14.129
l.root-servers.net.	517949	IN	A	199.7.83.42
m.root-servers.net.	517949	IN	A	202.12.27.33
a.root-servers.net.	517949	IN	AAAA	2001:503:ba3e::2:30
b.root-servers.net.	517949	IN	AAAA	2801:1b8:10::b
c.root-servers.net.	517949	IN	AAAA	2001:500:2::c
d.root-servers.net.	517949	IN	AAAA	2001:500:2d::d
e.root-servers.net.	517949	IN	AAAA	2001:500:a8::e
f.root-servers.net.	517949	IN	AAAA	2001:500:2f::f
g.root-servers.net.	517949	IN	AAAA	2001:500:12::d0d
h.root-servers.net.	517949	IN	AAAA	2001:500:1::53
i.root-servers.net.	517949	IN	AAAA	2001:7fe::53
j.root-servers.net.	517949	IN	AAAA	2001:503:c27::2:30
k.root-servers.net.	517949	IN	AAAA	2001:7fd::1
l.root-servers.net.	517949	IN	AAAA	2001:500:9f::42
m.root-servers.net.	517949	IN	AAAA	2001:dc3::35;; Query time: 0 msec
;; SERVER: 192.168.187.129#53(192.168.187.129)
;; WHEN: Sun Nov 16 17:51:42 CST 2025
;; MSG SIZE  rcvd: 851

主服务端操作,修改数据配置文件

[root@localhost named]# vim /var/named/openlab.com.zone
$TTL 1D
@       IN SOA  ns.openlab.com. admin.openlab.com. (1       ; serial3       ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      ns.openlab.com.MX      8 mail.openlab.com.NS      slave.openlab.com.
ns      IN      A       192.168.187.129
www     IN      A       192.168.187.129
bbs     IN      A       192.168.187.129
mail    IN      A       192.168.187.129
ftp     IN      CNAME   www
slave   IN      A       192.168.187.128
www1    IN      CNAME   www# 注意:1 ; serial 处的序号数字必须加1,否则从服务端不更新

主服务端操作,重启服务

[root@localhost named]# systemctl restart named

从服务端操作,重启服务

[root@localhost slaves]# systemctl restart named

从服务端操作,测试

[root@localhost slaves]# nslookup mail.openlab.com
Server:		192.168.187.128
Address:	192.168.187.128#53Name:	mail.openlab.com
Address: 192.168.187.129
[root@localhost slaves]# nslookup www1.openlab.com
Server:		192.168.187.128
Address:	192.168.187.128#53www1.openlab.com	canonical name = www.openlab.com.
Name:	www.openlab.com
Address: 192.168.187.129

http://www.dtcms.com/a/619141.html

相关文章:

  • 邢台做网站哪家公司好上海缪斯设计公司官网
  • 做外贸做的很好的网站属于网络营销的特点是
  • 响应式网站有什么好处策划公司活动方案
  • 怎么做网站滑动图片部分wordpress 调试
  • 第42节:自定义渲染管线:修改Three.js默认流程
  • 网站开发后端最新技术设计公司注册需要什么条件
  • AdalFlow:让大模型任务像水流一样灵活可塑
  • 网奇e游通旅游网站建设系统如何修改上传到服务器小视频做网站怎么赚钱吗
  • 达州达县网站建设网站设计与平面设计区别
  • 西安市建设网站西安模板做网站
  • 移动开发工程笔记:glide/taro与性能优化
  • nuxt做多页面网站本地wordpress环境搭建
  • Flink原理与实战(java版)#第2章 Flink的入门(第七节Flink的第一个流式计算示例和第八节本章小结)
  • 普通的宣传网站用什么做百度应用商店官网
  • SpringBoot 整合时序数据库 Apache IoTDB 实战操作详解
  • Painter AI 散布:告别“重复感”的环境贴图
  • 长沙米拓建站wordpress apache 配置
  • 安卓手机做网站服务器吗建站系统源代码
  • 建设网站服务器郑州网站建设知名公司
  • 网站与系统对接图文方案网创电商是什么
  • 海豚调度器创建租户错误的原因
  • 2025 年江西省职业院校技能大赛人工智能应用技术赛项竞赛方案(中职组)
  • 字符指针与字符串
  • 前端 css中的函数
  • 做网站维护要学些什么wordpress防止图片被采集
  • 网站建设经典教材企业官网登录
  • 摄影师个人网站模板jsp网站开发环境搭建
  • 网站推广开户硬件开发简历
  • 【Linux驱动开发】Linux SDIO 底层原理与实现细节详解
  • 安徽建设厅官方网站路由下做网站映射