如何在linux中部署dns服务 主备dns (详细全过程)
环境centos 7.9
主DNS:192.168.60.131
备DNS:192.168.60.134
我以 chenxingyu0.com 指向 192.168.60.200为例
首先是主dns
#!/bin/bash
# 检查是否为 root 用户
if [ "$(id -u)" != "0" ]; then
echo "请使用 root 用户运行此脚本。"
exit 1
fi
# 安装 bind 软件包
yum install -y bind bind-utils
# 备份 named.conf 文件
cp /etc/named.conf /etc/named.conf.bak
# 配置主 DNS 的 named.conf
cat << EOF > /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "chenxingyu0.com" IN {
type master;
file "chenxingyu0.com.zone";
allow-update { none; };
allow-transfer { 192.168.60.134; };
also-notify { 192.168.60.134; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
# 创建并配置 zone 文件
cat << EOF > /var/named/chenxingyu0.com.zone
\$TTL 86400
@ IN SOA ns1.chenxingyu0.com. admin.chenxingyu0.com. (
2025032502 ; Serial,可根据实际情况递增
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.chenxingyu0.com.
ns1 IN A 192.168.60.200
chenxingyu0.com. IN A 192.168.60.200
EOF
# 设置文件权限
chown named:named /var/named/chenxingyu0.com.zone
chmod 640 /var/named/chenxingyu0.com.zone
# 配置防火墙
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
# 配置 SELinux
setsebool -P named_write_master_zones 1
setsebool -P named_read_master_zones 1
# 启动并设置开机自启
systemctl start named
systemctl enable named
# 检查服务状态
systemctl status named
echo "主 DNS 服务已部署,解析记录 192.168.60.200 -> chenxingyu0.com 已添加。" 现在是备dns
#!/bin/bash
# 检查是否为 root 用户
if [ "$(id -u)" != "0" ]; then
echo "请使用 root 用户运行此脚本。"
exit 1
fi
# 安装 bind 软件包
yum install -y bind bind-utils
# 备份 named.conf 文件
cp /etc/named.conf /etc/named.conf.bak
# 配置备 DNS 的 named.conf
cat << EOF > /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "chenxingyu0.com" IN {
type slave;
file "slaves/chenxingyu0.com.zone";
masters { 192.168.60.131; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
# 创建 slaves 目录
mkdir -p /var/named/slaves
chown named:named /var/named/slaves
# 配置防火墙
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
# 配置 SELinux
setsebool -P named_write_master_zones 1
setsebool -P named_read_master_zones 1
# 启动并设置开机自启
systemctl start named
systemctl enable named
# 检查服务状态
systemctl status named
echo "备 DNS 服务已部署,会从主 DNS 同步解析记录。" 最后的验证
执行命令 nslookup xxx.com 192.168.xx.xx