反向bind配置
host
host解析
[root@qq named]# host -t A www.magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
www.magedu.com has address 10.201.106.129
www.magedu.com has address 10.201.106.110host查詢NS和MX記錄
[root@qq named]# host -t NS magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
magedu.com name server ns2.magedu.com.
magedu.com name server ns1.magedu.com.
[root@qq named]# host -t MX magedu.com 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
magedu.com mail is handled by 20 mx2.magedu.com.
magedu.com mail is handled by 10 mx1.magedu.com.nslookup
查詢A記錄
[root@qq named]# nslookup
> server 10.201.106.129 #指明提供解析的服務器
Default server: 10.201.106.129
Address: 10.201.106.129#53
> set q=A #設置要查詢的記錄類型
> www.magedu.com #輸入要查詢的域名
Server: 10.201.106.129
Address: 10.201.106.129#53
Name: www.magedu.com
Address: 10.201.106.110
Name: www.magedu.com
Address: 10.201.106.129其它資源測試
set q=NS
magedu.com
Server: 10.201.106.129
Address: 10.201.106.129#53
magedu.com nameserver = ns1.magedu.com.
magedu.com nameserver = ns2.magedu.com.
配置反向區域
1 創建反向區域文件
[root@qq named]# vim /etc/named.rfc1912.zones
zone "106.201.10.in-addr.arpa" IN {
type master;
file "10.201.106.zone";
};
[root@qq named]# cat 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
129 IN PTR ns1.magedu.com.
129 IN PTR www.magedu.com.
130 IN PTR ns2.magedu.com.
130 IN PTR www.magedu.com.
131 IN PTR mx1.magedu.com.
132 IN PTR mx2.magedu.com.2 更改權限和檢查語法正確性
[root@qq named]# chmod 640 10.201.106.zone
[root@qq named]# ll 10.201.106.zone
-rw-r----- 1 root root 337 Aug 3 04:14 10.201.106.zone
[root@qq named]#
[root@qq named]# chown :named 10.201.106.zone
[root@qq named]#
[root@qq named]# ll 10.201.106.zone
-rw-r----- 1 root named 337 Aug 3 04:14 10.201.106.zone
[root@qq named]#
[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" 10.201.106.zone
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042201
OK
[root@qq named]# named-checkconf
[root@qq named]# 3 重新加載服務
[root@qq named]# service named reload
Reloading named: [ OK ]
查看狀態
[root@qq named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@qq named]# 4 解析測試
[root@qq named]# host -t PTR 10.201.106.129 10.201.106.129
Using domain server:
Name: 10.201.106.129
Address: 10.201.106.129#53
Aliases:
129.106.201.10.in-addr.arpa domain name pointer www.magedu.com.
129.106.201.10.in-addr.arpa domain name pointer ns1.magedu.com.
[root@qq named]#
[root@qq named]#
[root@qq named]# dig -x 10.201.106.129 @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.129 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;129.106.201.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
;; AUTHORITY SECTION:
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:06:55 2016
;; MSG SIZE rcvd: 155
[root@qq named]# dig -x 10.201.106.130 @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -x 10.201.106.130 @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25115
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;130.106.201.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.全量區域傳送
[root@qq named]# dig -t axfr magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN MX 10 mx1.magedu.com.
magedu.com. 86400 IN MX 20 mx2.magedu.com.
ftp.magedu.com. 86400 IN CNAME www.magedu.com.
mx1.magedu.com. 86400 IN A 10.201.106.131
mx2.magedu.com. 86400 IN A 10.201.106.132
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
www.magedu.com. 86400 IN A 10.201.106.129
www.magedu.com. 86400 IN A 10.201.106.130
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 4 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:13:47 2016
;; XFR size: 13 records (messages 1, bytes 311)
[root@qq named]#
傳送反向區域
[root@qq named]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 05:21:30 2016
;; XFR size: 10 records (messages 1, bytes 277)解析沒有的記錄,否定答案,後面設置泛域名(通用)域名解析
[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;pop3.magedu.com. IN A
;; AUTHORITY SECTION:
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
增加一條全部解析記錄
[root@qq named]# vi magedu.com.zone
* IN A 10.201.106.129
magedu.com. IN A 10.201.106.129 #只解析域名,只想這個IP;
重新加載
[root@qq named]# rndc reload
server reload successful
再次解析不存在的主機
[root@qq named]# dig -t A pop3.magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A pop3.magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23145
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pop3.magedu.com. IN A
;; ANSWER SECTION:
pop3.magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130主從複製
1 開啓從服務器,檢驗是否能從主服務器區域傳送過來資源
[root@ns2 ~]# dig -t axfr magedu.com @10.201.106.129
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr magedu.com @10.201.106.129
;; global options: +cmd
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
magedu.com. 86400 IN A 10.201.106.129
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
magedu.com. 86400 IN MX 10 mx1.magedu.com.
magedu.com. 86400 IN MX 20 mx2.magedu.com.
*.magedu.com. 86400 IN A 10.201.106.129
ftp.magedu.com. 86400 IN CNAME www.magedu.com.
mx1.magedu.com. 86400 IN A 10.201.106.131
mx2.magedu.com. 86400 IN A 10.201.106.132
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.130
www.magedu.com. 86400 IN A 10.201.106.129
www.magedu.com. 86400 IN A 10.201.106.130
magedu.com. 86400 IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 2 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:35:57 CST 2016
;; XFR size: 15 records (messages 1, bytes 345)
[root@ns2 ~]#
[root@ns2 ~]#
[root@ns2 ~]# dig -t axfr 106.201.10.in-addr.arpa @10.201.106.129
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t axfr 106.201.10.in-addr.arpa @10.201.106.129
;; global options: +cmd
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
106.201.10.in-addr.arpa. 86400 IN NS ns1.magedu.com.
106.201.10.in-addr.arpa. 86400 IN NS ns2.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR ns1.magedu.com.
129.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR ns2.magedu.com.
130.106.201.10.in-addr.arpa. 86400 IN PTR www.magedu.com.
131.106.201.10.in-addr.arpa. 86400 IN PTR mx1.magedu.com.
132.106.201.10.in-addr.arpa. 86400 IN PTR mx2.magedu.com.
106.201.10.in-addr.arpa. 86400 IN SOA ns1.magedu.com. admin.magedu.com. 2015042201 3600 300 604800 86400
;; Query time: 3 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Thu Aug 11 17:36:02 CST 2016
;; XFR size: 10 records (messages 1, bytes 277)
[root@ns2 ~]# 配置從服務器,只需要定義區域就行了
配置正向 從服務器
1 首先從服務器安裝bind
[root@ns2 yum.repos.d]# yum install bind -y2 編輯緩存名稱服務器的配置文件
options {
listen-on port 53 { 10.201.106.130;127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};3 檢查服務是否開啓
[root@ns2 yum.repos.d]# systemctl restart named
[root@ns2 yum.repos.d]#
[root@ns2 yum.repos.d]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-08-11 17:52:40 CST; 6s ago
Process: 23475 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 23495 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 23490 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 23500 (named)
CGroup: /system.slice/named.service
└─23500 /usr/sbin/named -u named
Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: sync...
Aug 11 17:52:40 ns2.magedu.com named[23500]: managed-keys-zone: unab...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 0.in-addr.arpa/IN:...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.127.in-addr....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost.localdom...
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone 1.0.0.0.0.0.0.0.0....
Aug 11 17:52:40 ns2.magedu.com named[23500]: zone localhost/IN: load...
Aug 11 17:52:40 ns2.magedu.com named[23500]: all zones loaded
Aug 11 17:52:40 ns2.magedu.com systemd[1]: Started Berkeley Internet...
Aug 11 17:52:40 ns2.magedu.com named[23500]: running
Hint: Some lines were ellipsized, use -l to show in full.
[root@ns2 yum.repos.d]#
[root@ns2 yum.repos.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 10 10.201.106.130:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 5 192.168.122.1:53
[root@ns2 yum.repos.d]# ss -unl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 10.201.106.130:53 *:*
UNCONN 0 0 127.0.0.1:53 *:*
UNCONN 0 0 192.168.122.1:53 *:* 4 選擇從服務器同步過來的記錄存放位置
[root@ns2 ~]# ps aux | grep named
named 23500 0.0 3.3 162736 16624 ? Ssl 17:52 0:00 /usr/sbin/named -u named
root 24379 0.1 1.0 153632 5256 pts/1 S+ 18:37 0:00 vim /etc/named.rfc1912.zones
root 24489 0.0 0.1 112644 960 pts/2 S+ 18:39 0:00 grep --color=auto named
[root@ns2 ~]#
[root@ns2 ~]# ll -d /var/named/
drwxr-x---. 5 root named 4096 Aug 11 17:46 /var/named/
[root@ns2 ~]#
[root@ns2 ~]# ll /var/named/
total 16
drwxrwx---. 2 named named 47 Aug 11 18:36 data
drwxrwx---. 2 named named 6 Nov 20 2015 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Nov 20 2015 slaves #該目錄專用於從服務器
[root@ns2 ~]#5 在bind的 /etc/named.rfc1912.zones配置正向區域
[root@ns2 named]# vim /etc/named.rfc1912.zones
zone "madedu.com" IN {
type slave;
masters { 10.201.106.129; };
file "slaves/magedu.com.zone";
};
6 重載服務,同步主服務器的資源
[root@ns2 named]# rndc reload
server reload successful
[root@zz named]# tail /var/log/messages
Jul 29 13:10:48 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:10:48 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:10:48 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:10:48 zz named[2524]: reloading configuration succeeded
Jul 29 13:10:48 zz named[2524]: reloading zones succeeded
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: connected using 10.201.106.128#42070
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: transferred serial 2015042201
Jul 29 13:10:48 zz named[2524]: transfer of 'magedu.com/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 15 records, 345 bytes, 0.008 secs (43125 bytes/sec) #15條記錄
Jul 29 13:10:48 zz named[2524]: zone magedu.com/IN: sending notifies (serial 2015042201)測試主服務器修改,從服務器是否能同步
主服務器
[root@qq named]# vim /var/named/magedu.com.zone
[root@qq named]#
[root@qq named]#
[root@qq named]# vim /var/named/magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. admin.magedu.com (
2015042203 #序列號加1
pop3 IN CNAME mx1 #新增一條記錄
[root@qq named]# named-checkzone "magedu.com." /var/named/magedu.com.zone
zone magedu.com/IN: loaded serial 2015042202
OK
[root@qq named]#
主服務器更改完記錄區域記錄後,重加加載
[root@qq named]# rndc reload
server reload successful
[root@qq named]#
[root@qq named]# tail /var/lo
local/ lock/ log/ lost+found/
[root@qq named]# tail /var/log/messages
Aug 3 09:46:04 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug 3 09:46:04 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug 3 09:46:04 qq named[19186]: sizing zone task pool based on 8 zones
Aug 3 09:46:04 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug 3 09:46:04 qq named[19186]: reloading configuration succeeded
Aug 3 09:46:04 qq named[19186]: reloading zones succeeded
Aug 3 09:46:04 qq named[19186]: zone magedu.com/IN: loaded serial 2015042203
Aug 3 09:46:04 qq named[19186]: zone magedu.com/IN: sending notifies (serial 2015042203)
Aug 3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR started #IXFR:增量備份
Aug 3 09:46:04 qq named[19186]: client 10.201.106.128#54411: transfer of 'magedu.com/IN': AXFR-style IXFR ended
從服務器
從服務器也已經同步數據過來
[root@zz slaves]# tail /var/log/messages
Jul 29 13:30:40 zz named[2524]: sizing zone task pool based on 7 zones
Jul 29 13:30:40 zz named[2524]: Warning: 'empty-zones-enable/disable-em
Jul 29 13:30:40 zz named[2524]: reloading configuration succeeded
Jul 29 13:30:40 zz named[2524]: reloading zones succeeded
Jul 29 13:34:26 zz named[2524]: client 10.201.106.129#16525: received n
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: Transfer started.
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: transferred serial
Jul 29 13:34:26 zz named[2524]: transfer of 'magedu.com/IN' from 10.201s (8704 bytes/sec)
Jul 29 13:34:26 zz named[2524]: zone magedu.com/IN: sending notifies (s
[root@zz slaves]#
[root@zz named]#
[root@zz named]# cat slaves/magedu.comzone
$ORIGIN .
$TTL 86400 ; 1 day
magedu.com IN SOA ns1.magedu.com. admin.magedu.com.magedu.com. (
2015042203 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.magedu.com.
NS ns2.magedu.com.
A 10.201.106.129
MX 10 mx1.magedu.com.
MX 20 mx2.magedu.com.
$ORIGIN magedu.com.
* A 10.201.106.129
ftp CNAME www
mx1 A 10.201.106.131
mx2 A 10.201.106.132
ns1 A 10.201.106.129
ns2 A 10.201.106.128
pop3 CNAME mx1
pop4 CNAME ns1
www A 10.201.106.129
A 10.201.106.128定義反向 從服務器
1 查看主服務器的反向區域記錄是否有從服務器的NS記錄和PTR記錄
[root@qq named]# vim 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042201
1H
5M
7D
1D )
IN NS ns1.magedu.com.
IN NS ns2.magedu.com.
129 IN PTR ns1.magedu.com.
129 IN PTR www.magedu.com.
128 IN PTR ns2.magedu.com.2 也是隻需定義named.rfc1912.zones區域文件,只需要做區域定義
vim /etc/named.rfc1912.zones
49 zone "106.201.10.in-addr.arpa" IN {
50 type slave;
51 masters { 10.201.106.129; };
52 file "slaves/10.201.106.zone";
53 };3 檢查語法,重載服務,查看日誌
[root@zz named]# named-checkconf
[root@zz named]#
[root@zz named]#
[root@zz named]# rndc reload
server reload successful
[root@zz named]#
[root@zz named]# tail /var/log/messages
Jul 29 13:58:32 zz named[2524]: using default UDP/IPv6 port range: [1024, 65535]
Jul 29 13:58:32 zz named[2524]: sizing zone task pool based on 8 zones
Jul 29 13:58:32 zz named[2524]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Jul 29 13:58:32 zz named[2524]: reloading configuration succeeded
Jul 29 13:58:32 zz named[2524]: reloading zones succeeded
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#47866
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042201
Jul 29 13:58:32 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 10 records, 277 bytes, 0.010 secs (27700 bytes/sec)
Jul 29 13:58:32 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042201)
[root@zz named]# vim /etc/named.rfc1912.zones
root@zz named]# vim /etc/named.rfc1912.zones
[root@zz named]#
[root@zz named]# ll slaves/
total 8
-rw-r--r--. 1 named named 488 Jul 29 13:58 10.201.106.zone
-rw-r--r--. 1 named named 600 Jul 29 13:34 magedu.comzone
[root@zz named]# 4 主服務器主動修改,查看從服務器是否同步
主服務器
[root@qq named]# vim 10.201.106.zone
$TTL 86400
$ORIGIN 106.201.10.in-addr.arpa.
@ IN SOA ns1.magedu.com. admin.magedu.com. (
2015042202 #序列號加1
10 IN PTR lamp.magedu.com. #增加一條記錄
[root@qq named]# named-checkzone "106.201.10.in-addr.arpa" /var/named/10.201.106.zone
zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
OK
[root@qq named]# rndc reload
[root@qq named]#
[root@qq named]# tail /var/log/messages
Aug 3 10:23:56 qq named[19186]: using default UDP/IPv4 port range: [1024, 65535]
Aug 3 10:23:56 qq named[19186]: using default UDP/IPv6 port range: [1024, 65535]
Aug 3 10:23:56 qq named[19186]: sizing zone task pool based on 8 zones
Aug 3 10:23:56 qq named[19186]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Aug 3 10:23:56 qq named[19186]: reloading configuration succeeded
Aug 3 10:23:56 qq named[19186]: reloading zones succeeded
Aug 3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: loaded serial 2015042202
Aug 3 10:23:56 qq named[19186]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
[root@qq named]#
反向從服務器
Jul 29 14:07:59 zz named[2524]: managed-keys-zone ./IN: Unable to fetch DNSKEY set '.': SERVFAIL
Jul 29 14:12:18 zz named[2524]: client 10.201.106.129#65218: received notify for zone '106.201.10.in-addr.arpa'
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: Transfer started.
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: connected using 10.201.106.128#51457
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: transferred serial 2015042202
Jul 29 14:12:18 zz named[2524]: transfer of '106.201.10.in-addr.arpa/IN' from 10.201.106.129#53: Transfer completed: 1 messages, 11 records, 300 bytes, 0.012 secs (25000 bytes/sec)
Jul 29 14:12:18 zz named[2524]: zone 106.201.10.in-addr.arpa/IN: sending notifies (serial 2015042202)
[root@zz named]# cat slaves/10.201.106.zone
$ORIGIN .
$TTL 86400 ; 1 day
106.201.10.in-addr.arpa IN SOA ns1.magedu.com. admin.magedu.com. (
2015042202 ; serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.magedu.com.
NS ns2.magedu.com.
$ORIGIN 106.201.10.in-addr.arpa.
110 PTR lamp.magedu.com.
……rndc
rndc開始查詢日誌功能
[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON #
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www ~]# rndc querylog
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
測試:
[root@www ~]# dig -t A magedu.com @10.201.106.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A magedu.com @10.201.106.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN A
;; ANSWER SECTION:
magedu.com. 86400 IN A 10.201.106.129
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com.
magedu.com. 86400 IN NS ns2.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 10.201.106.129
ns2.magedu.com. 86400 IN A 10.201.106.128
;; Query time: 1 msec
;; SERVER: 10.201.106.129#53(10.201.106.129)
;; WHEN: Wed Aug 3 10:45:47 2016
;; MSG SIZE rcvd: 112
[root@www ~]#
[root@www ~]#
[root@www ~]# tail /var/lo
local/ lock/ log/ lost+found/
[root@www ~]# tail /var/log/messages
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR started
Aug 3 10:23:56 qq named[19186]: client 10.201.106.128#51457: transfer of '106.201.10.in-addr.arpa/IN': AXFR-style IXFR ended
Aug 3 10:44:44 qq named[19186]: received control channel command 'querylog'
Aug 3 10:44:44 qq named[19186]: query logging is now on
Aug 3 10:45:14 qq named[19186]: received control channel command 'querylog'
Aug 3 10:45:14 qq named[19186]: query logging is now off
Aug 3 10:45:32 qq named[19186]: received control channel command 'querylog'
Aug 3 10:45:32 qq named[19186]: query logging is now on
Aug 3 10:45:46 qq named[19186]: client 10.201.106.128#56887: query: magedu.com IN SOA -E (10.201.106.129) #本機自己的查詢有記錄到
Aug 3 10:45:47 qq named[19186]: client 10.201.106.129#41396: query: magedu.com IN A + (10.201.106.129)
[root@www ~]# #可以從別的主機指向該服務器查詢,然後查詢日誌開啓關閉debug日誌
[root@www ~]# rndc trace 5 開啓debug日誌,並設置成5級
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 5
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@www ~]#
[root@www ~]#
[root@www ~]#
[root@www ~]# rndc tracer 0 關閉debug日誌
rndc: 'tracer' failed: unknown command
[root@www ~]# rndc trace 0
[root@www ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running