本地主DNS服務器IP地址:192.168.10.3
本地從DNS服務器IP地址:192.168.10.4
轉發DNS服務器IP地址:192.168.10.2(本項目網關)、114.114.114.114
1.主服務器
1.1.主服務器安裝bind軟件包
yum install bind* -y
1.2.更改主服務器名稱
hostnamectl set-hostname masterdns.txzz8888.nw --static
reboot
1.3.修改named.conf配置文件
vim /etc/named.conf配置文件如下
options {
listen-on port 53 { 127.0.0.1; 192.168.10.3; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 192.168.10.0/24; };
allow-query-cache { localhost; 192.168.10.0/24; };
allow-recursion { localhost; 192.168.10.0/24; };
forwarders { 192.168.10.2; 114.114.114.114; };
recursion yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "txzz8888.nw" IN {
type master;
file "txzz8888.nw.zone";
allow-transfer { 192.168.10.4; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "10.168.192.zone";
allow-transfer { 192.168.10.4; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1.4.正向解析配置
在1.3.修改配置文件中添加 39-43行內容
cd /var/named/
cp -p named.localhost txzz8888.nw.zone
vim txzz8888.nw.zone默認配置
修改後的配置
1.5.驗證正向配置文件是否有錯誤
named-checkzone txzz8888.com txzz8888.nw.zone
named-checkconf
1.6.修改resolv配置
vim /etc/resolv.conf
vim /etc/NetworkManager/system-connections/ens160.nmconnection
1.7.反向解析配置
在1.3.修改配置文件中添加 45-49行內容
cd /var/named/
cp -p named.loopback 10.168.192.zone
vim 10.168.192.zone默認配置
修改後配置
1.8.驗證反向配置文件是否有錯誤
named-checkzone 10.168.192.in-addr.arpa 10.168.192.zone
named-checkconf
1.9.啓動named服務
systemctl restart named
systemctl enable named
1.10.關閉selinux
1.11.防火牆設置
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
1.12.dig域名解析工具測試
dig masterdns.txzz8888.nw @192.168.10.3
1.13.ping測試
2.從服務器
1.1.從服務器安裝bind軟件包
參照主服務器安裝bind軟件包
1.2.更改從服務器名稱
hostnamectl set-hostname slavesdns.txzz8888.nw --static
reboot
1.3.備份named默認配置文件
mv /etc/named.conf /etc/named1.conf.bak1.4.從主服務器複製named配置文件到本地
scp -p root@192.168.10.3:/etc/named.conf /etc/
1.5.更改named配置文件屬主、屬組
chown root.named /etc/named.conf1.6.從服務器named配置文件中刪除主zone
1.7.從服務器named配置文件中添加從zone
1.8.驗證配置文件是否有錯誤
named-checkconf1.9.啓動從服務器named服務
systemctl restart named
systemctl enable named1.10.關閉selinux
1.11.防火牆設置
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload1.12.ping測試
3.驗證是否同步
1.1.查看/var/named/slaves文件夾下是否有從主服務器同步過來的文件
從服務器named服務沒啓動前
從服務器named服務啓動後
4.解析測試
