DNS反向解析
1.修改区域配置文件,添加反向区域配置
[ root@localhost named] # systemctl stop firewalld. service
[ root@localhost named] # setenforce 0
[ root@localhost ~ ] # yum install - y bind
[ root@localhost ~ ] # vim / etc/ named. rfc1912. zones (此配置文件里有模板,可直接使用)
zone "131.168.192.in-addr.arpa" IN {
(反向解析的地址倒过来写,这里代表解析192.168 .131 网段的地址)
type master;
file "qz.com.zone.local" ; (指定区域数据文件为qz. com. zone. local)
allow- update {
none; } ;
} ;
2.配置反向数据文件
[ root@localhost ~ ] # cd / var/ named/
[ root@localhost named] # cp - p named. localhost qz. com. zone. local(加- p选项保留源文件的权限和属主的属性复制)
[ root@localhost named] # ls
data named. empty qz. com. zone. local
dynamic named. localhost slaves
named. ca named. loopback
[ root@localhost named] # vim qz. com. zone. local
$TTL 1D
@ IN SOA qz. com. admin. qz. com. ( (这里的“@”代表192.168 .131 的网段地址)
0 ; serial
1D ; refresh
1 H ; retry
1 W ; expire
3 H ) ; minimum
NS qz. com.
A 192.168 .131 .10
200 IN PTR www. qz. com. (PTR为反向指针,反向解析192.168 .131 .200 地址结果
为www. qz. com. )
118 IN PTR mail. qz. com.
3.指定DNS服务器地址并进行测试
[ root@localhost named] # vim / etc/ resolv. conf (指定DNS服务器地址)
[ root@localhost named] # systemctl restart named
[ root@localhost named] # netstat - natup | grep 53 (使用netstat命令查看端口的网络的连接情况)
tcp 0 0 192.168 .131 .10 : 53 0.0 .0 .0 : * LISTEN 3913 / named
tcp 0 0 127.0 .0 .1 : 53 0.0 .0 .0 : * LISTEN 3913 / named
tcp 0 0 192.168 .122 .1 : 53 0.0 .0 .0 : * LISTEN 1218 / dnsmasq
tcp 0 0 127.0 .0 .1 : 953 0.0 .0 .0 : * LISTEN 3913 / named
tcp 0 36 192.168 .131 .10 : 22 192.168 .131 .1 : 53472 ESTABLISHED 3068 / sshd: root@pts
tcp6 0 0 : : 1 : 953 : : : * LISTEN 3913 / named
udp 0 0 0.0 .0 .0 : 5353 0.0 .0 .0 : * 600 / avahi- daemon: r
udp 0 0 192.168 .122 .1 : 53 0.0 .0 .0 : * 3913 / named
udp 0 0 192.168 .131 .10 : 53 0.0 .0 .0 : * 3913 / named
udp 0 0 127.0 .0 .1 : 53 0.0 .0 .0 : * 3913 / named
udp 0 0 192.168 .122 .1 : 53 0.0 .0 .0 : * 1218 / dnsmasq
[ root@localhost named] # host 192.168 .131 .118
118.131 .168 .192 . in- addr. arpa domain name pointer mail. qz. com.
[ root@localhost named] # host 192.168 .131 .200
200.131 .168 .192 . in- addr. arpa domain name pointer www. qz. com.
DNS主从服务器配置
1.修改主域名服务器的正、反区域配置文件
[ root@localhost / ] # vim / etc/ named. rfc1912. zones
zone "qz.com" IN {
type master; (类型为主区域)
file "qz.com.zone" ;
allow- transfer {
192.168 .131 .11 ; } ; (允许从服务器下载正向区域数据,这里添加从服务器的IP地址)
} ;
zone "131.168.192.in-addr.arpa" IN {
type master;
file "qz2.com.zone.local" ;
allow- transfer {
192.168 .131 .11 ; } ;
} ;
2.修改从域名服务器的主配置文件
[ root@localhost ~ ] # yum - y install bind
options {
listen- on port 53 {
192.168 .131 .11 ; } ; (监听53 端口,IP地址使用提供从服务器服务的本地
IP即可,也可用any代表所有)
#listen- on- v6 port 53 {
: : 1 ; } ; (IPV6,注释或删除)
directory "/var/named" ;
dump- file "/var/named/data/cache_dump.db" ;
statistics- file "/var/named/data/named_stats.txt" ;
memstatistics- file "/var/named/data/named_mem_stats.txt" ;
recursing- file "/var/named/data/named.recursing" ;
secroots- file "/var/named/data/named.secroots" ;
allow- query {
any; } ; (允许使用本DNS解析服务的网段,也可用
any代表所有)
3.在从域名服务器区域配置文件里添加正、反区域配置
zone "qz.com" IN {
type slave; (此处将类型修改成从区域)
file "slaves/qz.com.zone" ; (下载的区域数据文件保存到slaves/ 目录下)
masters {
192.168 .131 .10 ; } ; (指定主服务器的IP地址)
} ;
zone "131.168.192.in-addr.arpa" IN {
type slave;
file "slaves/qz2.com.zone.local" ;
masters {
192.168 .131 .10 ; } ;
} ;
4.重启主、从服务器的服务,并查看区域数据文件是否已下载成功
[ root@localhost / ] # systemctl restart named
[ root@localhost / ] # ls - l / var/ named/ slaves/
总用量 8
- rw- r-- r-- . 1 named named 353 1 月 17 18 : 22 qz2. com. zone. local
- rw- r-- r-- . 1 named named 327 1 月 17 18 : 22 qz. com. zone
5.在测试机的域名解析配置文件中添加主从DNS服务器地址
[ root@localhost ~ ] # vim / etc/ resolv. conf (也可用echo命令对/ etc/ resolv. conf进行覆盖)
# Generated by NetworkManager
nameserver 192.168 .131 .10
nameserver 192.168 .131 .11
6.进行主服务器故障测试
[ root@localhost / ] # systemctl stop named. service (停止主服务器的服务)
[ root@localhost ~ ] # nslookup 192.168 .131 .166
Server: 192.168 .131 .11
Address: 192.168 .131 .11 #53
166.131 .168 .192 . in- addr. arpa name = mail. qz. com.
[ root@localhost ~ ] # nslookup www. qz. com
Server: 192.168 .131 .11
Address: 192.168 .131 .11 #53
Name: www. qz. com
Address: 192.168 .131 .30
[ root@localhost / ] # systemctl restart named. service (重启主服务器的服务)
[ root@localhost ~ ] # nslookup 192.168 .131 .166
Server: 192.168 .131 .10
Address: 192.168 .131 .10 #53
166.131 .168 .192 . in- addr. arpa name = mail. qz. com.
[ root@localhost ~ ] # nslookup www. qz. com
Server: 192.168 .131 .10
Address: 192.168 .131 .10 #53
Name: www. qz. com
Address: 192.168 .131 .30