Linux network DNS configuration reverse analysis and construction of master-slave domain name server

1. DNS reverse resolution

①Configure reverse analysis

1. Edit the main configuration file

vim /etc/named.conf
options {
    
    
  listen-on-v6 poet 53 {
    
     any; };              #监听53端口，IP地址使用提供服务的本地IP，也可用any代表所有
#   listen-on-v6 port 53 {
    
     : :1; };                      #ipv6注释掉或者删除
  directory       "/var/named";                          #区域数据文件的默认存放位置
  dump- file      "/var/ named/data/cache_ dump . db";   #域名缓存数据库文件的位置
  statistics-file "/var/named/data/named stats.txt";     #状态统计文件的位置
  memstatistics-file "/var/named/data/named_ mem_ stats. txt";    #内存统计文件的位置
  allow-query       {
    
     any; };                            #允许使用本DNS解析服务的网段，也可用any代表所有

2. Modify zone configuration file, add reverse zone configuration

vim /etc/named.rfc1912.zones						#文件里有模版，可复制粘贴后修改
zone "172.168.192.in-addr.arpa" IN {
    
    			#反向解析的地址倒过来写，代表解析192.168.172段的地址
        type master;
        file "zhangsan.com.zone.local";			#指定区域数据文件为zhangsan.com.zone.local
        allow-update {
    
     none; };
};

3. Configure the reverse zone data file

d /var/named/
cp -p named.localhost zhangsan.com.zone.local
vim /var/named/zhangsan.com.zone.local
$TTL 1D
@       IN SOA  zhangsan.com. admin.zhangsan.com. (		#这里的“@”代表192.168.172段地址
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      zhangsan.com.
        A       192.168.172.10
20 IN  PTR     www.zhangsan.com.

#PTR为反向指针，反向解析192.168.172.20地址结果为www.zhangsan.com.

4. Restart the service to test

systemctl restart named
host 192.168.172.10
nslookup 192.168.172.10

②Configure reverse analysis (illustration example)

1. Edit the main configuration file

2. Modify zone configuration file, add reverse zone configuration

3. Configure the reverse zone data file

4. Restart the service to test

Second, build a master-slave domain name server

1. Modify the zone configuration file of the primary domain name server, modify the forward and reverse zone configuration

vim /etc/ named. rfc1912. zone
zone "zhangsan.com" IN {
    
    
         type master;                         #类型为主区域
         file "zhangsan.com.zone";
         allow-transfer {
    
     192.168.172.20; } ;  #允许从服务器下载正向区域数据，这里添从服务器的IP地址
};

zone "172.168.192.in-addr.arpa" IN {
    
    
       type master;
file "zhangsan.com.zone.local";
allow-transfer {
    
     192.168.172.20; } ;
};

2. Modify the master configuration file of the slave domain name server

yum -y install bind
vim /etc/named.conf
options {
    
    
    listen-on port 53 {
    
     any; };	#监听53端口，ip地址使用提供服务的本地IP即可，也可用any代表所有
#    listen-on-v6 port 53 {
    
     ::1; };			
    directory       "/var/named";			
    dump-file       "/var/named/data/cache_dump.db";	
    statistics-file "/var/named/data/named_stats.txt";	
    memstatistics-file "/var/named/data/named_mem_stats.txt";	
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     {
    
     any; }; 				#允许使用本DNS解析服务的网段，也可用any代表所有
	……
｝

3. Modify the zone configuration file from the domain name server, add positive and negative zone configuration

vim /etc/named.rfc1912.zones
zone "zhangsan.com" IN {
    
    
		type slave;							#类型为从区域
		masters {
    
     192.168.172.10; };			#指定主服务器的IP地址
		file "slaves/zhangsan.com.zone";   	#下载的区域数据文件保存到slaves/目录下
};

zone "172.168.192.in-addr.arpa" IN {
    
    	
        type slave;
		masters {
    
     192.168.172.10; };
        file "slaves/zhangsan.com.zone.local";
};

4. Both the master and slave restart the service, turn off the firewall, and check whether the area data file has been downloaded successfully

systemctl restart named    
systemctl stop firewalld     
setenforce 0
ls -l /var/named/slaves/

5. Add the slave DNS server address in the client's domain name resolution configuration file

echo "nameserver 192.168.172.10" >> /etc/resolv.conf
echo "nameserver 192.168.163.20" >> /etc/resolv.conf

6. Test

host 192.168.172.100
nslookup 192.168.172.100

#停止主服务器的服务，模拟主服务器故障
systemctl stop named
host 192.168.172.100
nslookup 192.168.172.100

Establish master-slave domain name server (illustrated example)

Our experiment continues to use the last reverse analysis client
1. Modify the zone configuration file of the main domain name server, modify the forward and reverse zone configuration

2. Modify the main configuration file of the slave domain name server (a new virtual machine is opened)

3. Modify the zone configuration file of the slave domain name server, and add positive and negative zone configurations

Here we turn off the DNS service of the main server for testing