Table of contents
Configuration environment of master server and slave server
dns slave server configuration
environment
If you only need the main dns server, then you only need to pick the main dns server configuration to see
I use 4 virtual machines here, you can also adjust according to your computer performance without using so many
They must be on the same network segment, mine are all on the 192.168.254.0/24 network segment
1——Windows server 2016 web server ip is: 192.168.254.4
2——Windows10 accesses the website through the domain name, the ip is: 192.168.254.3
3——Linux centos 7 from the DNS server ip: 192.168.254.2
4——Linux centos 7 main DNS server ip is: 192.168.254.1
Configuration environment of master server and slave server
main server
Turn off firewall and selinux
systemctl stop firewalld
setenforce 0
modify hostname
hostnamectl set-hostname dns1.tarro.com
# hostnamectl set-hostname The host name you want to modify
# This is dns1.tarro.com
# From the server I named him dns2.tarro.com
Modify the local dns configuration file
vi /etc/resolv.conf
to write
nameserver 192.168.254.1
nameserver 192.168.254.2# The ip of the master dns server and the slave server
Modify the hosts file and add the following content
vim /etc/hosts
192.168.254.1 dns1.tarro.com ns1
192.168.254.2 dns2.tarro.com ns2
Yum installs the bind software (the offline yum library I use here)
Linux: rpm query installation && yum installation_Bao Haichao-GNUBHCkalitarro's Blog-CSDN Blog
yum -y install bind*
from the server
Turn off firewall and selinux
systemctl stop firewalld
setenforce 0
modify hostname
hostnamectl set-hostname dns2.tarro.com
Modify the local dns configuration file
vi /etc/resolv.conf
to write
nameserver 192.168.254.1
nameserver 192.168.254.2# The ip of the master dns server and the slave server
Modify the hosts file and add the following content
vim /etc/hosts
192.168.254.1 dns1.tarro.com ns1
192.168.254.2 dns2.tarro.com ns2
yum install bind
yum -y install bind*
Master DNS configuration file
vim /etc/named.conf
listen-on port 53 { local ip; };
allow-query { that ip or network segment can be copied; };
zone "tarro.com" IN {
type master;
file "tarro.com.zone";
allow-transfer {192.168.254.2;};};
zone "254.168.192.in-addr.arpa" IN {
type master;
file "192.168.254.arpa";
allow-transfer {192.168.254.2;};};
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.254.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { 192.168.254.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "tarro.com" IN {
type master;
file "tarro.com.zone";
allow-transfer {192.168.254.2;};
};
zone "254.168.192.in-addr.arpa" IN {
type master;
file "192.168.254.arpa";
allow-transfer {192.168.254.2;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Configure the forward file
vim /var/named/tarro.com.zone
$TTL 86400
@ IN SOA tarro.com. root.tarro.com. (
2014032900
3H
15M
1W
1D )
@ IN NS dns1.tarro.com.
IN NS dns2.tarro.com.
ns1 IN A 192.168.254.1
ns2 IN A 192.168.254.2
www IN A 192.168.254.4
* IN A 192.168.254.4
Configure the reverse file
vim /var/named/192.168.254.arpa
$TTL 86400
@ IN SOA tarro.com. root.tarro.com. (
2014032900
3H
15M
1W
1D )
IN NS dns1.tarro.com.
IN NS dns2.tarro.com.
1 IN NS dns1.tarro.com.
2 IN NS dns2.tarro.com.
4 IN NS www.tarro.com.
file detection
named-checkconf -z
chown :named tarro.com.zone
chown :named 192.168.254.arpa
no problem
You can start the service systemctl start named
dns slave server configuration
vim /etc/named.conf
Then start the service and it will be synchronized
cd /var/named/slaves/
View the files from the synchronization configuration inside