智能DNS安裝配置
智能DNS安裝配置
1、DNS-master安裝配置
1. bind 安裝
# cd /usr/src/
# wget ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz
# tar zxf bind-9.8.1-P1.tar.gz
# cd bind-9.8.1-P1
# ./configure --prefix=/usr/local/named --enable-threads --disable-openssl-version-check
# make && make install
2. 生成rndc配置文件rndc.conf
# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
3.生成配置文件named.conf
# cd /usr/local/named/etc/
# tail -n10 rndc.conf |head -n9|sed -e s/#\//g >named.conf
4.生成key,用於主從view同步實驗
每一個視圖使用一個key,用於主從view同步驗證
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST beijing
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST shenyang
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST any
查看一下key的具體內容,其中紅色部分是須要添加到bind的主配置文件中
# more Kbeijing.+157+15717.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: bo0JTr29wbjaGGQDTA+2Sg==
Bits: AAA=
Created: 20140327010301
Publish: 20140327010301
Activate: 20140327010301
5. 新建acl
收集各個大區的IP地址,而後新建ACL,將蒐集到IP放到對應的ACL中
# mkdir /usr/local/named/var/named
# vim /usr/local/named/var/named/beijing.acl //北京地區用戶訪問時使用的ACL,可加多個北京IP地址
acl bejing{
192.168.0.96;
};
# vim /usr/local/named/var/named/shenyang.acl
acl shenyang {
192.168.0.91;
};
6. 設置主配置文件named.conf
一共創建了三個view,分別是beijing,shenyang,any.其中beijing爲北京用戶處理查詢請求,shengyang爲瀋陽用戶處理查詢請求,any負責處理其餘的地區用戶的查詢請求
# vim /usr/local/named/etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "FsC08CBCt2z50GRc6zpojg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/named/var/named";
};
logging {
channel warning {
file "warning.log" versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes; };
channel query {
file "query.log" versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes; };
category default { warning; };
category queries { query; };
};
key beijing-key {
algorithm hmac-md5;
secret "bo0JTr29wbjaGGQDTA+2Sg==";
};
key shenyang-key {
algorithm hmac-md5;
secret "cysQcshAlJtnMqqIjxxVrw==";
};
key any-key {
algorithm hmac-md5;
secret "FWUReH/kX8Q15nxeepjzbQ==";
};
include "/usr/local/named/var/named/beijing.acl";
include "/usr/local/named/var/named/shenyang.acl";
view "beijing" {
match-clients { !key shenyang-key; !key any-key; key beijing-key;beijing; };
recursion yes;
allow-transfer {key beijing-key;};
server 192.168.0.99 {keys beijing-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "beijing.damai.com.zone";
};
};
view "shenyang" {
match-clients { !key beijing-key; !key any-key; key shenyang-key;shenyang; };
recursion yes;
allow-transfer {key shenyang-key;};
server 192.168.0.99 {keys shenyang-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "shenyang.damai.com.zone";
};
};
view "any" {
match-clients { !key beijing-key; !key shenyang-key; key any-key;any; };
recursion yes;
allow-transfer {key any-key;};
server 192.168.0.99 {keys any-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "any.damai.com.zone";
};
};
注: 關於配置文件中key 的書寫語法咱們根據自帶的rndc的key語法書寫去寫就行,而後把key的名字改成對應名字,key內容改爲咱們剛纔所生成key的紅色部分;配置文件中include指定的是acl;
7. 生成根區域配置文件
# /usr/local/named/bin/dig -t NS . > /usr/local/named/var/named/named.root
8. 撰寫北京,瀋陽,any的區域文件
# cat /usr/local/named/var/named/beijing.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
@ IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.90
video IN A 192.168.0.80
# cat /usr/local/named/var/named/shenyang.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.91
video IN A 192.168.0.81
# cat /usr/local/named/var/named/any.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.92
video IN A 192.168.0.82
9.啓動BIND
9.1 檢查named.conf配置文件
#/usr/local/named/sbin/named-checkconf
9.2 檢查zone配置文件
#/usr/local/named/sbin/named-checkzone zone名稱 zone文件名
例如:
# /usr/local/named/sbin/named-checkzone beijing.damai.com /usr/local/named/var/named/beijing.damai.com.zone
9.3 調試模式啓動bind
-g參數的意思是前臺執行bind,這會輸出啓動的信息,發現沒有嚴重的錯誤後,再把g參數刪除從新以/usr/local/bind/sbin/named方式後臺啓動bind。
#/usr/local/named/sbin/named -g
9.4 設置開機啓動
#echo "/usr/local/bind/sbin/named -c /usr/local/named/etc/named.conf" >> /etc/rc.d/rc.local
9.5 狀態查看
#/usr/local/named/sbin/rndc status
9.6 手動添加記錄
直接添加刪除或修改zone文件裏的記錄,須要執行rndc reload zone名稱重載
如#/usr/local/named/sbin/rndc realod
9.7 啓動BIND
# /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
9.8 主的dns服務器在修改了正向解析文件跟反向分解析文件時,要修改相應的 serial(一般是加數值,這個值必須主的要大於從的,要不一樣步不了)
2、DNS-slave安裝配置
1. bind 安裝
# cd /usr/src/
# wget ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz
# tar zxf bind-9.8.1-P1.tar.gz
# cd bind-9.8.1-P1
# ./configure --prefix=/usr/local/named --enable-threads --disable-openssl-version-check
# make && make install
2. 生成rndc配置文件rndc.conf
# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
3.生成配置文件named.conf
# cd /usr/local/named/etc/
# tail -n10 rndc.conf |head -n9|sed -e s/#\//g >named.conf
4. 將 DNS -master服務器上的/usr/local/named/var/named整個目錄拷貝到 DNS -slaveslave服務器的/usr/local/named/var/目錄下
5. 設置主配置文件named.conf
# cat /usr/local/named/etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "csa61V3IF58VjNV82qkeCw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/named/var/named";
};
logging {
channel warning {
file "warning.log" versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes; };
channel query {
file "query.log" versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes; };
category default { warning; };
category queries { query; };
};
key beijing-key {
algorithm hmac-md5;
secret "bo0JTr29wbjaGGQDTA+2Sg==";
};
key shenyang-key {
algorithm hmac-md5;
secret "cysQcshAlJtnMqqIjxxVrw==";
};
key any-key {
algorithm hmac-md5;
secret "FWUReH/kX8Q15nxeepjzbQ==";
};
include "/usr/local/named/var/named/beijing.acl";
include "/usr/local/named/var/named/shenyang.acl";
view "beijing" {
match-clients { !key shenyang-key; !key any-key; key beijing-key;beijing; };
recursion yes;
allow-transfer {key beijing-key;};
server 192.168.0.99 {keys beijing-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "beijing.damai.com.zone";
};
};
view "shenyang" {
match-clients { !key beijing-key; !key any-key; key shenyang-key;shenyang; };
recursion yes;
allow-transfer {key shenyang-key;};
server 192.168.0.99 {keys shenyang-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "shenyang.damai.com.zone";
};
};
view "any" {
match-clients { !key beijing-key; !key shenyang-key; key any-key;any; };
recursion yes;
allow-transfer {key any-key;};
server 192.168.0.99 {keys any-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "any.damai.com.zone";
};
};
6. 啓動BIND
# /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
3、測試
用dig測試
智能DNS安裝配置
1、DNS-master安裝配置
1. bind 安裝
# cd /usr/src/
# wget ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz
# tar zxf bind-9.8.1-P1.tar.gz
# cd bind-9.8.1-P1
# ./configure --prefix=/usr/local/named --enable-threads --disable-openssl-version-check
# make && make install
2. 生成rndc配置文件rndc.conf
# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
3.生成配置文件named.conf
# cd /usr/local/named/etc/
# tail -n10 rndc.conf |head -n9|sed -e s/#\//g >named.conf
4.生成key,用於主從view同步實驗
每一個視圖使用一個key,用於主從view同步驗證
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST beijing
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST shenyang
# /usr/local/named/sbin/dnssec-keygen -a hmac-md5 -b 128 -n HOST any
查看一下key的具體內容,其中紅色部分是須要添加到bind的主配置文件中
# more Kbeijing.+157+15717.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: bo0JTr29wbjaGGQDTA+2Sg==
Bits: AAA=
Created: 20140327010301
Publish: 20140327010301
Activate: 20140327010301
5. 新建acl
收集各個大區的IP地址,而後新建ACL,將蒐集到IP放到對應的ACL中
# mkdir /usr/local/named/var/named
# vim /usr/local/named/var/named/beijing.acl //北京地區用戶訪問時使用的ACL,可加多個北京IP地址
acl bejing{
192.168.0.96;
};
# vim /usr/local/named/var/named/shenyang.acl
acl shenyang {
192.168.0.91;
};
6. 設置主配置文件named.conf
一共創建了三個view,分別是beijing,shenyang,any.其中beijing爲北京用戶處理查詢請求,shengyang爲瀋陽用戶處理查詢請求,any負責處理其餘的地區用戶的查詢請求
# vim /usr/local/named/etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "FsC08CBCt2z50GRc6zpojg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/named/var/named";
};
logging {
channel warning {
file "warning.log" versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes; };
channel query {
file "query.log" versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes; };
category default { warning; };
category queries { query; };
};
key beijing-key {
algorithm hmac-md5;
secret "bo0JTr29wbjaGGQDTA+2Sg==";
};
key shenyang-key {
algorithm hmac-md5;
secret "cysQcshAlJtnMqqIjxxVrw==";
};
key any-key {
algorithm hmac-md5;
secret "FWUReH/kX8Q15nxeepjzbQ==";
};
include "/usr/local/named/var/named/beijing.acl";
include "/usr/local/named/var/named/shenyang.acl";
view "beijing" {
match-clients { !key shenyang-key; !key any-key; key beijing-key;beijing; };
recursion yes;
allow-transfer {key beijing-key;};
server 192.168.0.99 {keys beijing-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "beijing.damai.com.zone";
};
};
view "shenyang" {
match-clients { !key beijing-key; !key any-key; key shenyang-key;shenyang; };
recursion yes;
allow-transfer {key shenyang-key;};
server 192.168.0.99 {keys shenyang-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "shenyang.damai.com.zone";
};
};
view "any" {
match-clients { !key beijing-key; !key shenyang-key; key any-key;any; };
recursion yes;
allow-transfer {key any-key;};
server 192.168.0.99 {keys any-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type master;
file "any.damai.com.zone";
};
};
注: 關於配置文件中key 的書寫語法咱們根據自帶的rndc的key語法書寫去寫就行,而後把key的名字改成對應名字,key內容改爲咱們剛纔所生成key的紅色部分;配置文件中include指定的是acl;
7. 生成根區域配置文件
# /usr/local/named/bin/dig -t NS . > /usr/local/named/var/named/named.root
8. 撰寫北京,瀋陽,any的區域文件
# cat /usr/local/named/var/named/beijing.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
@ IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.90
video IN A 192.168.0.80
# cat /usr/local/named/var/named/shenyang.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.91
video IN A 192.168.0.81
# cat /usr/local/named/var/named/any.damai.com.zone
@ 3600 IN SOA damai.com. root.damai.com. (
20140328 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS damai.com.
IN A 192.168.0.99
pic IN A 192.168.0.92
video IN A 192.168.0.82
9.啓動BIND
9.1 檢查named.conf配置文件
#/usr/local/named/sbin/named-checkconf
9.2 檢查zone配置文件
#/usr/local/named/sbin/named-checkzone zone名稱 zone文件名
例如:
# /usr/local/named/sbin/named-checkzone beijing.damai.com /usr/local/named/var/named/beijing.damai.com.zone
9.3 調試模式啓動bind
-g參數的意思是前臺執行bind,這會輸出啓動的信息,發現沒有嚴重的錯誤後,再把g參數刪除從新以/usr/local/bind/sbin/named方式後臺啓動bind。
#/usr/local/named/sbin/named -g
9.4 設置開機啓動
#echo "/usr/local/bind/sbin/named -c /usr/local/named/etc/named.conf" >> /etc/rc.d/rc.local
9.5 狀態查看
#/usr/local/named/sbin/rndc status
9.6 手動添加記錄
直接添加刪除或修改zone文件裏的記錄,須要執行rndc reload zone名稱重載
如#/usr/local/named/sbin/rndc realod
9.7 啓動BIND
# /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
9.8 主的dns服務器在修改了正向解析文件跟反向分解析文件時,要修改相應的 serial(一般是加數值,這個值必須主的要大於從的,要不一樣步不了)
2、DNS-slave安裝配置
1. bind 安裝
# cd /usr/src/
# wget ftp://ftp.isc.org/isc/bind9/9.8.1-P1/bind-9.8.1-P1.tar.gz
# tar zxf bind-9.8.1-P1.tar.gz
# cd bind-9.8.1-P1
# ./configure --prefix=/usr/local/named --enable-threads --disable-openssl-version-check
# make && make install
2. 生成rndc配置文件rndc.conf
# /usr/local/named/sbin/rndc-confgen > /usr/local/named/etc/rndc.conf
3.生成配置文件named.conf
# cd /usr/local/named/etc/
# tail -n10 rndc.conf |head -n9|sed -e s/#\//g >named.conf
4. 將 DNS -master服務器上的/usr/local/named/var/named整個目錄拷貝到 DNS -slaveslave服務器的/usr/local/named/var/目錄下
5. 設置主配置文件named.conf
# cat /usr/local/named/etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "csa61V3IF58VjNV82qkeCw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/usr/local/named/var/named";
};
logging {
channel warning {
file "warning.log" versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes; };
channel query {
file "query.log" versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes; };
category default { warning; };
category queries { query; };
};
key beijing-key {
algorithm hmac-md5;
secret "bo0JTr29wbjaGGQDTA+2Sg==";
};
key shenyang-key {
algorithm hmac-md5;
secret "cysQcshAlJtnMqqIjxxVrw==";
};
key any-key {
algorithm hmac-md5;
secret "FWUReH/kX8Q15nxeepjzbQ==";
};
include "/usr/local/named/var/named/beijing.acl";
include "/usr/local/named/var/named/shenyang.acl";
view "beijing" {
match-clients { !key shenyang-key; !key any-key; key beijing-key;beijing; };
recursion yes;
allow-transfer {key beijing-key;};
server 192.168.0.99 {keys beijing-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "beijing.damai.com.zone";
};
};
view "shenyang" {
match-clients { !key beijing-key; !key any-key; key shenyang-key;shenyang; };
recursion yes;
allow-transfer {key shenyang-key;};
server 192.168.0.99 {keys shenyang-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "shenyang.damai.com.zone";
};
};
view "any" {
match-clients { !key beijing-key; !key shenyang-key; key any-key;any; };
recursion yes;
allow-transfer {key any-key;};
server 192.168.0.99 {keys any-key;};
zone "." IN {
type hint;
file "named.root";
};
zone "damai.com" IN {
type slave;
masters { 192.168.0.99; };
file "any.damai.com.zone";
};
};
6. 啓動BIND
# /usr/local/named/sbin/named -c /usr/local/named/etc/named.conf
3、測試
用dig測試
vim
- 1. 智能DNS 配置參考
- 2. Ubuntu DNS 安裝及配置
- 3. dns安裝及配置
- 4. dns bind 安裝和配置
- 5. dns安裝配置小結
- 6. DNS bind的安裝配置
- 7. DNS server 安裝配置
- 8. 爛泥:智能DNS使用與配置
- 9. DNS配置安裝和DNS主從配置
- 10. 使用BIND安裝智能DNS服務器 添加view和acl配置
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. eclipse設置粘貼字符串自動轉義
- 2. android客戶端學習-啓動模擬器異常Emulator: failed to initialize HAX: Invalid argument
- 3. android.view.InflateException: class com.jpardogo.listbuddies.lib.views.ListBuddiesLayout問題
- 4. MYSQL8.0數據庫恢復 MYSQL8.0ibd數據恢復 MYSQL8.0恢復數據庫
- 5. 你本是一個肉體,是什麼驅使你前行【1】
- 6. 2018.04.30
- 7. 2018.04.30
- 8. 你本是一個肉體,是什麼驅使你前行【3】
- 9. 你本是一個肉體,是什麼驅使你前行【2】
- 10. 【資訊】LocalBitcoins達到每週交易比特幣的7年低點
- 1. 智能DNS 配置參考
- 2. Ubuntu DNS 安裝及配置
- 3. dns安裝及配置
- 4. dns bind 安裝和配置
- 5. dns安裝配置小結
- 6. DNS bind的安裝配置
- 7. DNS server 安裝配置
- 8. 爛泥:智能DNS使用與配置
- 9. DNS配置安裝和DNS主從配置
- 10. 使用BIND安裝智能DNS服務器 添加view和acl配置