##########dns部署
#工具包bind-libs bind-utils
#服务软件包bind
#主配置文件1
cat /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#主配置文件2
cat /etc/named.rfc1912.zones
zone "luoliyu.com" IN {
type master;
file "luoliyu.com.zone";
allow-transfer {172.20.10.2;};
};
zone "10.20.172.in-addr.arpa" {
type master;
file "luoliyu.com.reverse";
allow-transfer {172.20.10.2;};
};
#正向区域文件
cat /var/named/luoliyu.com.zone
$TTL 86400
$ORIGIN luoliyu.com.
@ IN SOA luoliyu.com. admin.luoliyu.com. (
2019020402; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
);
@ IN NS ns1.luoliyu.com.
ns1 IN A 172.20.10.8
www IN A 172.20.10.8
ftp IN A 172.20.10.8
luoliyu.com. IN MX 10 mail.luoliyu.com.
mail IN A 172.20.10.8
#反向区域文件
cat /var/named/luoliyu.com.reverse
$TTL 86400
$ORIGIN 10.20.172.in-addr.arpa.
@ IN SOA luoliyu.com. admin.luoliyu.com. (
2019020402;
1D;
1H;
1W;
3H;
);
IN NS luoliyu.com.
8 IN PTR ns1.luoliyu.com.
2 IN PTR ns2.luoliyu.com.
8 IN PTR www.luoliyu.com.
8 IN PTR ftp.luoliyu.com.
8 IN PTR mail.luoliyu.com.
chgrp named /var/named/luoliyu.com.zone /var/named/luoliyu.com.reverse
chmod 640 /var/named/luoliyu.com.zone /var/named/luoliyu.com.reverse
ll /var/named/ |grep luoliyu.com
-rw-r----- 1 root named 273 Feb 4 14:53 luoliyu.com.reverse
-rw-r----- 1 root named 419 Feb 4 14:52 luoliyu.com.zone
#检测配置文件语法
named-checkconf
#检测域配置文件语法
[root@vm6 ~]# named-checkzone luoliyu.com /var/named/luoliyu.com.zone
zone luoliyu.com/IN: aa.luoliyu.com/NS 'ns1.aa.luoliyu.com' (out of zone) has no addresses records (A or AAAA)
zone luoliyu.com/IN: loaded serial 2019020402
OK
[root@vm6 ~]# named-checkzone 10.20.172.in-addr.arpa /var/named/luoliyu.com.reverse
zone 10.20.172.in-addr.arpa/IN: loaded serial 2019020402
OK
#启动及开机自启
systemctl start named && systemctl enable named
#正向测试
nslookup www.luoliyu.com
dig +trace -t NS luoliyu.com @172.20.10.8
dig +trace -t A www.luoliyu.com @172.20.10.8
#反向测试
dig -x 172.20.10.8 @172.20.10.8
##########从dns
#主dns配置文件/etc/named.conf
allow-query {any};
#主dns配置文件/etc/named.rfc1912.zones
allow-transfer {172.20.10.2;};
#主dns区域文件/var/named/luoliyu.com.zone,加NS和A记录,ns2为从dns
@ IN NS ns2.luoliyu.com.
ns2 IN A 172.20.10.2
#从dns主配置文件1
cat /etc/named.conf
#从dns主配置文件2
cat /etc/named.rfc1912.zones
zone "luoliyu.com" IN {
type slave;
file "slaves/luoliyu.com.zone"; ##同步后的文件位置
masters {172.20.10.8;}; #指定主服务器的地址
};
zone "10.20.172.in-addr.arpa" {
type slave;
file "slaves/luoliyu.com.reverse";
masters {172.20.10.8;};
};
#启动看日志如下
axfr #完全传送
#主dns日志
Feb 4 19:51:01 vm6 systemd: Started Berkeley Internet Name Domain (DNS).
Feb 4 19:51:29 vm6 named[10004]: client 172.20.10.2#45720 (luoliyu.com): transfer of 'luoliyu.com/IN': AXFR started
Feb 4 19:51:29 vm6 named[10004]: client 172.20.10.2#45720 (luoliyu.com): transfer of 'luoliyu.com/IN': AXFR ended
Feb 4 19:51:29 vm6 named[10004]: client 172.20.10.2#46381: received notify for zone 'luoliyu.com'
Feb 4 19:51:29 vm6 named[10004]: client 172.20.10.2#37719 (10.20.172.in-addr.arpa): transfer of '10.20.172.in-addr.arpa/IN': AXFR started
Feb 4 19:51:29 vm6 named[10004]: client 172.20.10.2#37719 (10.20.172.in-addr.arpa): transfer of '10.20.172.in-addr.arpa/IN': AXFR ended
#从dns日志
Feb 4 11:51:29 localhost systemd: Started Berkeley Internet Name Domain (DNS).
Feb 4 11:51:29 localhost systemd: Reached target Host and Network Name Lookups.
Feb 4 11:51:29 localhost named[37663]: zone luoliyu.com/IN: Transfer started.
Feb 4 11:51:29 localhost named[37663]: transfer of 'luoliyu.com/IN' from 172.20.10.8#53: connected using 172.20.10.2#45720
Feb 4 11:51:29 localhost named[37663]: zone luoliyu.com/IN: transferred serial 2019020401
Feb 4 11:51:29 localhost named[37663]: transfer of 'luoliyu.com/IN' from 172.20.10.8#53: Transfer completed: 1 messages, 10 records, 252 bytes, 0.001 secs (252000 bytes/sec)
Feb 4 11:51:29 localhost named[37663]: zone luoliyu.com/IN: sending notifies (serial 2019020401)
Feb 4 11:51:30 localhost named[37663]: zone 10.20.172.in-addr.arpa/IN: Transfer started.
Feb 4 11:51:30 localhost named[37663]: transfer of '10.20.172.in-addr.arpa/IN' from 172.20.10.8#53: connected using 172.20.10.2#37719
Feb 4 11:51:30 localhost named[37663]: zone 10.20.172.in-addr.arpa/IN: transferred serial 2019020401
Feb 4 11:51:30 localhost named[37663]: transfer of '10.20.172.in-addr.arpa/IN' from 172.20.10.8#53: Transfer completed: 1 messages, 8 records, 238 bytes, 0.003 secs (79333 bytes/sec)
Feb 4 11:51:32 localhost named[37663]: client 172.20.10.8#53317: received notify for zone 'luoliyu.com'
Feb 4 11:51:32 localhost named[37663]: zone luoliyu.com/IN: notify from 172.20.10.8#53317: zone is up to date
ixfr #增量传送
Feb 4 14:53:07 vm6 named[7821]: zone luoliyu.com/IN: sending notifies (serial 2019020402)
Feb 4 14:53:07 vm6 systemd: Started Berkeley Internet Name Domain (DNS).
Feb 4 14:53:07 vm6 named[7821]: client 172.20.10.2#56383 (luoliyu.com): transfer of 'luoliyu.com/IN': AXFR-style IXFR started
Feb 4 14:53:07 vm6 named[7821]: client 172.20.10.2#56383 (luoliyu.com): transfer of 'luoliyu.com/IN': AXFR-style IXFR ended
#测试,
ll /var/named/slaves/
total 8
-rw-r--r--. 1 named named 369 Feb 5 11:23 luoliyu.com.reverse
-rw-r--r--. 1 named named 557 Feb 5 11:34 luoliyu.com.zone
##########子域授权:
#主dns配置文件/var/named/luoliyu.com.zone
$ORIGIN aa.luoliyu.com.
@ IN NS ns1.aa.luoliyu.com.
ns1 IN A 172.20.10.4
#子域服务器的配置文件/etc/named.conf
#子域服务器的配置文件/etc/named.rfc1912.zones
cat /etc/named.rfc1912.zones
zone "aa.luoliyu.com" IN {
type master;
file "aa.luoliyu.com.zone";
allow-transfer {172.20.10.0/24;};
};
#子域服务器的区域文件
cat /var/named/aa.luoliyu.com.zone
$TTL 86400
$ORIGIN aa.luoliyu.com.
@ IN SOA aa.luoliyu.com. admin.aa.luoliyu.com. (
2019020402; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)
@ IN NS ns1.aa.luoliyu.com.
ns1 IN A 172.20.10.4
#测试。。。
##########dns的view视图
#zone必须放在view中,
acl telecom {
172.20.10.0/16;
127.0.0.0/8;
};
acl unicom {
192.168.0.0/24;
};
options {
directory "/var/named";
allow-recursion { telecom; };
};
view telecom {
match-clients { telecom; };
zone "luoliyu.com" IN {
type master;
file "telecom.luoliyu.com.zone";
};
};
view unicom {
match-clients { any; };
zone "luoliyu.com" IN {
type master;
file "unicom.luoliyu.com.zone";
};
};
#view unicom {
# match-clients { unicom; };
# zone "luoliyu.com" IN {
# type master;
# file "unicom.luoliyu.com.zone";
# };
#};
dns厂商
dnspod
www.dns.la
###########日志功能,
#查询日志不建议开启,严重影响性能,考虑因素(network)
logging {
channel default_debug {
file "data/named.run" versions 3 size 10M;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
category quries {
default_debug #使用这个channel
};
};
#在这里severity是日志级别的意思
channel defines target for logs
Can syslog to any facility or use a file
Channels allow you to filter by message severity
Similar to syslog severity
critical error warning notice info debug [level] dynamic
debug and dynamic are unique to BIND
default is info
Additional options for verbose output
print-severity
log the severity level of messages
print-category
log the category of messages
print-time
log the date and timeof messages
Note: syslog() already records this information
Four predefined channels are:
channel “default_syslog” { syslog daemon; severity info; }
channel “default_debug” { file “named.run”; severity dynamic; }
channel “default_stderr” { stderr; severity info; };
channel “null” { null; };
category statement associates a category with a channel for logging
Fifteen categories to choose from
default Defines default channel for categories
general Catch-all category for unclassified messages
client Client request problems
config Configuration file problems
dispatch Dispatch of inbound packets to internal server modules
dnssec DNSSEC and TSIG
lame-servers Problems due to remote server misconfiguration
network Related to network operations
notify NOTIFY announcements
queries Query processing
resolver Recursive query processing
security Accepted or denied requests
update Dynamic updates
xfer-in Zone transfers received by the server
xfer-out Zone transfers sent by the server
#源码编译有
queryperf: #做压力测试
dnstop: #监控工具
使用如下:
cat test #10w,20w条合适
www.luoliyu.com A
ftp.luoliyu.com A
queryperf -d test -s 172.20.10.8
dnstop -4 -Q -R ens33
浙公网安备 33010602011771号