Shulou(Shulou.com)06/03 Report--

Configure forward and reverse parsing and master-slave synchronization of DNS

Prepare:

This lab is based on two centos6.5 with kernel version 2.6.32-431.el6.x86_64

Configure time synchronization

# echo "# update system date by jiajie at 20170506" > > / var/spool/cron/root # echo "* / 5 * / usr/sbin/ntpdate time.nist.gov > / dev/null 2 > & 1" > / var/spool/cron/root

Turn off the firewall and SELINUX

# service iptables stop# setenforce sed-I "s/SELINUX=enforcing/SELINUX=disabled/" / etc/selinux/config

The master DNS server IP for this lab is 192.168.1.16, and the IP of the slave DNS server is 192.168.1.20.

Master server: supports forward and reverse parsing, slave server: forward and reverse parsing

Start configuring the primary server (IP:192.168.1.16)

Installation software # yum-y install bind bind-libs bind-utils version: bind.x86_64 32 0.62.rc1.el6_9.1 bind-libs.x86_64 9.8.2-0.62.rc1.el6_9.1 bind-libs.x86_64 32 bind.x86_64 9.8.2-0.62.rc1.el6_9.1 bind-utils.x86_64 32 bind.x86_64 9.8.2-0.62.rc1.el6_9.1

Configure the database file for forward parsing; configure the configuration file for the primary DNS server (only modified ones are listed):

# cat / etc/named.confoptions {listen-on port 53 {192.168.1.16; 127.0.0.1;}; / / or delete this line / / listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db" Statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; recursion yes; / / dnssec-enable yes; / / dnssec-validation yes / * Path to ISC DLV key * / / bindkeys-file "/ etc/named.iscdlv.key"; / / managed-keys-directory "/ var/named/dynamic";}; * define the forward region * add the following ZONE (note the format and symbols) # tail / etc/named.rfc1912.zones zone "jiajie.com" IN {type master; file "jiajie.zone";}

Create a zone resolution library file:

# vim / var/named/jiajie.com.zone $TTL 1D$ORIGIN jiajie.com.@ IN SOA ns1.jiajie.com. Jjzgood.126.com. (20170507 1H 10M 5D 1D) IN NS ns1 IN NS ns2 IN MX 10 mx1 IN MX 20 mx2ns1 IN A 192.168.1.16ns2 IN A 192.168.1.20mx1 IN A 192.168.1.17mx2 IN A 192.168.1.18www IN A 192.168.1.16www IN A 192.169.1.20ftp IN CNAME www

Modify permissions and belonging groups:

# chown: named/ var/named/jiajie.zone # chmod 640 / var/named/jiajie.zone

Error checking and restarting services:

# named-checkconf # named-checkzone "jiajie.com" / var/named/jiajie.zone zone jiajie.com/IN: loaded serial 20170507 OK# service named restart# rndc status

Phenomenon:

# host-t A www.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: www.jiajie.com has address 192.169.1.20www.jiajie.com has address 192.168.1.The host-t A mx1.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: mx1.jiajie.com has address 192.168.1. Host-t A ftp.jiajie.com 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: ftp.jiajie.com is an alias for www.jiajie.com.www.jiajie.com has address 192.168.1.16www.jiajie.com has address 192.169.1.20

From the phenomenon, we can see that the primary DNS server we configured is successful.

Configure reverse resolution: add reverse zone:

# tail / etc/named.rfc1912.zoneszone "1.168.192.in-addr.arpa" IN {type master; file "192.168.1.zone";}

Add a reverse zone parsing library file:

# vim / var/named/192.168.1.zone $TTL 1D @ IN SOA ns1.jiajie.com. Jjzgood.126.com. (20170507 1H 10M 5D 1D) IN NS ns1.jiajie.com. IN NS ns2.jiajie.com. 16 IN PTR ns1.jiajie.com.16 IN PTR www.jiajie.com.20 IN PTR ns2.jiajie.com.20 IN PTR www.jiajie.com.17 IN PTR mx1.jiajie.com.18 IN PTR mx2.jiajie.com.

Check and reload:

# named-checkconf # named-checkzone "192.168.1.in-addr.arpa" / var/named/192.168.1.zone zone 192.168.1.in-addr.arpa/IN: loaded serial 20170507OK# rndc reloadserver reload successful

View phenomena:

# host-t ptr 192.168.1.16 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 16.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.16.1.168.192.in-addr.arpa domain name pointer ns1.jiajie.com.# host-t ptr 192.168.1.20 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192. 168.1.16#53Aliases: 20.1.168.192.in-addr.arpa domain name pointer www.jiajie.com.20.1.168.192.in-addr.arpa domain name pointer ns2.jiajie.com.# host-t ptr 192.168.1.17 192.168.1.16Using domain server:Name: 192.168.1.16Address: 192.168.1.16#53Aliases: 17.1.168.192.in-addr.arpa domain name pointer mx1.jiajie.com.

WINDOWS platform View:

Configure the slave server (IP:192.168.1.20):

Be careful

The slave server should be a separate server.

There must be a NS record in the zone resolution library of the master server.

The slave server only needs to define the zone and does not need to configure the parsing library file.

Download the installation package:

Yum-y install bind yum-y install bind-utils

Configure the profile of the slave server

# vim / etc/named.confoptions {listen-on port 53 {192.168.1.20; 127.0.0.1;}; / / listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; allow-query {any;}; recursion yes;// dnssec-enable yes;// dnssec-validation yes;/ * Path to ISC DLV key * / / bindkeys-file "/ etc/named.iscdlv.key"; / / managed-keys-directory "/ var/named/dynamic";}

Add a zone file:

# vim / etc/named.rfc1912.zoneszone "jiajie.com" IN {type slave; masters {192.168.1.16;}; file "slaves/jiajie.com.zone";}; zone "1.168.192.in-addr.arpa" IN {type slave; masters {192.168.1.16;}; file "slaves/192.168.1.zone";}

Error checking and loading:

# named-checkconf # rndc reload

Symptom: at this point you will see that there are two files in the / var/named/slaves/ directory (we didn't create them). The slave service has automatically copied the parsing library files of the master server.

# ll / var/named/slaves/192.168.1.zone jiajie.com.zone

At this point, you add or modify the data in the parsing library on the master server, and then add the serial number to 1, and the master server will notify the slave service to "copy" the data.

Troubleshooting:

Generally speaking, the error lies in the format or symbol problem, and most of the problems can be eliminated by being careful.

I have the following problems when configuring the reverse parsing library file to check for errors:

# named-checkzone "192.168.1.in-addr.arpa" / var/named/192.168.1.zone / var/named/192.168.1.zone:3: ignoring out-of-zone data (1.168.192.in-addr.arpa) / var/named/192.168.1.zone:11: ignoring out-of-zone data (16.1.168.192.in-addr.arpa) / var/named/192.168.1.zone:12: ignoring out- Of-zone data (16.1.168.192.in-addr.arpa) / var/named/192.168.1.zone:13: ignoring out-of-zone data (20.1.168.192.in-addr.arpa) / var/named/192.168.1.zone:14: ignoring out-of-zone data (20.1.168.192.in-addr.arpa) / var/named/192.168.1.zone:15: ignoring out-of-zone data (17.1. 168.192.in-addr.arpa) / var/named/192.168.1.zone:16: ignoring out-of-zone data (18.1.168.192.in-addr.arpa) zone 192.168.1.in-addr.arpa/IN: has 0 SOA recordszone 192.168.1.in-addr.arpa/IN: has no NS recordszone 192.168.1.in-addr.arpa/IN: not loaded due to errors.

Although an error is reported, reverse parsing can still be used. I failed to ask for help in many ways, and it turned out that all I had to do was delete the $ORIGIN 1.168.192.in-addr.arpa in / var/named/192.158.1.zone. This line is supposed to be optional, and it is written just to make it easier to understand.

2017-5-7 11:55:42

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.