DNS（二）使用bind搭建DNS

一、 环境信息
1、操作系统信息

# uname -r
3.10.0-1062.9.1.el7.x86_64
# more /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

2、IP地址信息
1）主DNS：10.30.20.118
2）从DNS：10.30.20.74

二、DNS部署

1、软件部署，如下操作主从DNS操作都一样

# yum install bind-utils bind bind-devel bind-chroot
# echo QNObIlVlY4cNir | base64            
UU5PYklsVmxZNGNOaXIK

# vim /etc/named.conf
options {
  version "1.1.1";
  listen-on port 53 {any;};
  directory "/var/named/chroot/etc/";
  allow-query { any; };
  Dump-file "/var/named/chroot/var/log/binddump.db";
  Statistics-file "/var/named/chroot/var/log/named_stats";
  zone-statistics yes;
  memstatistics-file "log/mem_stats";
  empty-zones-enable no;
  forwarders {223.5.5.5;223.6.6.6; };
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "UU5PYklsVmxZNGNOaXIK";
};

controls {
       inet 127.0.0.1 port 953
       allow { 127.0.0.1; } keys { "rndc-key"; };
 };

logging {
  channel warning {
    file "/var/named/chroot/var/log/dns_warning" versions 10 size 10m;
    severity warning;
    print-category yes;
    print-severity yes;
    print-time yes;
  };
  channel general_dns {
    file "/var/named/chroot/var/log/dns_log" versions 10 size 100m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
  };
  category default {
    warning;
  };
  category queries {
    general_dns;
  };
};

include "/var/named/chroot/etc/view.conf";

# vim /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "UU5PYklsVmxZNGNOaXIK";
};

# vim /etc/rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "UU5PYklsVmxZNGNOaXIK";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

2、主DNS

# vim /var/named/chroot/etc/view.conf
view "View" {
  zone "ts.lan" {
        type    master;
        file    "ts.lan.zone";
        allow-transfer {
                10.30.20.74;
        };
        notify  yes;
        also-notify {
                10.30.20.74;
        };
  };
};

# more /var/named/chroot/etc/ts.lan.zone
$ORIGIN .
$TTL 3600       ; 1 hour DNS缓存时间
ts.lan                  IN SOA  op.ts.lan. dns.ts.lan. (
                                2000       ; serial                    序列号，代表数据的新旧，用于主从DNS的数据同步
                                900        ; refresh (15 minutes)        从DNS多长时间跟主DNS同步一次
                                600        ; retry (10 minutes)        如果从DNS无法与主DNS通信，多久后进行重试
                                86400      ; expire (1 day)            如果从DNS超过此时间无法与主DNS通信，就不再与主DNS通信了，直到重启从DNS服务
                                3600       ; minimum (1 hour)
                                )
                        NS      op.ts.lan.
$ORIGIN ts.lan.
op                A      10.30.20.118
test              A      10.30.20.118

测试
# dig @127.0.0.1 test.ts.lan

3、从DNS

# more /var/named/chroot/etc/view.conf
view "View" {
  zone "ts.lan" {
    type    slave;
    file    "ts.lan.zone";
    masters {10.30.20.118; };
  };
};
# systemctl start named
# dig @10.30.20.74 test.ts.lan

4、主从DNS同步测试

在主DNS修改dns记录，并更新serial+1

# systemctl reload named
# host test.ts.lan 10.30.20.118
Using domain server:
Name: 10.30.20.118
Address: 10.30.20.118#53
Aliases: 

test.ts.lan has address 192.168.1.1

# host test.ts.lan 10.30.20.74
Using domain server:
Name: 10.30.20.74
Address: 10.30.20.74#53
Aliases: 

test.ts.lan has address 192.168.1.1