DNS详解及DNS主从配置(4)

停止 named：.                                              [确定]

启动 named：                                               [确定]

测试1：DNS服务器自身IP反解析成功

[root@cp1 ~]# dig @192.168.147.137 -x 192.168.147.137

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @192.168.147.137 -x 192.168.147.137

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38679

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;137.147.168.192.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:

137.147.168.192.in-addr.arpa. 86400 IN  PTR     ns.123.com.

;; AUTHORITY SECTION:

147.168.192.in-addr.arpa. 86400 IN      NS      ns.123.com.

;; ADDITIONAL SECTION:

ns.123.com.             86400   IN      A       192.168.134.128

;; Query time: 0 msec

;; SERVER: 192.168.147.137#53(192.168.147.137)

;; WHEN: Tue Mar 14 00:00:02 2017

;; MSG SIZE  rcvd: 100

测试2：域192.168.147内的任意主机都能反解析成功

[root@cp1 ~]# dig @192.168.147.137 -x 192.168.147.138

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @192.168.147.137 -x 192.168.147.138

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50957

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;138.147.168.192.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:

138.147.168.192.in-addr.arpa. 86400 IN  PTR     mail.123.com.

;; AUTHORITY SECTION:

147.168.192.in-addr.arpa. 86400 IN      NS      ns.123.com.

;; ADDITIONAL SECTION:

ns.123.com.             86400   IN      A       192.168.134.128

;; Query time: 0 msec

;; SERVER: 192.168.147.137#53(192.168.147.137)

;; WHEN: Tue Mar 14 00:01:31 2017

;; MSG SIZE  rcvd: 105

测试3：不在域192.168.147内的IP反解析失败：

[root@cp1 ~]# dig @192.168.147.137 -x 192.168.123.138

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @192.168.147.137 -x 192.168.123.138

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37175

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;138.123.168.192.in-addr.arpa.  IN      PTR

;; Query time: 1240 msec

;; SERVER: 192.168.147.137#53(192.168.147.137)

;; WHEN: Tue Mar 14 00:01:58 2017

;; MSG SIZE  rcvd: 46

dns服务器主从配置：

主DNS服务器：192.168.147.137

从DNS服务器：192.168.147.138

在从DNS服务器上192.168.147.138:

安装DNS：

[root@cp2 ~]# yum install -y bind

编辑主配置：

[root@cp2 ~]# vim /etc/named.conf

注释掉以下两行，表示监听所有IP

//      listen-on port 53 { 127.0.0.1; };

//      listen-on-v6 port 53 { ::1; };

在最后面添加与主DNS一样的域配置，稍作修改如下：

zone "123.com" IN {

type slave;

file "slaves/123.com.zone";

masters { 192.168.147.137; };

};

zone "147.168.192.in-addr.arpa" IN {

type slave;

file "slaves/147.168.192.zone";

masters { 192.168.147.137; };

};

检查主配置文件是否有错：

[root@cp2 ~]# named-checkconf

启动：

[root@cp2 ~]# /etc/init.d/named start

Generating /etc/rndc.key:                                  [确定]