在Linux Centos7上部署DNS服务——主从架构

环境规划基于Linux CentOS7.9主DNS服务器 19.16.2.128从DNS服务器 19.16.2.129域名 fanzc.comwww A记录 19.16.2.13019.16.2.131MX邮件 19.16.2.132配置forward转发 8.8.8.8 实现上外网解析安装服务以及插件两台计算机yum-yinstallbindbind-chroot bind-utils【主服务器】编辑主配置文件 /etc/named.conf首先备份配置文件cp-av/etc/named.conf /opt/named.conf_fanzc_20260513_v1.1.1.bak将下列配置写入配置文件完整覆盖内容直接复制cat/etc/named.confEOF options { listen-on port 53 { 127.0.0.1; 19.16.2.128; }; listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; recursing-file /var/named/data/named.recursing; secroots-file /var/named/data/named.secroots; allow-query { any; }; forwarders { 8.8.8.8; 114.114.114.114; }; forward first; recursion yes; dnssec-enable no; dnssec-validation no; bindkeys-file /etc/named.root.key; managed-keys-directory /var/named/dynamic; pid-file /run/named/named.pid; session-keyfile /run/named/session.key; }; logging { channel default_debug { file data/named.run; severity dynamic; }; }; zone . IN { type hint; file named.ca; }; zone fanzc.com IN { type master; file fanzc.com.zone; allow-transfer { 19.16.2.129; }; }; include /etc/named.rfc1912.zones; include /etc/named.root.key; EOF检查配置文件语法named-checkconf-z/etc/named.conf创建域名区域文件cd/var/namedcp-avnamed.localhost fanzc.com.zonechownroot:named fanzc.com.zonechmod640fanzc.com.zone编辑vimfanzc.com.zone完整内容直接复制$TTL1D IN SOA ns.fanzc.com. admin.fanzc.com.(0;serial 1D;refresh 1H;retry 1W;expire 3H);minimum IN NS ns.fanzc.com. ns IN A19.16.2.128 IN MX10mail.fanzc.com. mail IN A19.16.2.132 www IN A19.16.2.130 www IN A19.16.2.131防火墙放行firewall-cmd--permanent--add-servicedns firewall-cmd--reload启动并开机自启systemctl start named systemctlenablenamed systemctl status named测试主DNS本机测试nslookupwww.fanzc.com19.16.2.128nslookupmail.fanzc.com19.16.2.128nslookupwww.baidu.com19.16.2.128测试结果如下[rootlocalhost named]# nslookup www.fanzc.com 19.16.2.128Server:19.16.2.128 Address:19.16.2.128#53Name: www.fanzc.com Address:19.16.2.130 Name: www.fanzc.com Address:19.16.2.131[rootlocalhost named]# nslookup mail.fanzc.com 19.16.2.128Server:19.16.2.128 Address:19.16.2.128#53Name: mail.fanzc.com Address:19.16.2.132[rootlocalhost named]# nslookup www.baidu.com 19.16.2.128Server:19.16.2.128 Address:19.16.2.128#53Non-authoritative answer: Name: www.baidu.com Address:39.156.70.46 Name: www.baidu.com Address:39.156.70.239 Name: www.baidu.com Address:2409:8c00:6c21:118b:0:ff:b0e8:f003 Name: www.baidu.com Address:2409:8c00:6c21:11eb:0:ff:b0bf:59ca【从服务器】编辑主配置 /etc/named.confcp-av/etc/named.conf /opt/named.conf_fanzc20260513xxxx_v1.1.1.bakvim/etc/named.conf完整覆盖配置文件内容options{listen-on port53{127.0.0.1;19.16.2.129;};listen-on-v6 port53{::1;};directory/var/named;allow-query{any;};forwarders{8.8.8.8;114.114.114.114;};forward first;recursionyes;dnssec-enable no;dnssec-validation no;};zone.IN{typehint;filenamed.ca;};zonefanzc.comIN{typeslave;fileslaves/fanzc.com.zone;masters{19.16.2.128;};};include/etc/named.rfc1912.zones;include/etc/named.root.key;防火墙放行firewall-cmd--permanent--add-servicedns firewall-cmd--reload启动服务systemctl start named systemctlenablenamed测试从DNSnslookupwww.fanzc.com19.16.2.129nslookupmail.fanzc.com19.16.2.129nslookupwww.baidu.com19.16.2.129测试结果如下[rootlocalhost ~]# nslookup www.fanzc.com 19.16.2.129Server:19.16.2.129 Address:19.16.2.129#53Name: www.fanzc.com Address:19.16.2.131 Name: www.fanzc.com Address:19.16.2.130[rootlocalhost ~]# nslookup mail.fanzc.com 19.16.2.129Server:19.16.2.129 Address:19.16.2.129#53Name: mail.fanzc.com Address:19.16.2.132[rootlocalhost ~]# nslookup www.baidu.com 19.16.2.129Server:19.16.2.129 Address:19.16.2.129#53Non-authoritative answer: Name: www.baidu.com Address:39.156.70.239 Name: www.baidu.com Address:39.156.70.46 Name: www.baidu.com Address:2409:8c00:6c21:11eb:0:ff:b0bf:59ca Name: www.baidu.com Address:2409:8c00:6c21:118b:0:ff:b0e8:f003DNS服务的主从架构【主服务器】主配置文件第32行为类型master代表主机第33行表示地址库文件名称第34行表示允许从服务器从主服务器传输地址库文件地址库文件在之前的地址库文件中做出修改第3行这是该区域文件的版本号。通常采用 YYYYMMDDNN 的格式年月日序号。例如 2026051301 表示 2026 年 5月 13 日第 1次修改。作用从服务器Slave会定期检查主服务器Master的这个数字。如果从服务器发现主服务器的序列号比自己大就会判定数据已更新从而触发区域传输Zone Transfer下载新的数据。关键点每次修改区域文件后必须手动增加这个数字否则从服务器会认为数据没有变化不会同步更新。重启服务systemctl restart named【从服务器】修改从服务器配置文件添加以下内容保证同步过来的地址库文件明文显示否则是密文乱码显示masterfile-format text;写入DNS服务器到/etc/resolv/confechonameserver 19.16.2.128/etc/resolv.conf重启服务systemctl restart named查看是否从主服务器同步了地址库成功同步