闲来无事下载了最新的Zimbra在Centos下进行了最简单的单机配置,以下把过程进行下说明:

环境说明:

操作系统:Centos 7.1.1503

安装配置:最小安装

Zimbra软件版本:zcs-8.6.0_GA_1153.RHEL7_64.20141215151110

主机IP:172.16.0.100

主机名称:mail.pek.corp

主机配置DNS服务并使用阿里云DNS进行转发,同时提供内部DNS服务。以下是配置过程:

  1. 首先配置DNS服务

    ZImbra系统安装时要求先配置邮件域的MX记录。

Setup DNS A Record
Ensure you have a Reverse lookup zone
Setup MX Record

login as: root

修改本机名称

[root@mail01 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.0.100    mail.pek.corp. mail

禁用 SELINUX服务
Enter this at command line:
setenforce 0

Update selinux config file
vi  /etc/selinux/config
selinux=permissive

安装BIND服务软件包及网络工具

[root@mail01 ~]# yum -y install bind*

[root@mail01 ~]# yum -y install net-tools

[root@mail01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens160"
UUID="b14554bd-669e-457f-a85f-62a402f8c960"
DEVICE="ens160"
ONBOOT="yes"
IPADDR="172.16.0.100"
PREFIX="24"
GATEWAY="172.16.0.1"
DNS1="172.16.0.100"
DOMAIN="pek.corp"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"

修改本机DNS指向

[root@mail01 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search pek.corp
nameserver 172.16.0.100

重启网络服务是以上修改即时生效
[root@mail01 ~]# service network restart
Restarting network (via systemctl):                        [  OK  ]
[root@mail01 ~]#

开始配置DNS服务
[root@mail01 ~]# vi /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
//       listen-on port 53 { 127.0.0.1; };
          listen-on port 53 { 172.16.0.100; };
//       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//        allow-query     { localhost; };

        allow-query     { any; };

forwarders { 223.5.5.5; 223.6.6.6; };

      /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

//dnssec-enable yes;
// dnssec-validation yes;

      dnssec-enable no;
      dnssec-validation no;

      dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@mail01 ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "172.16.0.zone";
        allow-update { none; };
};

zone "pek.corp" IN {
        type master;
        file "pek.corp.zone";
        allow-update { none; };
};


[root@mail01 ~]# cp /var/named/named.empty /var/named/pek.corp.zone
[root@mail01 ~]# cp /var/named/named.empty /var/named/172.16.0.zone

[root@mail01 ~]# vi /var/named/pek.corp.zone

$TTL 3H
@       IN SOA  mail  mail.pek.corp. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN      NS      mail.pek.corp.
        IN      MX      10 mail.pek.corp.
mail    IN      A       172.16.0.100


[root@mail01 ~]# vi /var/named/172.16.0.zone


$TTL 3H
@       IN SOA  mail mail.pek.corp. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN      NS      mail.pek.corp.
100     IN      PTR     mail.pek.corp.

 

[root@mail ~]# chown -R named.named /var/named/

[root@mail ~]# ls -l /var/named/
total 24
-rw-r-----. 1 named named  180 Sep 15 23:29 172.16.0.zone
drwxr-x---. 7 named named   56 Sep 15 22:43 chroot
drwxr-x---. 7 named named   56 Sep 15 22:43 chroot_sdb
drwxrwx---. 2 named named   22 Sep 15 23:23 data
drwxrwx---. 2 named named   58 Sep 16 00:29 dynamic
drwxrwx---. 2 named named    6 Mar  6  2015 dyndb-ldap
-rw-r-----. 1 named named 2076 Jan 28  2013 named.ca
-rw-r-----. 1 named named  152 Dec 15  2009 named.empty
-rw-r-----. 1 named named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 named named  168 Dec 15  2009 named.loopback
-rw-r-----. 1 named named  198 Sep 15 23:16 pek.corp.zone
drwxrwx---. 2 named named    6 Sep  3 18:35 slaves

[root@mail ~]# systemctl restart named.service
[root@mail ~]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
   Active: active (running) since Wed 2015-09-16 00:28:40 CST; 14s ago
  Process: 2072 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 2084 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 2082 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
Main PID: 2087 (named)
   CGroup: /system.slice/named.service
           └─2087 /usr/sbin/named -u named

Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost.localdomain/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0....0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost/IN: loaded serial 0
Sep 16 00:28:40 mail.pek.corp named[2087]: all zones loaded
Sep 16 00:28:40 mail.pek.corp named[2087]: running
Sep 16 00:28:40 mail.pek.corp named[2087]: zone 0.16.172.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp systemd[1]: Started Berkeley Internet Name Dom....
Sep 16 00:28:41 mail.pek.corp named[2087]: managed-keys-zone: No DNSKEY RRSI...s
Hint: Some lines were ellipsized, use -l to show in full.


[root@mail ~]# nslookup
> mail.pek.corp
Server:         172.16.0.100
Address:        172.16.0.100#53

Name:   mail.pek.corp
Address: 172.16.0.100
> set ty=mx
> pek.corp
Server:         172.16.0.100
Address:        172.16.0.100#53

pek.corp        mail exchanger = 10 mail.pek.corp.
> 172.16.0.100
Server:         172.16.0.100
Address:        172.16.0.100#53

100.0.16.172.in-addr.arpa       name = mail.pek.corp.

至此DNS服务配置完毕,下一期介绍后续安装步骤