闲来无事下载了最新的Zimbra在Centos下进行了最简单的单机配置,以下把过程进行下说明:
环境说明:
操作系统:Centos 7.1.1503
安装配置:最小安装
Zimbra软件版本:zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
主机IP:172.16.0.100
主机名称:mail.pek.corp
主机配置DNS服务并使用阿里云DNS进行转发,同时提供内部DNS服务。以下是配置过程:
首先配置DNS服务
ZImbra系统安装时要求先配置邮件域的MX记录。
Setup DNS A Record
Ensure you have a Reverse lookup zone
Setup MX Record
login as: root
修改本机名称
[root@mail01 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.0.100 mail.pek.corp. mail
禁用 SELINUX服务
Enter this at command line:
setenforce 0
Update selinux config file
vi /etc/selinux/config
selinux=permissive
安装BIND服务软件包及网络工具
[root@mail01 ~]# yum -y install bind*
[root@mail01 ~]# yum -y install net-tools
[root@mail01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens160"
UUID="b14554bd-669e-457f-a85f-62a402f8c960"
DEVICE="ens160"
ONBOOT="yes"
IPADDR="172.16.0.100"
PREFIX="24"
GATEWAY="172.16.0.1"
DNS1="172.16.0.100"
DOMAIN="pek.corp"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
修改本机DNS指向
[root@mail01 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search pek.corp
nameserver 172.16.0.100
重启网络服务是以上修改即时生效
[root@mail01 ~]# service network restart
Restarting network (via systemctl): [ OK ]
[root@mail01 ~]#
开始配置DNS服务
[root@mail01 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };
listen-on port 53 { 172.16.0.100; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-query { any; };
forwarders { 223.5.5.5; 223.6.6.6; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
//dnssec-enable yes;
// dnssec-validation yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@mail01 ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "0.16.172.in-addr.arpa" IN {
type master;
file "172.16.0.zone";
allow-update { none; };
};
zone "pek.corp" IN {
type master;
file "pek.corp.zone";
allow-update { none; };
};
[root@mail01 ~]# cp /var/named/named.empty /var/named/pek.corp.zone
[root@mail01 ~]# cp /var/named/named.empty /var/named/172.16.0.zone
[root@mail01 ~]# vi /var/named/pek.corp.zone
$TTL 3H
@ IN SOA mail mail.pek.corp. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.pek.corp.
IN MX 10 mail.pek.corp.
mail IN A 172.16.0.100
[root@mail01 ~]# vi /var/named/172.16.0.zone
$TTL 3H
@ IN SOA mail mail.pek.corp. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.pek.corp.
100 IN PTR mail.pek.corp.
[root@mail ~]# chown -R named.named /var/named/
[root@mail ~]# ls -l /var/named/
total 24
-rw-r-----. 1 named named 180 Sep 15 23:29 172.16.0.zone
drwxr-x---. 7 named named 56 Sep 15 22:43 chroot
drwxr-x---. 7 named named 56 Sep 15 22:43 chroot_sdb
drwxrwx---. 2 named named 22 Sep 15 23:23 data
drwxrwx---. 2 named named 58 Sep 16 00:29 dynamic
drwxrwx---. 2 named named 6 Mar 6 2015 dyndb-ldap
-rw-r-----. 1 named named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 named named 152 Dec 15 2009 named.empty
-rw-r-----. 1 named named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 named named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 named named 198 Sep 15 23:16 pek.corp.zone
drwxrwx---. 2 named named 6 Sep 3 18:35 slaves
[root@mail ~]# systemctl restart named.service
[root@mail ~]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Wed 2015-09-16 00:28:40 CST; 14s ago
Process: 2072 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2084 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2082 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
Main PID: 2087 (named)
CGroup: /system.slice/named.service
└─2087 /usr/sbin/named -u named
Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost.localdomain/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0....0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost/IN: loaded serial 0
Sep 16 00:28:40 mail.pek.corp named[2087]: all zones loaded
Sep 16 00:28:40 mail.pek.corp named[2087]: running
Sep 16 00:28:40 mail.pek.corp named[2087]: zone 0.16.172.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp systemd[1]: Started Berkeley Internet Name Dom....
Sep 16 00:28:41 mail.pek.corp named[2087]: managed-keys-zone: No DNSKEY RRSI...s
Hint: Some lines were ellipsized, use -l to show in full.
[root@mail ~]# nslookup
> mail.pek.corp
Server: 172.16.0.100
Address: 172.16.0.100#53
Name: mail.pek.corp
Address: 172.16.0.100
> set ty=mx
> pek.corp
Server: 172.16.0.100
Address: 172.16.0.100#53
pek.corp mail exchanger = 10 mail.pek.corp.
> 172.16.0.100
Server: 172.16.0.100
Address: 172.16.0.100#53
100.0.16.172.in-addr.arpa name = mail.pek.corp.
至此DNS服务配置完毕,下一期介绍后续安装步骤