搭建DNS主从服务器&&智能解析
CentOS7系统中提供的DNS服务的软件包是bind
bind:提供了域名服务器的主要程序及相关文件(系统服务为named)
bind-utils :提供nslookup、dig等相关命令
bind-libs:提供了 bind、bind-utils 需要使用的库函数
bind-chroot:为BIND服务提供一个伪装的根目录(将/var/named/chroot文件夹作为BIND
的根目录)以提高安全性。也称为 jail(监牢)机制
安装bind软件
yum –y install bind*修改配置文件之前先要将配置文件备份
cp etc/named.conf /etc/named.conf$(date +%Y%m%d)vim /etc/named.conf
1 options {
2 listen-on port 53 { 192.168.10.11; };
3 // listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 recursing-file "/var/named/data/named.recursing";
9 secroots-file "/var/named/data/named.secroots";
10 allow-query { any; };
11 forwarders { 114.114.114.114; };
12
13 recursion yes;
14
15 dnssec-enable yes;
16 dnssec-validation yes;
17
18 /* Path to ISC DLV key */
19 bindkeys-file "/etc/named.iscdlv.key";
20
21 managed-keys-directory "/var/named/dynamic";
22
23 pid-file "/run/named/named.pid";
24 session-keyfile "/run/named/session.key";
25 };
26
27 logging {
28 channel default_debug {
29 file "data/named.run";
30 severity dynamic;
31 };
32 };
33
34 zone "zhangshy7.com" IN {
35 type master;
36 file "zhangshy7.com.zone";
37 allow-transfer { any; };
38 };
39 zone "10.168.192.in-addr.arpa" IN {
40 type master;
41 file "192.168.10.arpa";
42 allow-transfer { any; };
43 };
44 /*
45 include "/etc/named.rfc1912.zones";
46 include "/etc/named.root.key";
47 */
修改完配置文件后进行语法检测
named-checkconf /etc/named.conf
启动服务
systemctl start named指定客户机DNS服务器为缓存服务器
vim /etc/resolv.conf
nameserver 192.168.10.11
nameserver 192.168.10.20
在客户端测试
nslookup www.zhangshy7.com系统提示找不到nslookup命令。用以下命令查看nslookup命令需要安装那个包:
yum provides */nslookup
经过查找发现nslookup命令需要安装bind-utils
yum –y install bind-utils
nslookup www.zhangshy7.com
构建正向解析域
进入/var/named/目录下复制模板文件,根据自己的域名命名cp加上-p参数是在复制的时候将该文件的属性一同复制。具体修改内容如下:
cp -p named.empty zhangshy7.com.zone
vim zhangshy7.com.zone
$TTL 1D
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
NS zhangshy7.com
MX 10 mail.zhangshy7.com
www A 192.168.10.11
* A 192.168.10.11
在配置完zone文件后,检查域文件是否正确:
named-checkzone zhangshy7.com zhangshy7.com.zone
构建反向解析域
cp –p named.empty 192.168.10.arpa
vim 192.168.10.arpa
$TTL 3H
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
11 PTR www.zhangshy7.com检查域文件
named-checkzone 10.168.192.in-addr.arpa 192.168.10.arpa
重启服务进行DNS主服务器测试
systemctl restart named
搭建DNS从服务器
安装bind与主服务器相同
修改配置文件
1 options {
2 listen-on port 53 { 192.168.10.20; };
3 listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 recursing-file "/var/named/data/named.recursing";
9 secroots-file "/var/named/data/named.secroots";
10 allow-query { any; };
11
12 recursion yes;
13
14 dnssec-enable yes;
15 dnssec-validation yes;
16
17 /* Path to ISC DLV key */
18 bindkeys-file "/etc/named.iscdlv.key";
19
20 managed-keys-directory "/var/named/dynamic";
21
22 pid-file "/run/named/named.pid";
23 session-keyfile "/run/named/session.key";
24 };
25
26 logging {
27 channel default_debug {
28 file "data/named.run";
29 severity dynamic;
30 };
31 };
32
33 zone "zhangshy7.com" IN {
34 type slave;
35 masters { 192.168.10.11; };
36 file "slaves/zhangshy7.com.zone";
37 };
38 zone "10.168.192.in-addr.arpa" IN {
39 type slave;
40 masters { 192.168.10.11; };
41 file "slaves/192.168.10.arpa";
42 };
43
44 /*
45 include "/etc/named.rfc1912.zones";
46 include "/etc/named.root.key";
47 */检查主配置文件是否有语法问题
named-checkconf /etc/named.conf
启动从服务器检查是否同步
systemctl start named
ll /var/named/slaves/
到此为止说明DNS主从服务器已经搭建完成
在客户机测试
保存配置,重启网卡是配置生效
关掉DNS主服务器
搭建DNS智能解析服务器
搭建网关服务器
先添加网卡
重启服务器
通过命令 ip a查看网卡名称
进入网卡目录cd /etc/sysconfig/network-scripts/复制ifcfg-ens33文件名称为ifcfg-ens37和ifcfg-ens38
修改ifcfg-ens37和ifcfg-ens38文件
修改完配置文件后重启网卡是配置生效
systemctl restart network测试连通性
修改配置文件
1 options {
2 listen-on port 53 { 192.168.10.11; };
3 listen-on-v6 port 53 { ::1; };
4 directory "/var/named";
5 dump-file "/var/named/data/cache_dump.db";
6 statistics-file "/var/named/data/named_stats.txt";
7 memstatistics-file "/var/named/data/named_mem_stats.txt";
8 recursing-file "/var/named/data/named.recursing";
9 secroots-file "/var/named/data/named.secroots";
10 allow-query { any; };
11 recursion yes;
12
13 dnssec-enable yes;
14 dnssec-validation yes;
15
16 /* Path to ISC DLV key */
17 bindkeys-file "/etc/named.iscdlv.key";
18
19 managed-keys-directory "/var/named/dynamic";
20
21 pid-file "/run/named/named.pid";
22 session-keyfile "/run/named/session.key";
23 };
24
25 logging {
26 channel default_debug {
27 file "data/named.run";
28 severity dynamic;
29 };
30 };
31 /*
32 zone "." IN {
33 type hint;
34 file "named.ca";
35 };
36
37 include "/etc/named.rfc1912.zones";
38 include "/etc/named.root.key";
39 */
40 acl lan {
41 192.168.10.0/24;
42 };
43 acl lt {
44 192.168.20.0/24;
45 };
46 acl dx {
47 192.168.30.0/24;
};
49 view "lan" {
50 match-clients {
51 localhost;
52 lan;
53 };
54 recursion yes;
55 zone "zhangshy7.com" IN {
56 type master;
57 file "zhangshy7.com.zone.lan";
58 };
59 };
60 view "lt" {
61 match-clients { lt; };
62 zone "zhangshy7.com" IN {
63 type master;
64 file "zhangshy7.com.zone.lt";
65 };
66 };
67 view "dx" {
68 match-clients { dx; };
69 zone "zhangshy7.com" IN {
70 type master;
71 file "zhangshy7.com.zone.dx";
72 };
73
74 };
75 view "other" {
76 match-clients { any; };
77 zone "zhangshy7.com" IN {
78 type master;
79 file "zhangshy7.com.zone.other";
80 };
81 };
创建联通、电信、移动、其它的正向解析文件
[root@server1 named]# cat zhangshy7.com.zone.dx
$TTL 3H
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
ns1 A 192.168.30.254
www A 192.168.30.11[root@server1 named]# cat zhangshy7.com.zone.lan
$TTL 3H
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
ns1 A 192.168.10.11
www A 192.168.20.11
www A 192.168.30.11[root@server1 named]# cat zhangshy7.com.zone.lt
$TTL 3H
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
ns1 A 192.168.20.254
www A 192.168.20.11[root@server1 named]# cat zhangshy7.com.zone.other
$TTL 3H
@ IN SOA zhangshy7.com. root.server1. (
20190312 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server1.
ns1 A 192.168.10.254
www A 192.168.10.11客户端测试
