搭建DNS服务器(正向解析区域和反解析向区域)
搭建DNS服务器
- 安装 BIND
- 配置解析一个正向区域
- 1、编辑 /etc/named.conf
- 2、编辑 /etc/named.rfc1912.zones
- 2.1 新建一个区域记录
- 2.2 介绍 /var/named
- 3、创建2.1的区域记录的文件
- 4、语法检查
- 5、rndc 重载
- 6、进行测试
- 7、修改区域记录文件的权限,并重载
- 配置解析一个反向区域
- 1、编辑 /etc/named.rfc1912.zones
- 2、创建上述的区域记录的文件,并进行权限修改
- 3、检查语法
- 4、rndc 重载
- 5、进行测试
- 至此,DNS服务器可正常工作
安装 BIND
[root@Tang-Neo ~]# yum install bind -y
Installed:
bind.x86_64 32:9.9.4-74.el7_6.2
Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7
libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7
python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
Dependency Updated:
policycoreutils.x86_64 0:2.5-29.el7_6.1
Complete!
[root@Tang-Neo ~]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
... ...
[root@Tang-Neo ~]# systemctl start named.service
[root@Tang-Neo ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:139 *:* users:(("smbd",pid=6877,fd=36))
LISTEN 0 10 127.0.0.1:53 *:* users:(("named",pid=11240,fd=21))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=6818,fd=3))
LISTEN 0 128 127.0.0.1:953 *:* users:(("named",pid=11240,fd=23))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=6968,fd=13))
LISTEN 0 50 *:445 *:* users:(("smbd",pid=6877,fd=35))
LISTEN 0 50 :::139 :::* users:(("smbd",pid=6877,fd=34))
LISTEN 0 10 ::1:53 :::* users:(("named",pid=11240,fd=22))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=6818,fd=4))
LISTEN 0 128 ::1:953 :::* users:(("named",pid=11240,fd=24))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=6968,fd=14))
LISTEN 0 50 :::445 :::* users:(("smbd",pid=6877,fd=33))
配置解析一个正向区域
1、编辑 /etc/named.conf
监听能与外部主机通信的地址;
listen-on port 53;
listen-on port 53 { 172.16.100.67; };
listen-on port 53 { 127.0.0.1; 192.168.1.9 };
学习时,建议关闭dnssec
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
关闭仅允许本地查询:
//allow-query { localhost; };
include "/etc/named.rfc1912.zones";
# named.conf 文件中的区域定义文件位于 /etc/named.rfc1912.zones
include "/etc/named.root.key";
2、编辑 /etc/named.rfc1912.zones
2.1 新建一个区域记录
[root@Tang-Neo ~]# vim /etc/named.rfc1912.zones
zone "magedu.com" IN {
type master;
file "magedu.com.zone"; # 这是相对路径(相对于 /var/named/)
};
2.2 介绍 /var/named
区域记录文件的属性是540,且属主是 root ,属组是 named
[root@Tang-Neo ~]# cd /var/named
[root@Tang-Neo named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@Tang-Neo named]# ll
total 16
drwxrwx---. 2 named named 23 Sep 8 01:15 data
drwxrwx---. 2 named named 60 Sep 8 01:15 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 29 13:21 slaves
[root@Tang-Neo named]# cat named.localhost # 本机的区域解析文件(资源记录)
$TTL 1D # 宏定义,全文件继承
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
3、创建2.1的区域记录的文件
[root@Tang-Neo named]# vim magedu.com.zone
[root@Tang-Neo named]# pwd
/var/named
[root@Tang-Neo named]# cat magedu.com.zone
$TTL 3600 # 单位是 s
$ORIGIN magedu.com.
@ IN SOA ns1.magedu.com. dnsadmin.magedu.com. (
20190908
1H
10M
3D
1D
)
IN NS ns1 # na1 也可以表示为 ns1.magedu.com.
IN MX 10 mx1
IN MX 20 mx2
ns1 IN A 192.168.1.9
mx1 IN A 192.168.1.91
mx2 IN A 192.168.1.92
www IN A 192.168.1.9
web IN CNAME www
bbs IN A 192.168.1.93
bbs IN A 192.168.1.94
4、语法检查
-
主配置文件语法检查
[root@Tang-Neo named]# named-checkconf -
zone 文件语法检查
# 区域名字一定要和 rfc1912.zone 中定义的一样,且文件路径也要一致 [root@Tang-Neo named]# named-checkzone magedu.com /var/named/magedu.com.zone zone magedu.com/IN: loaded serial 20190908 OK
5、rndc 重载
[root@Tang-Neo named]# rndc status
version: 9.9.4-RedHat-9.9.4-74.el7_6.2 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 2/100
server is up and running
[root@Tang-Neo named]# rndc reload
server reload successful
[root@Tang-Neo named]# rndc status
version: 9.9.4-RedHat-9.9.4-74.el7_6.2 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 7
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 3/100
server is up and running
6、进行测试
[root@Tang-Neo named]# dig -t A www.magedu.com @192.168.1.9
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t A www.magedu.com @192.168.1.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57469
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 3600 IN A 192.168.1.9
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 1 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:19:36 EDT 2019
;; MSG SIZE rcvd: 93
[root@Tang-Neo named]# dig -t A web.magedu.com @192.168.1.9
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t A web.magedu.com @192.168.1.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42885
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;web.magedu.com. IN A
;; ANSWER SECTION:
web.magedu.com. 3600 IN CNAME www.magedu.com.
www.magedu.com. 3600 IN A 192.168.1.9
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:19:52 EDT 2019
;; MSG SIZE rcvd: 111
[root@Tang-Neo named]# dig -t A bbs.magedu.com @192.168.1.9
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t A bbs.magedu.com @192.168.1.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34128
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.magedu.com. IN A
;; ANSWER SECTION:
bbs.magedu.com. 3600 IN A 192.168.1.93
bbs.magedu.com. 3600 IN A 192.168.1.94
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:20:18 EDT 2019
;; MSG SIZE rcvd: 109
# 配置dnsserver为本机后,使用dig时,可不用@dns服务器,默认是/etc/resolv.conf文件中定位的dnsserver
[root@Tang-Neo named]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.9
[root@Tang-Neo named]# dig -t A bbs.magedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t A bbs.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45124
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bbs.magedu.com. IN A
;; ANSWER SECTION:
bbs.magedu.com. 3600 IN A 192.168.1.93
bbs.magedu.com. 3600 IN A 192.168.1.94
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:23:33 EDT 2019
;; MSG SIZE rcvd: 109
[root@Tang-Neo named]# host -t A bbs.magedu.com
bbs.magedu.com has address 192.168.1.93
bbs.magedu.com has address 192.168.1.94
[root@Tang-Neo named]# host -t A bbs.magedu.com
bbs.magedu.com has address 192.168.1.94
bbs.magedu.com has address 192.168.1.93
[root@Tang-Neo named]# host -t A bbs.magedu.com
bbs.magedu.com has address 192.168.1.94
bbs.magedu.com has address 192.168.1.93
[root@Tang-Neo named]# dig -t NS magedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t NS magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39942
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;magedu.com. IN NS
;; ANSWER SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:27:10 EDT 2019
;; MSG SIZE rcvd: 73
[root@Tang-Neo named]# dig -t MX magedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -t MX magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18784
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;magedu.com. IN MX
;; ANSWER SECTION:
magedu.com. 3600 IN MX 10 mx1.magedu.com.
magedu.com. 3600 IN MX 20 mx2.magedu.com.
;; AUTHORITY SECTION:
magedu.com. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
mx1.magedu.com. 3600 IN A 192.168.1.91
mx2.magedu.com. 3600 IN A 192.168.1.92
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 02:27:27 EDT 2019
;; MSG SIZE rcvd: 145
[root@Tang-Neo named]# host -t MX magedu.com
magedu.com mail is handled by 20 mx2.magedu.com.
magedu.com mail is handled by 10 mx1.magedu.com.
7、修改区域记录文件的权限,并重载
[root@Tang-Neo named]# ll
total 20
drwxrwx---. 2 named named 23 Sep 8 01:15 data
drwxrwx---. 2 named named 60 Sep 8 01:15 dynamic
-rw-r--r--. 1 root root 305 Sep 8 02:10 magedu.com.zone
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Sep 8 02:05 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 29 13:21 slaves
[root@Tang-Neo named]# chown :named magedu.com.zone
[root@Tang-Neo named]# chmod o= magedu.com.zone
[root@Tang-Neo named]# ll
total 20
drwxrwx---. 2 named named 23 Sep 8 01:15 data
drwxrwx---. 2 named named 60 Sep 8 01:15 dynamic
-rw-r-----. 1 root named 305 Sep 8 02:10 magedu.com.zone
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Sep 8 02:05 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 29 13:21 slaves
[root@Tang-Neo named]# pwd
/var/named
[root@Tang-Neo named]# rndc reload
server reload successful
配置解析一个反向区域
1、编辑 /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.zone";
};
2、创建上述的区域记录的文件,并进行权限修改
[root@Tang-Neo named]# vim 192.168.1.zone
[root@Tang-Neo named]# pwd
/var/named
[root@Tang-Neo named]# cat 192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOA ns1.magedu.com. nsadmin.magedu.com. (
20190908
1H
10M
3D
12H
)
IN NS ns1.magedu.com.
9 IN PTR ns1.magedu.com.
91 IN PTR mx1.magedu.com.
92 IN PTR mx2.magedu.com.
9 IN PTR www.magedu.com.
93 IN PTR bbs.magedu.com.
94 IN PTR bbs.magedu.com.
[root@Tang-Neo named]# chown :named 192.168.1.zone
[root@Tang-Neo named]# chmod o= 192.168.1.zone
[root@Tang-Neo named]# ll
total 24
-rw-r-----. 1 root named 302 Sep 8 02:53 192.168.1.zone
drwxrwx---. 2 named named 23 Sep 8 01:15 data
drwxrwx---. 2 named named 60 Sep 8 01:15 dynamic
-rw-r-----. 1 root named 305 Sep 8 02:10 magedu.com.zone
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Sep 8 02:05 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 29 13:21 slaves
3、检查语法
[root@Tang-Neo named]# named-checkconf
# 区域名字一定要和 rfc1912.zone 中定义的一样,且文件路径也要一致
[root@Tang-Neo named]# named-checkzone 1.168.192.in-addr.arpa /var/named/192.168.1.zone
zone 1.168.192.in-addr.arpa/IN: loaded serial 20190908
OK
4、rndc 重载
[root@Tang-Neo named]# rndc status
version: 9.9.4-RedHat-9.9.4-74.el7_6.2 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 7
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 3/100
server is up and running
[root@Tang-Neo named]# rndc reload
server reload successful
[root@Tang-Neo named]# rndc status
version: 9.9.4-RedHat-9.9.4-74.el7_6.2 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 3/100
server is up and running
5、进行测试
[root@Tang-Neo named]# dig -x 192.168.1.9
; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> -x 192.168.1.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31804
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;9.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
9.1.168.192.in-addr.arpa. 3600 IN PTR www.magedu.com.
9.1.168.192.in-addr.arpa. 3600 IN PTR ns1.magedu.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.magedu.com.
;; ADDITIONAL SECTION:
ns1.magedu.com. 3600 IN A 192.168.1.9
;; Query time: 0 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Sun Sep 08 03:01:17 EDT 2019
;; MSG SIZE rcvd: 129