基础服务——DNS域名解析服务

搭建DNS域名解析服务

 

[root@localhost ~]# cd /media/dvd/Packages/                进入rpm库目录

[root@localhost Packages]# rpm -ivh bind-9.9.4-37.el7.x86_64.rpm            安装bind依赖包

warning: bind-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-32:9.9.4-37.el7             ################################# [100%]

[root@localhost Packages]# rpm -ivh bind-chroot-9.9.4-37.el7.x86_64.rpm        安装DNS

warning: bind-chroot-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-chroot-32:9.9.4-37.el7      ################################# [100%]

[root@localhost Packages]# systemctl status named                      查看DNS状态

● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; venor preset: disabled)

   Active: inactive (dead)

 

[root@localhost Packages]# vim /etc/named.conf         配置主配置文件

options {

 13         listen-on port 53 { any; };          DNS端口和监听的IP

 14         listen-on-v6 port 53 { ::1; };

 15         directory       "/var/named";

 16         dump-file       "/var/named/data/cache_dump.db";

 17         statistics-file "/var/named/data/named_stats.txt";

 18         memstatistics-file "/var/named/data/named_mem_stats.txt";

 19         allow-query     { any; };                 本地网段

 

[root@localhost Packages]# vim /etc/named.rfc1912.zones                   配置区域配置文件

43 zone "abc.com" IN {                                正向解析配置文件

 44         type master;                    类型为主区域

 45         file "abc.com.zone";               区域文件必须用zone结尾

 46         allow-update { none; };

 47 };

 48

 49 zone "0.168.192.in-addr.arpa" IN {  反向解析配置格式

 50         type master;

 51         file "192.168.0.zone";

 20         allow-update { none; };

 53 };

[root@localhost Packages]# named-checkconf /etc/named.conf           检测主配置文件错误

[root@localhost Packages]# named-checkconf -z /etc/named.conf       检测区域配置文件错误

zone localhost.localdomain/IN: loaded serial 0

zone localhost/IN: loaded serial 0

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0

zone 0.in-addr.arpa/IN: loaded serial 0

zone abc.com/IN: loading from master file abc.com.zone failed: file not found

zone abc.com/IN: not loaded due to errors.

_default/abc.com/IN: file not found

zone 199.168.198.in-addr.arpa/IN: loading from master file 192.168.199.zone failed: file not found

zone 199.168.198.in-addr.arpa/IN: not loaded due to errors.

_default/199.168.198.in-addr.arpa/IN: file not found

 

[root@localhost Packages]# cd /var/named                     进入DNS区域配置目录下

[root@localhost named]# cp -p named.localhost abc.com.zone             复制区域配置文件

[root@localhost named]# cp -p named.localhost 192.168.199.zone

 

[root@localhost named]# vim abc.com.zone          配置正向区域配置文件

$TTL 1D

@       IN SOA  @ abc.com. (           域名管理名称

                                        0       ; serial         更新序号

                                        1D      ; refresh     无效解析时间

                                        1H      ; retry         刷新时间

                                        1W      ; expire      失效时间

                                        3H )    ; minimum   重新下载主机数据间隔

        IN      NS      www.abc.com.                 定位我们的域名

www     IN      A       192.168.0.20                            正向解析       

        AAAA    ::1

 

[root@localhost named]# vim 192.168.199.zone            配置反向解析配置文件

$TTL 1D

@       IN SOA  @ abc.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        IN      NS      www.abc.com.

20      IN      PTR     www.abc.com.

        AAAA    ::1
[root@localhost named]# named-checkzone abc.con.zone 192.168.0.zone 检测区域配置文件

zone abc.con.zone/IN: loaded serial 0

OK                      

[root@localhost Packages]# systemctl stop firewalld             关闭防火墙

[root@localhost Packages]# setenforce 0                                  关闭杀核

 

[root@localhost ~]# nslookup www.abc.com    测试

Server: 192.168.0.20

Address: 192.168.0.20#53

 

Name: www.abc.com

Address: 192.168.0.20

[root@localhost ~]# nslookup 192.168.0.20

Server: 192.168.0.20

Address: 192.168.0.20#53

 

搭建DNS缓存服务器

 

此处需要两台服务器:

                   主:192.168.0.20

                   从:192.168.0.30

                   客户机:192.168.0.40

 

主:

[root@localhost ~]# cd /media/dvd/Packages/                  进入rpm库目录

[root@localhost Packages]# rpm -ivh bind-9.9.4-37.el7.x86_64.rpm    安装bind依赖包

warning: bind-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-32:9.9.4-37.el7             ################################# [100%]

[root@localhost Packages]# rpm -ivh bind-chroot-9.9.4-37.el7.x86_64.rpm 安装DNS

warning: bind-chroot-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-chroot-32:9.9.4-37.el7      ################################# [100%]

 

[root@localhost Packages]# vim /etc/named.conf           配置DNS主配文件

12 options {

 13         listen-on port 53 { 192.168.0.20; };             本机IP地址

 14         listen-on-v6 port 53 { ::1; };

 15         directory       "/var/named";

 16         dump-file       "/var/named/data/cache_dump.db";

 17         statistics-file "/var/named/data/named_stats.txt";

 18         memstatistics-file "/var/named/data/named_mem_stats.txt";

 19         allow-query     { any; };

31         recursion yes;

 32         forwarders {202.106.0.20;};       服务器转发地址,可在所有域配置

 33         forward only;                                  仅使用转发服务器地址

 34         #dnssec-enable yes;                    //注释

 35         #dnssec-validation yes;              //注释

[root@localhost Packages]# named-checkconf /etc/named.conf          检测配置文件

[root@localhost Packages]# vim /etc/named.rfc1912.zones           配置区域配置文件

zone "abc.com" IN {

        type master;

        file "abc.com.zone";

        allow-update { 192.168.0.20; };              本机IP地址允许从服务器下载区域数据

};

 

zone "0.168.192.in-addr.arpa" IN {

        type master;

        file "192.168.0.zone";

        allow-update { 192.168.0.20; };

};

[root@localhost Packages]# cd /var/named                     进入DNS区域配置目录下

[root@localhost named]# cp -p named.localhost abc.com.zone             复制区域配置文件

[root@localhost named]# cp -p named.localhost 192.168.0.zone

 

[root@localhost named]# vim abc.com.zone          配置正向区域配置文件

$TTL 1D

@       IN SOA  @ abc.com. (           域名管理名称

                                        0       ; serial         更新序号

                                        1D      ; refresh     无效解析时间

                                        1H      ; retry         刷新时间

                                        1W      ; expire      失效时间

                                        3H )    ; minimum   重新下载主机数据间隔

        IN      NS      www.abc.com.                 定位我们的域名

www     IN      A       192.168.0.20                            正向解析       

        AAAA    ::1

 

[root@localhost named]# vim 192.168.0.zone                配置反向解析配置文件

$TTL 1D

@       IN SOA  @ abc.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        IN      NS      www.abc.com.

20      IN      PTR     www.abc.com.

        AAAA    ::1
 

[root@localhost named]# systemctl start named              启动DNS

[root@localhost named]# systemctl stop firewalld           关闭防火墙

[root@localhost named]# setenforce 0                        关闭沙盒

 

 

从:

 

[root@localhost ~]# systemctl stop firewalld             关闭防火墙

[root@localhost ~]# setenforce 0                 关闭沙盒

[root@localhost ~]# cd /media/dvd/Packages/                  进入rpm库目录

[root@localhost Packages]# rpm -ivh bind-9.9.4-37.el7.x86_64.rpm    安装bind依赖包

warning: bind-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-32:9.9.4-37.el7             ################################# [100%]

[root@localhost Packages]# rpm -ivh bind-chroot-9.9.4-37.el7.x86_64.rpm 安装DNS

warning: bind-chroot-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:bind-chroot-32:9.9.4-37.el7      ################################# [100%]

 

[root@localhost Packages]# vim /etc/named.conf           配置DNS主配置文件

12 options {

 13         listen-on port 53 { 192.168.0.30; };             本机IP地址

 14         listen-on-v6 port 53 { ::1; };

 15         directory       "/var/named";

 16         dump-file       "/var/named/data/cache_dump.db";

 17         statistics-file "/var/named/data/named_stats.txt";

 18         memstatistics-file "/var/named/data/named_mem_stats.txt";

 19         allow-query     { any; };

58 #include "/etc/named.root.key";                   //最后一行,注释

 

[root@localhost Packages]# vim /etc/named.rfc1912.zones           配置区域文件

 

43 zone "abc.com" IN {

 44         type slave;                                           类型为从区域

 45         masters {192.168.0.20;};                 指定主服务器IP地址

 46         file "slaves/abc.com.zone";          下载区域文件保存在slaves目录下

 47         allow-update { 192.168.0.30; };    允许从主服务器下载区域数据

 48 };

 49

 50 zone "0.168.192.in-addr.arpa" IN {

 51         type slave;

 52         masters {192.168.0.20;};

 53         file "slaves/192.168.0.zone";

 54         allow-update { 192.168.0.30; };

 55 };

 

[root@localhost Packages]# cd /var/named/slaves/                 进入slaves目录下

[root@localhost slaves]# systemctl restart named           重启DNS

[root@localhost slaves]# ls           查看一下

192.168.0.zone  abc.com.zone

 

 

客户机:

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33  配置DNS域名解析

IPADDR=192.168.0.40

NETMASK=255.255.255.0

GATEWAY=192.168.0.1

DNS1=192.168.0.20

 

[root@localhost ~]# systemctl restart network                           重启网卡

[root@localhost ~]# nslookup www.abc.com                        测

Server:             192.168.0.30

Address: 192.168.0.30#53

 

Name:     www.abc.com

Address: 192.168.0.20

 

[root@localhost ~]# nslookup 192.168.0.20

Server:             192.168.0.30

Address: 192.168.0.30#53

 

20.0.168.192.in-addr.arpa     name = www.abc.com.

你可能感兴趣的:(基础服务)