RHCE第三次练习 – 配置DNS服务的正反向解析
第一步:服务端进行seLinux和防火墙的关闭
[root@server ~]# setenforce 0
setenforce: SELinux is disabled
[root@server ~]# systemctl stop firewalld
[root@server ~]#
第二步:服务端安装DNS解析相关的软件
[root@server ~]# yum install bind -y
第三步:对DNS解析的服务进行启动和开机自启
[root@server ~]# systemctl start named
[root@server ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
第四步:修改DNS服务的主配置文件
[root@server ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; -- 将这里修改为any,即允许所有用户成为监听对象
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; -- 还有这里修改为any
第五步:修改区域目录索引配置文件,选取任意一个模板进行修改
[root@server ~]# vim /etc/named.rfc1912.zones
zone "openlab.com" IN {
type master;
file "openlab.com.zone";
allow-update { none; };
}; -- 正向解析模板的修改
zone "216.168.192.in-addr.arpa" IN {
type master;
file "192.168.216.arpa";
allow-update { none; };
}; -- 反向解析模板的修改
第六步:编写具体域名于IP映射关系文件,在进行这一步是需要先将模板文件拷贝一份再进行修改
[root@server ~]# cd /var/named/ -- 模板文件所在处
[root@server named]# ls
192.168.216.arpa dynamic named.empty named.loopback slaves
data named.ca named.localhost openlab.com.zone
[root@server named]# cp -a named.localhost openlab.com.zone -- 分别拷贝
[root@server named]# cp -a named.loopback 192.168.216.arpa
[root@server named]# vim openlab.com.zone -- 开始编写正向解析文件
$TTL 1D
openlab.com. IN SOA ns.openlab.com. fox.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
openlab.com. IN NS ns.openlab.com.
ns.openlab.com. IN A 192.168.216.136
www.openlab.com. IN A 192.168.216.137
bbs.openlab.com. IN A 192.168.216.137
www1.openlab.com. IN CNAME 192.168.216.137
[root@server named]# vim 192.168.216.arpa -- 编写反向解析文件
$TTL 1D
@ IN SOA ns.openlab.com. fox.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.openlab.com.
136 IN PTR ns.openlab.com.
136 IN PTR www.openlab.com.
136 IN PTR ftp.openlab.com.
136 IN PTR bbs.openlab.com.
第七步:验证实验的结果
[root@node2 ~]# vim /etc/NetworkManager/system-connections/ens160.nmconnection -- 修改客户端主机的本地DNS服务器
[root@node2 ~]# nmcli connection reload -- 重载
[root@node2 ~]# nmcli connection up ens160 -- 重新激活网卡
[root@node2 ~]# nslookup www.openlab.com -- 测试正向解析
Server: 192.168.216.136
Address: 192.168.216.136#53
Name: www.openlab.com
Address: 192.168.216.137
[root@node2 ~]# nslookup 192.168.216.136 -- 测试反向解析
136.216.168.192.in-addr.arpa name = ns.openlab.com.
136.216.168.192.in-addr.arpa name = www.openlab.com.
136.216.168.192.in-addr.arpa name = ftp.openlab.com.
136.216.168.192.in-addr.arpa name = bbs.openlab.com.