DNS服务与邮件服务器应用案例
规划节点
IP 主机名 节点
192.168.100.30 mail Mail服务器、DNS从服务器
192.168.100.40 dns DNS主服务器
基础准备
使用VMWare Workstation软件安装CentOS 7.5操作系统,镜像使用提供的CentOS-7-x86_64-DVD-1908。最小化CentOS 7.5虚拟机一台,另需要DNS服务器一台,YUM源使用本地系统源。
案例实施
基础配置
修改mail节点与dns节点主机名:
[root@controller ~]# hostnamectl set-hostname mail
[root@controller ~]# bash
[root@mail ~]#
[root@compute ~]# hostnamectl set-hostname dns
[root@compute ~]# bash
[root@dns ~]#
为了方便测试,关闭防火墙与安全策略:
[root@mail ~]# systemctl stop firewalld
[root@mail ~]# systemctl disable firewalld
[root@mail ~]# setenforce 0
[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable firewalld
[root@dns ~]# setenforce 0
测试本地yum源
[root@dns ~]# yum list
[root@mail ~]# yum list
安装与配置DNS服务器
使用如下命令安装 DNS服务器(两台都要操作):
# yum -y install bind-chroot bind-utils
启动DNS服务(两台机器都要操作)
# systemctl restart named
[root@mail ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-02-23 11:31:27 CST; 13s ago
Process: 51903 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 51900 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 51905 (named)
CGroup: /system.slice/named.service
└─51905 /usr/sbin/named -u named -c /etc/named.conf
2月 23 11:31:27 mail named[51905]: network unreachable resolving './DNS...53
2月 23 11:31:27 mail named[51905]: network unreachable resolving './NS/...53
2月 23 11:31:27 mail named[51905]: network unreachable resolving './DNS...53
查看端口是否启动
# netstat -lntp | grep named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 51905/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 51905/named
tcp6 0 0 ::1:953 :::* LISTEN 51905/named
tcp6 0 0 ::1:53 :::* LISTEN 51905/named
修改主服务器DNS的配置文件named.conf(记住修改配置每个分号都不能少)
修改named.conf以下配置:(两台机器都要配置,从服务器也是一样!)
[root@dns ~]# vim /etc/named.conf
listen-on port 53 { any; }; // 监听所有的53号端口,此处可以根据需要设置需要监听的IP
allow-query { any;}; // 允许所有的查询
配置正向解析与反向解析
正向区域:
创建转发域:
拷贝模板文件named.localhost到testmail.com.zone,示例代码如下:
[root@dns named]# cp -rf /var/named/named.localhost /var/named/testmail.com.zone
编辑testmail.com.zone文件,示例代码如下:
[root@dns named]# vi testmail.com.zone
$TTL 1D
@ IN SOA testmail.com. admin.testmail.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.testmail.com.
IN MX 10 mail
dns IN A 192.168.63.30
mail IN A 192.168.63.30
www IN A 192.168.63.30
smtp IN A 192.168.63.30
赋予test.com.zone所有权限,命令如下:
[root@dns named]# chmod 755 testmail.com.zone
修改区域配置文件/etc/named.rfc1912.zones,在最下面添加解析内容
[root@dns named]# vi /etc/named.rfc1912.zones
zone "testmail.com" IN {
type master;
file "testmail.com.zone";
};
#正向解析
其中zone "testmail.com" IN { 定义zone文件,这里是定义的根域的文件位置 。 type master;表示主dns解析。 file "testmail.com.zone"; 定义区域解析库文件名字
检查配置,如下所示:
[root@dns named]# named-checkconf /etc/named.conf //named.conf文件
检查工具
[root@dns named]# named-checkzone testmail.com testmail.com.zone //zone文件检测工具
zone testmail.com/IN: loaded serial 0
OK
[root@dns named]# systemctl restart named
[root@dns named]# systemctl status named
添加/etc/resolv.conf域名服务器IP,将原有的namserver注释掉。
[root@dns named]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.100.40
nameserver 8.8.8.8
测试DNS解析是否正常:
# ping www.testmail.com
PING www.testmail.com (192.168.100.30) 56(84) bytes of data.
64 bytes from www.testmail.com (192.168.100.30): icmp_seq=1 ttl=64 time=0.337 ms
64 bytes from www.testmail.com (192.168.100.30): icmp_seq=2 ttl=64 time=0.284 ms
64 bytes from www.testmail.com (192.168.100.30): icmp_seq=3 ttl=64 time=0.474 ms
--- www.testmail.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.284/0.365/0.474/0.080 ms
反向区域:
修改区域配置文件/etc/named.rfc1912.zones
#反向解析
zone "100.168.192.in-addr.arpa" IN {
type master;
file "30.100.168.192.in-addr.local";
};
配置30.100.168.192.in-addr.local:
cp -p testmail.com.zone 30.63.168.192.in-addr.local
# vi 30.100.168.192.in-addr.local
$TTL 1D
@ IN SOA ns.testmail.com. admin.testmail.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.testmail.com.
30 IN PTR mail.testmail.com.
30 IN PTR www.testmail.com.
检查配置,如下所示:
# named-checkzone mail.testmail.com 30.100.168.192.in-addr.local
zone testmail.com/IN: loaded serial 0
OK
重启生效配置
# systemctl restart named
# dig -x 192.168.63.30
配置主从DNS服务
配置从节点服务器
[root@mail ~]yum -y install bind-chroot bind-utils
修改配置named.conf(与主服务器一致)
listen-on port 53 { any; }; // 监听所有的53号端口,此处可以根据需要设置需要监听的IP
allow-query { any; }; // 允许所有的查询
检测配置文件是否出错
[root@mail ~]# named-checkconf /etc/named.conf
修改区配置文件:
[root@mail ~]vi /etc/named.rfc1912.zones
zone "testmail.com" IN {
type slave; //master为主服务;slave为从服务;
file "slaves/testmail.com.zone";
masters {192.168.100.40;}; //指定主dns服务器的IP
};
zone "100.168.192.in-addr.arpa" IN {
type slave;
file "slaves/30.100.168.192.in-addr.local";
masters {192.168.100.40;};
};
修改/etc/reslove.conf
[root@mail ~]vi /etc/resolv.conf
nameserver 192.168.100.40
nameserver 192.168.100.30
重启服务:
[root@mail ~]systemctl restart named
测试:
[root@mail ~]systemctl stop named
测试,查看server地址是否正确
[root@dns named]# dig dns.testmail.com
[root@dns named]# dig -x 192.168.63.130
测试dns解析结果:
[root@compute named]# nslookup dns.testmail.com
Server: 192.168.100.30
Address: 192.168.100.30#53
Name: dns.testmail.com
Address: 192.168.100.40
*显示解析到的服务器目前的位置在192.168.100.30
[root@controller ~]# ll /var/named/slaves/
总用量 8
-rw-r--r-- 1 named named 341 2月 18 09:29 30.100.168.192.in-addr.local
-rw-r--r-- 1 named named 317 2月 18 09:29 slavertestmail.com.zone
DNS检测工具
nslookup命令是常用域名查询工具,就是查DNS信息用的命令。
一般格式:
nslookup [-option] [name | -] [server]
[root@controller ~]# nslookup 192.168.100.30
30.100.168.192.in-addr.arpa name = dns.testmail.com.
30.100.168.192.in-addr.arpa name = mail.testmail.com.
dig命令主要用来从dns域名服务器查询主机地址信息,是安装bind自带的工具。
一般格式:
dig [@global-server] [domain] [q-type] [q-class] {q-opt} {d-opt}
dig nameserver/IP 例如:
[root@controller ~]# dig dns.testmail.com