一、搭建DNS环境
一台CentOS 7 当DNS服务端
一台CentOS 7 当客户端
使用仅主机模式
服务端IP地址:192.168.1.10/24 GW: 192.168.1.1 dns:192.168.1.10
客户端 IP地址:192168.1.200/24 GW: 192.168.1.1 dns:192.168.1.10
二、搭建DNS服务
1、安装DNS
yum -y install bind* //安装需要在有网络的环境下,我这里使用仅主机模式
所以我现在在桥接模式下安装好,在切换回仅主机模式
2、修改主配置文件-/etc/named.conf
(DNS服务的全局配置文件)
为了安全,在修改之前先备份该文件
[root@localhost etc]# cp -p /etc/named.conf /etc/named.conf.bak
[root@localhost etc]#vim /etc/named.comf
options {
listen-on port 53 { any; }; //127.0.0.1修改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //localhost修改为any
listen-on port 53 { any; }; //允许全部人监听
allow-query { any; }; //允许任意IP访问自己
3、修改区域配置文件-/etc/named.rfc1912.zones
( 该文件用于说明哪个区域的数据存放在哪个文件里)
新增正向、反向解析区域数据
[root@localhost etc]#vim /etc/named.rfc1912.zones
zone "zhangsan.com" IN { //设置主区域名称
type master; //设置主服务器
file "huang"; //指定哪个文件为正向解析文件
allow-ipdat { none; };
};
zone "1.168.192.in-addr.arpa" { //设置反向解析的主区域名称
type master; //设置为主服务器
file "kuan"; //指定哪个文件为反向解析文件
allow-update { none; };
};
4、添加正向解析文件
可以根据/var/named/named.localhost文件进行复制命名为huang并修改
cp -p /var/named/named.localhost /var/named/huang
[root@localhost named]# cat huang
$TTL 1D
@ IN SOA @ dns.hk.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.hk.com.
www A 192.168.1.20
dns A 192.168.1.10
5、添加反向解析文件
可以根据/var/named/named.loopback文件进行复制命名kuan并修改
cp -p /var/named/named.loopback /var/named/kuan
[root@localhost named]# cat kuan
$TTL 1D
@ IN SOA @ dns.hk.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.hk.com.
A 192.168.1.10
10 PTR dns.hk.com.
20 PTR www.hk.com.
6、使用 name-checkconf /etc/name.conf 检查dns是否有错误
[root@localhost named]# named-checkconf /etc/named.conf
/etc/named.rfc1912.zones:46: unknown option 'allow-ipdat'
我这里显示原文的 /etc/named.rfc1912.zones 文件内容有书写错误,在46行的‘allow-ipadt’
这里原文我就不在修改,这个错误作为 named-checkconfde 一个参考
无错误情况下命令输出如下
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]#
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones
[root@localhost named]#
[root@localhost named]# named-checkzone huang /var/named/huang
zone huang/IN: loaded serial 0
OK
[root@localhost named]# named-checkzone huang /var/named/kuan
zone huang/IN: loaded serial 0
OK
7、关闭防火墙/SELinux
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0 //暂时关闭selinux,重启恢复
8、开启、重启DNS服务
[root@localhost named]# systemctl restart named
9、验证
服务器上验证
[root@localhost named]# nslookup 192.168.1.20
20.1.168.192.in-addr.arpa name = www.hk.com.
[root@localhost named]# nslookup 192.168.1.10
10.1.168.192.in-addr.arpa name = dns.hk.com.
[root@localhost named]# nslookup www.hk.com
Server: 192.168.1.10
Address: 192.168.1.10#53
Name: www.hk.com
Address: 192.168.1.20
[root@localhost named]# nslookup dns.hk.com
Server: 192.168.1.10
Address: 192.168.1.10#53
Name: dns.hk.com
Address: 192.168.1.10
客户端验证
[root@localhost ~]# nslookup www.hk.com
Server: 192.168.1.10
Address: 192.168.1.10#53
Name: www.hk.com
Address: 192.168.1.20
[root@localhost ~]# nslookup dns.hk.com
Server: 192.168.1.10
Address: 192.168.1.10#53
Name: dns.hk.com
Address: 192.168.1.10
[root@localhost ~]# nslookup 192.168.1.10
10.1.168.192.in-addr.arpa name = dns.hk.com.
[root@localhost ~]# ping dsn.hk.com
^C
[root@localhost ~]# ping dns.hk.com
PING dns.hk.com (192.168.1.10) 56(84) bytes of data.
64 bytes from dns.hk.com (192.168.1.10): icmp_seq=1 ttl=64 time=0.274 ms
64 bytes from dns.hk.com (192.168.1.10): icmp_seq=2 ttl=64 time=0.368 ms
64 bytes from dns.hk.com (192.168.1.10): icmp_seq=3 ttl=64 time=0.426 ms
64 bytes from dns.hk.com (192.168.1.10): icmp_seq=4 ttl=64 time=0.418 ms
^C
--- dns.hk.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 0.274/0.371/0.426/0.063 ms