DNS 服务器配置
第一步:利用centos镜像做yum源安装bind服务包
[root@localhost ~]# mkdir /opt/centos //创建目录/opt/centos
[root@localhost ~]#mount /dev/cdrom /opt/centos //挂载光盘到/opt/centos 下
mount: /dev/sr0 写保护,将以只读方式挂载
[root@localhost ~]# mv /etc/yum.repos.d/* /home //移动文件到/home下
制作用于安装的yum 源文件。
[root@localhost ~]#vim /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum install bind*
第二步:查看bind是否安装完成
[root@localhost yum.repos.d]# rpm -aq |grep bind
查看DNS服务器IP地址信息
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=9f92031e-cb20-4cde-b796-6935a082ba86
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.10.1
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
DNS1=192.168.10.1
[root@localhost ~]# systemctl restart network //重启网络
[root@localhost ~]# ip add //查看并检查配置的网络
第三步:配置主文件
[root@Centos7-1 ~]# vim /etc/named.conf
...... //略
options{
listen-on port 53 { 127.0.0.1;); //指定BIND侦听的DNS查询请求的本 //机IP地址及端口
listen-on-v6 port 53{::1;}; //限于 IPv6
directory "/var/named"; / /指定区域配置文件所在的路径
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;}; //指定接收DNS查询请求的客户端
recursion yes;
dnssec-enable yes;
dnssec-validation yes; //改为no可以忽略SELinux影响
dnssec-lookaside auto;
.....
};//以下用于指定BIND服务的日志参数
logging {
channel default debug {
file "data/named.run";
severity dynamic;
};};
zone “.” IN { //用于指定根服务器的配置信息,一般不能改动
type hint;
file "named.ca";
};
include”/etc/named.zones”; //指定主配置文件,一定根据实际修改
include "/etc/named.root.key";
[root@Centos7-1 ~]#cp -p /etc/named.rfc1912.zones /etc/named.zones
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ssx.com" IN { //正向根域文件的定义
type master; //作为根域
file "ssx.com.hosts"; //根域正向解析文件名
};
Zone “10.168.192 .in-addr.arpa" IN { //反向根域文件的定义
type master; //作为根域
file "ssx.com.back"; //根域反向解析文件名
};
include "etc/named.zones";
include "/etc/named.root.key";
检查主配置文件有没有问题 :
[root@localhost ~]# named-checkconf
第四步:配置正向解析文件
先将/var/named/named.localhost 进行复制到/var/named/ssx.com.hosts中,目的是为了保存文件格式
[root@localhost ~]#cp -p /var/named/named.localhost /var/named/ssx.com.hosts
[root@localhost ~]#vim /var/named/ssx.com.hosts
$TTL 1D
@ IN SOA @ root.ssx.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.ssx.com.
dns IN A 192.168.10.100
www IN A 192.168.10.101
smb IN A 192.168.10.102
ftp IN A 192.168.10.103
第五步:检查正向解析文件
[root@localhost ~]# named-checkzone ssx.com /var/named/ssx.com.hosts
zone ssx.com/IN: loaded serial 0
OK
第六步:配置反向解析文件
先将正向解析文件拷贝至/var/named/ssx.com.back
[root@localhost ~]#cp -p /var/named/ssx.com.hosts /var/named/ssx.com.back
[root@localhost ~]#vim /var/named/ssx.com.back
$TTL 1D
@ IN SOA @ root.ssx.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.ssx.com.
100 IN PTR dns.ssx.com
101 IN PTR www.ssx.com
102 IN PTR smb.ssx.com
103 IN PTR ftp.ssx.com
~
第七步:检查反向解析文件
[root@localhost ~]#named-checkzone 10.168.192.in-addr.arpa /var/named/ssx.com.back
zone 10.168.192.in-addr.arpa/IN: loaded serial 0
OK
[root@localhost ~]#
第八步:启动named服务,再去查看named服务工作是否正常!
[root@localhost ~]# systemctl start named
[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2019-06-02 14:03:52 CST; 5s ago
Process: 4860 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 3348 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 4872 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 4870 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 4874 (named)
Tasks: 4
CGroup: /system.slice/named.service
└─4874 /usr/sbin/named -u named -c /etc/named.conf
6月 02 14:03:52 www.ssx.com named[4874]: zone 10.168.192.in-addr.arpa/IN: loaded ... 0
6月 02 14:03:52 www.ssx.com named[4874]: zone 1.0.0.127.in-addr.arpa/IN: loaded s... 0
6月 02 14:03:52 www.ssx.com named[4874]: zone localhost.localdomain/IN: loaded se... 0
6月 02 14:03:52 www.ssx.com named[4874]: zone ssx.com/IN: loaded serial 0
6月 02 14:03:52 www.ssx.com named[4874]: zone localhost/IN: loaded serial 0
6月 02 14:03:52 www.ssx.com named[4874]: all zones loaded
6月 02 14:03:52 www.ssx.com named[4874]: running
6月 02 14:03:52 www.ssx.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
6月 02 14:03:52 www.ssx.com named[4874]: zone ssx.com/IN: sending notifies (serial 0)
6月 02 14:03:52 www.ssx.com named[4874]: zone 10.168.192.in-addr.arpa/IN: sending...0)
Hint: Some lines were ellipsized, use -l to show in full.
第九步:检测正向解析
[root@centos7 ~]# nslookup smb.ssx.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: smb.ssx.com
Address: 192.168.10.102
第十步:检测反向解析
[root@localhost ~]# nslookup 192.168.10.101
Server: 192.168.10.200
Address: 192.168.10.200#53
101.10.168.192.in-addr.arpa name = www.ssx.com.
Linux客户机测试(前提是必须保证Client1与DNS服务器的通信畅通。)
[root@Client1 ~]# vim /etc/resolv.conf
nameserver 192.168.10.100
search ssx.com
在Linux客户机验证前关闭防火墙
[root@Client1 ~]#systemctl stop firewalld
[root@client1 ~]# nslookup
> server //显示真实本机NDS server信息
> www.ssx.com //显示真实本机配置信息
> 192.168.10.102 / 显示真实本机配置信息