配置DNS服务器
安装dns前手动配置静态地址:
一、安装DNS服务器。
- 配置本地YUM源
(1)挂载ISO安装镜像
[root@RHEL7-1 ~]# mkdir /iso
[root@RHEL7-1 ~]# mount /dev/cdrom /iso
(2)制作yum源文件
[root@RHEL7-1 ~]# vim /etc/yum.repos.d/dvd.repo
dvd.repo配置文件:
[dvd]
name=dvd
baseurl=file:///iso
gpgcheck=0
enabled=1
按ESC键
:wq
2、清除YUM源缓存
[root@RHEL7-1 ~]# yum clean all
3、安装BIND服务组件
[root@RHEL7-1 ~]# yum install bind bind-chroot -y
4、安装完后再次查询,发现已安装成功。
[root@RHEL7-1 ~]# rpm -qa | grep bind
5、DNS服务的启动、停止与重启,加入开机自启动。
[root@RHEL7-1 ~]# systemctl start named. [root@RHEL7-1 ~]# systemctl enable named
二、配置主DNS服务器实例
1、配置核心文件named.conf
修改默认侦听地址由127.0.0.1修改为any
修改访问地址由localhost修改为any
修改主配置文件由named.rfc1912.zones修改为named.zones
[root@RHEL7-1 ~]# cd /etc
[root@RHEL7-1 etc]# vim named.conf //下面黑色部分需要修改。
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.zones";
include "/etc/named.root.key";
2、配置主配置文件named. zones
zone "long.com" IN{
type master;
file "long.come.zone";
allow-update{none;};
};
zone "236.168.192.in-addr.arpa" IN {
type master;
file "192.168.236.6";
allow-update{none;};
};
- 修改bind区域配置文件
(1)创建long.com.zone
修改正向解析文件long.com.zone
#参考(linux网络操作系统项目教程(RHEL7.4)/Centos7.4)第三版 229页
[root@RHEL7-1 ~]# cd /var/named
[root@RHEL7-1 named]# cp -p named.localhost long.com.zone
[root@RHEL7-1 named]# vim long.com.zone
内容如下:
$TTL 1D
@ IN SOA @ root.long.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.long.com.
@ IN MX 10 mali.long.com.
dns IN A 192.168.236.2
mail IN A 192.168.236.3
slave IN A 192.168.236.4
www IN A 192.168.236.5
ftp IN A 192.168.236.20
web IN CNAME www.long.com.
(2)修改反向解析文件192.168.236.zone
[root@RHEL7-1 named]#cp -p named.loopback 192.168.236.zone
[root@RHEL7-1 named]#vim 192.168.236.zone
内容如下:$TTL 1D
@ IN SOA @ root.long.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.long.com.
@ IN MX 10 mail.long.com.
1 IN PTR dns.long,com.
2 IN PTR mail.long.com.
3 IN PTR slave.long.com.
4 IN PTR WWW.long.com.
20 IN PTR ftp.long.com.
4、让防火墙放行后再进行测试,这步骤很关键。
[root@RHEL7-1 named]# firewall-cmd --permanent --add-service=dns
[root@RHEL7-1 named]# firewall-cmd --reload
[root@RHEL7-1 named]# firewall-cmd --list-all
5、重新加载samba服务
[root@RHEL7-1 named]# systemctl restart named 或named -u named
[root@RHEL7-1 named]# systemctl reload named
6.使用[root@RHEL7-2]测试需要注意
(1)[root@RHEL7-2]网络配置
(2)使用nslookup 命令测试dns(参考课本232页)
[root@RHEL7-2 ]# cd /etc
[root@RHEL7-1 etc]# vim resolv.conf
# Generated by NetworkManager
nameserver 192.168.236.2
nameserver 192.168.236.3
search long.com