学习安装与配置DNS服务

最新推荐文章于 2024-05-28 17:26:39 发布
最新推荐文章于 2024-05-28 17:26:39 发布
阅读量754 收藏 1
点赞数
分类专栏: 笔记
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_50981675/article/details/113542035
版权

安装与配置DNS服务

首先,基础环境

1、改主机名
在这里插入图片描述
我的主服务器是192.168.200.80
从服务器是 192.168.200.70
main节点

[root@localhost ~]# hostnamectl set-hostname mail
[root@localhost ~]# bash
[root@mail ~]#

dns节点

[root@localhost ~]# hostnamectl set-hostname dns
[root@localhost ~]# bash
[root@dns ~]#

2、关闭防火墙
main节点

[root@mail ~]# systemctl stop firewalld
[root@mail ~]# systemctl disable  firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@mail ~]# setenforce 0

dns节点

[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable  firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@dns ~]# setenforce 0

3、测试yum源(网络)
main节点

[root@mail ~]# yum list

dns节点

[root@dns ~]# yum list

安装DNS

1、安装dns服务器
main节点

[root@mail ~]# yum install bind-chroot bind-utils -y

dns节点

[root@dns ~]#  yum install bind-chroot bind-utils -y

2、启动服务
main和dns节点都要安装

[root@mail ~]# systemctl restart named

然后检查两节点是否启动成功
例如在main节点
(1)查看状态

[root@mail ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-11-06 18:08:16 CST; 8min ago
  Process: 29467 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 29463 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 29469 (named)
   CGroup: /system.slice/named.service
           └─29469 /usr/sbin/named -u named -c /etc/named.conf

Nov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]:   validating ./DNSKEY: veri...n
Nov 06 18:08:18 mail named[29469]:   validating ./DNSKEY: unab...'
Nov 06 18:08:18 mail named[29469]: broken trust chain resolvin...3
Nov 06 18:08:18 mail named[29469]: resolver priming query complete
Nov 06 18:08:53 mail named[29469]: managed-keys-zone: Unable t...t
Hint: Some lines were ellipsized, use -l to show in full.

(2)查看端口
我还没安装工具

[root@mail ~]# yum install net-tools -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.ustc.edu.cn
 * extras: mirrors.ustc.edu.cn
 * updates: mirrors.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================
 Package      Arch      Version                     Repository
                                                             Size
==================================================================
Installing:
 net-tools    x86_64    2.0-0.25.20131004git.el7    base    306 k

Transaction Summary
==================================================================
Install  1 Package

Total download size: 306 k
Installed size: 917 k
Downloading packages:
net-tools-2.0-0.25.20131004git.el7.x86_64.rp | 306 kB   00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.25.20131004git.el7.x86_64      1/1 
  Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64      1/1 

Installed:
  net-tools.x86_64 0:2.0-0.25.20131004git.el7                     

Complete!

查看端口都已启动

[root@mail ~]# netstat -lnpt | grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      29469/named         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      29469/named         
tcp6       0      0 ::1:53                  :::*                    LISTEN      29469/named         
tcp6       0      0 ::1:953                 :::*                    LISTEN      29469/named

3、配置文件
在这里插入图片描述
在两节点都修改,把文件里
listen-on port 53 { 127.0.0.1; };
allow-query { localhost; };
改成
listen-on port 53 { any; };
allow-query { any; };

[root@mail ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置DNS

修改完配置文件,不要先重启,配置正向解析与反向解析
正向解析:根据主机名(域名)查找对应的ip地址。
反向解析:根据IP地址查找对应的主机名(域名)。反向解析的作用是将用户提交的IP地址解析为对应的域名信息,它一般用于对某个IP地址上绑定的所有域名进行整体屏蔽,屏蔽由某些域名发送的垃圾邮件。也可以判断某虚拟主机上运行了多少个网站。
1、正向区域
在主dns节点配置
(1)创建转发域
进入/var/named/下,拷贝模板named.localhost文件为testmain.com.zone

 [root@dns ~]# cd /var/named/
[root@dns named]# ll
total 16
drwxr-x---. 7 root  named   56 Nov 26 05:56 chroot
drwxrwx---. 2 named named   22 Nov 26 05:57 data
drwxrwx---. 2 named named   58 Nov 26 06:59 dynamic
-rw-r-----. 1 root  named 2253 Apr  5  2018 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Dec 16  2020 slaves
[root@dns named]# cp -rf named.localhost testmail.com.zone

(2)编辑testmail.com.zone文件
在这里插入图片描述

[root@dns named]# vi testmail.com.zone
$TTL 1D
@       IN SOA  testmain.com. dns.testmain.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN NS dns.testmail.com.
        IN MX 10 mail
  dns IN A 192.168.200.70       ### 差点忘了改成自己的从服务器地址
  mail IN A 192.168.200.70
  www IN A 192.168.200.70
  smtp IN A 192.168.200.70
~
~
~
~
~
~
~
"testmail.com.zone" 13L, 294C written

(3)赋予testmail.com.zone 文件所有权限

[root@dns named]# chmod 777 testmail.com.zone

(4)修改区域配置文件 /etc/named.rfc1912.zones
在这里插入图片描述
添加 zone “testmail.com” IN {
type master;
file “testmail.com.zone”;
};

[root@dns named]# vi /etc/named.rfc1912.zones 
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "testmail.com" IN {
        type master;
        file "testmail.com.zone";
};
~
"/etc/named.rfc1912.zones" 46L, 1014C written

(5)检查配置
在这里插入图片描述

[root@dns named]# named-checkzone testmail.com testmail.com.zone 
testmail.com.zone:10: unknown RR type 'dns'
testmail.com.zone:11: unknown RR type 'mail'
testmail.com.zone:12: unknown RR type 'www'
testmail.com.zone:13: unknown RR type 'smtp'
zone testmail.com/IN: loading from master file testmail.com.zone failed: unknown class/type
zone testmail.com/IN: not loaded due to errors.
[root@dns named]# named-checkzone /etc/named.conf 
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename

突然出现的错误把我搞蒙了!认真看了看,尝试改正
a、testmail.com.zone 文件 我把 10,11,12,13行前面的空格都删掉了
b、命令写错了
然后就好了

[root@dns named]# named-checkzone testmail.com testmail.com.zone 
zone testmail.com/IN: loaded serial 0
OK
[root@dns named]# named-checkconf /etc/named.conf

这时候可以重启了,重启后配置/etc/resolv.conf 文件,把你需要解析的虚拟机IP写在前面

[root@mail slaves]# vi /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.200.70
nameserver 192.168.200.80
nameserver 114.114.114.114

然后试一试是否能ping通
能ping通说明正向解析配置成功

[root@dns named]# ping dns.testmail.com
PING dns.testmail.com (192.168.200.70) 56(84) bytes of data.
64 bytes from 192.168.200.70: icmp_seq=1 ttl=64 time=0.672 ms
64 bytes from 192.168.200.70: icmp_seq=2 ttl=64 time=1.11 ms
64 bytes from 192.168.200.70: icmp_seq=3 ttl=64 time=3.74 ms
64 bytes from 192.168.200.70: icmp_seq=4 ttl=64 time=3.00 ms
64 bytes from 192.168.200.70: icmp_seq=5 ttl=64 time=2.18 ms
64 bytes from 192.168.200.70: icmp_seq=6 ttl=64 time=0.506 ms
^C
--- dns.testmail.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5012ms
rtt min/avg/max/mdev = 0.506/1.871/3.744/1.209 ms

2、反向区域
(1)修改区域配置文件
添加
zone “200.168.192.in-addr.arpa” IN {
type master;
file “70.200.168.192.in-addr.arpa.local”;

[root@dns named]# vi /etc/named.rfc1912.zones 
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "testmail.com" IN {
        type master;
        file "testmail.com.zone";
};

zone "200.168.192.in-addr.arpa" IN {
        type master;
        file "70.200.168.192.in-addr.arpa.local";
};
"/etc/named.rfc1912.zones" 51L, 1126C written

(2)配置70.200.168.192.in-addr.arpa.local 文件(该文件必须于区域配置文件里写的文件名一样)

[root@dns named]# cp -p testmain.com.zone 70.200.168.192.in-addr.arpa.local
[root@dns named]# vi 70.200.168.192.in-addr.arpa.local
$TTL 1D
@       IN SOA  testmail.com. admin.testmail.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        IN NS dns.testmail.com.
70 IN PTR mail.testmail.com.
70 IN PTR www.testmail.com.
~
~
~
~
~
~
~
~
"70.200.168.192.in-addr.arpa.local" 10L, 222C written

(3)测试

[root@dns named]# named-checkconf /etc/named.conf 
[root@dns named]# named-checkzone mail.testmail.com 70.200.168.192.in-addr.arpa.local 
zone mail.testmail.com/IN: loaded serial 0
OK
[root@dns named]# systemctl restart named
[root@dns named]# ping www.testmail.com     ## 可以ping通反向解析没有问题
PING www.testmail.com (192.168.200.70) 56(84) bytes of data.
64 bytes from 192.168.200.70: icmp_seq=1 ttl=64 time=0.354 ms
64 bytes from 192.168.200.70: icmp_seq=2 ttl=64 time=0.605 ms
64 bytes from 192.168.200.70: icmp_seq=3 ttl=64 time=0.596 ms
^C
--- www.testmail.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.354/0.518/0.605/0.117 ms
月亮归我了
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
实验四 配置DNS服务器(一).docx
05-25
实验四的目的是让学生掌握DNS(Domain Name System)服务器的工作原理、安装方法以及配置技巧,并通过正向解析和反向解析的实践操作来检验DNS服务器的功能。在这个实验中,我们将使用Linux服务器进行配置,标签提示...
DNS服务器systemctl start named启动失败
热门推荐
ywl470812087的博客
09-21 14万+
systemctl restart named Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details. 命令:named-checkconf -z...
Centos7 DNS 服务配置步骤
傻傻的心动的博客
12-02 2188
DNS服务配置 第一步:利用centos镜像做yum源安装bind服务
DNS服务器搭建与配置
最新发布
awildchild1的博客
05-28 1457
此文件作为name.conf中include加载配置文件zone "wp.net" { #设置维护域#指定为主域服务器#指定区域的zone文件名#是否允许辅助dns更新 allow-updata { <IP LIST>;#设置转发域#仅转发此域# 转发至上层DNS服务器列表zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { #IPV6的PTR配置文件设定。
反向域名linux,linux9配置域名反向解析
weixin_35034536的博客
05-13 219
linux9配置域名反向解析发布时间:2007-02-15 00:37:15来源:红联作者:exchanged#tail -f /var/log/messages======Jan 29 11:14:38 hz named[21919]: dns_master_load: test.local:8: unknown RR type '@'Jan 29 11:14:38 hz named[21919...
DNS服务配置正向解析域文件时提示unknown RR type xxx
qq_43039392的博客
06-02 2766
检验正向解析域文件是否书写正确 sudo named-checkzone hanmengru.example.com /etc/bind/zones/db.hanmengru.example.com 提示如下 主机名前不能有空格 去掉ns1.hanmengru.example.com和host1.hanemengru.example.com前的空格 问题解决 ...
配置与管理DNS服务器.pptx
03-07
3. **配置DNS区域**:创建和配置DNS区域,包括正向和反向查找区域,以存储和管理域名与IP地址的映射。 4. **资源记录管理**:设置A(主机)记录、CNAME(别名)记录、MX(邮件交换)记录等,以定义不同类型的域名...
DNS服务安装配置.doc
10-10
DNS服务安装配置DNS(Domain Name System)服务是互联网的重要组成部分,它负责将易于记忆的域名转换为实际的IP地址,使得用户能够通过简单易记的名称访问网络资源。本文档主要介绍了DNS服务安装配置...
DNS服务配置手册.docx
02-17
DNS 服务配置手册 本文档旨在指导读者在 Windows 服务器上配置 DNS 服务器,包括 DNS 服务器的...本文档提供了详细的 DNS 服务配置指南,指导读者从安装 DNS 服务到添加区域、添加主机和添加指针的整个配置过程。
Linux环境下配置DNS服务
07-23
在Vmware虚拟机上利用Centos 7操作系统配置DNS服务。在实验开始前,需要做如下操作:准备3个虚拟机,都需要安装bind安装包。客户机安装bind后,需启动服务。 nslookup指令的退出输入:exit 本次配置较为简单,适合...
解决Snort Unknown Classtype
Squeen_的专栏
07-05 1587
原因是配置的conf文件找不到classification.config 解决方法: 在你的配置文件中包含classification.config文件,例如:include D:/Snort/etc/classification.config
编写snort规则检测网络攻击
guansheng123的博客
02-23 5544
Snort 规则被分成两个逻辑部分:规则头和规则选项。 规则头包含规则的 动作,协议,源和目标 ip 地址与网络掩码,以源和目标端口信息; 规则选项 部分包含报警消息内容和要检查的包的具体部分。 Alert:使用选择的报警方法生成一个警报,然后记录(log)这个包。 Alert 动作用来在一个包符合规则条件时发送告警消息。告警的发送有多种方式, 例如可以发送到文件或者控制台。 Snort 当前分析可疑包的 ip 协议有四种: tcp 、 udp、 icmp 和 ip。...
NDK编译c包含C++头文件 error: unknown type name 'class' 的解决方法
Android4chodison
03-30 8157
在进行native开发的时候,难免会遇到C文件包含C++头文件而调用C++函数,若没做什么处理,直接include进行编译的话,会遇到以下错误: error: unknown type name 'class' error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 那么怎么解决呢? 首先,找下报
RHEL5 --DNS 配置出现 no current owner name 错误
cuiyan1982的专栏
03-24 1998
原文地址:http://blog.chinaunix.net/uid-24332402-id-4507222.htmlRHEL5.5x64 -- DNS方式配置SCAN以下操作在DNS服务器上进行: 安装bind三个包# rpm -ivh bind-9.3.6-4.P1.el5_4.2.x86_64.rpm# rpm -ivh bind-chroot-9.3.6-4.P1.el5_4.2.x86_...
【报错】【CentOS_7】【BIND】解决named[7151]: loading from master file XXX.XXX.XXX failed: permission
安洁莉娅丶的博客
06-04 4602
2021.6.4 参考博客:点击此处 报错信息如图所示: 今日在搭建DNS服务器的时候,出现了这个报错,经过在网上查询资料,发现是zone域文件权限的问题。 解决方案: 首先进入zone域的目录下,并且查看文件信息 # 进入zone域目录 cd /var/named # 查询文件信息 ll 可以看到,官方的zone文件,文件权限都是root:named 而自己在root账号下创建的文件文件权限是root:root 修改文件权限 chown root:named dnstuneltest.com.
基础服务——DNS域名解析服务
yangfengru的博客
06-14 2344
搭建DNS域名解析服务 [root@localhost ~]# cd /media/dvd/Packages/ 进入rpm库目录 [root@localhost Packages]# rpm -ivh bind-9.9.4-37.el7.x86_64.rpm 安装bind依赖包 warning: bind-9.9.4-37.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80e...
计算机网络常用服务器的安装配置.docx
11-02
本实验文档详细介绍了如何在计算机网络环境下对常用的服务器进行安装配置。实验主要涉及Windows 2003和Windows XP两个操作系统,包括DNS服务器、DHCP服务器、FTP服务器以及代理服务器的配置。 实验三,"计算机...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值