1.规划节点
部署 mail 服务的节点规划
IP 主机名 结点
172.16.51.20 mail.testmail.com Mail服务器
172.166.51.8 master DNS服务器
2.基础准备
使 用 VMWare Workstation 软件 安装 CentOS 7.2 操作 系统, 镜像 使用 提供 的
CentOS-7-x86_64-DVD-1511.iso。最小化 CentOS 7.2 虚拟机一台,另需要 DNS 服务器一台,
安装配置请参考 3.5 实战案例——DNS 服务与管理。YUM 源使用本地 CetnOS 7.2 系统源。
3 案例实施
1.基础配置
(1)修改 mail 节点主机名
[root@localhost ~]# hostnamectl set-hostname mail.testmail.com
退出重新登录生效
(2)YUM 源备份
[root@localhost ~]# mv /etc/yum.repos.d/* /opt/
(3)创建 repo 文件
[root@localhost ~]# vi /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=ftp://172.16.50.10/centos7.2
gpgcheck=0
enabled=1
(4)测试 YUM 源配置
[root@localhost ~]# yum list
2.DNS 服务配置
(1)修改 master 节点 bind 配置文件 named.conf
[root@master ~]# cat /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
any; };
// listen-on-v6 port 53 {
::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {
any; };
notify yes;
also-notify {
172.16.51.21 ;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce su