在这篇中,我用的是NAT模式(虚拟机网卡分别为):
mail:192.168.200.10
dns:192.168.200.40
基础配置(两台都需要配置)
(1)修改 mail 节点与 dns 节点主机名
[root@localhost ~]# hostnamectl set-hostname mail
[root@localhost ~]# bash
[root@jing ~]# hostnamectl set-hostname dns
[root@jing ~]# bash
(2)关闭防火墙
[root@mail ~]# systemctl stop firewalld
[root@mail ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mail ~]# setenforce 0
[root@mail ~]# getenforce
Permissive
(3)测试本地 yum 源(如果不可就用网络yum源)
[root@mail ~]# mv /etc/yum.repos.d/C* /media/
[root@mail ~]# mkdir /opt/centos
[root@mail ~]# mount /dev/cdrom /opt/centos
mount: /dev/sr0 is write-protected, mounting read-only
[root@mail ~]# vi /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[root@mail ~]# yum clean all
[root@mail ~]# yum repolist
[root@mail ~]# yum list
安装与配置 DNS 服务器
(1)安装 DNS 服务器(两台虚拟机都需要安装)
[root@mail ~]# yum install -y bind-chroot bind-utils net-tools telnet
Installed:
bind-chroot.x86_64 32:9.11.4-26.P2.el7_9.3 bind-utils.x86_64 32:9.11.4-26.P2.el7_9.3
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7 bind.x86_64 32:9.11.4-26.P2.el7_9.3 bind-export-libs.x86_64 32:9.11.4-26.P2.el7_9.3
bind-libs.x86_64 32:9.11.4-26.P2.el7_9.3 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-21.el7
libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7
python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
Updated:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Dependency Updated:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7 bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.3
bind-license.noarch 32:9.11.4-26.P2.el7_9.3 dhclient.x86_64 12:4.2.5-82.el7.centos dhcp-common.x86_64 12:4.2.5-82.el7.centos
dhcp-libs.x86_64 12:4.2.5-82.el7.centos libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7
libselinux-utils.x86_64 0:2.5-15.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7
policycoreutils.x86_64 0:2.5-34.el7
Complete!
(2)启动 DNS 服务
重启named服务(两台虚拟机都需要执行)
[root@mail ~]# systemctl restart named 重启
[root@mail ~]# systemctl status named 查看named服务状态
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2021-02-01 17:06:59 CST; 15s ago
Process: 21220 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 21217 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 21222 (named)
CGroup: /system.slice/named.service
└─21222 /usr/sbin/named -u named -c /etc/named.conf
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Feb 01 17:06:59 mail named[21222]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Feb 01 17:07:01 mail named[21222]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Feb 01 17:07:01 mail named[21222]: resolver priming query complete
(3)查看端口是否启动
[root@mail ~]# netstat -lntp | grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21222/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 21222/named
tcp6 0 0 ::1:53 :::* LISTEN 21222/named
tcp6 0 0 ::1:953 :::* LISTEN 21222/named
(4)修改主服务器 DNS 的配置文件 named.conf(记住修改配置每个分号都不能少)
修改 named.conf 以下配置:(从服务器也是一样!)
listen-on port 53 { any; }; // 监听所有的 53 号端口,此处可以根据需要设置需要监听的
IP also-notify { any;}; // 允许所有的查询
[root@mail ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{
version}/Bv9ARM.html
options {
listen-on port 53