DNS解析服务
一、基础配置:
1、主机清单:
2、网络配置:
dns-server:
[root@dns-server ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" BOOTPROTO="static" NAME="ens33" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.10.10" PREFIX="24" GATEWAY="192.168.10.254" DNS1="114.114.114.114"
重启网络:
[root@dns-server ~]# systemctl restart network [root@dns-server ~]# hostname -I 192.168.10.10
dns-client:
[root@dns-client ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" BOOTPROTO="static" NAME="ens33" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.10.20" PREFIX="24" GATEWAY="192.168.10.254" DNS1="114.114.114.114"
重启网络:
[root@dns-client ~]# systemctl restart network [root@dns-client ~]# hostname -I 192.168.10.20
二、搭建DNS服务:
1、放行防火墙:
[root@dns-server ~]# firewall-cmd --add-service=dns --permanent [root@dns-server ~]# firewall-cmd --reload
2、安装bind:
[root@dns-server]# yum -y install bind
3、配置文件介绍:
/etc/named.conf # bind主配置文件 /etc/named.rfc1912.zones # 定义zone的文件 /etc/rc.d/init.d/named # bind脚本文件 /etc/rndc.conf # rndc配置文件 /usr/sbin/named-checkconf # 检测/etc/named.conf文件语法 /usr/sbin/named-checkzone # 检测zone和对应zone文件的语法 /usr/sbin/rndc # 远程dns管理工具 /usr/sbin/rndc-confgen # 生成rndc密钥 /var/named/named.ca # 根解析库 /var/named/named.localhost # 本地主机解析库 /var/named/slaves # 从ns服务器文件夹
4、放行查询网段:
[root@dns-server ~]# cat /etc/named.conf|head -n 21 // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 192.168.10.10; }; #127.0.0.1改为any或本机地址(监听地址与端口) listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { 192.168.10.0/24; }; #localhost改为any或网段(允许查询的地址)
开机自启动
[root@dns-server ~]# systemctl enable name
5、配置正反向解析:
配置区域文件
[root@dns-server ~]# cat /etc/named.rfc1912.zones #这个配置文件默认有4个模板、根据情况删除或者用以下内容 zone "linux.server" IN { type master; #服务解析类型 file "named.localhost"; #域名与IP地址解析规则的文件 allow-update { any; }; #允许哪些客户机动态更新解析信息 }; zone "10.168.192.in-addr.arpa" IN { #表示192.168.10.0/24网段解析的区域 type master; file "named.loopback"; allow-update { any; }; };
配置正向解析:
[root@dns-server ~]# vi /var/named/named.localhost $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 dns A 192.168.10.10
记录类型:
zone文件详解
# 0 ; serial 更新序列号 # 1D ; refresh 更新间隔(从服务器下载数据) # 1H ; retry 失败重试 # 1W ; expire 区域文件的过期时间 # 3H ) ; minimum 缓存的最小生存周期
配置反向解析:
[root@dns-server ~]# vi /var/named/named.loopback $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 AAAA ::1 PTR localhost. 10 PTR dns.linux.server 20 PTR web.linux.server
6、测试正反向解析
[root@dns-server ~]# yum install bind-utils -y [root@dns-server ~]# echo "nameserver 192.168.10.10" > /etc/resolv.conf [root@dns-server ~]# nslookup dns.linux.server Server: 192.168.10.10 Address: 192.168.10.10#53 Name: dns.linux.server Address: 192.168.10.10 [root@dns-server ~]# nslookup 192.168.10.10 10.10.168.192.in-addr.arpa name = dns.linux.server.10.168.192.in-addr.arpa.
注:dns-server这台机器已经正常上百度了、如果需要则需要改/etc/resolv.conf配置文件。
7、客户端验证:
[root@dns-client ~]# yum install bind-utils -y [root@dns-client ~]# echo "nameserver 192.168.10.10" > /etc/resolv.conf [root@dns-client ~]# nslookup dns.linux.server Server: 192.168.10.10 Address: 192.168.10.10#53 Name: dns.linux.server Address: 192.168.10.10
注:dns-client这台机器已经正常上百度了、如果需要则需要改/etc/resolv.conf配置文件。
