DNS搭建实战

实验环境：RHEL7.0

          服务端： server1.example.com  172.25.254.1  192.168.0.1

          客户端 ：desktop.example.com  172.25.254.2

实验内容：配置名称服务器

                DNS正向A解析

                DNS逆向PTR解析

                添加CNAME和MX记录

                DNS双向解析

1.配置名称服务器
    1.1 安装 bind 软件包
        – yum install -y bind
    1.2 编辑 /etc/named.conf
        –listen-on port 53 { any; };
        –listen-on-v6 port 53 { any; };  ##IPV6监听端口，可不配置
        –allow-query { any; };
        dnssec-validation no;

    1.3 启动并启用 DNS 服务器
         systemctl start named
         systemctl enable named

    1.4 从 desktop 进行测试

[root@desktop ~]# vim /etc/resolv.conf      添加解析

        nameserver 172.25.254.1

[root@desktop ~]# dig 172.25.254.1    测试

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> 172.25.254.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23765
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.25.254.1.            IN    A

;; Query time: 11 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 13:44:21 CST 2016
;; MSG SIZE  rcvd: 41
    
2.添加DNS正向A解析
   2.1服务器端
     2.1.1.vim /etc/named.conf 
        –listen-on port 53 { any; };
        –listen-on-v6 port 53 { any; };  ##IPV6监听端口，可不配置
        –allow-query { any; };
        dnssec-validation no;

     2.1.2.vim /etc/named.rfc1912.zones 
       修改正向解析模版成

            zone "willis.com" IN {
                    type master;
                    file "willis.com.zone";
                    allow-update { none; };
            };

     2.1.3.cd /var/named/
           cp -p named.localhost willis.com.zone
     2.1.4. vim willis.com.zone 
            $TTL 1D
            @       IN SOA   dns.willis.com. root. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
            NS      hello.willis.com.
            hello   A       172.25.254.1
            www     A       172.25.254.1                           
      2.1.5.systemctl restart named

   2.2客户端
     2.2.1.vim /etc/resolv.conf
     nameserver  172.25.254.1   ###添加解析
     2.2.2.测试
     dig  www.willis.com
     dig  willis.com
[root@desktop ~]# dig www.willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40219
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.willis.com.            IN    A

;; ANSWER SECTION:
www.willis.com.        86400    IN    A    172.25.254.1

;; AUTHORITY SECTION:
willis.com.        86400    IN    NS    hello.willis.com.

;; ADDITIONAL SECTION:
hello.willis.com.    86400    IN    A    172.25.254.1

;; Query time: 10 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 14:07:02 CST 2016
;; MSG SIZE  rcvd: 95

3.DNS逆向PTR解析   

服务器端配置：
    3.1.vim /etc/named.rfc1912.zones 
       修改逆向解析模版成
          zone "1.254.25.172.in-addr.arpa" IN {
                type master;
                file "willis.com.ptr";
                allow-update { none; };
        };

    3.2.cd /var/named/
       cp -p named.loopback willis.com.ptr
    3.3. vim   willis.com.ptr
       $TTL 1D
        @       IN SOA   dns.willis.com. root. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.willis.com.
        dns     A       172.25.254.1
        101     PTR     localhost.                        
    3.4.systemctl restart named

客户端测试
 dig  -x 172.25.254.1
 dig  -x 172.25.254.101

[root@desktop ~]# dig -x 172.25.254.1

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21692
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.254.25.172.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
1.254.25.172.in-addr.arpa. 10800 IN    SOA    dns.willis.com. root. 0 86400 3600 604800 10800

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 14:26:16 CST 2016
;; MSG SIZE  rcvd: 108

[root@desktop ~]# dig -x 172.25.254.101

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.254.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19576
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;101.254.25.172.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
25.172.in-addr.arpa.    86400    IN    SOA    25.172.in-addr.arpa. . 0 28800 7200 604800 86400

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 14:26:21 CST 2016
;; MSG SIZE  rcvd: 91

4.添加CNAME和MX

vim /var/named/willis.com.zone
$TTL 1D
@       IN SOA   dns.willis.com. root. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      hello.willis.com.
www     CNAME host.a.willis.com.
willis.com.  MX 1 172.25.254.1
hello   A       172.25.254.1

客户端测试
[root@desktop ~]# dig -t mx willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5530
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;willis.com.            IN    MX

;; ANSWER SECTION:
willis.com.        86400    IN    MX    1 172.25.254.1.

;; AUTHORITY SECTION:
willis.com.        86400    IN    NS    hello.willis.com.

;; ADDITIONAL SECTION:
hello.willis.com.    86400    IN    A    172.25.254.1

;; Query time: 0 msec
;; SERVER: 172.25.254.1#53(172.25.254.1)
;; WHEN: Wed Sep 07 14:32:20 CST 2016
;; MSG SIZE  rcvd: 103

5.DNS双向解析
实验前先给服务器端虚拟机添加网卡，保证有两块网卡,设置不同网段IP用于测试
eth0  172.25.254.1
eth1  192.168.0.1

[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:95:46:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global ens7
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:ce:65:ca brd ff:ff:ff:ff:ff:ff
    inet 172.25.254.1/16 brd 172.25.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fece:65ca/64 scope link 
       valid_lft forever preferred_lft forever

服务器端配置：
1.cd /var/named/
2 cp -p willis.com.zone willis.com.inter
3 vim  willis.com.inter
$TTL 1D
@       IN SOA   dns.willis.com. root. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      hello.willis.com.
hello   A       172.25.254.1
www     CNAME host.a.willis.com.
host.a  A       192.168.0.1
willis.com.  MX 1 172.25.254.1.

                             
2.cp -p /etc/named.rfc1912.zones  /etc/named.inter.zones
  vim /etc/named.inter.zones
修改为
 zone "willis.com" IN {
    type master;
    file "willis.com.inter";
    allow-update { none; };
};

3. vim /etc/named.conf 

/*zone "." IN {
    type hint;
    file "named.ca";
};*/

view  localnet {
       match-clients { 172.25.254.0/24; };
       zone "." IN {
       type hint;
       file "named.ca";
       };
include  "/etc/named.rfc1912.zones";
};

view  internet {
       match-clients { any; };
       zone "." IN {
       type hint;
       file "named.ca";
       };
include  "/etc/named.inter.zones";
};

4.systemctl restart named

客户端测试：

1.设置IP为192.128.0.2

[root@server2 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:70:0d:1a brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe70:d1a/64 scope link 
       valid_lft forever preferred_lft forever
2. vim /etc/resolv.conf
       nameserver 192.168.0.106
3.dig willis.com
[root@server2 ~]# dig willis.com

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> willis.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31985
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;willis.com.            IN    A

;; AUTHORITY SECTION:
willis.com.        10800    IN    SOA    dns.willis.com. root. 0 86400 3600 604800 10800

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Sep 07 15:12:28 CST 2016
;; MSG SIZE  rcvd: 83

本文转自willis_sun 51CTO博客，原文链接：http://blog.51cto.com/willis/1847312，如需转载请自行联系原作者