redhat7.3 dns服务器配置

1.基本配置

systemctl stop firewalld.service

systemctl disable firewalld.service

setenforce 0

nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.10/24 type ethernet ipv4.method manual（内网网卡）

nmcli connection add con-name out ifname ens38 ipv4.addresses 192.168.2.10/24 type ethernet ipv4.method manual（外网网卡）

2.配置简单dns服务器

yum install -y bind bind-utils

2.1修改主配置文件

vim /etc/named.conf（修改该文件）

   listen-on port 53 { any; };

   allow-query     { any; };

       zone "fengxiaoli41.com" IN {

        type master;

        file "fengxiaoli41.com.lan";

        allow-update {none;};

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "1.168.192.lan";

        allow-update {none;};

 

};

2.2编辑正解区域

cd /var/named/

cp named.localhost fengxiaoli41.com.lan

vim fengxiaoli41.com.lan

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

fengxiaoli41.com. IN A 192.168.1.10

www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.

client.fengxiaoli41.com. IN A 192.168.1.200

@       IN NS   slave.fengxiaoli41.com.

slave.fengxiaoli41.com. IN A 192.168.1.100

2.3编辑反解区域

cp fengxiaoli41.com.lan 1.168.192.lan

vim 1.168.192.lan  

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

10      IN PTR fengxiaoli41.com.

200     IN PTR client.fengxiaoli.com.

100     IN PTR slave.fengxiaoli.com.

chown named:named fengxiaoli41.com.lan

chown named:named 1.168.192.lan

2.4重启服务并测试

systemctl restart named

systemctl status named

dig fengxiaoli41.com

3.配置chroot环境

yum install -y bind-chroot

/usr/libexec/setup-named-chroot.sh /var/named/chroot/ on

systemctl stop named.service

systemctl disabled named

systemctl enable named-chroot.service

systemctl start named-chroot

dig fengxiaoli41.com

如果dns只为内网提供解析到此可以结束。

4.配置分离解析的dns（与2，3步独立）

4.1修改主配置文件

 vim /etc/named.conf

listen-on port 53 { any; };

allow-query     { any; };

acl in {192.168.1.0/24;};

acl out { ! 192.168.1.0/24; any;};

view "internal"{

match-clients { in; localhost;};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "fengxiaoli41.com" IN {

        type master;

        file "fengxiaoli41.com.lan";

        allow-update {none;};

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "1.168.192.lan";

        allow-update {none;};

 

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

 注意所有区域都要包含在view里

view "external"{

match-clients {out;};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "fengxiaoli41.com" IN {

        type master;

        file "fengxiaoli41.com.wan";

        allow-update {none;};

};

zone "2.168.192.in-addr.arpa" IN {

        type master;

        file "2.168.192.wan";

        allow-update {none;};

 

};

};

cd /var/named/chroot/var/named/

4.2编辑内网正解反解区域

vim fengxiaoli41.com.lan

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

fengxiaoli41.com. IN A 192.168.1.10

www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.

client.fengxiaoli41.com. IN A 192.168.1.200

@       IN NS   slave.fengxiaoli41.com.

slave.fengxiaoli41.com. IN A 192.168.1.100

vim 1.168.192.lan  

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

10      IN PTR fengxiaoli41.com.

200     IN PTR client.fengxiaoli.com.

100     IN PTR slave.fengxiaoli.com.

4.3编辑外围正解反解区域

vim fengxiaoli41.com.wan

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

fengxiaoli41.com. IN A 192.168.2.10

 

vim 2.168.192.wan

$TTL 665

@IN SOAfengxiaoli41.com. 123@qq.com (

2017062900; serial

3600; refresh

1800; retry

604800; expire

665 ); minimum

@IN NSfengxiaoli41.com.

10IN PTR fengxiaoli41.com.

4.4设置权限重启服务

chown named:named -R  /var/named/chroot/var/named/*

systemctl restart named-chroot

5.主从服务器配置（在2或者4的基础上配置）

5.1主服务器配置

 vim /etc/named.conf

 allow-transfer { 192.168.1.0/24;};

cd /var/named/chroot/var/named/

vim fengxiaoli41.com.lan

@       IN NS   slave.fengxiaoli41.com.

slave.fengxiaoli41.com. IN A 192.168.1.100

 

vim 1.168.192.lan

100     IN PTR slave.fengxiaoli.com.

 

5.2从服务器配置（注意firewalld和selinux）

nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.100/24 type ethernet ipv4.method manual

yum install -y bind-utils bind

vim /etc/named.conf

  listen-on port 53 { any; };

  allow-query     { any; };

  zone "fengxiaoli41.com" IN {

        type slave;

        masters { 192.168.1.10; };

        file "slaves/fengxiaoli.com.lan";

};

zone "1.168.192.in-addr.arpa" IN {

        type slave;

        masters { 192.168.1.10; };

        file "slaves/1.168.192.lan";

 

};

systemctl restart named

ll /var/named/slaves/

本文转自 fxl风 51CTO博客，原文链接:http://blog.51cto.com/fengxiaoli/1944870