[笔记]CentOS 7 DNS服务配置
本文最后更新于 2022-02-17,文章内容可能已经过时。
主DNS
题目要求
配置主DNS服务器
IP为 192.168.1.1 ; 掩码为 24位 ; DNS指向本机
建立 infanx.com 域的正反向解析
| 主机记录 | 记录类型 | 记录值 |
|---|---|---|
| ns1 | A | 192.168.1.1 |
| ns2 | A | 192.168.1.2 |
| www | A | 192.168.1.100 |
| bbs | CNAME | www |
| ftp | A | 192.168.1.110 |
| MX 10 | 192.168.1.120 |
服务配置
关闭SELinux与防火墙
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
配置网卡
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
DNS1=192.168.1.1
DNS2=127.0.0.1
配置yum源 安装bind包 vim包
[root@localhost ~]# yum install -y bind* vim*
编辑主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type master;
file "infanx.com.loopback";
allow-update { none; };
};
zone "infanx.com" IN {
type master;
file "infanx.com.empty";
allow-update { none; };
};
编辑正反向配置文件
[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p named.localhost infanx.com.empty
[root@localhost named]# cp -p named.loopback infanx.com.loopback
正向文件
$TTL 1D
@ IN SOA ns1.infanx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN NS ns2
ns1 IN A 192.168.1.1
ns2 IN A 192.168.1.2
www IN A 192.168.1.100
bbs IN CNAME www
ftp IN A 192.168.1.110
mail IN MX 10 192.168.1.120
反向文件
$TTL 1D
@ IN SOA ns1.infanx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.infanx.com.
IN NS ns2.infanx.com.
1 IN PTR ns1.infanx.com.
2 IN PTR ns2.infanx.com.
100 IN PTR www.infanx.com.
100 IN PTR bbs.infanx.com.
110 IN PTR ftp.infanx.com.
120 IN PTR mail.infanx.com.
重启DNS服务
[root@localhost named]# systemctl restart named
测试解析记录
[root@localhost named]# nslookup
> ns1.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: ns1.infanx.com
Address: 192.168.1.1
> ns2.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: ns2.infanx.com
Address: 192.168.1.2
> www.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: www.infanx.com
Address: 192.168.1.100
> bbs.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
bbs.infanx.com canonical name = www.infanx.com.
Name: www.infanx.com
Address: 192.168.1.100
> ftp.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: ftp.infanx.com
Address: 192.168.1.110
> mail.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: ftp.infanx.com
Address: 192.168.1.120
> 192.168.1.1
Server: 192.168.100.100
Address: 192.168.100.100#53
1.1.168.192.in-addr.arpa name = ns1.infanx.com.
> 192.168.1.2
Server: 192.168.100.100
Address: 192.168.100.100#53
2.1.168.192.in-addr.arpa name = ns2.infanx.com.
> 192.168.1.100
Server: 192.168.100.100
Address: 192.168.100.100#53
100.1.168.192.in-addr.arpa name = bbs.infanx.com.
100.1.168.192.in-addr.arpa name = www.infanx.com.
> 192.168.1.110
Server: 192.168.100.100
Address: 192.168.100.100#53
110.1.168.192.in-addr.arpa name = ftp.infanx.com.
> 192.168.1.120
Server: 192.168.100.100
Address: 192.168.100.100#53
120.1.168.192.in-addr.arpa name = mail.infanx.com.
缓存DNS(转发器)
题目要求
在第二台服务器上安装DNS服务 作为主DNS服务器的缓存DNS
服务配置
安装DNS服务
编辑主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
forwarders { 192.168.1.1; };
//指明转发器是谁
forward first;
//first:优先使用转发器,如果查询不到再使用本地DNS;
//only:仅使用转发器,如果查询不到则返回DNS客户端查询失败;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
或者编辑区域配置文件 配置局部转发器 原理同上
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "infanx.com" IN {
type forward;
forwarders { 192.168.1.1; };
forward first;
};
重启DNS服务
进入slaves文件夹验证
[root@localhost ~]# cd /var/named/slaves
[root@localhost slaves]# ll
总用量 8
-rw-r--r--. 1 named named 466 2月 17 00:00 infanx.com.empty
-rw-r--r--. 1 named named 466 2月 17 00:00 infanx.com.loopback
辅助DNS(DNS集群)
题目要求
主DNS正反向文件中分别添加辅助DNS的 NS记录 和 A记录
服务配置
安装DNS服务 编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/infanx.com.loopback";
masters { 192.168.1.1; };
};
zone "infanx.com" IN {
type slave;
file "slaves/infanx.com.empty";
masters { 192.168.1.1; };
};
zone "区域名称" IN {
type slave; //区域类型为辅助
file "slaves/文件名"; //文件必须保存在slaves下,其他目录没有权限
masters { IP1; IP2; }; //指出主服务器是谁
};
在主DNS上修改区域文件时,必须将SOA记录的serial加1,因为slave是通过serial值来进行判断更新的。
子DNS(子域授权)
题目要求
父DNS配置DNS基础的正向解析文件
父DNS进行子域授权 ftp.infanx.com
服务配置
子域服务器安装DNS
编辑父域正向文件添加NS记录指向子域主DNS
frp IN NS ns1.frp
ns1.frp IN A 192.168.1.200
子域编辑区域配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "frp.infanx.com" IN {
type master;
file "frp.infanx.com.empty";
allow-update { none; };
};
为子域创建正向文件并添加解析记录
[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p named.localhost frp.infanx.com.empty
[root@localhost named]# vim frp.infanx.com.empty
$TTL 1D
@ IN SOA ns1.frp.infanx.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
ns1 IN A 192.168.1.200
nj IN A 192.168.1.201
hz IN A 192.168.1.202
sh IN A 192.168.1.203
重启服务并测试
[root@localhost named]# systemctl restart named
[root@localhost named]# nslookup
> ns1.frp.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: ns1.frp.infanx.com
Address: 192.168.100.200
> nj.frp.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: nj.frp.infanx.com
Address: 192.168.1.201
> hz.frp.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: hz.frp.infanx.com
Address: 192.168.1.202
> sh.frp.infanx.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: sh.frp.infanx.com
Address: 192.168.1.203
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 infanx.com
阅读建议
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
