CentOS7下DNS服务器的搭建(局域网DNS、辅助DNS、缓存DNS) | 您所在的位置:网站首页 › 内网的dns › CentOS7下DNS服务器的搭建(局域网DNS、辅助DNS、缓存DNS) |
一、DNS服务器的安装与测试 二、配置文件详解 三、配置内网(局域网)DNS 四.辅DNS的配置 五、缓存DNS配置 一、DNS服务器的安装与测试1.查看是否安装DNS软件包 [root@mylocalhost ~]# rpm -qa|grep bind 未安装:bind-9.9.4-61.el7_5.1.x86_64
2.安装DNS服务器软件包bind [root@mylocalhost ~]# yum install bind
3.再次查看bind包是否安装 [root@mylocalhost ~]# rpm -qa|grep bind 已安装。
4.启动DNS服务(说明:DNS服务的守护进程为named) [root@mylocalhost ~]# systemctl start named.service
5.将DNS设为开机自启动 [root@mylocalhost ~]# systemctl enable named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
6.查看DNS服务的状态 [root@mylocalhost ~]# systemctl status named.service
7.测试域名解析(能够正确解析外网和本机) [root@www ~]# nslookup www.baidu.com [root@www ~]# nslookup www.sohu.com [root@www ~]# nslookup localhost [root@www ~]# nslookup 127.0.0.1 1.配置文件/etc/named.conf详解 [root@www ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options { #选项 listen-on port 53 { 127.0.0.1; }; #服务监听端口为53 listen-on-v6 port 53 { ::1; }; #服务监听端口为53(ipv6) directory "/var/named"; #配置文件存放的目录 dump-file "/var/named/data/cache_dump.db"; #解析过的内容的缓存 statistics-file "/var/named/data/named_stats.txt"; #静态缓存(一般不用) memstatistics-file "/var/named/data/named_mem_stats.txt"; #静态缓存(放内存里的,一般不用) allow-query { localhost; }; #允许连接的客户机 recursion yes; #递归查找 dnssec-enable yes; #DNS加密 dnssec-validation yes; #DNS加密高级算法 dnssec-lookaside auto; #DNS加密的相关东西 /* Path to ISC DLV key */ bindkeys-file “/etc/named.iscdlv.key”; #加密用的key(私钥公钥的加密,很强) };
logging { #日志 channel default_debug { file "data/named.run"; #运行状态文件 severity dynamic; #静态服务器地址(根域) }; }; zone "." IN { #根域解析 type hint; file "named.ca"; #根域配置文件 }; include "/etc/named.rfc1912.zones"; #扩展配置文件(新开域名) include "/etc/named.root.key";
2.扩展配置文件/etc/named.rfc1912.zones详解 zone "localhost.localdomain" IN { #本地主机全名解析 type master; #类型为主域 file "named.localhost"; #域配置文件(文件存放在/var/named目录中) allow-update { none; }; #不允许客户端更新 };
zone "localhost" IN { #本地主机名解析 type master; file "named.localhost"; allow-update { none; }; };
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { #ipv6本地地址反向解析 type master; file "named.loopback"; allow-update { none; }; zone "1.0.0.127.in-addr.arpa" IN { #本地地址反向解析 type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { #本地全网地址反向解析(和/域更新用的) type master; file "named.empty"; allow-update { none; }; }; 三、配置内网(局域网)DNS 本局域网有6台机器,定义:域名为abc.com,主机名分别为:pc1、pc2、pc3、pc4、pc5、pc6,其中pc1为域名服务器,负责对局域网中的6台机器进行域名解析,其IP地址为:192.168.190.10,pc2~pc6主机的IP地址分别为192.168.190.11、192.168.190.12、192.168.190.13、192.168.190.14、192.168.190.15。 1.先把子网ip改为192.168.190.0
2.改主机pc1的IP地址为静态地址 [root@pc1 named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens33 UUID=a461b66a-ab58-405c-9feb-abb2e888f40d DEVICE=ens33 ONBOOT=yes PROXY_METHOD=none BROWSER_ONLY=no ZONE=public IPADDR=192.168.190.10 PREFIX=24 GATEWAY=192.168.190.2 DNS=192.168.190.10
3.编辑/etc/resolv.conf [root@pc1 named]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.190.10
4.重启网卡或重启系统 (1)重启网卡 [root@pc1 named]# ifdown ens33 成功断开设备 'ens33'。 [root@pc1 named]# ifup ens33 连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3) (2)重启系统 [root@pc1 named]# reboot
5.编辑配置文件/etc/named.conf root@www ~]# vim /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { 192.168.190.0/24; }; 保存退出(:wq)
6.编辑扩展配置文件/etc/named.rfc1912.zones (1)添加abc.com域的正向解析和方向解析 [root@www ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. //
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; };
zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; };
zone "abc.com" IN {//说明:正向解析域 type master; file "named.abc.com.zones"; allow-transfer { 192.168.190.11; }; allow-update { none; }; };
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };
zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };
zone "190.168.192.in-addr.arpa" IN {//说明:反向解析域 type master; file "named.190.168.192.zones"; allow-transfer { 192.168.190.11; }; allow-update { none; }; };
zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; //保存退出(:wq)
7.编辑区文件 (1)编辑正向解析区文件 [root@www named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves (2)更换所属组 [root@www named]# cp -p named.localhost named.abc.com.zonesll [root@www named]# chgrp named named.190.168.192.zones [root@www named]# vim /var/named/named.abc.com.zones $TTL 1D @ IN SOA @ root.pc1.abc.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS pc1.abc.com. pc1 IN A 192.168.190.10 pc2 IN A 192.168.190.11 pc3 IN A 192.168.190.12 pc4 IN A 192.168.190.13 pc5 IN A 192.168.190.14 pc6 IN A 192.168.190.15 (3)编辑反向解析区文件 [root@www named]# vim /var/named/named.190.168.192.zones $TTL 1D @ IN SOA @ root.pc1.abc.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS pc1.abc.com. 10 IN PTR pc1.abc.com. 11 IN PTR pc2.abc.com. 12 IN PTR pc3.abc.com. 13 IN PTR pc4.abc.com. 14 IN PTR pc5.abc.com. 15 IN PTR pc6.abc.com. 8.重启DNS服务 [root@www named]# systemctl restart named 9.修改主机名为pc1并查看是否修改成功 [root@pc1 named]# hostnamectl set-hostname pc1 [root@pc1 named]# hostname
10.编辑NetworkManager管理工具的配置文件,不让其分配DNS [root@pc1 named]# vim /etc/NetworkManager/NetworkManager.conf # Configuration file for NetworkManager. # # See "man 5 NetworkManager.conf" for details. # # The directories /usr/lib/NetworkManager/conf.d/ and /var/run/NetworkManager/conf.d/ # can contain additional configuration snippets installed by packages. These files are # read before NetworkManager.conf and have thus lowest priority. # The directory /etc/NetworkManager/conf.d/ can contain additional configuration # snippets. Those snippets are merged last and overwrite the settings from this main # file. # # The files within one conf.d/ directory are read in asciibetical order. # # If /etc/NetworkManager/conf.d/ contains a file with the same name as # /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored. # Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can # put an empty file to /etc with the same name. The same applies with respect # to the directory /var/run/NetworkManager/conf.d where files in /var/run shadow # /usr/lib and are themselves shadowed by files under /etc. # # If two files define the same key, the one that is read afterwards will overwrite # the previous one.
[main] #plugins=ifcfg-rh,ibft
dns=none [logging] # When debugging NetworkManager, enabling debug logging is of great help. # # Logfiles contain no passwords and little sensitive information. But please # check before posting the file online. You can also personally hand over the # logfile to a NM developer to treat it confidential. Meet us on #nm on freenode. # Please post full logfiles except minimal modifications of private data. # # You can also change the log-level at runtime via # $ nmcli general logging level TRACE domains ALL # However, usually it's cleaner to enable debug logging # in the configuration and restart NetworkManager so that # debug logging is enabled from the start. # # You will find the logfiles in syslog, for example via # $ journalctl -u NetworkManager # # Note that debug logging of NetworkManager can be quite verbose. Some messages # might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst # in man journald.conf). # #level=TRACE #domains=ALL
11.DNS测试 (1)命令测试 [root@pc1 named]# nslookup pc1.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc1.abc.com Address: 192.168.190.10
[root@pc1 named]# nslookup pc3.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc3.abc.com Address: 192.168.190.12
[root@pc1 named]# nslookup 192.168.190.13 Server: 192.168.190.10 Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com. 成功!!! 四.辅DNS的配置 在之前将计算机配置为的基础上,将IP地址为192.168.190.11的计算机pc2配置为辅助DNS服务器,并从IP地址为192.168.190.10的主DNS服务器pc1复制正向解析和反向解析的区文件named.abc.com.zones和named.190.168.192.zones。 1.安装DNS软件包bind [root@www ~]# yum install bind
2.编辑配置文件/etc/named.conf root@www ~]# vim /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { none; }; 保存退出(:wq)
3.编辑扩展配置文件/etc/named.rfc1912.zones (1)定义abc.com域的正向解析和方向解析 [root@www ~]# vim /etc/named.rfc1912.zones // named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. //
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; };
zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; };
zone "abc.com" IN { type slave; file "slaves/named.abc.com.zones"; masters { 192.168.190.10; }; };
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };
zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };
zone "190.168.192.in-addr.arpa" IN {//说明:反向解析域 type slave; file "slaves/named.190.168.192.zones"; masters { 192.168.190.10; }; };
zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; //保存退出(:wq)
4.在主DNS的区域配置文件中(/etc/named.rfc1912.zones)允许该从服务器的更新要求。 [root@www named]# vim /etc/named.rfc1912.zones
zone "abc.com" IN { type master; file "named.abc.com"; allow-update { 192.168.190.11; };//允许从服务器的更新要求 };
zone "192.168.192.in-addr.arpa" IN { type master; file "named.192.168.144.zones"; allow-update { 192.168.190.11; }; };
5.关闭防火墙和安全 主服务器和从服务器的都要关闭 [root@pc2 ~]# systemctl stop firewalld [root@pc2 ~]# setenforce 0
6.改主机pc2的IP地址为静态地址 [root@pc2 named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens33 UUID=a461b66a-ab58-405c-9feb-abb2e888f40d DEVICE=ens33 ONBOOT=yes PROXY_METHOD=none BROWSER_ONLY=no ZONE=public IPADDR=192.168.190.11 PREFIX=24 GATEWAY=192.168.190.2 DNS=192.168.190.11
7.编辑/etc/resolv.conf [root@pc2 ~]# vim /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.190.10
8.重启网卡或重启系统 (1)重启网卡 [root@pc2 named]# ifdown ens33 成功断开设备 'ens33'。 [root@pc2 named]# ifup ens33 连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
9.重启DNS服务 [root@pc2 ~]# systemctl restart named
10.查看/var/named/slaves/文件夹下是否传过来正向解析和反向解析的区文件 [root@pc2 ~]# ls /var/named/slaves/ named.190.168.192.zones named.abc.com.zones
11.DNS测试 [root@pc2 named]# nslookup pc1.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc1.abc.com Address: 192.168.190.10
[root@pc2 named]# nslookup pc3.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc3.abc.com Address: 192.168.190.12
[root@pc2 named]# nslookup 192.168.190.13 Server: 192.168.190.10 Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com. 成功!!! 五、缓存DNS配置 在之前将计算机配置为的基础上,将IP地址为192.168.190.12的计算机配置为缓存DNS服务器,将解析请求转发到主域名服务器192.168.190.10 1. 安装DNS软件包bind [root@www ~]# yum install bind
2. 编辑配置文件/etc/named.conf root@www ~]# vim /etc/named.conf options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; //全局转发 allow-query { any; }; forward first; //首先转发,转发器不响应,则递归查询。取值为only时只转发。 forwarders { 192.168.190.10; }; 保存退出(:wq)
3.编辑扩展配置文件/etc/named.rfc1912.zones [root@www ~]# vim /etc/named.rfc1912.zones 在最后加上: //转发指定域 zone "abc.com" IN { type forward;//转发 forward first; forwarders { 192.168.190.10; }; }; //保存退出(:wq)
4.改主机pc3的IP地址为静态地址(192.168.190.12) [root@pc1 named]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736 BOOTPROTO=static ……. IPADDR=192.168.190.12 PREFIX=24 GATEWAY=192.168.190.2 DNS=192.168.190.12
5.重启网卡或重启系统 [root@pc3 named]# ifdown ens33 成功断开设备 'ens33'。 [root@pc3 named]# ifup ens33 连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3) [root@pc3 named]#
6.重启DNS服务 [root@www named]# systemctl restart named
7.DNS测试 [root@pc1 named]# nslookup pc1.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc1.abc.com Address: 192.168.190.10
[root@pc1 named]# nslookup pc3.abc.com Server: 192.168.190.10 Address: 192.168.190.10#53
Name: pc3.abc.com Address: 192.168.190.12
[root@pc1 named]# nslookup 192.168.190.13 Server: 192.168.190.10 Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com. 成功!!!
|
CopyRight 2018-2019 实验室设备网 版权所有 |