学习安装与配置DNS服务

安装与配置DNS服务

首先，基础环境

1、改主机名

我的主服务器是192.168.200.80
从服务器是 192.168.200.70
main节点

[root@localhost ~]# hostnamectl set-hostname mail
[root@localhost ~]# bash
[root@mail ~]#

dns节点

[root@localhost ~]# hostnamectl set-hostname dns
[root@localhost ~]# bash
[root@dns ~]#

2、关闭防火墙
main节点

[root@mail ~]# systemctl stop firewalld
[root@mail ~]# systemctl disable  firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@mail ~]# setenforce 0

dns节点

[root@dns ~]# systemctl stop firewalld
[root@dns ~]# systemctl disable  firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@dns ~]# setenforce 0

3、测试yum源（网络）
main节点

[root@mail ~]# yum list

dns节点

[root@dns ~]# yum list

安装DNS

1、安装dns服务器
main节点

[root@mail ~]# yum install bind-chroot bind-utils -y

dns节点

[root@dns ~]#  yum install bind-chroot bind-utils -y

2、启动服务
main和dns节点都要安装

[root@mail ~]# systemctl restart named

然后检查两节点是否启动成功
例如在main节点
（1）查看状态

[root@mail ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since Fri 2020-11-06 18:08:16 CST; 8min agoProcess: 29467 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 29463 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 29469 (named)CGroup: /system.slice/named.service└─29469 /usr/sbin/named -u named -c /etc/named.confNov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:16 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]: network unreachable resolvi...3
Nov 06 18:08:18 mail named[29469]:   validating ./DNSKEY: veri...n
Nov 06 18:08:18 mail named[29469]:   validating ./DNSKEY: unab...'
Nov 06 18:08:18 mail named[29469]: broken trust chain resolvin...3
Nov 06 18:08:18 mail named[29469]: resolver priming query complete
Nov 06 18:08:53 mail named[29469]: managed-keys-zone: Unable t...t
Hint: Some lines were ellipsized, use -l to show in full.

（2）查看端口
我还没安装工具

[root@mail ~]# yum install net-tools -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile* base: mirrors.ustc.edu.cn* extras: mirrors.ustc.edu.cn* updates: mirrors.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved==================================================================Package      Arch      Version                     RepositorySize
==================================================================
Installing:net-tools    x86_64    2.0-0.25.20131004git.el7    base    306 kTransaction Summary
==================================================================
Install  1 PackageTotal download size: 306 k
Installed size: 917 k
Downloading packages:
net-tools-2.0-0.25.20131004git.el7.x86_64.rp | 306 kB   00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionInstalling : net-tools-2.0-0.25.20131004git.el7.x86_64      1/1 Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64      1/1 Installed:net-tools.x86_64 0:2.0-0.25.20131004git.el7                     Complete!

查看端口都已启动

[root@mail ~]# netstat -lnpt | grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      29469/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      29469/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      29469/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      29469/named

3、配置文件

在两节点都修改，把文件里
listen-on port 53 { 127.0.0.1; };
allow-query { localhost; };
改成
listen-on port 53 { any; };
allow-query { any; };

[root@mail ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { any; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置DNS

修改完配置文件，不要先重启，配置正向解析与反向解析
正向解析：根据主机名（域名）查找对应的ip地址。
反向解析：根据IP地址查找对应的主机名（域名）。反向解析的作用是将用户提交的IP地址解析为对应的域名信息，它一般用于对某个IP地址上绑定的所有域名进行整体屏蔽，屏蔽由某些域名发送的垃圾邮件。也可以判断某虚拟主机上运行了多少个网站。
1、正向区域
在主dns节点配置
（1）创建转发域
进入/var/named/下，拷贝模板named.localhost文件为testmain.com.zone

 [root@dns ~]# cd /var/named/
[root@dns named]# ll
total 16
drwxr-x---. 7 root  named   56 Nov 26 05:56 chroot
drwxrwx---. 2 named named   22 Nov 26 05:57 data
drwxrwx---. 2 named named   58 Nov 26 06:59 dynamic
-rw-r-----. 1 root  named 2253 Apr  5  2018 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Dec 16  2020 slaves
[root@dns named]# cp -rf named.localhost testmail.com.zone

（2）编辑testmail.com.zone文件

[root@dns named]# vi testmail.com.zone
$TTL 1D
@       IN SOA  testmain.com. dns.testmain.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumIN NS dns.testmail.com.IN MX 10 maildns IN A 192.168.200.70       ### 差点忘了改成自己的从服务器地址mail IN A 192.168.200.70www IN A 192.168.200.70smtp IN A 192.168.200.70
~
~
~
~
~
~
~
"testmail.com.zone" 13L, 294C written

（3）赋予testmail.com.zone 文件所有权限

[root@dns named]# chmod 777 testmail.com.zone

（4）修改区域配置文件 /etc/named.rfc1912.zones

添加 zone “testmail.com” IN {
type master;
file “testmail.com.zone”;
};

[root@dns named]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};zone "testmail.com" IN {type master;file "testmail.com.zone";
};
~
"/etc/named.rfc1912.zones" 46L, 1014C written

（5）检查配置

[root@dns named]# named-checkzone testmail.com testmail.com.zone
testmail.com.zone:10: unknown RR type 'dns'
testmail.com.zone:11: unknown RR type 'mail'
testmail.com.zone:12: unknown RR type 'www'
testmail.com.zone:13: unknown RR type 'smtp'
zone testmail.com/IN: loading from master file testmail.com.zone failed: unknown class/type
zone testmail.com/IN: not loaded due to errors.
[root@dns named]# named-checkzone /etc/named.conf
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename

突然出现的错误把我搞蒙了！认真看了看，尝试改正
a、testmail.com.zone 文件我把 10，11，12，13行前面的空格都删掉了
b、命令写错了
然后就好了

[root@dns named]# named-checkzone testmail.com testmail.com.zone
zone testmail.com/IN: loaded serial 0
OK
[root@dns named]# named-checkconf /etc/named.conf

这时候可以重启了，重启后配置/etc/resolv.conf 文件，把你需要解析的虚拟机IP写在前面

[root@mail slaves]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.200.70
nameserver 192.168.200.80
nameserver 114.114.114.114

然后试一试是否能ping通
能ping通说明正向解析配置成功

[root@dns named]# ping dns.testmail.com
PING dns.testmail.com (192.168.200.70) 56(84) bytes of data.
64 bytes from 192.168.200.70: icmp_seq=1 ttl=64 time=0.672 ms
64 bytes from 192.168.200.70: icmp_seq=2 ttl=64 time=1.11 ms
64 bytes from 192.168.200.70: icmp_seq=3 ttl=64 time=3.74 ms
64 bytes from 192.168.200.70: icmp_seq=4 ttl=64 time=3.00 ms
64 bytes from 192.168.200.70: icmp_seq=5 ttl=64 time=2.18 ms
64 bytes from 192.168.200.70: icmp_seq=6 ttl=64 time=0.506 ms
^C
--- dns.testmail.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5012ms
rtt min/avg/max/mdev = 0.506/1.871/3.744/1.209 ms

2、反向区域
(1)修改区域配置文件
添加
zone “200.168.192.in-addr.arpa” IN {
type master;
file “70.200.168.192.in-addr.arpa.local”;

[root@dns named]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};zone "testmail.com" IN {type master;file "testmail.com.zone";
};zone "200.168.192.in-addr.arpa" IN {type master;file "70.200.168.192.in-addr.arpa.local";
};
"/etc/named.rfc1912.zones" 51L, 1126C written

（2）配置70.200.168.192.in-addr.arpa.local 文件（该文件必须于区域配置文件里写的文件名一样）

[root@dns named]# cp -p testmain.com.zone 70.200.168.192.in-addr.arpa.local
[root@dns named]# vi 70.200.168.192.in-addr.arpa.local
$TTL 1D
@       IN SOA  testmail.com. admin.testmail.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumIN NS dns.testmail.com.
70 IN PTR mail.testmail.com.
70 IN PTR www.testmail.com.
~
~
~
~
~
~
~
~
"70.200.168.192.in-addr.arpa.local" 10L, 222C written

（3）测试

[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkzone mail.testmail.com 70.200.168.192.in-addr.arpa.local
zone mail.testmail.com/IN: loaded serial 0
OK
[root@dns named]# systemctl restart named
[root@dns named]# ping www.testmail.com     ## 可以ping通反向解析没有问题
PING www.testmail.com (192.168.200.70) 56(84) bytes of data.
64 bytes from 192.168.200.70: icmp_seq=1 ttl=64 time=0.354 ms
64 bytes from 192.168.200.70: icmp_seq=2 ttl=64 time=0.605 ms
64 bytes from 192.168.200.70: icmp_seq=3 ttl=64 time=0.596 ms
^C
--- www.testmail.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.354/0.518/0.605/0.117 ms

学习安装与配置DNS服务相关推荐

linux安装DNS服务命令,Linux下的安装和配置DNS服务器
Linux下的安装和配置DNS服务器发布时间:2008-09-08 17:03:00 作者:佚名我要评论在Linux操作系统中使用BIND (Berkeley Internet Name ...
Kali Linux常用服务配置教程安装及配置DHCP服务
Kali Linux常用服务配置教程安装及配置DHCP服务在Kali Linux中,默认没有安装DHCP服务.下面将介绍安装并配置DHCP服务的方法. 1.安装DHCP服务在Kali Linux中 ...
VMware windows server 2008配置dns服务
Windows Server 2008配置 DNS服务 1,打开服务管理器,安装dns服务 2,配置dns服务进入到刚刚的区域里面建主机注意这样实际去解析的域名是www.test.com.main ...
安装与配置 DNS 服务器
基础配置 1.修改 mail 从节点与 dns 主节点主机名 2.为了方便测试关闭防火墙与安全策略 3.测试本地 yum 源安装与配置 DNS 服务器 1.安装 DNS 服务器(两个节点操作一样) ...
linux dhcp 服务失败,Centos7安装及配置DHCP服务，安装程序配置服务失败
Centos7安装及配置DHCP服务,安装程序配置服务失败 DHCP服务概述: 名称:DHCP - Dynamic Host Configuration Protocol 动态主机配置协议. 功能 ...
Ubunt安装和配置tomcat8服务
CSDN GitHub Ubunt安装和配置tomcat8服务 AderXCoding/system/tools/tomcat 本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 ...
kubernetes集群配置dns服务
本文将在前文的基础上介绍在kubernetes集群环境中配置dns服务,在k8s集群中,pod的生命周期是短暂的,pod重启后ip地址会产生变化,对于应用程序来说这是不可接受的,为解决这个问题,K8S ...
在RedHat Linux系统中安装和配置snmp服务
在RedHat Linux系统中安装和配置snmp服务检查系统是否安装snmp服务 # rpm -qa|grep snmp net-snmp-5.3.2.2-17.el5 net-snmp-perl ...
[Linux]在Linux上部署Java开发环境笔记（一）-- 补充：Linux下如何手动设置IP及配置DNS服务
在Linux上部署Java开发环境笔记(一) -- 补充:Linux下如何手动设置IP及配置DNS服务 2010/06/17 有的Linux系统会有网络设置的图形操作界面,比如"红旗Linu ...

学习安装与配置DNS服务

安装与配置DNS服务

学习安装与配置DNS服务相关推荐

最新文章

热门文章