虚拟机怎么架设dns服务器,虚拟机centos7 DNS服务器搭建
服务器端:
前期工作:
切换到NAT模式
(1)关闭防火墙以及SeLinux.
防火墙相关设置:
systemctl stop firewalld //临时关闭防火墙
systemctl disable firewalld //禁止开机启动防火墙
selinux相关设置:
SeLinux配置文件,/etc/selinux/config
设置 SELINUX=disabled
(2)安装相应的软件包
yum -y install bind
yum -y install bind-utils //bind-utils提供DNS查询工具,如dig、host、nslookup
安装完后,检测有没有安装
[root@localhost ~]# rpm -qa | grep bind
rpcbind-0.2.0-42.el7.x86_64
bind-libs-9.9.4-61.el7.x86_64
bind-libs-lite-9.9.4-61.el7.x86_64
bind-license-9.9.4-61.el7.noarch
bind-9.9.4-61.el7.x86_64
bind-utils-9.9.4-61.el7.x86_64
切换到OnlyHost模式
(3)修改配置文件
配置文件路径: /etc/named.conf
示例配置文件:
See /usr/share/doc/bind*/sample/ for example named configuration files.
拷贝示例配置文件到tmp文件夹下
cp /usr/share/doc/bind-9.9.4/sample/etc/named.conf /tmp
(4)重启服务
systemctl restart named
systemctl enable named //开机启动DNS服务
客户端:
切换到NAT模式下:
yum -y install bind-utils
切换到OnlyHost模式下:
配置文件 :/etc/resolv.conf
添加如下:
nameserver 192.168.59.128(DNS IP地址)
注意问题:
(1)格式问题 (紧靠左边,'.')
(2)权限问题(copy named.empty(默认权限640) 来编写正反向解析文件,记得chmod 644正向解析文件,chmod 644反向解析文件,如果自己新建正反向解析文件,那么不存在解析问题)
出错处理:
1.服务启动后报错信息
2.如果服务没有报错信息,但是没有出现指定效果,tail -30 /var/log/messages
3.google/baidu 相关错误信息
课堂案例项目:
搭建fqnu.org网站域名系统
域名
IP地址
dns.fqnu.org
192.168.59.128
dxxy.fqnu.org
192.168.59.120
jgxy.fqnu.org
192.168.59.121
wfxy.fqnu.org
192.168.59.123
运行效果图:
客户端运行效果:
[root@localhost ~]# host wfxy.fqnu.org
wfxy.fqnu.org has address 192.168.59.123
[root@localhost ~]# host 192.168.59.123
123.59.168.192.in-addr.arpa domain name pointer wfxy.fqnu.org.
[root@localhost ~]# host 192.168.59.120
120.59.168.192.in-addr.arpa domain name pointer dxxy.fqnu.org.
[root@localhost ~]# host 192.168.59.121
121.59.168.192.in-addr.arpa domain name pointer jgxy.fqnu.org.
[root@localhost ~]# host jgxy.fqnu.org
jgxy.fqnu.org has address 192.168.59.121
[root@localhost ~]# host 192.168.59.128
128.59.168.192.in-addr.arpa domain name pointer dns.fqnu.org.
[root@localhost ~]# host 192.168.59.129
Host 129.59.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
[root@localhost ~]# host tyxy.fqnu.org
Host tyxy.fqnu.org.localdomain not found: 2(SERVFAIL)
[root@localhost ~]#
课堂案例项目 DNS配置文件如下:
路径: /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
zone "fqnu.org" {
type master;
file "fqnu.org";
};
zone "59.168.192.in-addr.arpa" {
type master;
file "59.168.192";
};
正向解析文件如下:
/var/named/fqnu.org
$TTL 86400
fqnu.org. IN SOA dns.fqnu.org. root.fqnu.org (
20180511 ; serial
1H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
fqnu.org. IN NS dns.fqnu.org.
dns IN A 192.168.59.128
dxxy IN A 192.168.59.120
jgxy IN A 192.168.59.121
wfxy IN A 192.168.59.123
反向解析文件:
$TTL 86400
@ IN SOA 59.168.192.in-addr.arpa. root.fqnu.org (
20180511 ; serial
1H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
@ IN NS dns.fqnu.org.
128 IN PTR dns.fqnu.org.
120 IN PTR dxxy.fqnu.org.
121 IN PTR jgxy.fqnu.org.
123 IN PTR wfxy.fqnu.org.
DNS示例配置文件如下:
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.
See the BIND Administrator's Reference Manual (ARM) for details about the
configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
*/
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { any; };
listen-on-v6 port 53 { ::1; };
/*
Access restrictions
There are two important options:
allow-query { argument; };
- allow queries for authoritative data
allow-query-cache { argument; };
- allow queries for non-authoritative data (mostly cached data)
You can use address, network address or keywords "any"/"localhost"/"none" as argument
Examples:
allow-query { localhost; 10.0.0.1; 192.168.1.0/8; };
allow-query-cache { ::1; fe80::5c63:a8ff:fe2f:4526; 10.0.0.1; };
*/
allow-query { localhost; };
allow-query-cache { localhost; };
/* Enable/disable recursion - recursion yes/no;
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
/* Enable serving of DNSSEC related data - enable on both authoritative
and recursive servers DNSSEC aware servers */
dnssec-enable yes;
/* Enable DNSSEC validation on recursive servers */
dnssec-validation yes;
/* In RHEL-7 we use /run/named instead of default /var/run/named
so we have to configure paths properly. */
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
managed-keys-directory "/var/named/dynamic";
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
/*
Views let a name server answer a DNS query differently depending on who is asking.
By default, if named.conf contains no "view" clauses, all zones are in the
"default" view, which matches all clients.
Views are processed sequentially. The first match is used so the last view should
match "any" - it's fallback and the most restricted view.
If named.conf contains any "view" clause, then all zones MUST be in a view.
*/
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
recursion yes;
# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* not leak to the other nameservers:
*/
include "/etc/named.rfc1912.zones";
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
/*
NOTE for dynamic DNS zones and secondary zones:
DO NOT USE SAME FILES IN MULTIPLE VIEWS!
If you are using views and DDNS/secondary zones it is strongly
recommended to read FAQ on ISC site (www.isc.org), section
"Configuration and Setup Questions", questions
"How do I share a dynamic zone between multiple views?" and
"How can I make a server a slave for both an internal and an external
view at the same time?"
*/
zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
allow-update { key ddns_key; };
file "dynamic/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
};
key ddns_key
{
algorithm hmac-md5;
secret "use /usr/sbin/dnssec-keygen to generate TSIG keys";
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not match any above view:
*/
match-clients { any; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};
虚拟机怎么架设dns服务器,虚拟机centos7 DNS服务器搭建相关推荐
- 【Linux】Linux服务器(centos7)环境搭建java/python3/nginx
1. 用的服务器是阿里云服务器,系统是CentOS7,远程连接工具是 Xshell 和 Xftp 2. 搭建java环境,我用的是jdk1.8 需要 jdk-8u181-linux-x64.tar.g ...
- 使用squid在阿里云服务器(centos7)上搭建自己的代理服务器
我记录的是用squid来完成的代理服务器. 安装 检测是否安装: # which squid /usr/bin/which: no squid in (/usr/local/sbin:/usr/loc ...
- CentOS7.3服务器内网离线部署docker和容器
目录 CentOS7.3服务器内网离线部署docker和容器 一.离线安装docker 1.获取yum仓库中的docker及其依赖包 2.安装docker 3.安装docker-compose 4.启 ...
- Linux centos7 DNS服务器基于bind正反解析服务的搭建
Linux centos7 DNS服务器基于bind正反解析服务的搭建 DNS的相关基础知识: 一.DNS-- ...
- 虚拟机xp架设服务器,xp虚拟机搭建ftp服务器搭建
xp虚拟机搭建ftp服务器搭建 内容精选 换一换 在运行的Sharepoint产品配置向导中,单击"Next".Sharepoint产品配置向导单击"Yes", ...
- linux dns chroot,系统运维|在 CentOS7.0 上搭建 Chroot 的 Bind DNS 服务器
BIND(Berkeley internet Name Daemon)也叫做NAMED,是现今互联网上使用最为广泛的DNS 服务器程序.这篇文章将要讲述如何在 chroot 监牢中运行 BIND,这样 ...
- 虚拟机架云服务器,云服务器 虚拟机架设
云服务器 虚拟机架设 内容精选 换一换 通过云服务器或者外部镜像文件创建私有镜像时,如果云服务器或镜像文件所在虚拟机的网络配置是静态IP地址时,您需要修改网卡属性为DHCP,以使私有镜像发放的新云服务 ...
- Linux服务器的架设 (DHCP,NIS,SAMBA,FTP,DNS)
Linux服务器的架设 (DHCP,NIS,SAMBA,FTP,DNS) 标签:服务器 Windows 客户端 企业版 红帽子 DHCP服务器的架设 一.准备阶段: 以Linux企业版4为服务器,以红 ...
- centos7 DNS服务器搭建
DNS,全称Domain Name System,即域名解析系统. DNS帮助用户在互联网上寻找路径.在互联网上的每一个计算机都拥有一个唯一的地址,称作"IP地址"(即互联网协议地 ...
- linux 虚拟机设置好固定ip 修改了 dns 网络需要设置成桥接模式
linux 虚拟机设置好固定ip 修改了 dns 网络需要设置成桥接模式 可以修复网络连接(浏览器返回 server not found) 转载于:https://www.cnblogs.co ...
最新文章
- 大数据分布式集群搭建(6)
- ListView使用技巧
- 本地运行hadoop-Failed to locate the winutils binary in the hadoop binary path
- WinDbg配置与下载 (转载)
- 什么是程序员的优良品质
- 关于mount nfs时-o nolock的问题
- EF CodeFirst类生成器
- 21 PagerTabStrip-PagerTitleStrip-viewPager
- 《行为科学统计7e(Statistics for the Behavioral Sciences 10e)》 Introduction to Statistics
- atitit.js 与c# java交互html5化的原理与总结.doc
- gpt2 代码自动补全_如果您认为GPT-3使编码器过时,则您可能不编写代码
- URDGN:Ultra-resolve Face Images by Discriminative Generative Networks
- java 获取上周开始时间和结束时间,上上周开始和上上周结束时间
- 硬件加速原理分析探索
- Silvaco TCAD LTPS双栅器件仿真收敛不了,有没有好的解决办法
- 京东双11准点秒杀脚本
- 星光不负赶路人|2022年终总结
- 使用superset完成mysql数据库或者hive数据库的数据可视化
- Mybatis(1)——Mybatis Generator自动生成代码
- php断言什么意思,一起学习PHP中断言函数的使用