首页 > 代码库 > DNS服务器搭建

DNS服务器搭建

DNS服务器配置

1.要求:

要保证即能够解析内网域名bigcloud.local的解析,又能解析互联网的域名。

DNS服务器:ZZSRV1.BIGCLOUD.LOCAL

辅助DNS服务器:ZZSRV2.BIGCLOUD.LOCAL

包含以下域的信息:

1bigcloud.local域的信息:

FQDN

IP地址

备注

zzsrv1.bigcloud.local

192.168.188.11

DNS服务器

zzsrv2.bigcloud.local

192.168.188.12

DNS服务器

ftp.bigcloud.local

192.168.188.11


mailsrv1.bigcloud.local

192.168.188.22


smtp.bigcloud.local

192.168.188.22


pop3.bigcloud.local

192.168.188.22


www.bigcloud.local

192.168.188.11


crm.bigcloud.local

192.168.188.11


smtppop3需要使用CNAME来进行解析。同时,需要实现反向地址解析。

2192.168.188.0/24192.168.189.0/24反向解析域

实现到202.102.224.68202.102.227.68DNS转发。

防止非授权用户的DNS记录的枚举(防止出现类似上海烟草公司的安全隐患)。仅允许管理员在192.168.188.10上进行操作。

2.实验步骤:

2.1 安装bind

# yum -y install bind

# rpm -qc bind

/etc/logrotate.d/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

/var/named/named.ca

/var/named/named.empty

/var/named/named.localhost

/var/named/named.loopback


2.2 配置bind

# cd /etc

# cp named.conf named.conf.origin(修改之前先备份)


修改配置文件

# vi /etc/named.conf

options {

//     listen-on port 53 { 127.0.0.1; };

//     listen-on-v6 port 53 { ::1; };

       listen-on port 53 { any; };

       directory       "/var/named";

       dump-file      "/var/named/data/cache_dump.db";

       statistics-file "/var/named/data/named_stats.txt";

       memstatistics-file "/var/named/data/named_mem_stats.txt";

//     allow-query     { localhost; };

       allow-query     { any; };

 

//     dnssec-enable yes;

       dnssec-enable no;

//     dnssec-validation yes;

       dnssec-validation no;

       dnssec-lookaside auto;

添加转发器和允许传送的地址

       forwarders { 202.102.224.68; 202.102.227.68; };

       allow-transfer { 192.168.188.11;192.168.188.12; 192.168.188.10; };

}

 

修改完后重启服务(可能会很慢)

# systemctl start named.service

 

查看状态,增加一个zone

# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 101

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

 

使用nslookup解析域名

# nslookup

-bash: nslookup: command not found

命令找不到,原因是没有安装bind-utils

 

# yum -y install bind-utils

 

# netstat -an |grep :53

tcp       0      0 192.168.188.11:53       0.0.0.0:*               LISTEN

tcp       0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

udp       0      0 192.168.188.11:53       0.0.0.0:*

udp       0      0 127.0.0.1:53            0.0.0.0:*

udp       0      0 0.0.0.0:5353            0.0.0.0:*

 

设置DNS为自动启动

# systemctl enable named.service

检查是否设置成功

# systemctl is-enabled named.service

enabled

 

2.3 DNS配置

2.3.1创建正向zone

# vi /etc/named.conf

在配置文件后面添加如下信息:

zone "bigcloud.local" IN {

       type master;

       file "bigcloud.local.zone";

};

 

# cd /var/named

 

使用空白模板创建新的zone

# cp named.empty  bigcloud.local.zone

# vi bigcloud.local.zone

$TTL 3H

@       IN SOA  @ rname.invalid. (

                                         0       ; serial

                                         1D      ; refresh

                                         1H      ; retry

                                         1W      ; expire

                                        3H )    ; minimum

        NS      zzsrv1.bigcloud.local.

zzsrv1  A        192.168.188.11

ftp     A        192.168.188.11

mailsrv1  A       192.168.188.22

smtp      CNAME    mailsrv1.bigcloud.local.

pop3      CNAME    mailsrv1.bigcloud.local.

www      A        192.168.188.11

crm      A        192.168.188.11

# ll

-rw-r----- 1 root  root  394 Aug 20 04:05 bigcloud.local.zone

更改配置文件的属主和属组

# chown   named:named  /var/named/bigcloud.local.zone

# ll

-rw-r----- 1 named named  394 Aug 20 04:05 bigcloud.local.zone

 

修改之后重启服务

# systemctl restart named

 

查看状态,又增加了一个zone

# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 102

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

 

验证正向解析:

 

# nslookup

> www.bigcloud.local.

Server:         192.168.188.11

Address:        192.168.188.11#53

 

Name:  www.bigcloud.local

Address: 192.168.188.11

> ftp.bigcloud.local.

Server:         192.168.188.11

Address:        192.168.188.11#53

 

Name:  ftp.bigcloud.local

Address: 192.168.188.11

2.3.2创建反向zone

 

# vi /etc/named.conf(在配置文件后添加如下信息)

 

zone "188.168.192.in-addr.arpa"IN {

       type master;

       file "192.168.188.zone";

};

zone "189.168.192.in-addr.arpa"IN {

       type master;

       file "192.168.189.zone";

};

 

# cp bigcloud.local.zone 192.168.188.zone

#cp bigcloud.local.zone 192.168.189.zone

# vi 192.168.188.zone

# vi 192.168.189.zone


$TTL 3H

@       IN SOA  @ rname.invalid. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

        NS      zzsrv1.bigcloud.local.

1       PTR     360.bigcloud.local.

2       PTR     guge.bigcloud.local.

3       PTR     baidu.bigcloud.local.

4      PTR     wanyi.bigcloud.local.

 

# ll

-rw-r----- 1 root  root  298 Aug 20 04:20 192.168.188.zone

-rw-r----- 1 root  root  394 Aug 20 04:20 192.168.189.zone

-rw-r----- 1 named named  394 Aug 20 04:05 bigcloud.local.zone

 

更改2个区域文件的属组和属主

# chown named:named  192.168.188.zone

# chown named:named 192.168.189.zone

 

# ll

-rw-r----- 1 named named  298 Aug 20 04:20192.168.188.zone

-rw-r----- 1 named named  303 Aug 20 04:21192.168.189.zone

重启服务

# systemctl restart named

 

查看区域状态,又增加了2zone

#rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 104

 

验证反向查找

# nslookup 192.168.188.1

Server:         192.168.188.11

Address:        192.168.188.11#53

 

1.188.168.192.in-addr.arpa      name = 360.bigcloud.local.

 

# nslookup 192.168.189.2

Server:         192.168.188.11

Address:        192.168.188.11#53

 

2.189.168.192.in-addr.arpa      name = guge2.bigcloud.local.

 

2.4辅助DNS配置

基础配置与主DNS一致。


2.4.1先在主DNS上修改配置文件

添加如下信息:

        NS     zzsrv2.bigcloud.local.

zzsrv1  A      192.168.188.11

zzsrv2  A      192.168.188.12

 

2.4.2 在辅助DNS上最后添加如下内容

 

zone "bigcloud.local" IN {

       type slave;

       file "bigcloud.local.zone";

       masters {192.168.188.11;};

};

zone "188.168.192.in-addr.arpa"IN {

        type slave;

        file "192.168.188.zone";

        masters { 192.168.188.11; };

};

zone "189.168.192.in-addr.arpa"IN {

        type slave;

        file "192.168.189.zone";

        masters { 192.168.188.11; };

};

2.4.3修改目录权限,允许named组有写权限

# ll -d /var/named

drwxr-x--- 5 root named 120 Aug 20 06:05/var/named

# chmod g+w /var/named

# ll -d /var/named

drwxrwx--- 5 root named 120 Aug 20 06:05/var/named

 

# systemctl stop firewalld

 

# rndc reload

server reload successful

查看区域状态:增加了一个zone

# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 102

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

 

# cd /var/named

在该目录下自动生成了3个区域文件

# ll

-rw-r--r-- 1 named named  489 Aug 20 17:34 192.168.188.zone

-rw-r--r-- 1 named named  493 Aug 20 17:34 192.168.189.zone

-rw-r--r-- 1 named named  622 Aug 20 17:33 bigcloud.local.zone

drwxrwx--- 2 named named   22 Aug 20 06:07 data

drwxrwx--- 2 named named   58 Aug 20 17:06 dynamic

-rw-r----- 1 root  named 2076 Jan 28  2013 named.ca

2.4.4 验证辅助DNS正向解析

> www.bigcloud.local

Server:         192.168.188.11

Address:        192.168.188.11#53

 

Name:  www.bigcloud.local

Address: 192.168.188.11

 

2.4.5 验证辅助DNS反向解析

# nslookup 192.168.188.1

Server:         192.168.188.11

Address:        192.168.188.11#53

 

1.188.168.192.in-addr.arpa      name = 360.bigcloud.local.

 

排错:

1. 转发器一直无法使用,结果是ifcfg-文件中网关GATEWAY写错了

2. 挂载光驱时报错 # mount/dev/cdrom /mnt/cdrom

mount: no medium found on /dev/sr0

原因是光盘没开启

3.  yum无法使用,需要修改yum配置文件

# cd /etc/yum.repos.d/

# vi CentOS-Base.repo

[base]

name=CentOS-$releasever - Base

baseurl=file:///mnt/cdrom/

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

4. 文件传递过来了,但是辅助DNS不能解析:

# vi /etc/resolv.conf

nameserver  =192.168.188.11

是因为在该文件中多写了一个=号。