ITB运维部落—http://www.itbcn.cn—ITB运维技术交流之家平台一、DNS服务器的安装与测试
1.查看是否安装DNS软件包
[[email protected] ~]# rpm -qa|grep bind
未安装:bind-9.9.4-61.el7_5.1.x86_64
2.安装DNS服务器软件包bind
[[email protected] ~]# yum install bind
3.再次查看bind包是否安装
[[email protected] ~]# rpm -qa|grep bind
已安装。
4.启动DNS服务(说明:DNS服务的守护进程为named)
[[email protected] ~]# systemctl start named.service
5.将DNS设为开机自启动
[[email protected] ~]# systemctl enable named.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
6.查看DNS服务的状态
[[email protected] ~]# systemctl status named.service
7.测试域名解析(能够正确解析外网和本机)
[[email protected] ~]# nslookup www.baidu.com
[[email protected] ~]# nslookup www.sohu.com
[[email protected] ~]# nslookup localhost
[[email protected] ~]# nslookup 127.0.0.1
二、配置文件详解
1.配置文件/etc/named.conf详解
[[email protected] ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options { #选项
listen-on port 53 { 127.0.0.1; }; #服务监听端口为53
listen-on-v6 port 53 { ::1; }; #服务监听端口为53(ipv6)
directory “/var/named”; #配置文件存放的目录
dump-file “/var/named/data/cache_dump.db”; #解析过的内容的缓存
statistics-file “/var/named/data/named_stats.txt”; #静态缓存(一般不用)
memstatistics-file “/var/named/data/named_mem_stats.txt”; #静态缓存(放内存里的,一般不用)
allow-query { localhost; }; #允许连接的客户机
recursion yes; #递归查找
dnssec-enable yes; #DNS加密
dnssec-validation yes; #DNS加密高级算法
dnssec-lookaside auto; #DNS加密的相关东西
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”; #加密用的key(私钥公钥的加密,很强)
};
logging { #日志
channel default_debug {
file “data/named.run”; #运行状态文件
severity dynamic; #静态服务器地址(根域)
};
};
zone “.” IN { #根域解析
type hint;
file “named.ca”; #根域配置文件
};
include “/etc/named.rfc1912.zones”; #扩展配置文件(新开域名)
include “/etc/named.root.key”;
2.扩展配置文件/etc/named.rfc1912.zones详解
zone “localhost.localdomain” IN { #本地主机全名解析
type master; #类型为主域
file “named.localhost”; #域配置文件(文件存放在/var/named目录中)
allow-update { none; }; #不允许客户端更新
};
zone “localhost” IN { #本地主机名解析
type master;
file “named.localhost”;
allow-update { none; };
};
zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
#ipv6本地地址反向解析
type master;
file “named.loopback”;
allow-update { none; }; zone “1.0.0.127.in-addr.arpa” IN { #本地地址反向解析
type master;
file “named.loopback”;
allow-update { none; };
};
zone “0.in-addr.arpa” IN { #本地全网地址反向解析(和/域更新用的)
type master;
file “named.empty”;
allow-update { none; };
};
三、配置内网(局域网)DNS
本局域网有6台机器,定义:域名为abc.com,主机名分别为:pc1、pc2、pc3、pc4、pc5、pc6,其中pc1为域名服务器,负责对局域网中的6台机器进行域名解析,其IP地址为:192.168.190.10,pc2~pc6主机的IP地址分别为192.168.190.11、192.168.190.12、192.168.190.13、192.168.190.14、192.168.190.15。
1.先把子网ip改为192.168.190.0
2.改主机pc1的IP地址为静态地址
[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=a461b66a-ab58-405c-9feb-abb2e888f40d
DEVICE=ens33
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
ZONE=public
IPADDR=192.168.190.10
PREFIX=24
GATEWAY=192.168.190.2
DNS=192.168.190.10
3.编辑/etc/resolv.conf
[[email protected] named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.190.10
4.重启网卡或重启系统
(1)重启网卡
[[email protected] named]# ifdown ens33
成功断开设备 ‘ens33’。
[[email protected] named]# ifup ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
(2)重启系统
[[email protected] named]# reboot
5.编辑配置文件/etc/named.conf
[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
allow-transfer { 192.168.190.0/24; };
保存退出(:wq)
6.编辑扩展配置文件/etc/named.rfc1912.zones
(1)添加abc.com域的正向解析和方向解析
[[email protected] ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone “localhost.localdomain” IN {
type master;
file “named.localhost”;
allow-update { none; };
};
zone “localhost” IN {
type master;
file “named.localhost”;
allow-update { none; };
};
zone “abc.com” IN {//说明:正向解析域
type master;
file “named.abc.com.zones”;
allow-transfer { 192.168.190.11; };
allow-update { none; };
};
zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.loopback”;
allow-update { none; };
};
zone “1.0.0.127.in-addr.arpa” IN {
type master;
file “named.loopback”;
allow-update { none; };
};
zone “190.168.192.in-addr.arpa” IN {//说明:反向解析域
type master;
file “named.190.168.192.zones”;
allow-transfer { 192.168.190.11; };
allow-update { none; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.empty”;
allow-update { none; };
};
//保存退出(:wq)
7.编辑区文件
(1)编辑正向解析区文件
[[email protected] named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
(2)更换所属组
[[email protected] named]# cp -p named.localhost named.abc.com.zonesll
[[email protected] named]# chgrp named named.190.168.192.zones
[[email protected] named]# vim /var/named/named.abc.com.zones
$TTL 1D
@ IN SOA @ root.pc1.abc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS pc1.abc.com.
pc1 IN A 192.168.190.10
pc2 IN A 192.168.190.11
pc3 IN A 192.168.190.12
pc4 IN A 192.168.190.13
pc5 IN A 192.168.190.14
pc6 IN A 192.168.190.15
(3)编辑反向解析区文件
[[email protected] named]# vim /var/named/named.190.168.192.zones
$TTL 1D
@ IN SOA @ root.pc1.abc.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS pc1.abc.com.
10 IN PTR pc1.abc.com.
11 IN PTR pc2.abc.com.
12 IN PTR pc3.abc.com.
13 IN PTR pc4.abc.com.
14 IN PTR pc5.abc.com.
15 IN PTR pc6.abc.com.
8.重启DNS服务
[[email protected] named]# systemctl restart named
9.修改主机名为pc1并查看是否修改成功
[[email protected] named]# hostnamectl set-hostname pc1
[[email protected] named]# hostname
10.编辑NetworkManager管理工具的配置文件,不让其分配DNS
[[email protected] named]# vim /etc/NetworkManager/NetworkManager.conf
# Configuration file for NetworkManager.
#
# See “man 5 NetworkManager.conf” for details.
#
# The directories /usr/lib/NetworkManager/conf.d/ and /var/run/NetworkManager/conf.d/
# can contain additional configuration snippets installed by packages. These files are
# read before NetworkManager.conf and have thus lowest priority.
# The directory /etc/NetworkManager/conf.d/ can contain additional configuration
# snippets. Those snippets are merged last and overwrite the settings from this main
# file.
#
# The files within one conf.d/ directory are read in asciibetical order.
#
# If /etc/NetworkManager/conf.d/ contains a file with the same name as
# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.
# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can
# put an empty file to /etc with the same name. The same applies with respect
# to the directory /var/run/NetworkManager/conf.d where files in /var/run shadow
# /usr/lib and are themselves shadowed by files under /etc.
#
# If two files define the same key, the one that is read afterwards will overwrite
# the previous one.
[main]
#plugins=ifcfg-rh,ibft
dns=none
[logging]
# When debugging NetworkManager, enabling debug logging is of great help.
#
# Logfiles contain no passwords and little sensitive information. But please
# check before posting the file online. You can also personally hand over the
# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.
# Please post full logfiles except minimal modifications of private data.
#
# You can also change the log-level at runtime via
# $ nmcli general logging level TRACE domains ALL
# However, usually it’s cleaner to enable debug logging
# in the configuration and restart NetworkManager so that
# debug logging is enabled from the start.
#
# You will find the logfiles in syslog, for example via
# $ journalctl -u NetworkManager
#
# Note that debug logging of NetworkManager can be quite verbose. Some messages
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
# in man journald.conf).
#
#level=TRACE
#domains=ALL
11.DNS测试
(1)命令测试
[[email protected] named]# nslookup pc1.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc1.abc.com
Address: 192.168.190.10
[[email protected] named]# nslookup pc3.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc3.abc.com
Address: 192.168.190.12
[[email protected] named]# nslookup 192.168.190.13
Server: 192.168.190.10
Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com.
成功!!!
四.辅DNS的配置
在之前将计算机配置为的基础上,将IP地址为192.168.190.11的计算机pc2配置为辅助DNS服务器,并从IP地址为192.168.190.10的主DNS服务器pc1复制正向解析和反向解析的区文件named.abc.com.zones和named.190.168.192.zones。
1.安装DNS软件包bind
[[email protected] ~]# yum install bind
2.编辑配置文件/etc/named.conf
[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
allow-transfer { none; };
保存退出(:wq)
3.编辑扩展配置文件/etc/named.rfc1912.zones
(1)定义abc.com域的正向解析和方向解析
[[email protected] ~]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone “localhost.localdomain” IN {
type master;
file “named.localhost”;
allow-update { none; };
};
zone “localhost” IN {
type master;
file “named.localhost”;
allow-update { none; };
};
zone “abc.com” IN {
type slave;
file “slaves/named.abc.com.zones”;
masters { 192.168.190.10; };
};
zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.loopback”;
allow-update { none; };
};
zone “1.0.0.127.in-addr.arpa” IN {
type master;
file “named.loopback”;
allow-update { none; };
};
zone “190.168.192.in-addr.arpa” IN {//说明:反向解析域
type slave;
file “slaves/named.190.168.192.zones”;
masters { 192.168.190.10; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.empty”;
allow-update { none; };
};
//保存退出(:wq)
4.在主DNS的区域配置文件中(/etc/named.rfc1912.zones)允许该从服务器的更新要求。
[[email protected] named]# vim /etc/named.rfc1912.zones
zone “abc.com” IN {
type master;
file “named.abc.com”;
allow-update { 192.168.190.11; };//允许从服务器的更新要求
};
zone “192.168.192.in-addr.arpa” IN {
type master;
file “named.192.168.144.zones”;
allow-update { 192.168.190.11; };
};
5.关闭防火墙和安全
主服务器和从服务器的都要关闭
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# setenforce 0
6.改主机pc2的IP地址为静态地址
[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=a461b66a-ab58-405c-9feb-abb2e888f40d
DEVICE=ens33
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
ZONE=public
IPADDR=192.168.190.11
PREFIX=24
GATEWAY=192.168.190.2
DNS=192.168.190.11
7.编辑/etc/resolv.conf
[[email protected] ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.190.10
8.重启网卡或重启系统
(1)重启网卡
[[email protected] named]# ifdown ens33
成功断开设备 ‘ens33’。
[[email protected] named]# ifup ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
9.重启DNS服务
[[email protected] ~]# systemctl restart named
10.查看/var/named/slaves/文件夹下是否传过来正向解析和反向解析的区文件
[[email protected] ~]# ls /var/named/slaves/
named.190.168.192.zones named.abc.com.zones
11.DNS测试
[[email protected] named]# nslookup pc1.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc1.abc.com
Address: 192.168.190.10
[[email protected] named]# nslookup pc3.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc3.abc.com
Address: 192.168.190.12
[[email protected] named]# nslookup 192.168.190.13
Server: 192.168.190.10
Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com.
成功!!!
五、缓存DNS配置
在之前将计算机配置为的基础上,将IP地址为192.168.190.12的计算机配置为缓存DNS服务器,将解析请求转发到主域名服务器192.168.190.10
1. 安装DNS软件包bind
[[email protected] ~]# yum install bind
2. 编辑配置文件/etc/named.conf
[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
//全局转发
allow-query { any; };
forward first; //首先转发,转发器不响应,则递归查询。取值为only时只转发。
forwarders { 192.168.190.10; };
保存退出(:wq)
3.编辑扩展配置文件/etc/named.rfc1912.zones
[[email protected] ~]# vim /etc/named.rfc1912.zones
在最后加上:
//转发指定域
zone “abc.com” IN {
type forward;//转发
forward first;
forwarders { 192.168.190.10; };
};
//保存退出(:wq)
4.改主机pc3的IP地址为静态地址(192.168.190.12)
[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
BOOTPROTO=static
…….
IPADDR=192.168.190.12
PREFIX=24
GATEWAY=192.168.190.2
DNS=192.168.190.12
5.重启网卡或重启系统
[[email protected] named]# ifdown ens33
成功断开设备 ‘ens33’。
[[email protected] named]# ifup ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
[[email protected] named]#
6.重启DNS服务
[[email protected] named]# systemctl restart named
7.DNS测试
[[email protected] named]# nslookup pc1.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc1.abc.com
Address: 192.168.190.10
[[email protected] named]# nslookup pc3.abc.com
Server: 192.168.190.10
Address: 192.168.190.10#53
Name: pc3.abc.com
Address: 192.168.190.12
[[email protected] named]# nslookup 192.168.190.13
Server: 192.168.190.10
Address: 192.168.190.10#53
13.190.168.192.in-addr.arpa name = pc4.abc.com.
成功!!!
DNS服务器Bind 之recursion递归
Centos8部署Zabbix5.4及agent安装