CentOS7下DNS服务器的搭建(局域网DNS、辅助DNS、缓存DNS)-ITB运维部落—http://www.itbcn.cn—ITB运维技术交流之家平台
记录工作点滴
分享运维知识

CentOS7下DNS服务器的搭建(局域网DNS、辅助DNS、缓存DNS)

一、DNS服务器的安装与测试

二、配置文件详解

三、配置内网(局域网)DNS

四.辅DNS的配置

五、缓存DNS配置


一、DNS服务器的安装与测试

1.查看是否安装DNS软件包

[[email protected] ~]# rpm -qa|grep bind

未安装:bind-9.9.4-61.el7_5.1.x86_64

2.安装DNS服务器软件包bind

[[email protected] ~]# yum install bind

3.再次查看bind包是否安装

[[email protected] ~]# rpm -qa|grep bind

已安装。

4.启动DNS服务(说明:DNS服务的守护进程为named)

[[email protected] ~]# systemctl start named.service

5.将DNS设为开机自启动

[[email protected] ~]# systemctl enable named.service

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

6.查看DNS服务的状态

[[email protected] ~]# systemctl status named.service

7.测试域名解析(能够正确解析外网和本机)

[[email protected] ~]# nslookup www.baidu.com

[[email protected] ~]# nslookup www.sohu.com

[[email protected] ~]# nslookup localhost

[[email protected] ~]# nslookup 127.0.0.1

二、配置文件详解

1.配置文件/etc/named.conf详解

[[email protected] ~]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator’s Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options { #选项

listen-on port 53 { 127.0.0.1; }; #服务监听端口为53

listen-on-v6 port 53 { ::1; }; #服务监听端口为53(ipv6)

directory “/var/named”; #配置文件存放的目录

dump-file “/var/named/data/cache_dump.db”; #解析过的内容的缓存

statistics-file “/var/named/data/named_stats.txt”; #静态缓存(一般不用)

memstatistics-file “/var/named/data/named_mem_stats.txt”; #静态缓存(放内存里的,一般不用)

allow-query { localhost; }; #允许连接的客户机

recursion yes; #递归查找

dnssec-enable yes; #DNS加密

dnssec-validation yes; #DNS加密高级算法

dnssec-lookaside auto; #DNS加密的相关东西

/* Path to ISC DLV key */

bindkeys-file “/etc/named.iscdlv.key”; #加密用的key(私钥公钥的加密,很强)

};

logging { #日志

channel default_debug {

file “data/named.run”; #运行状态文件

severity dynamic; #静态服务器地址(根域)

};

};

zone “.” IN { #根域解析

type hint;

file “named.ca”; #根域配置文件

};

include “/etc/named.rfc1912.zones”; #扩展配置文件(新开域名)

include “/etc/named.root.key”;

2.扩展配置文件/etc/named.rfc1912.zones详解

zone “localhost.localdomain” IN { #本地主机全名解析

type master; #类型为主域

file “named.localhost”; #域配置文件(文件存放在/var/named目录中)

allow-update { none; }; #不允许客户端更新

};

zone “localhost” IN { #本地主机名解析

type master;

file “named.localhost”;

allow-update { none; };

};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

#ipv6本地地址反向解析

type master;

file “named.loopback”;

allow-update { none; }; zone “1.0.0.127.in-addr.arpa” IN { #本地地址反向解析

type master;

file “named.loopback”;

allow-update { none; };

};

zone “0.in-addr.arpa” IN { #本地全网地址反向解析(和/域更新用的)

type master;

file “named.empty”;

allow-update { none; };

};

三、配置内网(局域网)DNS

本局域网有6台机器,定义:域名为abc.com,主机名分别为:pc1、pc2、pc3、pc4、pc5、pc6,其中pc1为域名服务器,负责对局域网中的6台机器进行域名解析,其IP地址为:192.168.190.10,pc2~pc6主机的IP地址分别为192.168.190.11、192.168.190.12、192.168.190.13、192.168.190.14、192.168.190.15。

1.先把子网ip改为192.168.190.0

2.改主机pc1的IP地址为静态地址

[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=a461b66a-ab58-405c-9feb-abb2e888f40d

DEVICE=ens33

ONBOOT=yes

PROXY_METHOD=none

BROWSER_ONLY=no

ZONE=public

IPADDR=192.168.190.10

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.10

3.编辑/etc/resolv.conf

[[email protected] named]# vim /etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.190.10

4.重启网卡或重启系统

(1)重启网卡

[[email protected] named]# ifdown ens33

成功断开设备 ‘ens33’。

[[email protected] named]# ifup ens33

连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)

(2)重启系统

[[email protected] named]# reboot

5.编辑配置文件/etc/named.conf

[email protected] ~]# vim /etc/named.conf

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { any; };

allow-transfer { 192.168.190.0/24; };

保存退出(:wq)

6.编辑扩展配置文件/etc/named.rfc1912.zones

(1)添加abc.com域的正向解析和方向解析

[[email protected] ~]# vim /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

zone “localhost.localdomain” IN {

type master;

file “named.localhost”;

allow-update { none; };

};

zone “localhost” IN {

type master;

file “named.localhost”;

allow-update { none; };

};

zone “abc.com” IN {//说明:正向解析域

type master;

file “named.abc.com.zones”;

allow-transfer { 192.168.190.11; };

allow-update { none; };

};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

type master;

file “named.loopback”;

allow-update { none; };

};

zone “1.0.0.127.in-addr.arpa” IN {

type master;

file “named.loopback”;

allow-update { none; };

};

zone “190.168.192.in-addr.arpa” IN {//说明:反向解析域

type master;

file “named.190.168.192.zones”;

allow-transfer { 192.168.190.11; };

allow-update { none; };

};

zone “0.in-addr.arpa” IN {

type master;

file “named.empty”;

allow-update { none; };

};

//保存退出(:wq)

7.编辑区文件

(1)编辑正向解析区文件

[[email protected] named]# ls

data dynamic named.ca named.empty named.localhost named.loopback slaves

(2)更换所属组

[[email protected] named]# cp -p named.localhost named.abc.com.zonesll

[[email protected] named]# chgrp named named.190.168.192.zones

[[email protected] named]# vim /var/named/named.abc.com.zones

$TTL 1D

@ IN SOA @ root.pc1.abc.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS pc1.abc.com.

pc1 IN A 192.168.190.10

pc2 IN A 192.168.190.11

pc3 IN A 192.168.190.12

pc4 IN A 192.168.190.13

pc5 IN A 192.168.190.14

pc6 IN A 192.168.190.15

(3)编辑反向解析区文件

[[email protected] named]# vim /var/named/named.190.168.192.zones

$TTL 1D

@ IN SOA @ root.pc1.abc.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS pc1.abc.com.

10 IN PTR pc1.abc.com.

11 IN PTR pc2.abc.com.

12 IN PTR pc3.abc.com.

13 IN PTR pc4.abc.com.

14 IN PTR pc5.abc.com.

15 IN PTR pc6.abc.com.

8.重启DNS服务

[[email protected] named]# systemctl restart named

9.修改主机名为pc1并查看是否修改成功

[[email protected] named]# hostnamectl set-hostname pc1

[[email protected] named]# hostname

10.编辑NetworkManager管理工具的配置文件,不让其分配DNS

[[email protected] named]# vim /etc/NetworkManager/NetworkManager.conf

# Configuration file for NetworkManager.

#

# See “man 5 NetworkManager.conf” for details.

#

# The directories /usr/lib/NetworkManager/conf.d/ and /var/run/NetworkManager/conf.d/

# can contain additional configuration snippets installed by packages. These files are

# read before NetworkManager.conf and have thus lowest priority.

# The directory /etc/NetworkManager/conf.d/ can contain additional configuration

# snippets. Those snippets are merged last and overwrite the settings from this main

# file.

#

# The files within one conf.d/ directory are read in asciibetical order.

#

# If /etc/NetworkManager/conf.d/ contains a file with the same name as

# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.

# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can

# put an empty file to /etc with the same name. The same applies with respect

# to the directory /var/run/NetworkManager/conf.d where files in /var/run shadow

# /usr/lib and are themselves shadowed by files under /etc.

#

# If two files define the same key, the one that is read afterwards will overwrite

# the previous one.

[main]

#plugins=ifcfg-rh,ibft

dns=none

[logging]

# When debugging NetworkManager, enabling debug logging is of great help.

#

# Logfiles contain no passwords and little sensitive information. But please

# check before posting the file online. You can also personally hand over the

# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.

# Please post full logfiles except minimal modifications of private data.

#

# You can also change the log-level at runtime via

# $ nmcli general logging level TRACE domains ALL

# However, usually it’s cleaner to enable debug logging

# in the configuration and restart NetworkManager so that

# debug logging is enabled from the start.

#

# You will find the logfiles in syslog, for example via

# $ journalctl -u NetworkManager

#

# Note that debug logging of NetworkManager can be quite verbose. Some messages

# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst

# in man journald.conf).

#

#level=TRACE

#domains=ALL

11.DNS测试

(1)命令测试

[[email protected] named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[[email protected] named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[[email protected] named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!!!

四.辅DNS的配置

在之前将计算机配置为的基础上,将IP地址为192.168.190.11的计算机pc2配置为辅助DNS服务器,并从IP地址为192.168.190.10的主DNS服务器pc1复制正向解析和反向解析的区文件named.abc.com.zonesnamed.190.168.192.zones

1.安装DNS软件包bind

[[email protected] ~]# yum install bind

2.编辑配置文件/etc/named.conf

[email protected] ~]# vim /etc/named.conf

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

allow-query { any; };

allow-transfer { none; };

保存退出(:wq)

3.编辑扩展配置文件/etc/named.rfc1912.zones

(1)定义abc.com域的正向解析和方向解析

[[email protected] ~]# vim /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

zone “localhost.localdomain” IN {

type master;

file “named.localhost”;

allow-update { none; };

};

zone “localhost” IN {

type master;

file “named.localhost”;

allow-update { none; };

};

zone “abc.com” IN {

type slave;

file “slaves/named.abc.com.zones”;

masters { 192.168.190.10; };

};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

type master;

file “named.loopback”;

allow-update { none; };

};

zone “1.0.0.127.in-addr.arpa” IN {

type master;

file “named.loopback”;

allow-update { none; };

};

zone “190.168.192.in-addr.arpa” IN {//说明:反向解析域

type slave;

file “slaves/named.190.168.192.zones”;

masters { 192.168.190.10; };

};

zone “0.in-addr.arpa” IN {

type master;

file “named.empty”;

allow-update { none; };

};

//保存退出(:wq)

4.在主DNS的区域配置文件中(/etc/named.rfc1912.zones)允许该从服务器的更新要求。

[[email protected] named]# vim /etc/named.rfc1912.zones

zone “abc.com” IN {

type master;

file “named.abc.com”;

allow-update { 192.168.190.11; };//允许从服务器的更新要求

};

zone “192.168.192.in-addr.arpa” IN {

type master;

file “named.192.168.144.zones”;

allow-update { 192.168.190.11; };

};

5.关闭防火墙和安全

主服务器和从服务器的都要关闭

[[email protected] ~]# systemctl stop firewalld

[[email protected] ~]# setenforce 0

6.改主机pc2的IP地址为静态地址

[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=a461b66a-ab58-405c-9feb-abb2e888f40d

DEVICE=ens33

ONBOOT=yes

PROXY_METHOD=none

BROWSER_ONLY=no

ZONE=public

IPADDR=192.168.190.11

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.11

7.编辑/etc/resolv.conf

[[email protected] ~]# vim /etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.190.10

8.重启网卡或重启系统

(1)重启网卡

[[email protected] named]# ifdown ens33

成功断开设备 ‘ens33’。

[[email protected] named]# ifup ens33

连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)

9.重启DNS服务

[[email protected] ~]# systemctl restart named

10.查看/var/named/slaves/文件夹下是否传过来正向解析和反向解析的区文件

[[email protected] ~]# ls /var/named/slaves/

named.190.168.192.zones named.abc.com.zones

11.DNS测试

[[email protected] named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[[email protected] named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[[email protected] named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!!!

五、缓存DNS配置

在之前将计算机配置为的基础上,将IP地址为192.168.190.12的计算机配置为缓存DNS服务器,将解析请求转发到主域名服务器192.168.190.10

1. 安装DNS软件包bind

[[email protected] ~]# yum install bind

2. 编辑配置文件/etc/named.conf

[email protected] ~]# vim /etc/named.conf

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory “/var/named”;

dump-file “/var/named/data/cache_dump.db”;

statistics-file “/var/named/data/named_stats.txt”;

memstatistics-file “/var/named/data/named_mem_stats.txt”;

//全局转发

allow-query { any; };

forward first; //首先转发,转发器不响应,则递归查询。取值为only时只转发。

forwarders { 192.168.190.10; };

保存退出(:wq)

3.编辑扩展配置文件/etc/named.rfc1912.zones

[[email protected] ~]# vim /etc/named.rfc1912.zones

在最后加上:

//转发指定域

zone “abc.com” IN {

type forward;//转发

forward first;

forwarders { 192.168.190.10; };

};

//保存退出(:wq)

4.改主机pc3的IP地址为静态地址(192.168.190.12)

[[email protected] named]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736

BOOTPROTO=static

…….

IPADDR=192.168.190.12

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.12

5.重启网卡或重启系统

[[email protected] named]# ifdown ens33

成功断开设备 ‘ens33’。

[[email protected] named]# ifup ens33

连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)

[[email protected] named]#

6.重启DNS服务

[[email protected] named]# systemctl restart named

7.DNS测试

[[email protected] named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[[email protected] named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[[email protected] named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!!!

未经允许不得转载:ITB运维部落—http://www.itbcn.cn—ITB运维技术交流之家平台 » CentOS7下DNS服务器的搭建(局域网DNS、辅助DNS、缓存DNS)

如果文章对你有帮助,欢迎点击上方按钮打赏作者

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址