DNS服务器搭建示例

N27_xiaoni Linux干货

DNS服务器搭建示例

负责解析magedu.com域名,能够对一些主机名进行正向解析和逆向解析

  • 配置主配置文件 
    [root@slave1 etc]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.91.132; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
}

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.91.zone";
};
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
  • 配置正向区域和反向区域 
    [root@slave1 etc]# cd /var/named/
[root@slave1 named]# cp named.localhost magedu.com.zone

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D )    ; minimum
        IN  NS  slave1
ns1  IN      A     192.168.91.132
web  IN      A     192.168.91.133

[root@slave1 named]# cp  magedu.com.zone  192.168.91.zone
[root@slave1 named]# vim 192.168.91.zone
$TTL 86400
$ORIGIN 91.168.192.in-addr.arpa.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1.magedu.com.
132  IN     PTR    ns1.magedu.com.
136  IN     PTR    web.magedu.com.
  • 检查语法错误 
    [root@slave1 named]# named-checkconf
[root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone
[root@slave1 named]# named-checkzone  91.168.192.in-addr.arpa /var/named/192.168.91.zone
  • 权限及属组修改 
    [root@slave1 named]# chown :named magedu.com.zone
[root@slave1 named]# chmod o=  magedu.com.zone
[root@slave1 named]# chown :named /var/named/192.168.91.zone
[root@slave1 named]# chmod o= /var/named/192.168.91.zone
  • 启动和验证 
    [root@slave1 named]# systemctl  reload  named.service 
[root@slave1 named]#  dig -t A web.magedu.com @192.168.91.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 00:46:48 2017
;; MSG SIZE  rcvd: 82

[root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;136.91.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
136.91.168.192.in-addr.arpa. 86400 IN   PTR     web.magedu.com.

;; AUTHORITY SECTION:
91.168.192.in-addr.arpa. 86400  IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Mon Sep 11 01:20:59 2017
;; MSG SIZE  rcvd: 107

子域授权(cdn)

  • 在magedu.com域对应的服务器上执行 
    [root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
ns1  IN         A     192.168.91.132
web  IN      A     192.168.91.133
cdn  IN   NS   ns1.cdn
ns1.cdn IN  A   192.168.91.134
  • 在cdn.magedu.com域对应的服务器上执行 
    [root@master etc]# vim named.conf
options {
        listen-on port 53 { 192.168.91.134; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "cdn.magedu.com" IN {
        type master;
        file "cdn.magedu.com.zone"

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master named]# cp named.localhost cdn.magedu.com.zone
[root@master named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@       IN SOA  @ dnsadmin.cdn.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        1D      ; expire
                                        2H)     ; minimum
        IN  NS  ns1
ns1  IN   A     192.168.91.134
www  IN   A     192.168.91.135

[root@master named]# named-checkconf  /etc/named.conf
[root@master named]# named-checkzone cdn.magedu.com  /var/named/cdn.magedu.com.zone

[root@master named]# chown :named cdn.magedu.com.zone
[root@master named]# chmod o= cdn.magedu.com.zone
  • 验证 
    [root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 1 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 03:55:14 2017
;; MSG SIZE  rcvd: 82

主从服务器(之前配置的两台中,授权子域cdn.magedu.com那台当做从服务器)

  • 配置从区域 
    [root@master etc]# vim named.conf
zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.91.132;};
        allow-transfer  { none; };

};

[root@master etc]# named-checkconf
  • 修改主服务器配置 
    [root@slave1 named]# vim named.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
        allow-transfer { 192.168.91.134; };
};
[root@slave1 named]# vi magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
        IN  NS  ns2
ns1  IN         A     192.168.91.132
ns2  IN         A     192.168.91.134
web  IN      A     192.168.91.133
  • 主服务器重载配置文件 
    [root@slave1 named]#  systemctl reload named.service
  • 从服务器检查配置文件并重启服务 
    [root@master etc]# systemctl restart named.service
  • 服务启动后,会在/var/named/slaves/自动添加magedu.com.zone文件 
    [root@master slaves]# ls -l
total 4
-rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87282

(0)
N27_xiaoniN27_xiaoni
0
上一篇 2017-09-16 20:13
下一篇 2017-09-17 13:12

相关推荐

  • bash中的算术运算及条件测试

    bash的算术运算 +, -, *, /, %取模(取余), **(乘方) 实现算术运算: (1) let var=算术表达式 (2) var=$[算术表达式] (3) var=$((算术表达式)) (4) var=$(expr arg1 arg2 arg3 …) (5) declare –i var = 数值 (6) echo ‘算术表达式’ …

    Linux干货 2017-04-17

  • 可伸缩的逻辑卷

    什么是逻辑卷? 逻辑卷简称LVM, LVM是Linux环境中对磁盘分区进行管理的一种机制,是建立在硬盘和分区之上、文件系统之下的一个逻辑层,可提高磁盘分区管理的灵活性.   为什么要使用逻辑卷? 逻辑卷相比于一般的磁盘分区, 具有更高的灵活性。可随时伸缩空间的大小.   构建逻辑分区图:   逻辑卷概念: PV(物理卷): 是在…

    Linux干货 2016-09-01

  • 磁盘管理之分区管理

                     磁盘管理之分区管理  磁盘一般指的是计算的硬盘,它是计算机五大部件之一,主要用来存储数据。所有它是计算机不可或缺的部件之一。 常见的硬盘分为固态和…

    Linux干货 2016-09-06

  • 马哥教育网络19期+第十三周课程练习

    1、建立samba共享,共享目录为/data,要求:(描述完整的过程)   1)共享名为shared,工作组为magedu;   2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;   3)添加s…

    Linux干货 2016-08-12

  • 马哥教育网络班22期+第九周课程练习

    1. 写一个脚本,判断当前系统上所有用户的shell是否为可登录shell(即用户的shell不是/sbin/nologin);分别这两类用户的个数;通过字符串比较来实现; #!/bin/bash#declare -a loginuserdeclare -i sum_login=0declare -i sum_nologin=0list=($(cat /et…

    Linux干货 2017-01-03

  • 第四周

    第四周 1.复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其他用户均没有任何访问权限。 [root@node1 ~]# cp -r /etc/skel/ /home/tuser1 [root@node1 ~]# chmod -R go= /home/tuser1 [root@node1 ~]# ls -…

    Linux干货 2017-07-26
电话咨询
在线咨询