DNS服务器搭建示例
负责解析magedu.com域名,能够对一些主机名进行正向解析和逆向解析
- 配置主配置文件
[root@slave1 etc]# vim /etc/named.conf options { listen-on port 53 { 192.168.91.132; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "magedu.com" IN { type master; file "magedu.com.zone"; } zone "91.168.192.in-addr.arpa" IN { type master; file "192.168.91.zone"; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";- 配置正向区域和反向区域
[root@slave1 etc]# cd /var/named/ [root@slave1 named]# cp named.localhost magedu.com.zone [root@slave1 named]# vim magedu.com.zone $TTL 86400 $ORIGIN magedu.com. @ IN SOA @ dnsadmin.magedu.com. ( 2017090901 ; serial 1H ; refresh 10M ; retry 3D ; expire 1D ) ; minimum IN NS slave1 ns1 IN A 192.168.91.132 web IN A 192.168.91.133 [root@slave1 named]# cp magedu.com.zone 192.168.91.zone [root@slave1 named]# vim 192.168.91.zone $TTL 86400 $ORIGIN 91.168.192.in-addr.arpa. @ IN SOA @ dnsadmin.magedu.com. ( 2017090901 ; serial 1H ; refresh 10M ; retry 3D ; expire 1D) ; minimum IN NS ns1.magedu.com. 132 IN PTR ns1.magedu.com. 136 IN PTR web.magedu.com. - 检查语法错误
[root@slave1 named]# named-checkconf [root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone [root@slave1 named]# named-checkzone 91.168.192.in-addr.arpa /var/named/192.168.91.zone - 权限及属组修改
[root@slave1 named]# chown :named magedu.com.zone [root@slave1 named]# chmod o= magedu.com.zone [root@slave1 named]# chown :named /var/named/192.168.91.zone [root@slave1 named]# chmod o= /var/named/192.168.91.zone - 启动和验证
[root@slave1 named]# systemctl reload named.service [root@slave1 named]# dig -t A web.magedu.com @192.168.91.132 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;web.magedu.com. IN A ;; ANSWER SECTION: web.magedu.com. 86400 IN A 192.168.91.133 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.91.132 ;; Query time: 0 msec ;; SERVER: 192.168.91.132#53(192.168.91.132) ;; WHEN: Sun Sep 10 00:46:48 2017 ;; MSG SIZE rcvd: 82 [root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;136.91.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 136.91.168.192.in-addr.arpa. 86400 IN PTR web.magedu.com. ;; AUTHORITY SECTION: 91.168.192.in-addr.arpa. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.91.132 ;; Query time: 0 msec ;; SERVER: 192.168.91.132#53(192.168.91.132) ;; WHEN: Mon Sep 11 01:20:59 2017 ;; MSG SIZE rcvd: 107
子域授权(cdn)
- 在magedu.com域对应的服务器上执行
[root@slave1 named]# vim magedu.com.zone $TTL 86400 $ORIGIN magedu.com. @ IN SOA @ dnsadmin.magedu.com. ( 2017090901 ; serial 1H ; refresh 10M ; retry 3D ; expire 1D) ; minimum IN NS ns1 ns1 IN A 192.168.91.132 web IN A 192.168.91.133 cdn IN NS ns1.cdn ns1.cdn IN A 192.168.91.134 - 在cdn.magedu.com域对应的服务器上执行
[root@master etc]# vim named.conf options { listen-on port 53 { 192.168.91.134; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "cdn.magedu.com" IN { type master; file "cdn.magedu.com.zone" }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; [root@master named]# cp named.localhost cdn.magedu.com.zone [root@master named]# vim cdn.magedu.com.zone $TTL 1D $ORIGIN cdn.magedu.com. @ IN SOA @ dnsadmin.cdn.magedu.com. ( 2017090901 ; serial 1H ; refresh 10M ; retry 1D ; expire 2H) ; minimum IN NS ns1 ns1 IN A 192.168.91.134 www IN A 192.168.91.135 [root@master named]# named-checkconf /etc/named.conf [root@master named]# named-checkzone cdn.magedu.com /var/named/cdn.magedu.com.zone [root@master named]# chown :named cdn.magedu.com.zone [root@master named]# chmod o= cdn.magedu.com.zone
- 验证
[root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;web.magedu.com. IN A ;; ANSWER SECTION: web.magedu.com. 86400 IN A 192.168.91.133 ;; AUTHORITY SECTION: magedu.com. 86400 IN NS ns1.magedu.com. ;; ADDITIONAL SECTION: ns1.magedu.com. 86400 IN A 192.168.91.132 ;; Query time: 1 msec ;; SERVER: 192.168.91.132#53(192.168.91.132) ;; WHEN: Sun Sep 10 03:55:14 2017 ;; MSG SIZE rcvd: 82
主从服务器(之前配置的两台中,授权子域cdn.magedu.com那台当做从服务器)
- 配置从区域
[root@master etc]# vim named.conf zone "magedu.com" IN { type slave; file "slaves/magedu.com.zone"; masters {192.168.91.132;}; allow-transfer { none; }; }; [root@master etc]# named-checkconf - 修改主服务器配置
[root@slave1 named]# vim named.conf zone "magedu.com" IN { type master; file "magedu.com.zone"; allow-transfer { 192.168.91.134; }; }; [root@slave1 named]# vi magedu.com.zone $TTL 86400 $ORIGIN magedu.com. @ IN SOA @ dnsadmin.magedu.com. ( 2017090901 ; serial 1H ; refresh 10M ; retry 3D ; expire 1D) ; minimum IN NS ns1 IN NS ns2 ns1 IN A 192.168.91.132 ns2 IN A 192.168.91.134 web IN A 192.168.91.133 - 主服务器重载配置文件
[root@slave1 named]# systemctl reload named.service - 从服务器检查配置文件并重启服务
[root@master etc]# systemctl restart named.service - 服务启动后,会在/var/named/slaves/自动添加magedu.com.zone文件
[root@master slaves]# ls -l total 4 -rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone
本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87282
