DNS服務器搭建示例

N27_xiaoni ? ? Linux干貨

DNS服務器搭建示例

負責解析magedu.com域名,能夠對一些主機名進行正向解析和逆向解析

  • 配置主配置文件 
    [root@slave1 etc]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.91.132; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
}

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.91.zone";
};
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
  • 配置正向區域和反向區域 
    [root@slave1 etc]# cd /var/named/
[root@slave1 named]# cp named.localhost magedu.com.zone

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D )    ; minimum
        IN  NS  slave1
ns1  IN      A     192.168.91.132
web  IN      A     192.168.91.133

[root@slave1 named]# cp  magedu.com.zone  192.168.91.zone
[root@slave1 named]# vim 192.168.91.zone
$TTL 86400
$ORIGIN 91.168.192.in-addr.arpa.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1.magedu.com.
132  IN     PTR    ns1.magedu.com.
136  IN     PTR    web.magedu.com.
  • 檢查語法錯誤 
    [root@slave1 named]# named-checkconf
[root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone
[root@slave1 named]# named-checkzone  91.168.192.in-addr.arpa /var/named/192.168.91.zone
  • 權限及屬組修改 
    [root@slave1 named]# chown :named magedu.com.zone
[root@slave1 named]# chmod o=  magedu.com.zone
[root@slave1 named]# chown :named /var/named/192.168.91.zone
[root@slave1 named]# chmod o= /var/named/192.168.91.zone
  • 啟動和驗證 
    [root@slave1 named]# systemctl  reload  named.service 
[root@slave1 named]#  dig -t A web.magedu.com @192.168.91.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 00:46:48 2017
;; MSG SIZE  rcvd: 82

[root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;136.91.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
136.91.168.192.in-addr.arpa. 86400 IN   PTR     web.magedu.com.

;; AUTHORITY SECTION:
91.168.192.in-addr.arpa. 86400  IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Mon Sep 11 01:20:59 2017
;; MSG SIZE  rcvd: 107

子域授權(cdn)

  • 在magedu.com域對應的服務器上執行 
    [root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
ns1  IN         A     192.168.91.132
web  IN      A     192.168.91.133
cdn  IN   NS   ns1.cdn
ns1.cdn IN  A   192.168.91.134
  • 在cdn.magedu.com域對應的服務器上執行 
    [root@master etc]# vim named.conf
options {
        listen-on port 53 { 192.168.91.134; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "cdn.magedu.com" IN {
        type master;
        file "cdn.magedu.com.zone"

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master named]# cp named.localhost cdn.magedu.com.zone
[root@master named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@       IN SOA  @ dnsadmin.cdn.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        1D      ; expire
                                        2H)     ; minimum
        IN  NS  ns1
ns1  IN   A     192.168.91.134
www  IN   A     192.168.91.135

[root@master named]# named-checkconf  /etc/named.conf
[root@master named]# named-checkzone cdn.magedu.com  /var/named/cdn.magedu.com.zone

[root@master named]# chown :named cdn.magedu.com.zone
[root@master named]# chmod o= cdn.magedu.com.zone
  • 驗證 
    [root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 1 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 03:55:14 2017
;; MSG SIZE  rcvd: 82

主從服務器(之前配置的兩臺中,授權子域cdn.magedu.com那臺當做從服務器)

  • 配置從區域 
    [root@master etc]# vim named.conf
zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.91.132;};
        allow-transfer  { none; };

};

[root@master etc]# named-checkconf
  • 修改主服務器配置 
    [root@slave1 named]# vim named.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
        allow-transfer { 192.168.91.134; };
};
[root@slave1 named]# vi magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
        IN  NS  ns2
ns1  IN         A     192.168.91.132
ns2  IN         A     192.168.91.134
web  IN      A     192.168.91.133
  • 主服務器重載配置文件 
    [root@slave1 named]#  systemctl reload named.service
  • 從服務器檢查配置文件并重啟服務 
    [root@master etc]# systemctl restart named.service
  • 服務啟動后,會在/var/named/slaves/自動添加magedu.com.zone文件 
    [root@master slaves]# ls -l
total 4
-rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone

本文來自投稿,不代表Linux運維部落立場,如若轉載,請注明出處:http://www.www58058.com/87282

(0)
N27_xiaoniN27_xiaoni
上一篇 2017-09-16 20:13
下一篇 2017-09-17 13:12

相關推薦

  • 請使用命令行展開功能來完成以下練習

    (1)、創建/tmp目錄下的:ac, ad, bc, bd ]# mkdir -p /tmp/{a,b}_{c,d} 或者: ]# touch /tmp/{a,b}_{c,d} (2)、創建/tmp/mylinux目錄下的: ]# mkdir -pv /tmp/mylinux/{bin,boot/gtub,dev,etc/{rc.d/init.d,sysco…

    Linux干貨 2016-11-06

  • 第一周

    1、描述計算機的組成與功能 計算器是由運算器,控制器,存儲器,輸入設備和輸出設備五大部件組成;每一部件分別按要求執行特定的功能,具體功能如下: (1)運算器:完成各種算術運算和邏輯運算的裝置,能進行加、減、乘、除等數學運算,也能作比較、判斷、查找、邏輯運算等。 (2)控制器:控制器是計算機機指揮和控制其它各部分工作的中心,其工作過程和人的大腦指揮和控制人的各…

    Linux干貨 2017-01-02

  • 第十周作業

    1、請詳細描述CentOS系統的啟動流程(詳細到每個過程系統做了哪些事情) 2、為運行于虛擬機上的CentOS 6添加一塊新硬件,提供兩個主分區;   (1) 為硬盤新建兩個主分區;并為其安裝grub; #創建兩個分區,/dev/sdb1為500M,/dev/sdb2為5G [root@centos6 mnt]# fdisk -l /dev/sdb…

    2017-03-12

  • centos7源碼編譯安裝Apache2.4.25服務

    ?一、源碼包下載 ?二、安裝開發環境以及編譯環境 ?三、編譯安裝以及報錯排查 ?四、調試Apache服務 前言: 本文主要介紹了在Centos7環境中如何通過源碼編譯的方式安裝Apache服務(也就是我們的httpd服務)由于本文整理時間有限,所以難免有些紕漏之處,歡迎大家在閱讀后在評論區指出,本人看到會在第一時間修改文中錯誤的地方。 為什么要進行源碼編譯安…

    2017-04-22

  • 壓縮及解壓縮工具

    壓縮和解壓縮工具      壓縮比      目的:時間換空間      CPU的時間 –> 磁盤空間 常見的壓縮及解壓縮工具: compress/uncompress, .Z gzip/gunzip, .gz bzip2…

    Linux干貨 2016-08-22

  • N22+北京zhangzhangzhang+第四周作業

    1、復制/etc/skel目錄為/home/tuser1,要求/home/tuser1及其內部文件的屬組和其它用戶均沒有任何訪問權限。 cp -r /etc/skel /home/tuser1    ls -ld /home/tuser1   &nb…

    Linux干貨 2016-09-05
欧美性久久久久