DNS服務器搭建示例

N27_xiaoni ? ? Linux干貨

DNS服務器搭建示例

負責解析magedu.com域名,能夠對一些主機名進行正向解析和逆向解析

  • 配置主配置文件 
    [root@slave1 etc]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.91.132; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
}

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.91.zone";
};
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
  • 配置正向區域和反向區域 
    [root@slave1 etc]# cd /var/named/
[root@slave1 named]# cp named.localhost magedu.com.zone

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D )    ; minimum
        IN  NS  slave1
ns1  IN      A     192.168.91.132
web  IN      A     192.168.91.133

[root@slave1 named]# cp  magedu.com.zone  192.168.91.zone
[root@slave1 named]# vim 192.168.91.zone
$TTL 86400
$ORIGIN 91.168.192.in-addr.arpa.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1.magedu.com.
132  IN     PTR    ns1.magedu.com.
136  IN     PTR    web.magedu.com.
  • 檢查語法錯誤 
    [root@slave1 named]# named-checkconf
[root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone
[root@slave1 named]# named-checkzone  91.168.192.in-addr.arpa /var/named/192.168.91.zone
  • 權限及屬組修改 
    [root@slave1 named]# chown :named magedu.com.zone
[root@slave1 named]# chmod o=  magedu.com.zone
[root@slave1 named]# chown :named /var/named/192.168.91.zone
[root@slave1 named]# chmod o= /var/named/192.168.91.zone
  • 啟動和驗證 
    [root@slave1 named]# systemctl  reload  named.service 
[root@slave1 named]#  dig -t A web.magedu.com @192.168.91.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 00:46:48 2017
;; MSG SIZE  rcvd: 82

[root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;136.91.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
136.91.168.192.in-addr.arpa. 86400 IN   PTR     web.magedu.com.

;; AUTHORITY SECTION:
91.168.192.in-addr.arpa. 86400  IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Mon Sep 11 01:20:59 2017
;; MSG SIZE  rcvd: 107

子域授權(cdn)

  • 在magedu.com域對應的服務器上執行 
    [root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
ns1  IN         A     192.168.91.132
web  IN      A     192.168.91.133
cdn  IN   NS   ns1.cdn
ns1.cdn IN  A   192.168.91.134
  • 在cdn.magedu.com域對應的服務器上執行 
    [root@master etc]# vim named.conf
options {
        listen-on port 53 { 192.168.91.134; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "cdn.magedu.com" IN {
        type master;
        file "cdn.magedu.com.zone"

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master named]# cp named.localhost cdn.magedu.com.zone
[root@master named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@       IN SOA  @ dnsadmin.cdn.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        1D      ; expire
                                        2H)     ; minimum
        IN  NS  ns1
ns1  IN   A     192.168.91.134
www  IN   A     192.168.91.135

[root@master named]# named-checkconf  /etc/named.conf
[root@master named]# named-checkzone cdn.magedu.com  /var/named/cdn.magedu.com.zone

[root@master named]# chown :named cdn.magedu.com.zone
[root@master named]# chmod o= cdn.magedu.com.zone
  • 驗證 
    [root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 1 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 03:55:14 2017
;; MSG SIZE  rcvd: 82

主從服務器(之前配置的兩臺中,授權子域cdn.magedu.com那臺當做從服務器)

  • 配置從區域 
    [root@master etc]# vim named.conf
zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.91.132;};
        allow-transfer  { none; };

};

[root@master etc]# named-checkconf
  • 修改主服務器配置 
    [root@slave1 named]# vim named.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
        allow-transfer { 192.168.91.134; };
};
[root@slave1 named]# vi magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
        IN  NS  ns2
ns1  IN         A     192.168.91.132
ns2  IN         A     192.168.91.134
web  IN      A     192.168.91.133
  • 主服務器重載配置文件 
    [root@slave1 named]#  systemctl reload named.service
  • 從服務器檢查配置文件并重啟服務 
    [root@master etc]# systemctl restart named.service
  • 服務啟動后,會在/var/named/slaves/自動添加magedu.com.zone文件 
    [root@master slaves]# ls -l
total 4
-rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone

本文來自投稿,不代表Linux運維部落立場,如若轉載,請注明出處:http://www.www58058.com/87282

(0)
N27_xiaoniN27_xiaoni
上一篇 2017-09-16 20:13
下一篇 2017-09-17 13:12

相關推薦

  • N22-第五周作業-冥界之王

    1、顯示/boot/grub/grub.conf中以至少一個空白字符開頭的行;    [root@CentOS6 ~]# cat /boot/grub/grub.conf | grep -E  "^[[:space:]]{1,}"…

    Linux干貨 2016-09-19

  • 運維工程師技能需求排行

    這是我今天在拉勾網搜索運維,翻完了4四頁也招聘信息之后得到的,我的目的是想要看看之后的學習,哪個更應該成為重點,有些在我意料之中,有些還真的沒想到,算是努力了一個小時的收獲吧,分享給大家。
    注意:其中的看法僅代表個人觀點,很多都是依靠我自己的學習經驗和工作經驗累積的

    Linux干貨 2017-12-12

  • N22-妙手-第四周博客作業

    1、復制/etc/skel目錄為/home/tuser1,要求/home/tuser1及其內部文件的屬組和其它用戶均沒有任何訪問權限。 [root@localhost ~]# cp -r /etc/skel /home/tuser1 [root@localhost ~]# chmod&nb…

    Linux干貨 2016-09-05

  • 初學Linux之快速獲取幫助

    Windows操作系統和Linux操作系統的界面區別,導致了初學Linux時,我們會遇到比較大的障礙。Windows操作系統時圖形這種形象化的操作界面,而Linux則不同,時以字符界面為主的。當我們遇到困難,我們可以獲取系統提供的幫助信息,越過我們遇到的障礙,快速的熟悉Linux。獲取幫助的方法包括:Linux手冊(man),命令的幫助頁,info幫助。

    2017-11-19

  • 入門——計算機基礎簡介

    一、計算機系統 計算機系統:由硬件(Hardware)系統和軟件(Software)系統倆大部分組成 二、計算機硬件 計算機(computer):是一種能接收和存儲信息,并按照存儲在其內部的程序對海量數據進行自動、高速的處理,然后把處理結果輸出的現代化電子設備。 計算機硬件組成部分 馮.諾依曼體系結構: 1946年數學家馮.諾依曼提出運算器、控制器、存儲器、…

    2018-03-27

  • 馬哥教育21期網絡班—第四周課程+練習

    1、復制/etc/skel目錄為/home/tuser1,要求/home/tuser1及其內部文件的屬組和其它用戶均沒有任何訪問權限。 [root@localhost ~]#cp -rf /etc/skel /home/tuser1[root@localhost ~]#chmod -R g…

    Linux干貨 2016-07-16
欧美性久久久久