DNS服务器搭建示例

负责解析magedu.com域名，能够对一些主机名进行正向解析和逆向解析

配置主配置文件

[root@slave1 etc]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.91.132; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
}

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.91.zone";
};

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

配置正向区域和反向区域

[root@slave1 etc]# cd /var/named/
[root@slave1 named]# cp named.localhost magedu.com.zone

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D )    ; minimum
        IN  NS  slave1
ns1  IN      A     192.168.91.132
web  IN      A     192.168.91.133

[root@slave1 named]# cp  magedu.com.zone  192.168.91.zone
[root@slave1 named]# vim 192.168.91.zone
$TTL 86400
$ORIGIN 91.168.192.in-addr.arpa.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1.magedu.com.
132  IN     PTR    ns1.magedu.com.
136  IN     PTR    web.magedu.com.

检查语法错误

[root@slave1 named]# named-checkconf
[root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone
[root@slave1 named]# named-checkzone  91.168.192.in-addr.arpa /var/named/192.168.91.zone

权限及属组修改

[root@slave1 named]# chown :named magedu.com.zone
[root@slave1 named]# chmod o=  magedu.com.zone
[root@slave1 named]# chown :named /var/named/192.168.91.zone
[root@slave1 named]# chmod o= /var/named/192.168.91.zone

启动和验证

[root@slave1 named]# systemctl  reload  named.service 
[root@slave1 named]#  dig -t A web.magedu.com @192.168.91.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 00:46:48 2017
;; MSG SIZE  rcvd: 82

[root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;136.91.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
136.91.168.192.in-addr.arpa. 86400 IN   PTR     web.magedu.com.

;; AUTHORITY SECTION:
91.168.192.in-addr.arpa. 86400  IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Mon Sep 11 01:20:59 2017
;; MSG SIZE  rcvd: 107

子域授权（cdn）

在magedu.com域对应的服务器上执行

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
ns1  IN         A     192.168.91.132
web  IN      A     192.168.91.133
cdn  IN   NS   ns1.cdn
ns1.cdn IN  A   192.168.91.134

在cdn.magedu.com域对应的服务器上执行

[root@master etc]# vim named.conf
options {
        listen-on port 53 { 192.168.91.134; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "cdn.magedu.com" IN {
        type master;
        file "cdn.magedu.com.zone"

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master named]# cp named.localhost cdn.magedu.com.zone
[root@master named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@       IN SOA  @ dnsadmin.cdn.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        1D      ; expire
                                        2H)     ; minimum
        IN  NS  ns1
ns1  IN   A     192.168.91.134
www  IN   A     192.168.91.135

[root@master named]# named-checkconf  /etc/named.conf
[root@master named]# named-checkzone cdn.magedu.com  /var/named/cdn.magedu.com.zone

[root@master named]# chown :named cdn.magedu.com.zone
[root@master named]# chmod o= cdn.magedu.com.zone

验证

[root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 1 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 03:55:14 2017
;; MSG SIZE  rcvd: 82

主从服务器（之前配置的两台中，授权子域cdn.magedu.com那台当做从服务器）

配置从区域

[root@master etc]# vim named.conf
zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.91.132;};
        allow-transfer  { none; };

};

[root@master etc]# named-checkconf

修改主服务器配置

[root@slave1 named]# vim named.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
        allow-transfer { 192.168.91.134; };
};
[root@slave1 named]# vi magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
        IN  NS  ns2
ns1  IN         A     192.168.91.132
ns2  IN         A     192.168.91.134
web  IN      A     192.168.91.133

主服务器重载配置文件

[root@slave1 named]#  systemctl reload named.service

从服务器检查配置文件并重启服务

[root@master etc]# systemctl restart named.service

服务启动后，会在/var/named/slaves/自动添加magedu.com.zone文件

[root@master slaves]# ls -l
total 4
-rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone

本文来自投稿，不代表Linux运维部落立场，如若转载，请注明出处：http://www.178linux.com/87282

DNS服务器搭建示例

DNS服务器搭建示例

负责解析magedu.com域名，能够对一些主机名进行正向解析和逆向解析

子域授权（cdn）

主从服务器（之前配置的两台中，授权子域cdn.magedu.com那台当做从服务器）

相关推荐

Linux基础知识之脚本初级编程

keepalived+nginx 模型示例

iptables实现地址转换

Linux boot分区意外格式化或清除之后…

封装和结构及set

Linux学习第四周