DNS服务器搭建示例

N27_xiaoni Linux干货

DNS服务器搭建示例

负责解析magedu.com域名,能够对一些主机名进行正向解析和逆向解析

  • 配置主配置文件 
    [root@slave1 etc]# vim /etc/named.conf
options {
        listen-on port 53 { 192.168.91.132; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
}

zone "91.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.91.zone";
};
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
  • 配置正向区域和反向区域 
    [root@slave1 etc]# cd /var/named/
[root@slave1 named]# cp named.localhost magedu.com.zone

[root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D )    ; minimum
        IN  NS  slave1
ns1  IN      A     192.168.91.132
web  IN      A     192.168.91.133

[root@slave1 named]# cp  magedu.com.zone  192.168.91.zone
[root@slave1 named]# vim 192.168.91.zone
$TTL 86400
$ORIGIN 91.168.192.in-addr.arpa.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1.magedu.com.
132  IN     PTR    ns1.magedu.com.
136  IN     PTR    web.magedu.com.
  • 检查语法错误 
    [root@slave1 named]# named-checkconf
[root@slave1 named]# named-checkzone magedu.com /var/named/magedu.com.zone
[root@slave1 named]# named-checkzone  91.168.192.in-addr.arpa /var/named/192.168.91.zone
  • 权限及属组修改 
    [root@slave1 named]# chown :named magedu.com.zone
[root@slave1 named]# chmod o=  magedu.com.zone
[root@slave1 named]# chown :named /var/named/192.168.91.zone
[root@slave1 named]# chmod o= /var/named/192.168.91.zone
  • 启动和验证 
    [root@slave1 named]# systemctl  reload  named.service 
[root@slave1 named]#  dig -t A web.magedu.com @192.168.91.132
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26812
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 00:46:48 2017
;; MSG SIZE  rcvd: 82

[root@slave1 named]# dig -x 192.168.91.136 @192.168.91.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -x 192.168.91.136 @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;136.91.168.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
136.91.168.192.in-addr.arpa. 86400 IN   PTR     web.magedu.com.

;; AUTHORITY SECTION:
91.168.192.in-addr.arpa. 86400  IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 0 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Mon Sep 11 01:20:59 2017
;; MSG SIZE  rcvd: 107

子域授权(cdn)

  • 在magedu.com域对应的服务器上执行 
    [root@slave1 named]# vim magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
ns1  IN         A     192.168.91.132
web  IN      A     192.168.91.133
cdn  IN   NS   ns1.cdn
ns1.cdn IN  A   192.168.91.134
  • 在cdn.magedu.com域对应的服务器上执行 
    [root@master etc]# vim named.conf
options {
        listen-on port 53 { 192.168.91.134; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
//      allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "cdn.magedu.com" IN {
        type master;
        file "cdn.magedu.com.zone"

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@master named]# cp named.localhost cdn.magedu.com.zone
[root@master named]# vim cdn.magedu.com.zone
$TTL 1D
$ORIGIN cdn.magedu.com.
@       IN SOA  @ dnsadmin.cdn.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        1D      ; expire
                                        2H)     ; minimum
        IN  NS  ns1
ns1  IN   A     192.168.91.134
www  IN   A     192.168.91.135

[root@master named]# named-checkconf  /etc/named.conf
[root@master named]# named-checkzone cdn.magedu.com  /var/named/cdn.magedu.com.zone

[root@master named]# chown :named cdn.magedu.com.zone
[root@master named]# chmod o= cdn.magedu.com.zone
  • 验证 
    [root@master named]# dig -t A wwws.cdn.magedu.com @192.168.91.134
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> -t A web.magedu.com @192.168.91.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51054
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;web.magedu.com.                        IN      A

;; ANSWER SECTION:
web.magedu.com.         86400   IN      A       192.168.91.133

;; AUTHORITY SECTION:
magedu.com.             86400   IN      NS      ns1.magedu.com.

;; ADDITIONAL SECTION:
ns1.magedu.com.         86400   IN      A       192.168.91.132

;; Query time: 1 msec
;; SERVER: 192.168.91.132#53(192.168.91.132)
;; WHEN: Sun Sep 10 03:55:14 2017
;; MSG SIZE  rcvd: 82

主从服务器(之前配置的两台中,授权子域cdn.magedu.com那台当做从服务器)

  • 配置从区域 
    [root@master etc]# vim named.conf
zone "magedu.com" IN {
        type slave;
        file "slaves/magedu.com.zone";
        masters {192.168.91.132;};
        allow-transfer  { none; };

};

[root@master etc]# named-checkconf
  • 修改主服务器配置 
    [root@slave1 named]# vim named.conf
zone "magedu.com" IN {
        type master;
        file "magedu.com.zone";
        allow-transfer { 192.168.91.134; };
};
[root@slave1 named]# vi magedu.com.zone
$TTL 86400
$ORIGIN magedu.com.
@       IN SOA  @ dnsadmin.magedu.com. (
                                        2017090901      ; serial
                                        1H      ; refresh
                                        10M     ; retry
                                        3D      ; expire
                                        1D)     ; minimum
        IN  NS  ns1
        IN  NS  ns2
ns1  IN         A     192.168.91.132
ns2  IN         A     192.168.91.134
web  IN      A     192.168.91.133
  • 主服务器重载配置文件 
    [root@slave1 named]#  systemctl reload named.service
  • 从服务器检查配置文件并重启服务 
    [root@master etc]# systemctl restart named.service
  • 服务启动后,会在/var/named/slaves/自动添加magedu.com.zone文件 
    [root@master slaves]# ls -l
total 4
-rw-r--r--. 1 named named 305 Sep 10 01:40 magedu.com.zone

本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/87282

(0)
N27_xiaoniN27_xiaoni
0
上一篇 2017-09-16 20:13
下一篇 2017-09-17 13:12

相关推荐

  • 【26期】Linux第六周学习小总结 Linux干货

    【26期】Linux第六周学习小总结

        时光匆匆,一周时光悠然而逝,带给我们的只有知识的充实,和每日强大的自信心,学习的日益深入,慢慢的然我们的思绪和状态带回高中时光,吃饭上课睡觉三点一线的生活,枯燥中透露出稍微的晨曦,让每个明天都充满着期待,那我们的本周的学习中磁盘管理算是占了很大的比重,毕竟关于磁盘的知识很是难理解,那我就把本周的知识回顾温习,同时分享给大家。 &n…

    2017-08-19

  • 软件包管理

      软件运行环境       API:Application Programming Interface         POSIX :Portable OS      码程序源代码 –>预处理 –> 译…

    Linux干货 2016-08-29

  • 常见RAID磁盘阵列组合简介

    常见RAID磁盘阵列组合简介    RAID,是Redundant Arrays of Inexpensive Disks的简写,磁盘阵列。现今的计算机世界,最值钱的是什么?软件、硬件?都不对,应该是承托在其之上的数据。对于我们来说,数据是无价的,硬件损坏了,可以重新购置。软件损坏了,也可以重新安装,但数据一旦丢失,就有可能再也找不回来了…

    Linux干货 2016-06-01

  • Linux 入门基础 及一些常见命令(上)

    计算机的组成及其各部分的功能 现代计算机的基本结构是由匈牙利-美国科学家冯· 诺依曼于1946年提出的。迄今为止所有进入实用的电子计算机  都是按冯· 诺依曼提出的结构体系和工作原理设计制造的,故又统称为“冯·诺依曼型计算机". 根据冯.诺依曼原理:计算机由运算器、控制器、存储器、输入设备、输出设备所组成. 运算器: 进行算术与逻辑运算.…

    Linux干货 2016-09-17

  • Linux上实现rsyslog+mysql+loganalyz进行日志收集

    在我们的运维工作中,常常会对系统上的日志进行收集,手动管理少量的几台服务器的日志收集没有太大难度,但是企业当中批量的管理成千上万台服务器的时候,这时候想一台台的收集日志未免太浪费时间了,这时候我们需要一个批量管理日志的系统来解决这一难题,今天我给大家带来的使用 1、syslog介绍       &n…

    Linux干货 2016-10-24

  • N22第二周作业

    1.Linux上文件管理类命令有哪些,其常用的使用方法及其相关示列演示。  常用文件管理类命令有:cp, mv ,rm. (1)cp:copy (2)mv:move (3) rm:remove   2、bash的工作特性之命令执行状态返回值和命令行展开所涉及的内容及其示例演示 3、请使用命令行展开功能来完成以下练习:   &nb…

    Linux干货 2016-08-22
电话咨询
在线咨询