centos7部署DNS-1
文章索引:
一、服务相关介绍
二、实验:搭建正向主DNS服务器
三、实验:搭建反向解析服务器
四、实验:泛域名解析,如wwww.baidu.com也可以正常访问
环境
服务器 节点名称 IP地址
dns node5 192.168.216.198
web1 web1 192.168.216.199
web2 web2 192.168.216.202
一、服务相关介绍
DNS服务,程序包名bind,程序名named
1、程序包:
bind:提供dns server程序,以及几个常用的测试程序;
bind-libs:被bind和bind-utils包中的程序共同用到的库文件;
bind-utils:bind程序端程序集,提供了,dig,host,nslookup等相关工具;
bind-chroot:选装,提供了一种安全机制;通常公司内部使用不需要安装;
2、bind
服务脚本:/etc/rc.d/init.d/named
主配置文件:/etc/named.conf,/etc/named.rfc1912.zones,/etc/rndc.key(远程管理,其实只在本地)
解析库文件:/var/named/ZONE_NAME.ZONE
注意:
1)一台物理服务器可同时为多个区域提供解析;
2)必须有根区域文件;named.ca
3)应该有两个(不包括ipv6)实现localhost和本地回环地址的解析库;
正向:named.localhost
反向:named.loopback
rndc命令:remote name domain controller,默认与bind安装在同一个主机,且只能通过127.0.0.1来俩姐named进程;提供辅助性的管理功能;端口953/tcp
二、开始搭建正向主DNS服务器
1、安装yum install bind -y
node5
yum install bind -y
Installed:
bind.x86_64 :9.9.-.el7_5. Dependency Updated:
bind-libs.x86_64 :9.9.-.el7_5. bind-libs-lite.x86_64 :9.9.-.el7_5.
bind-license.noarch :9.9.-.el7_5. bind-utils.x86_64 :9.9.-.el7_5.
cat /var/named/named.ca 看一下全球的13各根节点
[root@node5 ~]# cat /var/named/named.ca
; <<>> DiG 9.9.-RedHat-9.9.-.el7_3. <<>> +bufsize= +norec @a.root-servers.net
; ( servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;. IN NS ;; ANSWER SECTION:
. IN NS a.root-servers.net.
. IN NS b.root-servers.net.
. IN NS c.root-servers.net.
. IN NS d.root-servers.net.
. IN NS e.root-servers.net.
. IN NS f.root-servers.net.
. IN NS g.root-servers.net.
. IN NS h.root-servers.net.
. IN NS i.root-servers.net.
. IN NS j.root-servers.net.
. IN NS k.root-servers.net.
. IN NS l.root-servers.net.
. IN NS m.root-servers.net. ;; ADDITIONAL SECTION:
a.root-servers.net. IN A 198.41.0.4
a.root-servers.net. IN AAAA ::ba3e:::
b.root-servers.net. IN A 192.228.79.201
b.root-servers.net. IN AAAA ::::b
c.root-servers.net. IN A 192.33.4.12
c.root-servers.net. IN AAAA ::::c
d.root-servers.net. IN A 199.7.91.13
d.root-servers.net. IN AAAA ::2d::d
e.root-servers.net. IN A 192.203.230.10
e.root-servers.net. IN AAAA ::a8::e
f.root-servers.net. IN A 192.5.5.241
f.root-servers.net. IN AAAA ::2f::f
g.root-servers.net. IN A 192.112.36.4
g.root-servers.net. IN AAAA ::::d0d
h.root-servers.net. IN A 198.97.190.53
h.root-servers.net. IN AAAA ::::
i.root-servers.net. IN A 192.36.148.17
i.root-servers.net. IN AAAA :7fe::
j.root-servers.net. IN A 192.58.128.30
j.root-servers.net. IN AAAA ::c27:::
k.root-servers.net. IN A 193.0.14.129
k.root-servers.net. IN AAAA :7fd::
l.root-servers.net. IN A 199.7.83.42
l.root-servers.net. IN AAAA ::9f::
m.root-servers.net. IN A 202.12.27.33
m.root-servers.net. IN AAAA :dc3:: ;; Query time: msec
;; SERVER: 198.41.0.4#(198.41.0.4)
;; WHEN: Po kv臎 :: CEST
;; MSG SIZE rcvd: [root@node5 ~]#
查看一下监听端口是否监听
[root@node5 ~]# ss -tunlop |grep
udp UNCONN *: *:* users:(("avahi-daemon",pid=,fd=))
udp UNCONN 192.168.122.1: *:* users:(("dnsmasq",pid=,fd=))
tcp LISTEN 192.168.122.1: *:* users:(("dnsmasq",pid=,fd=))
2、修改主配置文件:
全局配置:options{}
日志子系统配置:logging{}
区域定义:本机能够为哪些zone进行解析,就要定义哪些zone;
zone "ZONE_NAME" IN {}
注意:任何服务程序如果期望其能够通过网络被其他主机访问,至少应该监听在一个能与外部主机通信的IP地址上;
备份配置文件
cp -v /etc/named.conf {,.bak}
编辑vim /etc/named.conf
[root@node5 ~]# vim /etc/named.conf //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options {
15 listen-on port 53 {192.168.216.198; 127.0.0.1; }; #添加本机地址,这里也可以any;
16 //listen-on-v6 port 53 { ::1; }; #注释v6;
directory "/var/named"; #定义区域配置文件路径;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; #允许所有人;
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; dnssec-enable yes; #学习过程可以关掉改成no
dnssec-validation yes; #可以先关掉,也是改成no
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
}; logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
}; zone "." IN {
type hint;
file "named.ca";
}; include "/etc/named.rfc1912.zones"; #这个文件定义区域配置文件
include "/etc/named.root.key"; ~
~
~
~
"/etc/named.conf" 59L, 1723C written
重启服务查看监听端口的变化
[root@node5 ~]# systemctl restart named
[root@node5 ~]# ss -tunlp |grep
udp UNCONN *: *:* users:(("avahi-daemon",pid=,fd=))
udp UNCONN 192.168.216.198: *:* users:(("named",pid=,fd=),("named",pid=,fd=),("named",pid=,fd=),("named",pid=,fd=))
udp UNCONN 127.0.0.1: *:* users:(("named",pid=,fd=),("named",pid=,fd=),("named",pid=,fd=),("named",pid=,fd=))
udp UNCONN 192.168.122.1: *:* users:(("dnsmasq",pid=,fd=))
tcp LISTEN 192.168.216.198: *:* users:(("named",pid=,fd=))
tcp LISTEN 127.0.0.1: *:* users:(("named",pid=,fd=))
tcp LISTEN 192.168.122.1: *:* users:(("dnsmasq",pid=,fd=))
tcp LISTEN 127.0.0.1: *:* users:(("named",pid=,fd=))
tcp LISTEN ::: :::* users:(("named",pid=,fd=))
[root@node5 ~]#
3、修改区域解析文件
[root@node5 ~]# vim /etc/named.rfc1912.zones zone "www.web1.com"
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
}; zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
}; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
45 zone "zhangxingeng.com" IN {
46 type master;
47 file "zhangxingeng.com.zone";
48 };
4、创建区域解析数据库文件(也就是正向解析)
vim /var/named/zhangxingeng.com.zone
[root@node5 named]# cat /var/named/zhangxingeng.com.zone
$TTL
$ORIGIN zhangxingeng.com.
@ IN SOA dns1.zhangxingeng.com. admin.zhangxingeng.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
zhangxingeng.com. IN NS dns1
IN MX mail
web1 IN A 192.168.216.199.
dns1 IN A 192.168.216.198.
mail IN A 192.168.216.199.
www IN CNAME web1
5、web1当作客户端ip-199
安装nginx
yum install nginx -y
echo welcome to web1 >/usr/share/nginx/html/index.html
systemctl start nginx
systemctl enable nginx
ss -tunlp |grep 80
web1的web服务器已经搭建好
更改dns
1 [root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
2 TYPE="Ethernet"
3 BOOTPROTO="dhcp"
4 DEFROUTE="yes"
5 PEERDNS="yes"
6 PEERROUTES="yes"
7 IPV4_FAILURE_FATAL="no"
8 IPV6INIT="yes"
9 IPV6_AUTOCONF="yes"
10 IPV6_DEFROUTE="yes"
11 IPV6_PEERDNS="yes"
12 IPV6_PEERROUTES="yes"
13 IPV6_FAILURE_FATAL="no"
14 IPV6_ADDR_GEN_MODE="stable-privacy"
15 NAME="ens33"
16 UUID="4f788080-131a-4f10-85a8-179b4f14ab48"
17 DEVICE="ens33"
18 ONBOOT="yes"
19 DNS1=192.168.216.198
20 [root@web1 ~]#
6、语法检查
named-checkconf 主配置文件语法
named-checkzone "zhangxingeng.com" /var/named/zhangxingeng.com.zone 解析库文件语法检查
7、重启服务
sytemctl reload named或rndc reload
8、node5(dns服务器)安装nginx,http服务器
yum -y install nginx
echo welcome to web1 >/usr/share/nginx/html/index.html
systemctl start nginx
systemctl enable nginx
9、web1测试
用dig命令测试
格式
dig [-t RR_TYPE] name [@server] [query options]
查询
+[no]trace:跟踪解析过程;
+[no]recurse:进行递归解析;
反向解析
dig -x IPADDR
默认完全区域传输
dig -t axfr DOMAIN [@server]
比如:
查询baidu.com的NS记录
dig -t NS baidu.com
跟踪解析www.baidu.com的过程
dig +trace www.baidu.com
解析www.baidu.com的A记录
dig -t A www.baidu.com
1 root@web1 ~]# dig -t A dns1.zhangxingeng.com @192.168.216.198 ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> -t A dns1.zhangxingeng.com @192.168.216.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;dns1.zhangxingeng.com. IN A ;; ANSWER SECTION:
dns1.zhangxingeng.com. IN A 192.168.216.198 ;; AUTHORITY SECTION:
zhangxingeng.com. IN NS dns1.zhangxingeng.com. ;; Query time: msec
;; SERVER: 192.168.216.198#(192.168.216.198)
;; WHEN: Thu Nov :: CST
;; MSG SIZE rcvd:
1 [root@web1 ~]# dig -t CNAME dns1.zhangxingeng.com @192.168.216.198 ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> -t CNAME dns1.zhangxingeng.com @192.168.216.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;dns1.zhangxingeng.com. IN CNAME ;; AUTHORITY SECTION:
zhangxingeng.com. IN SOA dns1.zhangxingeng.com. admin.zhangxingeng.com. ;; Query time: msec
;; SERVER: 192.168.216.198#(192.168.216.198)
;; WHEN: Thu Nov :: CST
;; MSG SIZE rcvd: [root@web1 ~]# curl www.zhangxingeng.com
welcome to web1
[root@web1 ~]#
1 [root@web1 ~]# dig -t NS dns1.zhangxingeng.com @192.168.216.198 ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> -t NS dns1.zhangxingeng.com @192.168.216.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;dns1.zhangxingeng.com. IN NS ;; AUTHORITY SECTION:
zhangxingeng.com. IN SOA dns1.zhangxingeng.com. admin.zhangxingeng.com. ;; Query time: msec
;; SERVER: 192.168.216.198#(192.168.216.198)
;; WHEN: Thu Nov :: CST
;; MSG SIZE rcvd:
访问一下dns服务器部署的http服务
[root@web1 ~]# curl dns1.zhangxingeng.com
welcome to dns1
[root@web1 ~]#
三、开始搭建反向解析
1、定义区域文件
~
[root@node5 named]# vim /etc/named.rfc1912.zones // named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
}; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
}; zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "zhangxingeng.com" IN {
type master;
file "zhangxingeng.com.zone";
};
zone "216.168.192.in-addr.arpa" IN {
49 type master;
50 file "192.168.216.zone";
51 };
2、定义区域解析库
cd /var/named/
[root@node5 named]# cat 192.168..zone
$TTL
$ORIGIN 216.168..in-addr.arpa.
@ IN SOA zhangxingeng.com. admin.zhangxingeng.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS web1.zhangxingeng.com.
IN NS dns1.zhangxingeng.com.
IN PTR web1.zhangxingeng.com.
IN PTR dns1.zhangxingeng.com.
IN PTR mail.zhangxingeng.com.
IN PTR www.zhangxingeng.com.
3、语法测试
[root@node5 named]# named-checkconf
[root@node5 named]# named-checkzone zhangxingeng.com. zhangxingeng.com.zone
zone zhangxingeng.com/IN: zhangxingeng.com/MX 'mail.zhangxigneng.com' (out of zone) has no addresses records (A or AAAA)
zone zhangxingeng.com/IN: loaded serial
OK
[root@node5 named]# named-checkzone 216.168..in-addr.arpa. 192.168..zone
zone 216.168..in-addr.arpa/IN: loaded serial
OK
[root@node5 named]#
4、重启主服务器配置
rndc reload
systemctl status named.service
5、测试
命令dig -x ipaddr
web1上测试
1 [root@web1 ~]# dig -x 192.168.216.198 ; <<>> DiG 9.9.-RedHat-9.9.-.el7 <<>> -x 192.168.216.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;198.216.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION:
198.216.168.192.in-addr.arpa. IN PTR dns1.zhangxingeng.com. ;; AUTHORITY SECTION:
18 216.168.192.in-addr.arpa. 3600 IN NS dns1.zhangxingeng.com.
19 216.168.192.in-addr.arpa. 3600 IN NS web1.zhangxingeng.com. ;; ADDITIONAL SECTION:
22 web1.zhangxingeng.com. 86400 IN A 192.168.216.199
23 dns1.zhangxingeng.com. 86400 IN A 192.168.216.198 ;; Query time: msec
;; SERVER: 192.168.216.198#(192.168.216.198)
;; WHEN: Wed Nov :: CST
;; MSG SIZE rcvd: [root@web1 ~]#
能够解析出web1和dns1
四、泛域名解析,提高访问的感受
即使将主机名写错,也能正常访问
1、修改区域解析库,添加一条A记录即可
[root@node5 named]# vim /var/named/zhangxingeng.com.zone $TTL
$ORIGIN zhangxingeng.com.
@ IN SOA dns1.zhangxingeng.com. admin.zhangxingeng.com. (
; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
zhangxingeng.com. IN NS dns1
IN MX mail
web1 IN A 192.168.216.199.
dns1 IN A 192.168.216.198.
mail IN A 192.168.216.199.
www IN CNAME web1
17 * IN A 192.168.216.199.
2、简单测试一下
1 [root@node5 named]# curl web11.zhangxingeng.com
welcome to web1
[root@node5 named]#
待续。。。
转载请注明出处:https://www.cnblogs.com/zhangxingeng/p/9983944.html
centos7部署DNS-1的更多相关文章
- centos7 部署dns服务器
=============================================== 2017/12/6_第2次修改 ccb_warlock 20 ...
- CentOS7系统DNS主从配置
CentOS7系统DNS主从配置:一.DNS服务器正向解析:1.1 基础环境:主机IP 主机名 操作系统 用途192.168.0.110 master ...
- [原]CentOS7部署osm2pgsql
转载请注明原作者(think8848)和出处(http://think8848.cnblogs.com) 部署Postgresql和部署PostGis请参考前两篇文章 本文主要参考GitHub上osm ...
- centos7 部署ssserver
centos7 部署shadowsocks服务端 为什么要选centos7? 以后centos7 肯定是主流,在不重要的环境还是尽量使用新系统吧 centos7 的坑 默认可能会有firewall 或 ...
- CentOS7系统安装DNS服务
CentOS7系统安装DNS服务 30.1.DNS是什么? DNS ( Domain Name System )是"域名系统"的英文缩写,简单来说就是一个数据库,用于存储网络中IP ...
- Linux 自动化部署DNS服务器
Linux 自动化部署DNS服务器 1.首先配置主DNS服务器的IP地址,DNS地址一个写主dns的IP地址,一个写从dns的地址,这里也可以不写,在测试的时候在/etc/resolv.conf中添加 ...
- linux系统下部署DNS正向解析
DNS服务概述: DNS(Domain Name System)域名系统,能够提供域名与IP地址的解析服务. 正向解析 正向解析是指域名到IP 地址的解析过程. 部署DNS正向解析 DNS服务的三个配 ...
- centos7 部署 docker compose
=============================================== 2019/4/10_第1次修改 ccb_warlock == ...
- centos7 部署 docker ce
=============================================== 2019/4/9_第1次修改 ccb_warlock === ...
- centos7 部署 open-falcon 0.2.0
=============================================== 2019/4/29_第3次修改 ccb_warlock 更新 ...
随机推荐
- SVN服务端和客户端的安装与搭建
版权声明:本文为博主原创文章,转载请注明原文出处. https://blog.csdn.net/zzfenglin/article/details/50931462 SVN简介 SVN全名Subver ...
- 基于ajax提交数据
昨日回顾: 1 inclusion_tag -干什么用的?生成html的片段(动态,传参数,传数据) -app下新建一个模块,templatetags -创建一个py文件(mytag.py) -fro ...
- STM32CubeMX的串口配置,以及驱动代码
1.STM32CubeMX的配置没啥子好说的,使能然后改一下波特率和字长,然后在将中断勾选,把中断等级调到1(一定要比systick的优先级垃圾!!!) 2.驱动代码 在生成的it.c文件中,例如用的 ...
- noip第30课资料
- 反射 XML和JSON
反射: 反射概念:在运行状态中,对于任意一个类都能知道这个类的所有方法和属性:对于任意一个对象,都能调用它的任意一个方法和属性,这种动态获取信息以及动态调用对象的方法的功能称为反射机制.java反射相 ...
- 30.Iterator
迭代对于我们搞Java的来说绝对不陌生.我们常常使用JDK提供的迭代接口进行Java集合的迭代. Iterator iterator = list.iterator(); while(iterator ...
- ZOJ1994有源汇上下界可行流
http://fastvj.rainng.com/contest/236779#problem/G Description: n 行 m 列 给你行和 与 列和 然后有Q个限制,表示特定单元格元素大小 ...
- c#项目减少源代码大小
这次的代码缩减主要通过了这几个方面 1.bin和obj文件的删除(以前真的不知道,只是通过右键属性发现这些文件太大,然后上网搜索才知道,这些文件在源代码备份的时候是建议删掉的) 删掉的好处: 1.减少 ...
- 133. leetcode-Clone Graph
拷贝图,可以一边遍历一边拷贝 DFS class Solution { public: Node* cloneGraph(Node* node) { unordered_map<int, Nod ...
- PMP:9.项目资源管理
项目资源管理包括识别.获取和管理所需资源以成功完成项目的各个过程,这些过程有助于确保项目经理和项目团队在正确的时间和地点使用正确的资源. 项目资源管理过程包括: 团队资源管理相对于实物资源管理,对 ...