Centos7 DNS 安装设置
[root@ns1 ~]# yum clean all; yum update –y # 清空yum缓存及更新系统
防火增允许53端口开放(TCP/UDP)和DNS服务通过
firewall-cmd --add-port=53/tcp
firewall-cmd --add-port=53/udp
firewall-cmd –permanent --add-service=dns
firewall-cmd –reload
内网IP 主DNS 10.0.0.5 辅助DNS 10.0.0.6 WWW 10.0.0.8 MAIL 10.0.0.8 FTP 10.0.0.8
外网IP 192.168.0.109(模拟全球固定IP)
主DNS主机ns1.ktxsz.local 辅助DNS 主机 ns2.ktxsz.local
[root@localhost ~]# hostnamectl set-hostname ns1.ktxsz.local
域名 ktxsz.local
设置网卡地址
[root@ns1 ~]# nmcli d
DEVICE TYPE STATE CONNECTION
eno16777736 ethernet connected eno16777736
lo loopback unmanaged --
# 设置 IPv4 地址 ⇒ nmcli *** [IP address]
[root@ns1 ~]# nmcli c modify eno16777736 ipv4.addresses 10.0.0.5/24
# 设置默认网关
[root@ns1 ~]# nmcli c modify eno16777736 ipv4.gateway 10.0.0.1
# 设置 DNS
[root@ns1 ~]# nmcli c modify eno16777736 ipv4.dns 10.0.0.1
#设置 DNS2
[root@ns1 ~]# nmcli c modify eno16777736 +ipv4.dns 10.0.0.2
#设置 DNS3
[root@ns1 ~]# nmcli c modify eno16777736 +ipv4.dns 8.8.8.8
# 设置成手动指定IP set manual for static setting (it's "auto" for DHCP)
[root@ns1 ~]# nmcli c modify eno16777736 ipv4.method manual
# restart the interface and reload the settings
[root@ns1 ~]# nmcli c down eno16777736; nmcli c up eno16777736
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# show settings
[root@ns1 ~]# nmcli d show eno16777736
GENERAL.DEVICE: eno16777736
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:CD:9C:2D
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eno16777736
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: ip = 10.0.0.5/24, gw = 10.0.0.1
IP4.DNS[1]: 10.0.0.1
IP6.ADDRESS[1]: ip = fe80::20c:29ff:fecd:9c2d/64, gw = ::
禁用IP6
[root@ns1 ~]# vi /etc/default/grub
# line 6: 添加 ipv6.disable=1
GRUB_CMDLINE_LINUX="ipv6.disable=1 rd.lvm.lv=fedora-server/root.....
# apply changing
[root@ns1 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@ns1~]# reboot
如更改网卡名 eno16777736 => ethX(如eth0)
[root@ns1 ~]# vi /etc/default/grub
# line 6: 添加 net.ifnames=0
GRUB_CMDLINE_LINUX="net.ifnames=0 rd.lvm.lv=fedora/swap rd.md=0.....
# apply changing
[root@ns1 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@ns1 ~]# reboot
1 安装 BIND
[root@ns1 ~]# yum -y install bind bind-utils
2 BIND设置
[root@ns1 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
# comment out ( listen all interfaces on the server )
#listen-on port 53 { 127.0.0.1; }; # 注释,监听任何主机。(此处可监听本机端口,也可任何主机(any),也可指定主机ip)
# change ( if not use IPv6 )
#listen-on-v6 port 53 { ::1; }; # 注释,不启用IP6 NDS 功能
listen-on-v6 { none; }; # 不使用IP6任何端口
directory "/var/named"; # 配置(zone)文件存放位置
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
# query range ( set internal server and so on )
allow-query { localhost; 10.0.0.0/24; }; # 配置允许管理本DNS IP,也可一个网段:
# transfer range ( set it if you have secondary DNS )
allow-transfer { localhost; 10.0.0.0/24; }; # 配置转让范围,也就辅助DNS。(可以是一个网段,也可以是辅助DNS的IP地址):
forwarders { 8.8.8.8; 192.168.0.235; 202.101.172.35; }; # 配置转发DNS地址,对于非本地权威域的请求转发到:
Recursion no; # (注释,no 不递归查询,只查询本域名; yes 递归查询,首次配置时要开启)
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
# change all from here
view "internal" {
match-clients {
localhost;
10.0.0.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ktxsz.local" IN {
type master;
file "ktxsz.local.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.db";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
view "external" {
match-clients { any; };
allow-query { any; };
recursion no;
zone "ktxsz.local" IN {
type master;
file "ktxsz.local.wan";
allow-update { none; };
};
zone "109.0.168.192.in-addr.arpa" IN {
type master;
file "109.0.168.192.db";
allow-update { none; };
};
};
# allow-query ⇒ query range you permit
# allow-transfer ⇒ the range you permit to transfer zone info
# recursion ⇒ allow or not to search recursively
# view "internal" { *** }; ⇒ write for internal definition
# view "external" { *** }; ⇒ write for external definition
# For How to write for reverse resolving, Write network address reversely like below.
# 10.0.0.0/24
# network address ⇒ 10.0.0.0
# range of network ⇒ 10.0.0.0 - 10.0.0.255
# how to write ⇒ 0.0.10.in-addr.arpa
# 172.16.0.80/29
# network address ⇒ 172.16.0.80
# range of network ⇒ 172.16.0.80 - 172.16.0.87
# how to write ⇒ 80.0.16.172.in-addr.arpa
# 实际设置配置
# 192.168.0.109/24
# network address ⇒ 192.168.0.109
# range of network ⇒ 192.168.0.2 - 192.168.0.255
# how to write ⇒ 109.0.168.192.in-addr.arpa
3 设置正反解释文件
正向解释
内网
[root@ns1 ~]# vi /var/named/ktxsz.local.lan
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; seriall
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum TTL
)
IN NS ns1.ktxsz.local. # 定义主域名服务器
IN NS ns2.ktxsz.local. # 定义辅助域名服务器
IN A 10.0.0.5 # 域名服务器的内部IP地址
IN MX 10 mail.ktxsz.local. # 定义邮件服务器交换器(mail.ktxsz.local是ktxsz.local邮件交换器),服务器优先级别10 ,值越小越优先;0>1
IN MX 20 ns2.ktxsz.local. # 优先级别根数字大小无关,数值大小决定先从那个邮件交换器交换
ns1 IN A 10.0.0.5 # 定义主机名指向IP地址
ns2 IN A 10.0.0.6
www IN A 10.0.0.8
ftp IN A 10.0.0.8
mail IN A 10.0.0.8
smtp IN CNAME mail.ktxsz.local.# 设置别名指向
pop3 IN CNAME mail.ktxsz.local.
外网
[root@ns1 ~]# vi /var/named/ktxsz.local.wan
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; serial
3600 ; refressh
1800 ; retry
604800 ; expire
86400 ; minimum TTL
)
IN NS ns1.ktxsz.local. # 定义主域名服务器
IN NS ns2.ktxsz.local. # 定义辅助域名服务器
IN A 192.168.0.109 # 域名服务器的外部IP地址
IN MX 10 mail.ktxsz.local. # 定义邮件服务器交换器(mail.ktxsz.local是ktxsz.local邮件交换器),服务器优先级别10 ,值越小越优先;0>1
IN MX 20 ns1.ktxsz.local. # 优先级别根数字大小无关,数值大小决定先从那个邮件交换器交换;交换器也可以用ISP服务商邮件交换器
ns1 IN A 192.168.0.109 # 定义主机名指向IP地址
ns2 IN A 192.168.0.118
www IN A 192.168.0.109
ftp IN A 192.168.0.109
mail IN A 192.168.0.109
smtp IN CNAME mail.ktxsz.local.# 设置别名指向
pop3 IN CNAME mail.ktxsz.local.
反向解释
内网
[root@ns1 ~]# vi /var/named/0.0.10.db
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum TTL
)
IN NS ns1.ktxsz.local. # 定义主域名服务器
IN NS ns2.ktxsz.local. # 定义辅助域名服务器
IN PTR ktxsz.local. # 定义这个域名是在的范围
IN A 255.255.255.0
5 IN PTR ns1.ktxsz.local. #定义IP地址(IP地址只能最后一组数据,不能以10.0.0.5这种形式出现)指向主机名
8 IN PTR www.ktxsz.local.
8 IN PTR mail.ktxsz.local.
8 IN PTR ftp.ktxsz.local.
外网
[root@ns1 ~]# vi /var/named/109.0.168.192.db
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; serial
3600 ; refresh
1800 ; retry
604800 ; exprie
86400 ; minimum TTL
)
IN NS ns1.ktxsz.local. # 定义主域名服务器
IN NS ns2.ktxsz.local. # 定义辅助域名服务器
IN PTR ktxsz.local.
IN A 255.255.255.0
109 IN PTR ns1.ktxsz.local. # 定义IP地址(IP地址只能最后一组数据)指向主机名
109 IN PTR www.ktxsz.local.
109 IN PTR mail.ktxsz.local.
109 IN PTR ftp.ktxsz.local.
4 启动BIND
[root@ns1 ~]# systemctl start named
[root@ns1 ~]# systemctl enable named
5 设置网卡DNS
[root@ns1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
i
DNS1=10.0.0.5
[root@ns1 ~]# systemctl restart network
dyd
6 确保服务器可以解析的域名或IP地址。
[root@ns1 ~]# dig ns1.ktxsz.local
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.3 <<>> ns1.ktxsz.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25411
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.ktxsz.local. IN A
;; ANSWER SECTION:
ns1.ktxsz.local. 86400 IN A 10.0.0.5
;; AUTHORITY SECTION:
ktxsz.local. 86400 IN NS ns1.ktxsz.local.
;; Query time: 2 msec
;; SERVER: 10.0.0.5#53(10.0.0.5)
;; WHEN: Sun Aug 09 01:33:37 CST 2015
;; MSG SIZE rcvd: 74
[root@ns1 ~]# dig -x 10.0.0.5
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.3 <<>> -x 10.0.0.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6177
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
5.0.0.10.in-addr.arpa. 86400 IN PTR ns1.ktxsz.local.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.ktxsz.local.
;; ADDITIONAL SECTION:
ns1.ktxsz.local. 86400 IN A 10.0.0.5
;; Query time: 0 msec
;; SERVER: 10.0.0.5#53(10.0.0.5)
;; WHEN: Sun Aug 09 02:10:49 CST 2015
;; MSG SIZE rcvd: 109
[root@ns1 ~]# dig -x 10.0.0.8
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.3 <<>> -x 10.0.0.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17499
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
8.0.0.10.in-addr.arpa. 86400 IN PTR www.ktxsz.local.
8.0.0.10.in-addr.arpa. 86400 IN PTR ftp.ktxsz.local.
8.0.0.10.in-addr.arpa. 86400 IN PTR mail.ktxsz.local.
;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 86400 IN NS ns1.ktxsz.local.
;; ADDITIONAL SECTION:
ns1.ktxsz.local. 86400 IN A 10.0.0.5
;; Query time: 0 msec
;; SERVER: 10.0.0.5#53(10.0.0.5)
;; WHEN: Sun Aug 09 02:11:34 CST 2015
;; MSG SIZE rcvd: 150
7 启用CHROOT环境
Configute chroot环境
[root@ns1 ~]# yum -y install bind-chroot
[root@ns1 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on #如果更改/var/named/中的配置文件,需要重新执行此命令,新的功能才会在chroot中生效
[root@ns1 ~]# systemctl stop named
[root@ns1 ~]# systemctl disable named
rm '/etc/systemd/system/multi-user.target.wants/named.service'
[root@ns1 ~]# systemctl start named-chroot
[root@ns1 ~]# systemctl enable named-chroot
ln -s '/usr/lib/systemd/system/named-chroot.service' '/etc/systemd/system/multi-user.target.wants/named-chroot.service'
[root@ns1 ~]# ll /var/named/chroot/etc
total 24
-rw-r--r--. 1 named named 388 Aug 6 17:28 localtime
drwxr-x---. 2 named named 6 Jul 29 09:05 named
-rw-r-----. 1 named named 2447 Aug 7 18:25 named.conf
-rw-r--r--. 1 named named 2389 Jul 29 09:05 named.iscdlv.key
-rw-r-----. 1 named named 931 Jun 21 2007 named.rfc1912.zones
-rw-r--r--. 1 named named 487 Jul 19 2010 named.root.key
drwxr-x---. 3 named named 24 Aug 6 17:28 pki
-rw-r-----. 1 named named 77 Aug 6 00:43 rndc.key
[root@ns1 ~]# ll /var/named/chroot/var/named
total 36
-rw-r--r--. 1 named named 421 Aug 9 02:04 0.0.10.db
-rw-r--r--. 1 named named 440 Aug 9 02:06 109.0.168.192.db
drwxr-x---. 7 named named 56 Aug 6 17:28 chroot
drwxrwx---. 2 named named 22 Aug 6 17:24 data
drwxrwx---. 2 named named 4096 Aug 9 01:43 dynamic
-rw-r--r--. 1 named named 395 Aug 7 23:30 ktxsz.local.lan
-rw-r--r--. 1 named named 480 Aug 7 23:33 ktxsz.local.wan
-rw-r-----. 1 named named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 named named 152 Dec 15 2009 named.empty
-rw-r-----. 1 named named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 named named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jul 29 09:05 slaves
8 辅DNS ns2.ktxsz.local. 未测试 主机 ns2.ktxsz.local 内网IP 10.0.0.6
先从主DNS设置中增加如下内容
[root@ns1 ~]# vi /etc/named.conf
# 添加辅DNS服务器的IP地址 10.0.0.6
allow-transfer { localhost; 10.0.0.6; };
[root@ns1 ~]# vi /var/named/ktxsz.local.lan #(如果内网辅DNS就更改内网正向解释设置,反之更改外网正向设置)
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; seriall
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum TTL
)
# 定义域名服务器
IN NS ns1.ktxsz.local.
# 添加辅DNS信息
IN NS ns2.ktxsz.local.
# 域名服务器的内部IP地址
IN A 10.0.0.5
# 定义邮件交换器
IN MX 10 mail.ktxsz.local.
# 定义IP地址和主机名
ns1 IN A 10.0.0.5
ns2 IN A 10.0.0.6
www IN A 10.0.0.8
ftp IN A 10.0.0.8
mail IN A 10.0.0.8
[root@ns1 ~]# systemctl restart named
辅DNS设置
[root@ns2 ~]# vi /etc/named.conf
# add lines like below
zone "ktxsz.local" IN {
type slave;
masters { 10.0.0.5; };
file "slaves/ktxsz.local.lan";
notify no;
};
[root@ns2 ~]# systemctl restart named
[root@ns2 ~]# ls /var/named/slaves
ktxsz.local.lan #从主服务器区域文件已经被转移刚
8 设置CNAME (别名) 未测试
[root@ns1 ~]# vi /var/named/ktxsz.local.lan
$TTL 86400
@ IN SOA ns1.ktxsz.local. root.ktxsz.local. (
0 ; seriall
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum TTL
)
# 定义域名服务器
IN NS ns1.ktxsz.local.
# 域名服务器的内部IP地址
IN A 10.0.0.5
# 定义邮件交换器
IN MX 10 mail.ktxsz.local.
# 定义IP地址和主机名
ns1 IN A 10.0.0.5
www IN A 10.0.0.8
ftp IN A 10.0.0.8
mail IN A 10.0.0.8
# 设置CNAME
ftp IN CNAME we.ktxsz.local.
[root@ns1 ~]# systemctl restart named
[root@ns1 ~]# dig ftp.ktxsz.local.
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> ftp.ktxsz.local.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64374
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.ktxsz.local. IN A
;; ANSWER SECTION:
ftp.ktxsz.local. 86400 IN CNAME we.ktxsz.local.
we.ktxsz.local. 86400 IN A 10.0.0.8
;; AUTHORITY SECTION:
ktxsz.local. 86400 IN NS we.ktxsz.local.
;; Query time: 1 msec
;; SERVER: 10.0.0.5#53(10.0.0.30)
;; WHEN: Thu Jul 10 14:54:56 JST 2014
;; MSG SIZE rcvd: 93