1.要求:
要保证即能够解析内网域名bigcloud.local的解析,又能解析互联网的域名。
主DNS服务器:ZZSRV1.BIGCLOUD.LOCAL
辅助DNS服务器:ZZSRV2.BIGCLOUD.LOCAL
包含以下域的信息:
1、bigcloud.local域的信息:
FQDN | IP地址 | 备注 |
zzsrv1.bigcloud.local | 192.168.188.11 | DNS服务器 |
zzsrv2.bigcloud.local | 192.168.188.12 | DNS服务器 |
ftp.bigcloud.local | 192.168.188.11 | |
mailsrv1.bigcloud.local | 192.168.188.22 | |
smtp.bigcloud.local | 192.168.188.22 | |
pop3.bigcloud.local | 192.168.188.22 | |
www.bigcloud.local | 192.168.188.11 | |
crm.bigcloud.local | 192.168.188.11 |
smtp及pop3需要使用CNAME来进行解析。同时,需要实现反向地址解析。
2、192.168.188.0/24、192.168.189.0/24反向解析域
实现到202.102.224.68、202.102.227.68的DNS转发。
防止非授权用户的DNS记录的枚举(防止出现类似上海烟草公司的安全隐患)。仅允许管理员在192.168.188.10上进行操作。
2.实验步骤:
2.1 安装bind包
# yum -y install bind
# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
2.2 配置bind
# cd /etc
# cp named.conf named.conf.origin(修改之前先备份)
修改配置文件
# vi /etc/named.conf
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };
allow-query { any; };
// dnssec-enable yes;
dnssec-enable no;
// dnssec-validation yes;
dnssec-validation no;
dnssec-lookaside auto;
添加转发器和允许传送的地址
forwarders { 202.102.224.68; 202.102.227.68; };
allow-transfer { 192.168.188.11;192.168.188.12; 192.168.188.10; };
}
修改完后重启服务(可能会很慢)
# systemctl start named.service
查看状态,增加一个zone
# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
使用nslookup解析域名
# nslookup
-bash: nslookup: command not found
命令找不到,原因是没有安装bind-utils包
# yum -y install bind-utils
# netstat -an |grep :53
tcp 0 0 192.168.188.11:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
udp 0 0 192.168.188.11:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
设置DNS为自动启动
# systemctl enable named.service
检查是否设置成功
# systemctl is-enabled named.service
enabled
2.3 主DNS配置
2.3.1创建正向zone
# vi /etc/named.conf
在配置文件后面添加如下信息:
zone "bigcloud.local" IN {
type master;
file "bigcloud.local.zone";
};
# cd /var/named
使用空白模板创建新的zone
# cp named.empty bigcloud.local.zone
# vi bigcloud.local.zone
$TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS zzsrv1.bigcloud.local. zzsrv1 A 192.168.188.11 ftp A 192.168.188.11 mailsrv1 A 192.168.188.22 smtp CNAME mailsrv1.bigcloud.local. pop3 CNAME mailsrv1.bigcloud.local. www A 192.168.188.11 crm A 192.168.188.11 |
# ll
-rw-r----- 1 root root 394 Aug 20 04:05 bigcloud.local.zone
更改配置文件的属主和属组
# chown named:named /var/named/bigcloud.local.zone
# ll
-rw-r----- 1 named named 394 Aug 20 04:05 bigcloud.local.zone
修改之后重启服务
# systemctl restart named
查看状态,又增加了一个zone
# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
验证正向解析:
# nslookup
> www.bigcloud.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: www.bigcloud.local
Address: 192.168.188.11
> ftp.bigcloud.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: ftp.bigcloud.local
Address: 192.168.188.11
2.3.2创建反向zone
# vi /etc/named.conf(在配置文件后添加如下信息)
zone "188.168.192.in-addr.arpa"IN {
type master;
file "192.168.188.zone";
};
zone "189.168.192.in-addr.arpa"IN {
type master;
file "192.168.189.zone";
};
# cp bigcloud.local.zone 192.168.188.zone
#cp bigcloud.local.zone 192.168.189.zone
# vi 192.168.188.zone
# vi 192.168.189.zone
$TTL 3H
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zzsrv1.bigcloud.local.
1 PTR 360.bigcloud.local.
2 PTR guge.bigcloud.local.
3 PTR baidu.bigcloud.local.
4 PTR wanyi.bigcloud.local.
# ll
-rw-r----- 1 root root 298 Aug 20 04:20 192.168.188.zone
-rw-r----- 1 root root 394 Aug 20 04:20 192.168.189.zone
-rw-r----- 1 named named 394 Aug 20 04:05 bigcloud.local.zone
更改2个区域文件的属组和属主
# chown named:named 192.168.188.zone
# chown named:named 192.168.189.zone
# ll
-rw-r----- 1 named named 298 Aug 20 04:20192.168.188.zone
-rw-r----- 1 named named 303 Aug 20 04:21192.168.189.zone
重启服务
# systemctl restart named
查看区域状态,又增加了2个zone
#rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
验证反向查找
# nslookup 192.168.188.1
Server: 192.168.188.11
Address: 192.168.188.11#53
1.188.168.192.in-addr.arpa name = 360.bigcloud.local.
# nslookup 192.168.189.2
Server: 192.168.188.11
Address: 192.168.188.11#53
2.189.168.192.in-addr.arpa name = guge2.bigcloud.local.
2.4辅助DNS配置
基础配置与主DNS一致。
2.4.1先在主DNS上修改配置文件
添加如下信息:
NS zzsrv2.bigcloud.local.
zzsrv1 A 192.168.188.11
zzsrv2 A 192.168.188.12
2.4.2 在辅助DNS上最后添加如下内容:
zone "bigcloud.local" IN {
type slave;
file "bigcloud.local.zone";
masters {192.168.188.11;};
};
zone "188.168.192.in-addr.arpa"IN {
type slave;
file "192.168.188.zone";
masters { 192.168.188.11; };
};
zone "189.168.192.in-addr.arpa"IN {
type slave;
file "192.168.189.zone";
masters { 192.168.188.11; };
};
2.4.3修改目录权限,允许named组有写权限
# ll -d /var/named
drwxr-x--- 5 root named 120 Aug 20 06:05/var/named
# chmod g+w /var/named
# ll -d /var/named
drwxrwx--- 5 root named 120 Aug 20 06:05/var/named
# systemctl stop firewalld
# rndc reload
server reload successful
查看区域状态:增加了一个zone
# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
# cd /var/named
在该目录下自动生成了3个区域文件
# ll
-rw-r--r-- 1 named named 489 Aug 20 17:34 192.168.188.zone
-rw-r--r-- 1 named named 493 Aug 20 17:34 192.168.189.zone
-rw-r--r-- 1 named named 622 Aug 20 17:33 bigcloud.local.zone
drwxrwx--- 2 named named 22 Aug 20 06:07 data
drwxrwx--- 2 named named 58 Aug 20 17:06 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
2.4.4 验证辅助DNS正向解析
> www.bigcloud.local
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: www.bigcloud.local
Address: 192.168.188.11
2.4.5 验证辅助DNS反向解析
# nslookup 192.168.188.1
Server: 192.168.188.11
Address: 192.168.188.11#53
1.188.168.192.in-addr.arpa name = 360.bigcloud.local.
排错:
1. 转发器一直无法使用,结果是ifcfg-文件中网关GATEWAY写错了
2. 挂载光驱时报错 # mount/dev/cdrom /mnt/cdrom
mount: no medium found on /dev/sr0
原因是光盘没开启
3. yum无法使用,需要修改yum配置文件
# cd /etc/yum.repos.d/
# vi CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
baseurl=file:///mnt/cdrom/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
4. 文件传递过来了,但是辅助DNS不能解析:
# vi /etc/resolv.conf
nameserver “=”192.168.188.11
是因为在该文件中多写了一个=号。
原文地址:http://wanyi.blog.51cto.com/9273880/1542395