标签:dns的搭建
系统环境:
[root@RHCE ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@RHCE ~]# uname -r
3.10.0-327.el7.x86_64
[root@RHCE ~]# ip addr show enp0s8 | awk ‘NR==3{print $2}‘
192.168.235.36/24
#关闭防火墙和selinux
#DNS主服务器搭建
#安装DNS
[root@RHCE ~]# yum install -y bind-chroot bind
[root@RHCE ~]# cp -R /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
[root@RHCE ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@RHCE ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@RHCE ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@RHCE ~]# touch /var/named/chroot/var/named/data/named.run
[root@RHCE ~]# mkdir /var/named/chroot/var/named/dynamic
[root@RHCE ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
[root@RHCE ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@RHCE ~]# chmod -R 777 /var/named/chroot/var/named/dynamic
[root@RHCE ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf
[root@RHCE ~]# cp -p /etc/named.rfc1912.zones /var/named/chroot/etc/
[root@RHCE ~]# vim /var/named/chroot/etc/named.rfc1912.zones
[root@RHCE ~]# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//" | grep -v "^$"
zone "jxy.com" IN {
type master;
file "jxy.com.zone";
allow-update { any; };
};
zone "235.168.192.in-addr.arpa" IN {
type master;
file "192.168.235.zone";
allow-update { any; };
};
[root@RHCE ~]# cp -p /var/named/named.localhost /var/named/chroot/var/named/jxy.com.zone
[root@RHCE ~]# vim /var/named/chroot/var/named/jxy.com.zone
[root@RHCE named]# cat /var/named/chroot/var/named/jxy.com.zone
$TTL 1D
@ IN SOA jxy.com. root.jxy.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
IN NS ns.jxy.com.
IN MX 5 mail.jxy.com.
ns IN A 192.168.253.36
mail IN A 192.168.253.37
bolg IN A 192.168.253.38
www IN A 192.168.253.36
[root@RHCE chroot]# vim /var/named/chroot/etc/named.conf
#修改/var/named/chroot/etc/named.conf 第11行改为如下值
[root@RHCE chroot]# sed -n ‘11p‘ /var/named/chroot/etc/named.conf
listen-on port 53 { 192.168.235.36; };
#修改/var/named/chroot/etc/named.conf 第17行改为如下值
[root@RHCE chroot]# sed -n ‘17p‘ /var/named/chroot/etc/named.conf
allow-query { any; };
[root@RHCE chroot]#systemctl start named-chroot
#测试正向解析
[root@RHCE named]# nslookup mail.jxy.com
Server:127.0.0.1
Address:127.0.0.1#53
Name:mail.jxy.com
Address: 192.168.253.37
[root@RHCE named]# nslookup www.jxy.com
Server:127.0.0.1
Address:127.0.0.1#53
Name:www.jxy.com
Address: 192.168.253.36
#正向解析成功
[root@RHCE ~]# cp -p /var/named/named.loopback /var/named/chroot/var/named/192.168.235.zone
[root@RHCE chroot]# cat /var/named/chroot/var/named/192.168.235.zone
$TTL 1D
@ IN SOA jxy.com. root.jxy.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
NS ns.jxy.com.
ns A 192.168.235.36
36 PTR ns.jxy.com.
37 PTR mail.jxy.com.
38 PTR bolg.jxy.com.
36 PTR www.jxy.com.
[root@RHCE chroot]#systemctl restart named-chroot
#反向解析测试
[root@RHCE ~]# nslookup 192.168.235.37
Server:127.0.0.1
Address:127.0.0.1#53
37.235.168.192.in-addr.arpaname = mail.jxy.com.
[root@RHCE ~]# nslookup 192.168.235.36
Server:127.0.0.1
Address:127.0.0.1#53
36.235.168.192.in-addr.arpaname = ns.jxy.com.
36.235.168.192.in-addr.arpaname = www.jxy.com.
#反向解析成功!
#DNS从服务器搭建
#用主服务器克隆一台从服务器
#修改主机名 为如下
[root@RHCE_2 ~]# cat /etc/hostname
RHCE_2
#修改IP地址 为如下值
[root@RHCE_2 ~]# ip addr show enp0s8 | awk ‘NR==3{print $2}‘
192.168.235.37/24
#修改named主配置文件 将监听地址修改为本机地址192.168.235.37
[root@RHCE_2 ~]# vim /var/named/chroot/etc/named.conf
[root@RHCE_2 ~]# sed -n ‘11p‘ /var/named/chroot/etc/named.conf
listen-on port 53 { 192.168.235.37; };
#修改区域配置文件
[root@RHCE_2 ~]# vim /var/named/chroot/etc/named.rfc1912.zones
[root@RHCE_2 ~]# cat /var/named/chroot/etc/named.rfc1912.zones | grep -v "^//" | grep -v "^$"
zone "jxy.com" IN {
type slave;
file "slaves/jxy.com.zone";
masters {192.168.235.36;};
};
zone "235.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.235.zone";
masters {192.168.235.36;};
};
#主开启DNS服务
[root@RHCE ~]# systemctl start named-chroot
#从开启DNS服务
[root@RHCE_2 ~]# systemctl start named-chroot
#修改从服务器的网卡DNS 为本机IP地址192.168.235.37
#测试从服务
[root@RHCE_2 ~]# nslookup 192.168.235.36
Server:::1
Address:::1#53
36.235.168.192.in-addr.arpaname = ns.jxy.com.
36.235.168.192.in-addr.arpaname = www.jxy.com.
[root@RHCE_2 ~]# nslookup www.jxy.com
Server:::1
Address:::1#53
Name:www.jxy.com
Address: 192.168.253.36
#关闭主服务器
[root@RHCE ~]# systemctl stop named-chroot
#重启从服务器
[root@RHCE_2 ~]# systemctl restart named-chroot
[root@RHCE_2 ~]# nslookup 192.168.235.36
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; trying next origin
;; Got SERVFAIL reply from ::1, trying next server
;; connection timed out; no servers could be reached
#解析失败 测试成功
#DNS分离解析
#DNS服务器 两张网卡 一张 连接中国 一张连接 海外
| DNS服务器 | 中国 :192.168.235.36 |
| 海外 :192.168.153.36 | |
| 中国客户端 | 192.168.235.10 |
| 海外客户端 | 192.168.153.10 |
#修改 DNS区域配置文件
[root@RHCE chroot]# cd /var/named/chroot/
[root@RHCE chroot]# vim etc/named.rfc1912.zones
[root@RHCE chroot]# cat etc/named.rfc1912.zones
acl "haiwai" {192.168.153.0/24;};
acl "china" {192.168.235.0/24;};
view "china"{
match-clients {"china";};
zone "jxy.com" IN {
type master;
file "jxy.com.zone.china";
allow-update { any; };
};
};
view "haiwai"{
match-clients {"haiwai";};
zone "jxy.com" IN {
type master;
file "jxy.com.zone.haiwai";
allow-update { any; };
};
};
#增加中国区域文件
[root@RHCE chroot]# vim var/named/jxy.com.zone.china
[root@RHCE chroot]# cat var/named/jxy.com.zone.china
$TTL 1D
@ IN SOA jxy.com. root.jxy.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
IN NS ns.jxy.com.
IN MX 5 mail.jxy.com.
ns IN A 192.168.235.36
mail IN A 192.168.235.36
www IN A 192.168.235.36
#增加海外区域文件
[root@RHCE chroot]# vim var/named/jxy.com.zone.haiwai
[root@RHCE chroot]# cat var/named/jxy.com.zone.haiwai
$TTL 1D
@ IN SOA jxy.com. root.jxy.com. (
0; serial
1D; refresh
1H; retry
1W; expire
3H ); minimum
IN NS ns.jxy.com.
IN MX 5 mail.jxy.com.
ns IN A 192.168.153.36
mail IN A 192.168.153.36
www IN A 192.168.153.36
#在主配置文件增加一行
[root@RHCE chroot]# vim etc/named.conf
[root@RHCE chroot]# sed -n ‘12p‘ etc/named.conf
listen-on port 53 { 192.168.153.36; };
#并且注释掉 下面的内容
zone "." IN {
type hint;
file "named.ca";
};
[root@RHCE chroot]# systemctl restart named-chroot
#测试分离解析
#模拟海外客户端访问 www.jxy.com
#模拟中国客户端访问 www.jxy.com
#可以看到对同一个域名解析出了不同的 IP地址
本文出自 “Chauncey” 博客,请务必保留此出处http://cqwujiang.blog.51cto.com/10808946/1912143
标签:dns的搭建
原文地址:http://cqwujiang.blog.51cto.com/10808946/1912143
