< 返回

CentOS 7 DNS服務器架設

2023-05-04 17:05 作者：31IDC 閱讀量：1788 所屬分類：Linux系統

CentOS 7 DNS服務器架設

項目背景和要求

要保證即能夠解析內網域名linuxidc.local的解析，又能解析互聯網的域名。

主DNS服務器：ZZYH1.LINUXIDC.LOCAL

輔助DNS服務器：ZZYH2.LINUXIDC.LOCAL

包含以下域的信息：

1、linuxidc.local域的信息：

2、192.168.188.0/24、192.168.189.0/24反向解析域

要求實現chroot功能，以提高安全性

實現到202.102.224.68、202.102.227.68的DNS轉發。

防止非授權用戶的DNS記錄的枚舉(防止出現類似上海煙草公司的安全隱患)。僅允許管理員在192.168.188.10上進行操作。

DNS網絡配置

除了傳統的修改/etc/resolv.conf之外，還有通過在ifcfg文件中添加配置的方式。

Tip: 與Windows在某個網卡中設置DNS服務器的IP地址類似

# vi/etc/sysconfig/network-scripts/ifcfg-eno16777728

# Generated by parse-kickstart IPV6INIT=no

BOOTPROTO=static

DEVICE=eno16777728

ONBOOT=yes

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

NAME="System eno16777728"

IPADDR=192.168.188.15

NETMASK=255.255.255.0

GATEWAY=192.168.188.2

DNS1=192.168.188.15 DNS2=192.168.188.16

這樣，當重新啟動network服務時，會生成/etc/resolv.conf中的配置

# servicenetwork restart

Restarting network (via systemctl): [ OK ]

# cat/etc/resolv.conf

# Generated by NetworkManager

search linuxidc.local

nameserver 192.168.188.15 nameserver192.168.188.16

配置Yum庫

[root@zzyh2 ~]# cd /etc/yum.repos.d/

[root@zzyh2 yum.repos.d]# ls

CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo

[root@zzyh2 yum.repos.d]#

[root@zzyh1 yum.repos.d]# cpCentOS-Base.repo CentOS-Base.repo.origin

[root@zzyh1 yum.repos.d]# viCentOS-Base.repo

配置內容

[base]

name=CentOS-$releasever - Base

baseurl=file:///media

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

安裝DNS支持包

#yum -y installbind bind-util bind-chroot //

[root@zzyh1 ~]# cd /media/Packages/

[root@zzyh1 Packages]# yum -y install bindbind-util bind-chroot

Warning: RPMDB altered outside of yum.

Installing : 32:bind-libs-9.9.4-14.el7.x86_64 1/3

Installing : 32:bind-9.9.4-14.el7.x86_64 2/3

Installing : 32:bind-chroot-9.9.4-14.el7.x86_64 3/3

Verifying :32:bind-9.9.4-14.el7.x86_64 1/3

Verifying : 32:bind-libs-9.9.4-14.el7.x86_64 2/3

Verifying :32:bind-chroot-9.9.4-14.el7.x86_64 3/3

Installed:

bind.x86_64 32:9.9.4-14.el7 bind-chroot.x86_64 32:9.9.4-14.el7

Dependency Installed:

bind-libs.x86_6432:9.9.4-14.el7

Complete!

查看bind的生成包

[root@zzyh2 ~]# rpm -qc bind

/etc/logrotate.d/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

/var/named/named.ca

/var/named/named.empty

/var/named/named.localhost

/var/named/named.loopback

配置文件

[root@zzyh1 ~]# cd /etc

[root@zzyh1 etc]# cp named.confnamed.conf.origin

[root@zzyh1 etc]# vi /etc/named.conf

[root@zzyh1 etc]# cat /etc/named.conf、

//listen-on port 53 { 127.0.0.1; };

listen-on port 53 { any; };

//dnssec-enable yes;

//dnssec-validation yes;

dnssec-enable no;

dnssec-validation no;

配置轉發地址：

forwarders {202.102.224.68; 202.102.227.68;};

allow-transfer {192.168.188.15; 192.168.188.12;};

查看狀態

[root@zzyh1 etc]# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 101

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

測試一下解析

補充一下

#find / -name nslookup

/usr/bin/nslookup

#rpm -qf/usr/bin/nslookup //查詢這個命令依附于那個包 bind-utils-9.9.4-14.el7.x86_64.rpm

執行

#nslookup //如果找不到nslookup那是因為沒有安裝bind-utils-9.9.4-14.el7.x86_64.rpm

> server 192.168.188.15

Default server: 192.168.188.15

Address: 192.168.188.15#53

> g.cn //嘗試解析g.cn

Server: 192.168.188.15

Address: 192.168.188.15#53

Non-authoritative answer:

Name: g.cn

Address: 203.208.36.17

Name: g.cn

Address: 203.208.36.18

Name: g.cn

Address: 203.208.36.16

Name: g.cn

Address: 203.208.36.20

Name: g.cn

Address: 203.208.36.19

//解析成功

添加自定義zone

自定義，修改配置文件

[root@zzyh1~]# vi /etc/named.conf

在最后添加

zone "linuxidc.local" IN {

type mester;

file "linuxidc.local.zone";

}

zone "188.168.192.in-addr.arpa"IN {

type master;

file "192.168.188.zone";

}

zone "189.168.192.in-addr.arpa"IN {

type master;

file "192.168.189.zone";

}

include"/etc/named.rfc1912.zones";

include "/etc/named.root.key";

[root@zzyh1named]# cp named.empty linuxidc.local.zone //修改前備份一下

[root@zzyh1 named]# ls

linuxidc.local.zone data named.ca named.localhost slaves

chroot dynamic named.empty named.loopback

配置文件

[root@zzyh1named]# vi linuxidc.local.zone

$TTL 3H

@ IN SOA zzyh1.linuxidc.local. chenzhou312.blog.51cto.com (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

IN NS zzyh1.linuxidc.local.

IN NS zzyh2.linuxidc.local.

zzyh1 IN A 192.168.188.15

zzyh2 IN A 192.168.188.16

ftp IN A 192.168.188.15

mailyh1 IN A 192.168.188.22

smtp IN CNAME mailyh1.linuxidc.local.

pop3 IN CNAME mailyh1.linuxidc.local.

www IN A 192.168.188.15

crm IN A 192.168.188.15

#vi192.168.188.zone

$TTL 3H

@ IN SOA zzyh1.linuxidc.local. chenzhou312.blog.51cto.com (

0 ; serial

1D ; refresh

1H ; retry

1W ; expiredgG

3H) ; minimum

IN NS zzyh1.linuxidc.local.

IN NS zzyh2.linuxidc.local.

15 IN PTR zzyh1.linuxidc.local.

15 IN PTR ftp.linuxidc.local.

16 IN PTR zzyh2.linuxidc.local.

16 IN PTR mailyh1.linuxidc.local.

#vi192.168.189.zone

$TTL 3H

@ IN SOA zzyh1.linuxidc.local. chenzhou312.blog.51cto.com (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H) ; minimum

IN NS zzyh1.linuxidc.local.

IN NS zzyh2.linuxidc.local.

www IN NS 192.168.188.15

重啟服務

[root@zzyh1 named]# systemctl restartnamed.service

[root@zzyh1 named]# service named restart

Redirecting to /bin/systemctl restart named.service

[root@zzyh1 named]# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 104

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

設置為自動啟動

# systemctl enable named

[root@zzyh1 named]# systemctl status named

named.service - Berkeley Internet NameDomain (DNS)

Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)

Active: active (running) since Mon 2014-08-25 00:36:59 CST; 3min 47s ago

MainPID: 2807 (named)

CGroup: /system.slice/named.service

a””a”2807 /usr/sbin/named -u named

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: zone 189.168.192.in-addr.ar...

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: zone 1.0.0.127.in-addr.arpa...

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: zone 1.0.0.0.0.0.0.0.0.0.0....

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: all zones loaded

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: running

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: zone 188.168.192.in-addr.ar...

Aug 25 00:36:59 zzyh1.linuxidc.localnamed[2807]: zone 189.168.192.in-addr.ar...

Aug 25 00:36:59 zzyh1.linuxidc.localsystemd[1]: Started Berkeley Internet N....

Aug 25 00:37:00 zzyh1.linuxidc.localnamed[2807]: managed-keys-zone: No DNSKE...

Hint: Some lines were ellipsized, use -l toshow in full.

測試

# nslookup

> server192.168.188.15

Default server: 192.168.188.15

Address: 192.168.188.15#53

>www.linuxidc.local.

Server: 192.168.188.15

Address: 192.168.188.15#53

Name: www.linuxidc.local

Address: 192.168.188.15

>smtp.linuxidc.local.

Server: 192.168.188.15

Address: 192.168.188.15#53

smtp.linuxidc.local canonical name = mailyh1.linuxidc.local.

Name: mailyh1.linuxidc.local

Address: 192.168.188.22

>192.168.188.15

Server: 192.168.188.15

Address: 192.168.188.15#53

15.188.168.192.in-addr.arpa name = ftp.linuxidc.local.

15.188.168.192.in-addr.arpa name = zzsrv1.linuxidc.local.

> exit

zzyh2上的DNS配置

安裝BIND

與zzyh1上的主DNS配安裝一樣。

操作略。

配置

Cache Only Server

與zzyh1上的主DNS配安裝一樣。

操作略。

添加輔助Zone

# vi /etc/named.conf

添加如下zone信息

zone "linuxidc.local" IN {

type slave;

masters {192.168.188.15; };

file "linuxidc.local.zone";

};

zone "188.168.192.in-addr.arpa"IN {

type slave;

masters {192.168.188.15; };

file "192.168.188.zone";

};

zone "189.168.192.in-addr.arpa"IN {

type slave;

masters {192.168.188.15; };

file "192.168.189.zone";

};

修改目錄權限

[root@zzyh2 named]# ll /var/named/ -d

drwxr-x--- 6 root named 133 Aug 15 14:06/var/named/

[root@zzyh2 named]# chmod g+w /var/named/

[root@zzyh2 named]# ll /var/named/ -d

drwxrwx--- 6 root named 133 Aug 15 14:06/var/named/

啟動服務

[root@zzyh2 ~]# systemctl startnamed.service

Redirecting to /bin/systemctl restart named.service

設置為自動啟動

[root@zzyh2 ~]# systemctl enable named

ln -s'/usr/lib/systemd/system/named.service''/etc/systemd/system/multi-user.target.wants/named.service'

查看日志，檢查是否有報錯信息。（建議在啟動時，就在另外一個會話時就打開）

# tail -f /var/log/messages

測試BIND

在zzyh1上生成了相應的zone文件

[root@zzyh2 ~]# ll /var/named/

total 28

-rw-r--r-- 1 named named 451 Aug 15 14:58 192.168.188.zone

-rw-r--r-- 1 named named 254 Aug 15 15:05 192.168.189.zone

-rw-r--r-- 1 named named 647 Aug 15 15:16 linuxidc.local.zone

drwxr-x--- 7 root named 56 Aug 15 14:06 chroot

drwxrwx--- 2 named named 22 Aug 15 14:19 data

drwxrwx--- 2 named named 58 Aug 15 16:20 dynamic

-rw-r----- 1 root named 2076 Jan 28 2013 named.ca

-rw-r----- 1 root named 152 Dec 15 2009 named.empty

-rw-r----- 1 root named 152 Jun 21 2007 named.localhost

-rw-r----- 1 root named 168 Dec 15 2009 named.loopback

drwxrwx--- 2 named named 6 Jun 10 16:13 slaves

[root@zzyh1 ~]# vi /var/named/linuxidc.local.zone

添加一個A記錄

test IN A 10.0.0.1

并且將，zone的序列號增大

[root@zzyh1 ~]# rndc reload

server reload successful

在zzyh1的日志中會看到

zone linuxidc.local/IN: sending notifiesrial 15)

client 192.168.188.16#41658 (linuxidc.loc:transfer of 'linuxidc.local/IN': AXFR-style IXFR started

client 192.168.188.16#41658 (linuxidc.loc:transfer of 'linuxidc.local/IN': AXFR-style IXFR ended

在zzyh2的日志中會看到

client 192.168.188.15#33856: received notifyfor zone 'linuxidc.local'

zone linuxidc.local/IN: Transfer started.

transfer of 'linuxidc.local/IN' from192.168.188.15#53: connected using 192.168.188.16#41658

zone linuxidc.local/IN: transferred serial15

transfer of 'linuxidc.local/IN' from192.168.188.15#53: Transfer completed: 1 messages, 13 records, 339 bytes, 0.005secs (67800 bytes/sec)

zone linuxidc.local/IN: sending notifies(serial 15)

測試

# nslookup

> server 192.168.188.16

Default server: 192.168.188.16

Address: 192.168.188.16#53

> test.linuxidc.local.

Server: 192.168.188.16

Address: 192.168.188.16#53

Name: test.linuxidc.local

Address: 10.0.0.1

> exit

本文地址：http://www.jinchangtalc.com/helpcontent/648.html

上一篇：七日殺游戲服務器搭建配置文件注釋解釋
下一篇：Linux搭建SVN服務器詳細教程

香港 CN2 GIA 服務器租用三網CN2

幫助中心

CentOS 7 DNS服務器架設

31IDC - 12 年深耕海外 IDC 高端資源

7*24小時

1V1

99.9%

退訂

100 %

云服務器

物理服務器

關于我們

快速鏈接

聯系我們

香港 CN2 GIA 服務器租用 三網CN2

幫助中心

CentOS 7 DNS服務器架設

31IDC - 12 年深耕海外 IDC 高端資源

香港 CN2 GIA 服務器租用三網CN2