dns之master
阿新 • • 發佈:2020-08-08
centos7.4系統下搭建dns
[root@master ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
[root@master ~]# yum install bind bind-utils -y
修改dns主配置檔案/etc/named.conf
[root@master ~]# cat /etc/named.conf options { listen-on port 53 { any; }; #放開所有 listen-on-v6 port 53 { ::1; }; directory"/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; #放開所有 allow-transfer { none; }; #禁止轉發
recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug {file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; }; zone "devin.vm" IN { #正向解析域 type master; file "named.devin.vm"; }; zone "26.168.192.in-addr.arpa" IN { #反向解析域 type master; file "named.192.168.26"; };
正向解析 /var/named/named.devin.vm
[root@master named]# cat /var/named/named.devin.vm $TTL 1D @ IN SOA devin.vm. ns2.devin.vm. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.devin.vm. master IN A 192.169.26.51 @ IN MX 10 ns2.devin.vm. ns2.devin.vm. IN A 192.168.26.53 ns1.devin.vm. IN A 192.168.26.52 client.devin.vm. IN A 192.168.26.52 www.devin.vm. IN A 192.168.26.52 ftp.devin.vm. IN CNAME www.devin.vm. dhcp.devin.vm. IN CNAME www.devin.vm.
反向解析 /var/named/named.192.168.26
[root@master named]# cat /var/named/named.192.168.26 $TTL 1D @ IN SOA devin.vm. ns2.devin.vm. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.devin.vm. 51 IN PTR master.devin.vm. 52 IN PTR ns1.devin.vm. 52 IN PTR client.devin.vm. 52 IN PTR www.devin.vm. 52 IN PTR ftp.devin.vm. 52 IN PTR dhcp.devin.vm. 53 IN PTR ns2.devin.vm.
檢查配置檔案
named-checkzone devin.vm named.devin.vm named-checkzone 26.168.192.in-addr.arpa named.192.168.26 named-checkconf -z /etc/named.conf
更改許可權
chown root:named named.devin.vm chown root:named named.192.168.26
重啟服務
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
systemctl start named
systemctl enable named
客戶端驗證
[root@ns2 ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.26.51
[root@ns2 ~]# yum install bind-utils -y
[root@ns2 ~]# host www.devin.vm
www.devin.vm has address 192.168.26.52
[root@ns2 ~]# dig ns2.devin.vm
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> ns2.devin.vm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25514
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns2.devin.vm. IN A
;; ANSWER SECTION:
ns2.devin.vm. 86400 IN A 192.168.26.53
;; AUTHORITY SECTION:
devin.vm. 86400 IN NS master.devin.vm.
;; ADDITIONAL SECTION:
master.devin.vm. 86400 IN A 192.169.26.51
;; Query time: 0 msec
;; SERVER: 192.168.26.51#53(192.168.26.51)
;; WHEN: Sun Aug 09 03:14:48 CST 2020
;; MSG SIZE rcvd: 94
[root@ns2 ~]# nslookup ftp.devin.vm
Server: 192.168.26.51
Address: 192.168.26.51#53
ftp.devin.vm canonical name = www.devin.vm.
Name: www.devin.vm
Address: 192.168.26.52
[root@ns2 ~]# nslookup 192.168.26.52
52.26.168.192.in-addr.arpa name = www.devin.vm.
52.26.168.192.in-addr.arpa name = ns1.devin.vm.
52.26.168.192.in-addr.arpa name = dhcp.devin.vm.
52.26.168.192.in-addr.arpa name = ftp.devin.vm.
52.26.168.192.in-addr.arpa name = client.devin.vm.