DNS配置實例(centos7+bind9.9)
環境配置
OS:CentOS Linux release 7.2.1511
ns1_IP:172.16.1.101
ns2_IP: 172.16.1.102
domain:aishangwei.net
www_IP:172.16.1.101
mail_IP:172.16.1.101 172.16.1.102
master_IP:172.16.1.101
slave_IP:172.16.1.102
安裝包: bind //主程序包
bind-libs //程序包所需要的庫文件
bind-utils //主要是一些測試查看命令
[root@ns1 ~]# hostnamectl set-hostname ns1.aishangwei.net //設置主機名
Enforcing
[root@ns1 etc]# setenforce 0 //設置selinux為permissive
[root@ns1 etc]# getenforce
Permissive
[root@ns1 etc]# vim /etc/selinux/config //設置selinux為永久關閉
SELINUX=disabled
SELINUXTYPE=targeted
[root@ns1 ~]# systemctl stop firewalld //臨時關閉防火墻
[root@ns1 ~]# systemctl disable firewalld //永久關閉防火墻
[root@ns1 ~]# yum install -y bind bind-libs bind-utils //安裝 bind
[root@ns1 ~]# move /etc/named.{conf,conf.bak} //備份 namd.conf配置文件
[root@ns1 etc]# vim /etc/named.conf //編輯named.conf主配置
options {
listen-on port 53 { 127.0.0.1;172.16.1.101; }; //設置監聽地址
allow-query { localhost; 172.16.1.0/24; }; //允許哪些地址查詢
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
[root@ns1 etc]# chown .named /etc/named.conf //修改屬組
[root@ns1 etc]# chmod 640 /etc/named.conf //修改權限
[root@ns1 etc]# named-checkconf //檢查named.conf配置文件語法
[root@ns1 etc]# named-checkzone “localhost” /var/named/named.localhost //檢查區域文件
zone localhost/IN: loaded serial 0
OK
[root@ns1 etc]# systemctl start named //啟動named主進程
[root@ns1 etc]# netstat -tunlp |grep named //查看監聽端口
- 創建DNS域和區域文件
[root@ns1 ~]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;172.16.1.101; };
directory “/var/named”;
allow-query { localhost; 172.16.1.0/24; };
allow-transfer { 172.16.1.0/24; }; //設置允許傳送記錄的地址
allow-recursion { 172.16.1.0/24; }; //允許遞歸的地址段
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.loopback”;
};
//設置正向解析
zone “aishangwei.net” IN {
type master;
file “named.aishangwei.net”;
};
//設置反向解析
zone “1.16.172.in-addr-arpa” IN {
type master;
file “named.1.16.172.in-addr-arpa”;
};
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;
[root@ns1 ~]# vim /var/named/named.aishangwei.net //創建正向解析文件
$TTL 600
@ IN SOA ns1.aishangwei.net. admin.aishangwei.net.(
201722201
1H
5M
2D
6H )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 172.16.1.101
ns2 IN A 172.16.1.102
mail IN A 172.16.1.101
mail IN A 172.16.1.102
www IN A 172.16.1.102
ftp IN CNAME www
[root@ns1 ~]# vim /var/named/named.1.16.172.in-addr-arpa //創建反向解析文件
$TTL 600
@ IN SOA ns1.aishangwei.net. admin.aishangwei.net. (
201722201
1H
5M
2D
6H )
IN NS ns1.aishangwei.net.
IN NS ns2.aishangwei.net.
101 IN PTR ns1.aishangwei.net.
102 IN PTR ns2.siahangwei.net.
101 IN PTR mail.aishangwei.net.
102 IN PTR mail.aishangwei.net.
102 IN PTR www.aishangwei.net.
[root@ns1 ~]# named-checkconf
[root@ns1 ~]# named-checkzone “aishangwei.net” /var/named/named.aishangwei.net
zone aishangwei.net/IN: loaded serial 201722201
OK
[root@ns1 ~]# named-checkzone “named.1.16.172.in-addr.arpa” /var/named/named.1.16.172.in-addr-arpa
zone named.1.16.172.in-addr.arpa/IN: loaded serial 201722201
OK
[root@ns1 ~]# rndc reload //不重啟服務,而重新載入配置文件
server reload successful
[root@ns1 ~]# dig -t A www.aishangwei.net @172.16.1.101 //使用指定的主機解析 A 記錄
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> -t A www.aishangwei.net @172.16.1.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62391
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.aishangwei.net. IN A
;; ANSWER SECTION:
www.aishangwei.net. 600 IN A 172.16.1.102
;; AUTHORITY SECTION:
aishangwei.net. 600 IN NS ns2.aishangwei.net.
aishangwei.net. 600 IN NS ns1.aishangwei.net.
;; ADDITIONAL SECTION:
ns1.aishangwei.net. 600 IN A 172.16.1.101
ns2.aishangwei.net. 600 IN A 172.16.1.102
;; Query time: 1 msec
;; SERVER: 172.16.1.101#53(172.16.1.101)
;; WHEN: 三 2月 22 13:17:44 CST 2017
;; MSG SIZE rcvd: 131
- 從服務器配置
[root@ns2 ~]# hostnamectl set-hostname ns2.aishangwei.net
[root@ns2 ~]# getenforce
Enforcing
[root@ns2 ~]# setenforce 0
[root@ns2 ~]# getenforce
Permissive
[root@ns2 ~]]# vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
[root@ns2 ~]# yum list all bind*
[root@ns2 ~]# yum install -y bind bind-libs bind-utils
[root@ns2 ~]# move /etc/named.{conf,conf.bak}
[root@ns2 etc]# vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 172.16.1.102; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
allow-query { localhost; 172.16.1.0/24; };
allow-recursion { 172.16.1.0/24;};
allow-transfer { none; };
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.loopback”;
};
zone “aishangwei.net” IN {
type slave;
file “slaves/named.aishangwei.net”;
masters { 172.16.1.101; };
};
zone “1.16.172.in-addr-arpa” IN {
type slave;
file “slaves/named.1.16.172.in-addr-arpa”;
masters { 172.16.1.101; };
};
[root@ns2 ~]# systemctl start named
[root@ns2 ~]# netstat -tunlp |grep named
[root@ns2 ~]# ll /var/named/slaves/ //傳送成功的話,該目錄下會有這兩個文件
總用量 8
-rw-r–r–. 1 named named 422 2月 22 15:54 named.1.16.172.in-addr-arpa
-rw-r–r–. 1 named named 518 2月 22 15:54 named.aishangwei.net
- 子域授權
[root@ns1 ~]# vim /var/named/named.aishangwei.net //編輯主域區域文件
……….
blog IN NS ns2.blog
ns2.blog IN A 172.16.1.102
[root@ns2 ~]# vim /etc/named.conf //編輯子域配置文件
……………….
zone “blog.aishangwei.net” IN {
type master;
file “named.blog.aishangwei.net”;
};
[root@ns2 ~]# vim /var/named/named.blog.aishangwei.net //編輯子域區域文件
$TTL 600
@ IN SOA ns2.blog.aishangwei.net. admin.aishangwei.net.(
201722301
1H
5M
2D
6H )
IN NS ns2
IN MX 10 mail
ns2 IN A 172.16.1.103
mail IN A 172.16.1.103
www IN A 172.16.1.103
- 設置轉發服務器
(1)全部轉發,只要不是本機負責解析的區域,統統轉發給指定的服務器;
[root@ns1 ~]# vim /etc/named.conf
…………
Options {
type forward;
forward { first|only; };
forwarders;
}
(2)區域轉發:僅轉發對特定的區域的請求至指定的服務器
[root@ns1 ~]# vim /etc/named.conf
…………
zone “ZONE_NAME” IN {
type forward;
forward { first|only; };
forwarders;
}
- ACL功能使用
[root@ns1 ~]# vim /etc/named.conf
acl innet {
172.16.1.0/24;
192.168.1.0/24;
127.0.0.0/8;
};
options {
directory “var/named”;
………………..
allow-recursion { innet; };
};
-
view配置
下面的配置為簡化版,請結合上面的例子修改。
[root@ns1 ~]# vim /etc/named.conf
acl dianxin {
172.16.1.0/24;
172.16.2.0/24;
};
options {
…………
};
view dianxin {
match-clients { dianxin; };
zone “aishangwei.net” IN {
type master;
file “dianxin.named.aishangwei.net”;
};
};
view others {
match-clients { any; };
zone “aishangwei.net” IN {
type master;
file “others.named.aishangwei.net”;
};
};
[root@ns1 ~]# vim /var/named/dianxin.named.aishangwei.net //創建電信使用的區域文件
$TTL 600
@ IN SOA ns1.aishangwei.net. admin.aishangwei.net.(
201722201
1H
5M
2D
6H )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 172.16.1.101
ns2 IN A 172.16.1.102
mail IN A 172.16.1.101
mail IN A 172.16.1.102
www IN A 172.16.1.102
ftp IN CNAME www
[root@ns1 ~]# vim /var/named/others.aishangwei.net //創建其他使用的區域文件
$TTL 600
@ IN SOA ns1.aishangwei.net. admin.aishangwei.net.(
201722201
1H
5M
2D
6H )
IN NS ns1
IN NS ns2
IN MX 10 mail
ns1 IN A 172.16.2.101
ns2 IN A 172.16.2.102
mail IN A 172.16.2.101
mail IN A 172.16.2.102
www IN A 172.16.2.102
ftp IN CNAME www
DNS配置實例(centos7+bind9.9)