学习到DNS时,做实验折腾了快一周总是不成功,以为是虚拟机设置问题,看了如下的介绍才知道有些域设置不对,因此写下这篇博客记录下,感谢博主的分享。
https://blog.csdn.net/mingmingwei123/article/details/78447017
搭建环境:两台centos虚拟机,
centos7.1(IP地址:192.168.245.141):
centos7.2(IP地址:192.168.245.160)
主DNS服务器IP地址:192.168.245.141 从DNS服务器IP地址:192.168.245.160
>[root@adobe ~]# lsb_release -a
LSB Version::core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: CentOS
Description:CentOS Linux release 7.5.1804 (Core)
Release:7.5.1804
Codename: Core
一、因为我的主机名安装时写的是adobe.com(最好是单个名字),所以需要修改一下;
> [root@adobe ~]# hostname
> adobe.com
> [root@adobe ~]# hostnamectl set-hostname adobe
> [root@adobe ~]# hostname
> adobe
二、安装bind等服务程序;
[root@adobe ~]# yum -y install bind bind-utils bind-chroot
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package 32:bind-9.9.4-61.el7_5.1.x86_64 already installed and latest version
Package 32:bind-utils-9.9.4-61.el7_5.1.x86_64 already installed and latest version
Package 32:bind-chroot-9.9.4-61.el7_5.1.x86_64 already installed and latest version
Nothing to do
三、启动named服务:
[root@adobe ~]# systemctl start named.service
四、检查服务状态:
[root@adobe ~]# rndc status
version: 9.9.4-RedHat-9.9.4-61.el7_5.1 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
五、查看bind进程状态:
[root@adobe ~]# ss -tunlp | grep 53
udpUNCONN 0 0 127.0.0.1:53*:* users:(("named",pid=1497,fd=512))
udpUNCONN 0 0 ::1:53 :::* users:(("named",pid=1497,fd=513))
tcpLISTEN 0 10 127.0.0.1:53*:* users:(("named",pid=1497,fd=21))
tcpLISTEN 0 128127.0.0.1:953 *:* users:(("named",pid=1497,fd=23))
tcpLISTEN 0 10 ::1:53 :::* users:(("named",pid=1497,fd=22))
tcpLISTEN 0 128 ::1:953 :::* users:(("named",pid=1497,fd=24))
六、修改/etc/named.conf文件:
// named.conf
options {
listen-on port 53 { any; }; #设置监听的端口及IP地址,修改成any;
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no; # 把yes修改成no;
dnssec-validation no; # 把yes修改成no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
七、在/etc/name.rfc1912.zones文件中增加一个zone。
zone "adobe.com" IN { #根据自己的主机名修改;
type master; #此处作为主DNS设备;
file "adobe.com.zone"; #域文件名称
allow-update { none; };
};
八、在/var/named/下增加一个相对应的解析库文件adobe.com.zone。
> [root@adobe ~]# cd /var/named/
> [root@adobe named]# ls
> chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
> [root@adobe named]# vim adobe.com.zone
> $TTL 1D
> @ IN SOA dnssrv1.adobe.com. admin.adobe.com. (
> 2018090217 ; serial
> 1D ; refresh
> 1H ; retry
> 1W ; expire
> 3H ); minimum
> IN NS dnssrv1.adobe.com.
> dnssrv1.adobe.com. IN A 192.168.245.141
> www.adobe.com. IN A 192.168.245.145
九、此时还需要修改zone文件的读写权限和属组;
> [root@adobe named]# ll
> total 20
> -rw-r--r--. 1 root root 413 Sep 2 16:40 adobe.com.zone
> drwxr-x---. 7 root named 61 Sep 1 17:36 chroot
> drwxrwx---. 2 named named 23 Sep 2 15:56 data
> drwxrwx---. 2 named named 60 Sep 2 15:56 dynamic
> -rw-r-----. 1 root named 2281 May 22 2017 named.ca
> -rw-r-----. 1 root named 152 Dec 15 2009 named.empty
> -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
> -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
> drwxrwx---. 2 named named6 Aug 27 23:40 slaves
> [root@adobe named]# chmod 640 adobe.com.zone
> [root@adobe named]# chown :named adobe.com.zone
> [root@adobe named]# ll
> total 20
> -rw-r-----. 1 root named 413 Sep 2 16:40 adobe.com.zone
> drwxr-x---. 7 root named 61 Sep 1 17:36 chroot
> drwxrwx---. 2 named named 23 Sep 2 15:56 data
> drwxrwx---. 2 named named 60 Sep 2 15:56 dynamic
> -rw-r-----. 1 root named 2281 May 22 2017 named.ca
> -rw-r-----. 1 root named 152 Dec 15 2009 named.empty
> -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
> -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
> drwxrwx---. 2 named named6 Aug 27 23:40 slaves
十、使用检查语法和重新加载配置文件。
> [root@adobe named]# named-checkzone "adobe.com" adobe.com.zone
> zone adobe.com/IN: loaded serial 2018090217
> OK
> [root@adobe named]# named-checkconf /etc/named.conf
未完待续