Centos6.4 DNS服务搭建

服务搭建前的环境：

1.关闭selinux和防火墙

关闭selinux：

①永久性修改

vim /etc/selinux/config（需要重启才能生效）

②临时性修改

setenforce 0

查看：

关闭防火墙：

/etc/init.d/iptables stop

关闭开机启动：

chkconfig iptables off

2.安装

服务器端安装：DNS服务对应的名称是bind，对应的进程是named

安装：

yum install -y bind

客户端安装：

yum install bind-utils

3.分析DNS的应用场景，进行服务搭建

（1）本地DNS

①规划域名和主机

域名到IP的映射：

www-->10.1.1.243

dns1-->10.1.1.245

dns2-->10.1.1.246

②配置主配置文件定义正反解区域

vim /etc/named.conf
options {
   listen-on port 53 { any; };
　　allow-query    { any; };
　　dnssec-enable no;
　　dnssec-validation no;
}
vim /etc/named.rfc1912.zones
zone "xx.com" IN {
        type master;
        file "named.xx.com";
        allow-update { none; };
};
zone "1.1.10.in-addr.arpa" IN {
        type master;
        file "10.1.1.arpa";
        allow-update { none; };
};

③创建正反解文件

正解文件：

cp /var/named/named.localhost /var/named/named.xx.com（注意：这里的文件命名要和正解区域的file的文件名一致）
vim /var/named/named.xx.com
$TTL 1D
@       IN SOA  xx.com. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      dns1.xx.com.
dns1    IN      A       10.1.1.245
dns2    IN      A       10.1.1.246
www     IN      A       10.1.1.243

反解文件：

cp /var/named/named.localhost /var/named/10.1.1.arpa
vim /var/named/10.1.1.arpa
$TTL 1D
@       IN SOA  xx.com. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      dns1.xx.com.
245     IN      PTR     dns1.xx.com.
246     IN      PTR     dns2.xx.com.
243     IN      PTR     www.xx.com.

配置完成，重启服务：

/etc/init.d/named restart

在客户端查看配置是否成功：

正解检测：

反解检测：

遇到的问题：

权限不足的问题：

** server can't find dns1.xx.com: SERVFAIL

查看日志：

zone 0.in-addr.arpa/IN: loaded serial 0
zone 1.1.10.in-addr.arpa/IN: loading from master file 10.1.1.arpa failed: permission denied
zone 1.1.10.in-addr.arpa/IN: not loaded due to errors.
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone realhostip.com/IN: loading from master file named.xx.com failed: permission denied
zone realhostip.com/IN: not loaded due to errors.
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
managed-keys-zone ./IN: loaded serial 2
Running

可以看到是因为文件权限不足的原因，因此对文件修改所属用户和所属组，并修改权限。

chown named:named /var/named/named.xx.com
chmod 775 /var/named/named.xx.com
chown named:named /var/named/10.1.1.arpa
chmod 775 /var/named/10.1.1.arpa

（2）主从DNS

①进行主从时间同步：（主从服务器上均需要执行该命令）

ntpdate ntp.api.bz

②主服务器修改配置：

vim /etc/named.rfc1912.zones
zone "xx.com" IN {
        type master;
        file "named.xx.com";
        allow-transfer { 10.1.1.246; };
};
zone "1.1.10.in-addr.arpa" IN {
        type master;
        file "10.1.1.arpa";
        allow-transfer { 10.1.1.246; };
};
vim /var/named/named.xx.com 
$TTL 1D
@       IN SOA  xx.com. rname.invalid. (
                                        0        ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      dns1.xx.com.
@       IN      NS      dns2.xx.com.
dns1    IN      A       10.1.1.245
dns2    IN      A       10.1.1.246
www     IN      A       10.1.1.243
vim /var/named/10.1.1.arpa 
$TTL 1D
@       IN SOA  xx.com. rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      dns1.xx.com.
@       IN      NS      dns2.xx.com.
245     IN      PTR     dns1.xx.com.
246     IN      PTR     dns2.xx.com.
243     IN      PTR     www.xx.com.

重启服务：

/etc/init.d/named restart

③从服务器配置：

vim /etc/named.conf 
options {
        listen-on port 53 { any; };
　　　　　allow-query    { any; };
　　　　　dnssec-enable no;
　　　　　dnssec-validation no;
}
vim /etc/named.rfc1912.zones
zone "xx.com" IN {
        type slave;
        file "slaves/named.xx.com";
        masters { 10.1.1.245; };
};
zone "1.1.10.in-addr-arpa" IN {
        type slave;
        file "slaves/10.1.1.arpa";
        masters { 10.1.1.245; };
};

查看是否有从服务器文件：

/etc/init.d/named restart

④修改主服务器正反解文件序列号，进行检测

在从服务器查看日志：

tail -n 30 /var/log/messages | grep named
May 18 15:55:22 dns2 named[8229]: automatic empty zone: D.F.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: automatic empty zone: 8.E.F.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: automatic empty zone: 9.E.F.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: automatic empty zone: A.E.F.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: automatic empty zone: B.E.F.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
May 18 15:55:22 dns2 named[8229]: command channel listening on 127.0.0.1#953
May 18 15:55:22 dns2 named[8229]: command channel listening on ::1#953
May 18 15:55:22 dns2 named[8229]: zone 0.in-addr.arpa/IN: loaded serial 0
May 18 15:55:22 dns2 named[8229]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
May 18 15:55:22 dns2 named[8229]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
May 18 15:55:22 dns2 named[8229]: zone localhost.localdomain/IN: loaded serial 0
May 18 15:55:22 dns2 named[8229]: zone localhost/IN: loaded serial 0
May 18 15:55:23 dns2 named[8229]: managed-keys-zone ./IN: loaded serial 0
May 18 15:55:23 dns2 named[8229]: running
May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: Transfer started.
May 18 15:55:23 dns2 named[8229]: transfer of 'xx.com/IN' from 10.1.1.245#53: connected using 10.1.1.246#35973
May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: transferred serial 0
May 18 15:55:23 dns2 named[8229]: transfer of 'xx.com/IN' from 10.1.1.245#53: Transfer completed: 1 messages, 7 records, 199 bytes, 0.001 secs (199000 bytes/sec)
May 18 15:55:23 dns2 named[8229]: zone xx.com/IN: sending notifies (serial 0)
May 18 15:55:23 dns2 named[8229]: managed-keys-zone ./IN: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period.
May 18 15:55:23 dns2 named[8229]: zone 1.1.10.in-addr-arpa/IN: refresh: non-authoritative answer from master 10.1.1.245#53 (source 0.0.0.0#0)
May 18 15:56:20 dns2 named[8229]: zone 1.1.10.in-addr-arpa/IN: refresh: non-authoritative answer from master 10.1.1.245#53 (source 0.0.0.0#0)
May 18 15:58:00 dns2 named[8229]: client 10.1.1.245#45183: received notify for zone '1.1.10.in-addr.arpa': not authoritative
May 18 15:58:01 dns2 named[8229]: client 10.1.1.245#30300: received notify for zone 'xx.com'
May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: Transfer started.
May 18 15:58:01 dns2 named[8229]: transfer of 'xx.com/IN' from 10.1.1.245#53: connected using 10.1.1.246#39857
May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: transferred serial 20180518
May 18 15:58:01 dns2 named[8229]: transfer of 'xx.com/IN' from 10.1.1.245#53: Transfer completed: 1 messages, 7 records, 199 bytes, 0.001 secs (199000 bytes/sec)
May 18 15:58:01 dns2 named[8229]: zone xx.com/IN: sending notifies (serial 20180518)

查看从服务器接收到的文件：

配置成功。

Centos6.4 DNS服务搭建

猜你喜欢