DNS服務器的架設
企業中已經有自己的網頁,需要員工訪問,員工希望通過簡單快捷地域名方式訪問本地網絡及Internet上的資源。
DNS,就是Domain Name System或者Domain Name Service,中文意思是域名系統或者域名服務
DNS的作用:你不知道某個網站的IP地址,用域名通過DNS查詢,只要該域名已經註冊,就能查到相應的IP地址。這種轉換工作稱爲域名解析。
1.主DNS服務器:}主DNS服務器中存儲了其所轄區域內主機的域名資源的正本,而且以後這些區域內的數據變更時,也是直接寫到這臺服務器的區域文件中,該文件是可讀可寫的。
2.輔助DNS服務器}定期從另一臺DNS服務器複製區域文件,這一複製動作被稱爲區域傳送(Zone Transfer),區域傳送成功後會將區域文件設置爲“只讀”,也就是說,在輔助DNS服務器中不能修改區域文件
安裝DNS
#mkdir /mnt/cdrom
#mount /dev/cdrom /mnt/cdrom/
mount: /dev/sr0 is write-protected,mounting read-only
# cd/mnt/cdrom/Packages/
# lsbind*
bind-9.9.4-14.el7.x86_64.rpm bind-libs-lite-9.9.4-14.el7.x86_64.rpm
bind-chroot-9.9.4-14.el7.x86_64.rpm bind-license-9.9.4-14.el7.noarch.rpm
bind-dyndb-ldap-3.5-4.el7.x86_64.rpm bind-utils-9.9.4-14.el7.x86_64.rpm
bind-libs-9.9.4-14.el7.x86_64.rpm
#rpm -Uvh bind-9.9.4-14.el7.x86_64.rpm
warning: bind-9.9.4-14.el7.x86_64.rpm:Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... #################################[100%]
Updating / installing...
1:bind-32:9.9.4-14.el7 ################################# [100%]
爲了提高安全性我們安裝
#rpm -Uvh bind-chroot-9.9.4-14.el7.x86_64.rpm
warning:bind-chroot-9.9.4-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key IDf4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bind-chroot-32:9.9.4-14.el7 ################################# [100%]
#rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
#rpm -qc bind-chroot
/var/named/chroot/etc/named.conf
# cd /etc/
# cp named.conf named.conf.origin
# vi /etc/named.conf
將裏面的信息修改
//listen-onport 53 { 127.0.0.1; };
listen-on port 53 { any; };
//allow-query { localhost; };
allow-query { any; };
forwarders{202.102.224.68; 202.102.227.68;};
allow-transfer { 192.168.188.11; 192.168.188.12; };
//dnssec-enable yes;
dnssec-enable no;
//dnssec-validation yes;
dnssec-validation no;
#service named start
Redirecting to /bin/systemctl start named.service
生成key會很慢,等待一會我們可以在日誌中看到生成key的過程
systemd: Starting Generate rndc key for BIND(DNS)...
systemd: Started Generate rndc key for BIND(DNS).
systemd: Started Berkeley Internet Name Domain(DNS).
記住現在是101
#rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
使用本機進行域名解析
#nslookup
> server 192.168.188.11
Default server: 192.168.188.11
Address: 192.168.188.11#53
> www.g.cn
Server: 192.168.188.11
Address: 192.168.188.11#53
Non-authoritative answer:
Name: www.g.cn
Address: 203.208.46.180
Name: www.g.cn
Address: 203.208.46.179
Name: www.g.cn
Address: 203.208.46.177
Name: www.g.cn
Address: 203.208.46.176
Name: www.g.cn
Address: 203.208.46.178
現在我們需要添加自定義的zone
# vi/etc/named.conf
在最後添加
zone"bigcloud.local" IN {
type master;
file"bigcloud.local.zone";
};
zone"188.168.192.in-addr.arpa" IN {
type master;
file"192.168.188.zone";
};
zone"189.168.192.in-addr.arpa" IN {
type master;
file"192.168.189.zone";
};
# cd/var/named/
# ls
查看一下然後我們添加進去這三個zone並拷貝
#touch bigcloud.local.zone
# cpnamed.empty bigcloud.local.zone
#touch 192.168.188.zone
# cpnamed.empty 192.168.188.zone
#touch 192.168.189.zone
# cpnamed.empty 192.168.189.zone
然後進去修改並添加內容
#vim bigcloud.local.zone
$TTL 3H
@ IN SOA ZZSRV1.bigcloud.local. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
IN NS zzsrv1.bigcloud.local.
IN NS zzsrv2.bigcloud.local.
zzsrv1 IN A 192.168.188.11
zzsrv2 IN A 192.168.188.12
ftp IN A 192.168.188.11
mailsrv1 IN A 192.168.188.22
smtp IN CNAME mailsrv1.bigcloud.local.
pop3 IN CNAME mailsrv1.bigcloud.local.
www IN A 192.168.188.11
crm IN A 192.168.188.11
# vi192.168.188.zone
$TTL 3H
@ IN SOA zzsrv1.bigcloud.local. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
IN NS zzsrv1.bigcloud.local.
IN NS zzsrv2.bigcloud.local.
11 IN PTR zzsrv1.bigcloud.local.
11 IN PTR ftp.bigcloud.local.
12 IN PTR zzsrv2.bigcloud.local.
12 IN PTR mailsrv1.bigcloud.local.
# vi 192.168.189.zone
$TTL 3H
@ IN SOA zzsrv1.bigcloud.local. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H) ; minimum
IN NS zzsrv1.bigcloud.local.
IN NS zzsrv2.bigcloud.local.
改變屬主
# chown named:named 192.168.18*
# chown named:named bigcloud.local.zone
# ll
-rw-r--r-- 1 named named 377 Aug 16 19:50 192.168.188.zone
-rw-r--r-- 1 named named 211 Aug 16 19:51 192.168.189.zone
-rw-r--r-- 1 named named 498 Aug 16 19:43 bigcloud.local.zone
重啓服務
# service named restart
Redirecting to /bin/systemctl restart named.service
在日誌中可以查看到重啓成功(建議在啓動服務時,就在另外一個會話窗口打開看)
# tail -f /var/log/messages
這時候我們使用rndc命令會看到zone變成104了多了3個
# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
設置爲自動啓動
# systemctl enable named
# systemctl status named
named.service - Berkeley Internet NameDomain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active: active (running) since Sat 2014-08-16 21:45:26 CST; 9min ago
MainPID: 3141 (named)
CGroup: /system.slice/named.service
a””a”3141 /usr/sbin/named -u named
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: zone 189.168.192.in-addr.arpa/IN: loaded serial 0
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: zone bigcloud.local/IN: loaded serial 0
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: all zones loaded
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: running
Aug 16 21:45:26 ZZSRV1.localdomainsystemd[1]: Started Berkeley Internet Name Domain (DNS).
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: zone 189.168.192.in-addr.arpa/IN: sending no...0)
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: zone bigcloud.local/IN: sending notifies (se...0)
Aug 16 21:45:26 ZZSRV1.localdomainnamed[3141]: zone 188.168.192.in-addr.arpa/IN: sending no...0)
測試
# nslookup
> server 192.168.188.11
Default server: 192.168.188.11
Address: 192.168.188.11#53
> www.bigcloud.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: www.bigcloud.local
Address: 192.168.188.11
> smtp.bigcloud.local.
Server: 192.168.188.11
Address: 192.168.188.11#53
smtp.bigcloud.local canonical name = mailsrv1.bigcloud.local.
Name: mailsrv1.bigcloud.local
Address: 192.168.188.22
> 192.168.188.11
Server: 192.168.188.11
Address: 192.168.188.11#53
11.188.168.192.in-addr.arpa name = zzsrv1.bigcloud.local.
11.188.168.192.in-addr.arpa name = ftp.bigcloud.local.
> 192.168.188.12
Server: 192.168.188.11
Address: 192.168.188.11#53
12.188.168.192.in-addr.arpa name = zzsrv2.bigcloud.local.
12.188.168.192.in-addr.arpa name = mailsrv1.bigcloud.local.
> exit
安裝輔DNS
# mkdir /mnt/cdrom
#mount /dev/cdrom /mnt/cdrom/
mount: /dev/sr0 is write-protected,mounting read-only
# cd/mnt/cdrom/Packages/
# lsbind*
bind-9.9.4-14.el7.x86_64.rpm bind-libs-lite-9.9.4-14.el7.x86_64.rpm
bind-chroot-9.9.4-14.el7.x86_64.rpm bind-license-9.9.4-14.el7.noarch.rpm
bind-dyndb-ldap-3.5-4.el7.x86_64.rpm bind-utils-9.9.4-14.el7.x86_64.rpm
bind-libs-9.9.4-14.el7.x86_64.rpm
#rpm -Uvh bind-9.9.4-14.el7.x86_64.rpm
warning: bind-9.9.4-14.el7.x86_64.rpm:Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bind-32:9.9.4-14.el7 ################################# [100%]
爲了提高安全性我們安裝
#rpm -Uvh bind-chroot-9.9.4-14.el7.x86_64.rpm
warning:bind-chroot-9.9.4-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key IDf4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bind-chroot-32:9.9.4-14.el7 ################################# [100%]
#rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
#rpm -qc bind-chroot
/var/named/chroot/etc/named.conf
# cd /etc/
# cp named.conf named.conf.origin
# vi /etc/named.conf
將裏面的信息修改
//listen-onport 53 { 127.0.0.1; };
listen-on port 53 { any; };
//allow-query { localhost; };
allow-query { any; };
forwarders{202.102.224.68; 202.102.227.68;};
allow-transfer { 192.168.188.11; 192.168.188.12; };
//dnssec-enable yes;
dnssec-enable no;
//dnssec-validation yes;
dnssec-validation no;
# service named start
Redirecting to /bin/systemctl start named.service
生成key會很慢,等待一會我們可以在日誌中看到生成key的過程
systemd: Starting Generate rndc key for BIND(DNS)...
systemd: Started Generate rndc key for BIND(DNS).
systemd: Started Berkeley Internet Name Domain(DNS).
記住現在是101
#rndc status
version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
使用本機進行域名解析
# nslookup
> server 192.168.188.12
Default server: 192.168.188.12
Address: 192.168.188.12#53
> www.g.cn
Server: 192.168.188.12
Address: 192.168.188.12#53
Non-authoritative answer:
Name: www.g.cn
Address: 203.208.46.212
Name: www.g.cn
Address: 203.208.46.210
Name: www.g.cn
Address: 203.208.46.209
Name: www.g.cn
Address: 203.208.46.208
Name: www.g.cn
Address: 203.208.46.211
>
添加輔助Zone
# vi /etc/named.conf
zone "bigcloud.local" IN {
type slave;
masters {192.168.188.11; };
file "bigcloud.local.zone";
};
zone "188.168.192.in-addr.arpa"IN {
type slave;
masters {192.168.188.11; };
file "192.168.188.zone";
};
zone "189.168.192.in-addr.arpa"IN {
type slave;
masters {192.168.188.11; };
file "192.168.189.zone";
};
更改目錄的權限,保證讓named能夠讀
# ll /var/named/ -d
drwxrwx--- 6 root named 4096 Aug 12 10:59/var/named/
啓動服務
[root@zzsrv2 ~]# systemctl startnamed.service
Redirecting to /bin/systemctl restart named.service
設置爲自動啓動
[root@zzsrv2 ~]# systemctl enable named
ln -s'/usr/lib/systemd/system/named.service''/etc/systemd/system/multi-user.target.wants/named.service'
查看日誌,檢查是否有報錯信息。(建議在啓動時,就在另外一個會話時就打開)
# tail -f /var/log/messages
# ll /var/named/
total 28
-rw-r--r-- 1 named named 423 Aug 12 11:16 192.168.188.zone
-rw-r--r-- 1 named named 226 Aug 12 11:16 192.168.189.zone
-rw-r--r-- 1 named named 629 Aug 12 09:25 bigcloud.local.zone
drwxr-x--- 7 root named 56 Aug 12 10:59 chroot
drwxrwx--- 2 named named 22 Aug 12 09:15 data
drwxrwx--- 2 named named 30 Aug 12 11:16 dynamic
-rw-r----- 1 root named 2076 Jan 28 2013 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Jun 10 16:13 slaves
我們可以在主DNS上添加一個記錄並且將序列號增大
# vi /var/named/bigcloud.local.zone
test IN A 10.0.0.1
0-2
在輔DNS上我們使用
# rndc reload
server reload successful
# nslookup
> server 192.168.188.12
Default server: 192.168.188.12
Address: 192.168.188.12#53
> test.bigcloud.local.
Server: 192.168.188.12
Address: 192.168.188.12#53
Name: test.bigcloud.local
Address: 10.0.0.1
> exit