主DNS服务部署
c
yum -y install bind bind-chroot bind-utils
systemctl start named //开启named
systemctl enable named //开机自启动
ss -tnl |grep 53 //查看端口是否正常启动
vim /etc/named.conf //编辑全局配置文件
listen-on port 53 {any;}; //监听所有
allow-query {any;}; //允许所有用户查询
c
vim /etc/named.rfc1912.zone //默认区域配置文件,可以自行修改
zone "sdskills.net" IN {
type master;
file "sdskills.net.zone";
allow-update {none;};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.zone";
allow-update {none;};
};
c
cp -p /var/named/named.localhost /var/named/sdskills.net.zone //复制正向区域模板
vim /var/named/sdskills.net.zone
$TTL 1D
@ IN SOA @ root.sdskills.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS Server01.sdskills.net.
Server01 IN A 192.168.0.2
www IN A 192.168.0.7
systemctl restart named //重启服务
c
cp -p /var/named/named.loopback /var/named/0.168.192.zone //复制反向区域模板
vim /var/named/0.168.192.zone
$TTL 1D
@ IN SOA @ root.sdskills.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS Server01.sdskills.net.
2 IN PTR Server01.sdskills.net.
2 IN PTR www.sdskills.net.客户端查看
c
cat /etc/resolv.conf
search sdskills.net
nameserver 192.168.0.2委派DNS服务器部署
主DNS服务器
c
vim /etc/named.conf
#dnssec-enable yes; //注释掉以下三行
#dnssec-validation yes;
#include "/etc/named.root.key";委派服务器
c
yum -y install bind bind-chroot bind-utils
systemctl restart named
systemctl enable named
vim /etc/named.conf
listen-on port 53 {any;}; //监听所有
allow-query {any;}; //允许所有用户查询
c
vim /etc/named.rfc1912.zone //默认区域配置文件,可以自行修改
zone "skills.net" IN {
type master;
file "skills.net.zone";
allow-update {none;};
};
c
cp -p /var/named/named.localhost /var/named/sdskills.net.zone //复制正向区域模板
vim /var/named/skills.net.zone
$TTL 1D
@ IN SOA @ root.skills.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS Server02.skills.net.
Server02 A 192.168.0.7
www A 192.168.0.10在委派DNS上创建辅助DNS
c
vim /etc/named.rfc1912.zones
zone "sdskills.net" IN {
type slave;
file "slaves/sdskills.net.zone";
masters {192.168.0.2;};
};
systemctl restart named
systemctl status named //查看状态
ll /var/named/slaves //查看是否由在主DNS服务器上复制到的文件比赛
安装DNS相关服务软件;
建立sdskills.org域,为所有除Internet区域的主机或服务器建立正\反的域名解析;
当出现无法解析的域名时,向域skills.org申请更高层次的解析。
c
setenforce 0
systemctl stop firewalld //关闭防火墙
yum -y install bind //安装DNS服务
vim /etc/named.conf
listen-on port 53 {any;}; //监听所有
allow-query {any;}; //允许所有用户查询
forwarders {192.168.10.4;}; //向192.168.10.4域转发申请解析
recursion yes; //开启递归,向更高域申请请求
dnssec-enable no; //不认证
dnssec-validation no;
#zone "." IN { //把本地根域去掉
# type hint;
# file "named.ca";
#};
#include "/etc/named.rfc1912.zones"; //可以把区域配置写下面,那样就不需要在这个文件上配置了
include "/etc/named.root.key";
zone "sdskills.com" IN {
type master;
file "sdskills.com.zone";
};
zone "100.16.172.in-addr.arpa" IN {
type master;
file "100.16.172.zone";
};
c
vim /etc/named.rfc1912.zones //默认区域配置文件,可以自行修改
zone "sdskills.org" IN { //正向解析域
type master;
file "sdskills.org.zone";
allow-update { none;};
};
zone "100.16.172.in-addr.arpa" IN { //反向解析域
type master;
file "100.16.172.zone";
allow-update { none;};
};
c
cd /var/named //去DNS区域配置文件目录
cp -p named.loopback sdskills.org.zone //复制模板
cp -p named.loopback 100.16.172.zone
c
vim sdskills.org.zone //配置正向解析域
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS www.sdskills.org.
@ IN MX 10 mail
www IN A 172.16.100.201
ftp IN A 172.16.100.202
mail IN A 172.16.100.202
imap IN A 172.16.100.202
smtp IN A 172.16.100.202
*.sdskills.org IN A 172.16.100.201
c
vim 100.16.172.zone //配置反向解析域
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS www.sdskills.org.
201 IN PTR www.sdskills.org.
202 IN PTR ftp.sdskills.org.
202 IN PTR mail.sdskills.org.
202 IN PTR imap.sdskills.org.
202 IN PTR smtp.sdskills.org.
c
chmod 777 sdskills.com.zone 172.16.100.zone //赋予权限,不然internet服务器无法申请本服务器解析
systemctl restart named //重启DNS服务客户端查看
c
cat /etc/resolv.conf
# Generated by NetworkManager
search sdskills.org
nameserver 172.16.100.201
nameserver 192.168.10.4UOS比赛
安装DNS相关服务软件包;
为域skills.org提供必要的域名解析;
当非skills.org域的解析时,统一解析到Rserver连接Internet网段的IP地址或Rserver.skills.org。
c
apt -y install bind9 dnsutils //安装DNS服务跟DNS调试工具
cd /etc/bind/
db.127 //反向区域数据库,用于将IP解析为对应的域名
db.local //正向区域数据库,用于将域名解析为对于的IP地址
named.conf.default-zones //默认区域
named.conf.local //用于定义解析域,也可以直接在named.conf中直接划定解析域
named.conf.options //配置文件,全局选项配置
named.conf //Bind的主配置文件,不包含DNS数据定义解析域
c
vim named.conf.local
zone "." { //根域
type master;
file "/etc/bind/root.zone";
};
zone "skills.org" { //正向解析域
type master;
file "/etc/bind/skills.org.zone";
};
zone "10.168.192.in-addr.arpa" { //方向解析域
type master;
file "/etc/bind/10.168.192.zone";
};
cp -a db.local root.zone
cp -a db.local skills.org.zone
cp -a db.local 10.168.192.zone
c
vim skills.org.zone
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS www.skills.org.
www IN A 192.168.10.4
Server02 IN A 192.168.10.4
*.skills.com IN A 192.168.10.4
c
vim root.zone
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS www.skills.com.
* IN A 192.168.10.2 //解析其他域时,统一解析到192.168.10.2
c
vim 10.168.192.zone
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS www.skills.com.
3 IN PTR www.skills.com.
3 IN PTR Server02.skills.com.
systemctl restart bind9 //重启bind9服务
c
vim named.conf.options
dnssec-validation no; //不验证
dnssec-enable no;
listen-on { any; };
allow-query { any; }; //允许所有主机访问客户端
c
vim /etc/resolv.conf //配置DNS域
nameserver 192.168.10.4
[root@localhost ~]# nslookup www.skills.org
Server: 192.168.10.4
Address: 192.168.10.4#53
Name: www.skills.org
Address: 192.168.10.4
[root@localhost ~]# nslookup any.any.any
Server: 192.168.10.4
Address: 192.168.10.4#53
Name: any.any.any
Address: 192.168.10.2DNS
为 chinaskills.cn 域提供域名解析。
为 www.chinaskills.cn、download.chinaskills.cn 和 mail.chinaskills.cn 提供解析。
启用内外网解析功能,当内网客户端请求解析的时候,解析到对应的 内部服务器地址,当外部客户端请求解析的时候,请把解析结果解析 到提供服务的公有地址。
请将 IspSrv 作为上游 DNS 服务器,所有未知查询都由该服务器处理。
c
yum -y install bind bind-utils
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
forwarders { 81.6.63.100;};
recursion yes;
dnssec-enable no;
dnssec-validation no;
#zone "." IN {
# type hint;
# file "named.ca";
#};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
view insidecli {
match-clients { 192.168.0.0/16;};
zone "chinaskills.cn" IN {
type master;
file "chinaskills.cn.insidecli";
};
};
view outsidecli {
match-clients { 0.0.0.0/0;};
zone "chinaskills.cn" IN {
type master;
file "chinaskills.cn.outsidecli";
};
};
c
cd /var/named
cp name.localhost chinaskills.cn.insidecli -p
NS @
A 127.0.0.1
@ IN MX 10 mail
www A 192.168.100.100
mail A 192.168.100.100
appsrv A 192.168.100.100
download A 192.168.100.100
ftp A 192.168.100.200
~
c
cp chinaskills.cn.insidecli chinaskills.cn.outsidecli -p
NS @
A 127.0.0.1
www A 81.6.63.254
mail A 81.6.63.254
appsrv A 81.6.63.254
download A 81.6.63.254
ftp A 81.6.63.254
c
chmod 777 chinaskills.cn.insidecli chinaskills.cn.outsidecli
named-checkconf //检查是否有语法错误