DNS配置手册
snow chuai汇总、整理、撰写---2020/1/20
1. 安装BIND
[root@dnsmaster ~]# yum install bind -y
|
2. 配置DNS主服务器
2.1 配置named.conf
[root@dnsmaster ~]# vim /etc/named.conf
options {
directory "/var/named/";
};
zone “.” IN {
type hint;
file “named.ca”;
};
# 增加1000cc.net的正解区域
zone "1000cc.net" IN {
type master;
file "1000cc.db";
};
# 增加1000cc.net反解区域
zone "188.168.192.in-addr.arpa" IN {
type master;
file "db.1000cc";
};
|
2.2 配置正解、反解数据库
2.2.1 正解数据库配置
[root@dnsmaster ~]# vim /var/named/1000cc.db
$TTL 1D
@ IN SOA dnsmaster.1000cc.net. root.dnsmaster.1000cc.net. (
0 ;serial
1D ;refersh
1H ;retry
1W ;expire
3H) ;minimum
@ IN NS dnsmaster.1000cc.net.
@ IN MX 10 mail.1000cc.net.
dnsmaster IN A 192.168.188.2
www IN A 192.168.188.3
ftp IN A 192.168.188.4
mail IN A 192.168.188.5
web IN CNAME www.1000cc.net.
|
2.2.2 反解数据库配置
[root@dnsmaster ~]# vim /var/named/db.1000cc
$TTL 1D
@ IN SOA dnsmaster.1000cc.net. root.dnsmaster.1000cc.net. (
0 ;serial
1D ;refersh
1H ;retry
1W ;expire
3H) ;minimum
@ IN NS dnsmaster.1000cc.net.
@ IN MX 10 mail.1000cc.net.
2 IN PTR dnsmaster.1000cc.net.
3 IN PTR www.1000cc.net.
4 IN PTR ftp.1000cc.net.
5 IN PTR mail.1000cc.net.
|
2.3 配置named解析
[root@dnsmaster ~]# vim /etc/resolv.conf
domain 1000cc.net
nameserver 192.168.188.2
|
2.4 启动named服务
[root@dnsmaster ~]# chgrp named /var/named/1000cc.db
[root@dnsmaster ~]# chgrp named /var/named/db.1000cc
[root@dnsmaster ~]# systemctl enable --now named
2.4 防火墙配置
[root@dnsmaster ~]# firewall-cmd --add-service=dns --permanent
[root@dnsmaster ~]# firewalld-cmd --reload
|
|
3. 客户端测试
3.1 于DNS客户端配置DNS服务器
[root@dnsclient ~]# vim /etc/resolv.conf
search 1000cc.net
# 指定DNS服务器IP地址
nameserver 192.168.188.2
|
3.2 DNS客户端解析
# 正解查询
[root@dnsclient ~]# nslookup www.1000cc.net
Default server: 192.168.188.2
Address: 192.168.188.2#53
Name: www.1000cc.net
Address: 192.168.188.3
# 别名查询
[root@dnsclient ~]# nslookup web.1000cc.net
Server: 192.168.188.2
Address: 192.168.188.2#53
web.1000cc.net canonical name = www.1000cc.net.
Name: www.1000cc.net
Address: 192.168.188.3
# 反解查询
[root@dnsclient ~]# nslookup 192.168.188.2
2.188.168.192.in-addr.arpa name=dnsmaster.1000cc.net.
# MX查询
[root@dnsclient ~]# nslookup -q=mx 1000cc.net
Server: 192.168.188.2
Address: 192.168.177.2#53
1000cc.net mail exchanger = 10 mail.1000cc.net.
# SOA查询
[root@dnsclient ~]# nslookup -q=soa 1000cc.net
Server: 192.168.188.2
Address: 192.168.188.2#53
1000cc.net
origin = dnsmaster.1000cc.net
mail addr = root.dnsmaster.1000cc.net
serial = 0
refresh = 86400
retry = 3600
expire = 604800
minimum = 10800
|
4. 配置DNS辅服务器
4.1 配置named.conf
[root@dnslave ~]# vim /etc/named.conf
options {
directory "/var/named/";
};
zone “.” IN {
type hint;
file “named.ca”;
};
zone "1000cc.net" IN {
# 设定类型为slave
type slave;
# 设定主dns服务器IP,便于同步DNS数据条目"
masters { 192.168.188.2; };
# 设定同步过来的数据库所存放的路径及文件名
file "slaves/1000cc.db";
};
zone "188.168.192.in-addr.arpa" IN {
# 设定类型为slave
type slave;
# 设定主dns服务器IP,便于同步DNS数据条目"
masters { 192.168.188.2; };
# 设定同步过来的数据库所存放的路径及文件名
file "slaves/db.1000cc";
};
|
4.2 确认正解、反解数据库已同步
[root@dnsslave ~]# ls -l /var/named/slaves/1000cc.db
[root@dnsslave ~]# ls -l /var/named/slaves/db.1000cc
|
4.3 启动named服务
[root@dnsslave ~]# systemctl enable --now named
|
4.4 [DNS客户端测试](#dnsclient)
[root@dnsclient ~]# vim /etc/resolv.conf
search 1000cc.net
nameserver 192.168.188.3
[root@dnsclient ~]# nslookup www.10000cc.net
|
5. DNS转发服务器配置
5.1 Forward only服务器配置
[root@dnforward ~]# vim /etc/named.conf
options {
# 设定转发到指定dns srv的IP地址
forwarders {
192.168.188.2;
192.168.188.3;
};
# 仅负责转发
forward only;
};
[root@dnforward ~]# vim /etc/resolv.conf
search 1000cc.net
# 写入本地转发服务器的IP地址
nameserver 192.168.188.4
[root@dnforward ~]# systemctl --enable now named
|
5.2 客户端配置
[root@dnsclient ~]# vim /etc/resolv.conf
search 1000cc.net
# 写入转发服务器的IP地址
nameserver 192.168.188.4
[root@dnsclient ~]# nslookup www.10000cc.net
|
6. DNS委派
6.1 配置DNS委派-Master服务器配置
[root@dnsother1]# vim /etc/named.conf
options {
directory "/var/named";
};
zone "edu." {
type master;
file "named.edu”;
};
[root@dnsother1]# vim /var/named/named.edu
$TTL 1D
@ IN SOA dnsother1.1000cc.edu. root.dnsother1.1000cc.edu. (
0 ;serial
1D ;refersh
1H ;retry
1W ;expire
3H ) ;minimum
@ IN NS dnsother1.1000cc.net.
# 指定1000cc.edu.的解析由dnsmaster2负责完成
1000cc.edu. IN NS dnsmsater2.1000cc.edu.
dnsother1.1000cc.net. IN A 192.168.10.1
dnsother2.1000cc.edu. IN A 192.168.10.2
srvother1 IN A 192.168.10.3
srvother2 IN A 192.168.10.4
[root@dnsother]# chown named. named.edu
[root@dnsother]# systemctl enable --now named
|
6.2 配置DNS委派-委派服务器配置
[root@dnsother2]# vim /etc/named.conf
options {
directory "/var/named";
};
zone "100cc.edu." {
type master;
file "1000cc.edu”;
};
[root@dnsother]# vim /var/named/1000cc.edu
$TTL 1D
@ IN SOA dnsother2.1000cc.edu. root.dnsother2.1000cc.edu. (
0 ;serial
1D ;refersh
1H ;retry
1W ;expire
3H ) ;minimum
@ IN NS dnother21000cc.net.
dnsother2.1000cc.edu. IN A 192.168.10.2
srv1 IN A 192.168.10.3
srv2 IN A 192.168.10.4
[root@dnsother]# chown named. named.edu
[root@dnsother]# systemctl enable --now named
|
6.3 客户端配置
[root@dnsclient ~]# vim /etc/resolv.conf
search 1000cc.edu
nameserver 192.168.10.2
[root@dnsclient ~]# nslookup srv2.10000cc.edu
|
7. 清除DNS缓存
7.1 rndc清除方法
[root@dnsother3]# rndc-confgen -r /dev/urandom -a
[root@dnsother3]# chown root:named /etc/rndc.key
[root@dnsother3]# chmod 644 /etc/rndc.key
[root@dnsother3]# systemctl restart named
[root@dnsother3]# rndc flush # 清除DNS缓存
|
7.2 nsdc清除方法
[root@dnsother3]# systemctl restart nscd
|
如对您有帮助,请随缘打个赏。^-^