Centos7 DNS 服务器配置步骤

DNS 服务器配置

第一步:利用centos镜像做yum源安装bind服务包

[root@localhost ~]# mkdir /opt/centos           //创建目录/opt/centos 

[root@localhost ~]#mount /dev/cdrom  /opt/centos    //挂载光盘到/opt/centos 下

mount: /dev/sr0 写保护，将以只读方式挂载

[root@localhost ~]# mv /etc/yum.repos.d/* /home        //移动文件到/home下

制作用于安装的yum 源文件。

[root@localhost ~]#vim /etc/yum.repos.d/local.repo

[centos]

name=centos

baseurl=file:///opt/centos

gpgcheck=0

enabled=1

  [root@localhost yum.repos.d]# yum  clean  all
 
  [root@localhost yum.repos.d]# yum  install  bind*

第二步：查看bind是否安装完成

[root@localhost yum.repos.d]# rpm -aq |grep bind

查看DNS服务器IP地址信息

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens33

UUID=9f92031e-cb20-4cde-b796-6935a082ba86

DEVICE=ens33

ONBOOT=yes

IPADDR=192.168.10.1

NETMASK=255.255.255.0

GATEWAY=192.168.10.254

DNS1=192.168.10.1

[root@localhost ~]# systemctl restart network     //重启网络

[root@localhost ~]# ip add          //查看并检查配置的网络

第三步：配置主文件

[root@Centos7-1 ~]# vim /etc/named.conf

  ......                                     //略
options{     
listen-on port 53 { 127.0.0.1;);    //指定BIND侦听的DNS查询请求的本  //机IP地址及端口
listen-on-v6 port 53{::1;};       //限于 IPv6
directory "/var/named";  /  /指定区域配置文件所在的路径



dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;};      //指定接收DNS查询请求的客户端
recursion yes;
dnssec-enable yes;
dnssec-validation yes;      //改为no可以忽略SELinux影响
dnssec-lookaside auto;
.....
};

//以下用于指定BIND服务的日志参数

logging {
         channel default debug {
         file "data/named.run";
         severity dynamic;
   };

};
zone “.”  IN  {  //用于指定根服务器的配置信息，一般不能改动
type hint;
file "named.ca";
};
include”/etc/named.zones”； //指定主配置文件，一定根据实际修改
include "/etc/named.root.key";

[root@Centos7-1 ~]#cp -p /etc/named.rfc1912.zones /etc/named.zones

​​​​​​​

[root@localhost ~]# vim  /etc/named.conf

options {

        listen-on port 53 { any; };

        listen-on-v6 port 53 { any; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };

   recursion yes;

        dnssec-enable no;

        dnssec-validation no;

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "ssx.com" IN {     //正向根域文件的定义

      type master;    //作为根域

      file "ssx.com.hosts";  //根域正向解析文件名

};

Zone “10.168.192 .in-addr.arpa" IN {   //反向根域文件的定义

      type master;                //作为根域

      file "ssx.com.back";          //根域反向解析文件名

};

include "etc/named.zones";

include "/etc/named.root.key";

检查主配置文件有没有问题 ：

[root@localhost ~]# named-checkconf

第四步：配置正向解析文件

先将/var/named/named.localhost 进行复制到/var/named/ssx.com.hosts中，目的是为了保存文件格式

[root@localhost ~]#cp -p  /var/named/named.localhost  /var/named/ssx.com.hosts

[root@localhost ~]#vim  /var/named/ssx.com.hosts

$TTL 1D

@       IN SOA  @  root.ssx.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       IN      NS      dns.ssx.com.

dns      IN      A       192.168.10.100

www    IN      A       192.168.10.101

smb     IN      A       192.168.10.102

ftp      IN      A       192.168.10.103

第五步：检查正向解析文件

[root@localhost ~]# named-checkzone  ssx.com  /var/named/ssx.com.hosts

zone ssx.com/IN: loaded serial 0

OK

第六步：配置反向解析文件

先将正向解析文件拷贝至/var/named/ssx.com.back

[root@localhost ~]#cp -p /var/named/ssx.com.hosts /var/named/ssx.com.back

[root@localhost ~]#vim  /var/named/ssx.com.back
$TTL 1D
 
@       IN SOA  @  root.ssx.com. (
 
                                        0       ; serial
 
                                        1D      ; refresh
 
                                        1H      ; retry
 
                                        1W      ; expire
 
                                        3H )    ; minimum
 
@       IN      NS      dns.ssx.com.
 
100     IN      PTR     dns.ssx.com
 
101     IN      PTR     www.ssx.com
 
102     IN      PTR     smb.ssx.com
 
103     IN      PTR     ftp.ssx.com
 
~     

                                     

第七步：检查反向解析文件

[root@localhost ~]#named-checkzone  10.168.192.in-addr.arpa  /var/named/ssx.com.back

zone 10.168.192.in-addr.arpa/IN: loaded serial 0

OK

[root@localhost ~]# 

第八步：启动named服务，再去查看named服务工作是否正常！

[root@localhost ~]# systemctl start named
 
[root@localhost ~]# systemctl restart named
 
[root@localhost ~]# systemctl status named

● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)

   Active: active (running) since 日 2019-06-02 14:03:52 CST; 5s ago

  Process: 4860 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)

  Process: 3348 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)

  Process: 4872 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

  Process: 4870 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

 Main PID: 4874 (named)

    Tasks: 4

   CGroup: /system.slice/named.service

           └─4874 /usr/sbin/named -u named -c /etc/named.conf

6月 02 14:03:52 www.ssx.com named[4874]: zone 10.168.192.in-addr.arpa/IN: loaded ... 0

6月 02 14:03:52 www.ssx.com named[4874]: zone 1.0.0.127.in-addr.arpa/IN: loaded s... 0

6月 02 14:03:52 www.ssx.com named[4874]: zone localhost.localdomain/IN: loaded se... 0

6月 02 14:03:52 www.ssx.com named[4874]: zone ssx.com/IN: loaded serial 0

6月 02 14:03:52 www.ssx.com named[4874]: zone localhost/IN: loaded serial 0

6月 02 14:03:52 www.ssx.com named[4874]: all zones loaded

6月 02 14:03:52 www.ssx.com named[4874]: running

6月 02 14:03:52 www.ssx.com systemd[1]: Started Berkeley Internet Name Domain (DNS).

6月 02 14:03:52 www.ssx.com named[4874]: zone ssx.com/IN: sending notifies (serial 0)

6月 02 14:03:52 www.ssx.com named[4874]: zone 10.168.192.in-addr.arpa/IN: sending...0)

Hint: Some lines were ellipsized, use -l to show in full.

第九步：检测正向解析

[root@centos7 ~]# nslookup smb.ssx.com
 
Server: 127.0.0.1
 
Address: 127.0.0.1#53
 
 
 
Name: smb.ssx.com
 
Address: 192.168.10.102

第十步：检测反向解析

[root@localhost ~]# nslookup  192.168.10.101

Server: 192.168.10.200

Address: 192.168.10.200#53

101.10.168.192.in-addr.arpa name = www.ssx.com.

Linux客户机测试（前提是必须保证Client1与DNS服务器的通信畅通。)

[root@Client1 ~]# vim /etc/resolv.conf

   nameserver 192.168.10.100

   search  ssx.com

在Linux客户机验证前关闭防火墙

[root@Client1 ~]#systemctl  stop  firewalld

[root@client1 ~]# nslookup
 
> server     //显示真实本机NDS server信息
 
> www.ssx.com      //显示真实本机配置信息
 
> 192.168.10.102      / 显示真实本机配置信息