首页 / CENTOS / CentOS7部署DNS服务
CentOS7部署DNS服务
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了CentOS7部署DNS服务,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含21624字,纯文字阅读大概需要31分钟。
内容图文
DNS配置介绍
主配置文件/etc/named.conf
options {...}; 设定DNS服务器全局环境
listen-on port 53 {...;}; DNS服务named监听的端口和ip
directory 定义数据库文件存放的目录,即zone file的存放目录
dump-file/statistics-file/memstatistics-file
关于named服务的统计信息的文件
allow-query {...;}; 允许询问我DNS服务器的主机
allow-transfer {...;}; 是否允许slave DNS对领域数据进行转发
allow-update {...;}; 动态DNS更新
recursion 是否支持递归查询,设置为no将不能访问根服务器
forward 是否支持转发
only 表示只进行转发
first 表示优先
默认first
forwarders {ip1;ip2;....;}; 指定转发的上层DNS服务器IP
zone "xxx" IN {...}; 区域描述声明
type 指定zone类型
hint 表示跟服务器
master 表示该区域的主DNS服务器
slave 表示该区域的从DNS服务器
file 表示DNS数据库文件放在哪里
view " " {...}; 域名视图描述声明
acl "xxx" {...;}; 定义访问控制列表,名字为xxx
内置的acl:localhost/localnet/any/none:本地主机的IP/该局域网的所有IP/任何IP/所有都不
include " "; 将过多的zone声明写入一个文件当中,以免主配置文件过于繁琐数据库文件/var/named/*
DNS服务器的数据库记录信息
$TTL 该区域的记录信息能够在客户端的缓存中存活多长时间 SOA 一个区域的记录信息的开始,必须标识 格式为:区域 IN SOA 主DNS服务器域名 邮件服务器域名 ( serial; 序列号,从DNS的序列号如果小于它则会更新数据 refresh; 从DNS服务器多长时间检查一次主DNS的数据 retry; 从DNS服务器连接主DNS失败后,多长时间后重新连接 expire; 从DNS始终无法连接主DNS,从DNS的数据库文件何时失效 minimum; 如果DNS服务器查询结果失败,此失败信息会在缓存缓存中存活多长时间 ) NS 管理区域的DNS服务器名称,每个域名都有自己的NS记录,必须标识 A 主机名对应的IPv4地址,必须标识 AAAA ipv6的地址 MX 表示区域的邮件服务器的域名 CNAME 主机别名,用于域名内部的跳转,为服务器配置提供灵活性。变更域名的IP地址的时候,只需要修改别名 格式为:别名 IN CNAME DNS服务器的域名 PTR PoinTeR的缩写,逆向查询记录,后边记录的数据就是反解到的主机名,反向解析数据库文件必须标识
对于SOA部分,例如:
1804170045 5 5 2592000 3600 表示:2018/4/17第45次刷新,slave每5秒连接master,连接失败则在5秒之后再次连接,直到2592000秒,查询失败的记录在其他DNS服务器中存活3600秒
DNS解析常用命令
查询主机名IP的命令 host [option][server] -a 列出详细信息 -l 列出domain所管理的所有主机名的信息 nsloopup[server] 支持正解和反解 dig [option][@server] +trace 从根服务器开始追踪 - t指定查询的数据类别 -x 反解查询 whois查询注册的domain的信息 该命令来自jwhois软件 rndc reload 重新读取named.conf named-checkconf 检查主配置文件named.conf的语法
安装DNS
- 规划:
1. 指定区域lzxlinux.com,该DNS服务器的域名为master.lzxlinux.com,同时有另外一个域名为www.lzxlinux.com; 2. 该域名服务器有一个别名叫做ftp.lzxlinux.com; 3. 该区域内有一台名为www.lzxlinux.com的邮件服务器; 4. 该DNS服务器的IP为192.168.30.254,并且用同网段另一台机器192.168.30.131来测试; 5. 该DNS服务器支持正向解析和反向解析。
一个服务器可以是一个IP对应多个域名,同样也可以一个域名对应多个IP。
- 安装:
yum install -y bind*
- 修改配置:
vim /etc/named.conf
options {
listen-on port 53 { 192.168.30.254; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};zone "." IN {
type hint;
file "named.ca";};zone "lzxlinux.com" IN {
type master;
file "named.lzxlinux.com";};zone "30.168.192.in-addr.arpa" IN { #反解zone的格式,必须将IP倒着写
type master;
file "named.192.168.30";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";- 修改正向解析数据库文件:
正解数据库文件中必须要有$TTL、SOA、NS、A记录
vim /var/named/named.lzxlinux.com$TTL 1D @ IN SOA master.lzxlinux.com. www.lzxlinux.com. ( 2019053101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.lzxlinux.com. ;@ IN MX 10 www.lzxlinux.com. ;master.lzxlinux.com. IN A 192.168.30.254 ;www.lzxlinux.com. IN A 192.168.30.254 ;ftp.lzxlinux.com. IN CNAME www.lzxlinux.com. ;
- 修改反向解析数据库文件:
反解数据库文件中必须要有$TTL、SOA、NS、PTR记录
vim /var/named/named.192.168.30$TTL 1D @ IN SOA master.lzxlinux.com. www.lzxlinux.com. ( 2019053101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.lzxlinux.com. ;254 IN PTR master.lzxlinux.com. ;254 IN PTR www.lzxlinux.com. ;
- 启动named服务:
systemctl start named
- 解析测试:
到 192.168.30.131 上测试
vim /etc/sysconfig/network-scripts/ifcfg-ens33#DNS1="8.8.8.8" #禁掉外网DNSDNS1="192.168.30.254"yum install -y bind-utils
dig master.lzxlinux.com; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> master.lzxlinux.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55468;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;master.lzxlinux.com. IN A;; ANSWER SECTION: master.lzxlinux.com. 86400 IN A 192.168.30.254;; AUTHORITY SECTION: lzxlinux.com. 86400 IN NS master.lzxlinux.com.;; Query time: 2 msec;; SERVER: 192.168.30.254#53(192.168.30.254);; WHEN: Sun Jun 02 21:45:20 EDT 2019;; MSG SIZE rcvd: 78
正向解析成功。
dig -x 192.168.30.254; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -x 192.168.30.254;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7803;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;254.30.168.192.in-addr.arpa. IN PTR;; ANSWER SECTION: 254.30.168.192.in-addr.arpa. 86400 IN PTR www.lzxlinux.com. 254.30.168.192.in-addr.arpa. 86400 IN PTR master.lzxlinux.com.;; AUTHORITY SECTION: 30.168.192.in-addr.arpa. 86400 IN NS master.lzxlinux.com.;; ADDITIONAL SECTION: master.lzxlinux.com. 86400 IN A 192.168.30.254;; Query time: 1 msec;; SERVER: 192.168.30.254#53(192.168.30.254);; WHEN: Sun Jun 02 21:50:03 EDT 2019;; MSG SIZE rcvd: 137
反向解析成功。
dig www.baidu.com; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.baidu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29209;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.baidu.com. IN A;; ANSWER SECTION: www.baidu.com. 1083 IN CNAME www.a.shifen.com. www.a.shifen.com. 212 IN A 115.239.211.112 www.a.shifen.com. 212 IN A 115.239.210.27;; Query time: 7 msec;; SERVER: 192.168.30.254#53(192.168.30.254);; WHEN: Sun Jun 02 21:50:47 EDT 2019;; MSG SIZE rcvd: 101
外网解析成功。
配置主从DNS
每个域名中至少需要两台DNS服务器来管理该域名,提供不间断的查询服务,一个master,一个slave,slave自己没有数据库,需要从master那里同步,并且master需要开启数据库传输。
- 规划:
192.168.30.254作主DNS服务器,域名为master.lzxlinux.com,192.168.30.253作从DNS服务器,域名为slave.lzxlinux.com,他们共同管理区域lzxlinux.com
- 修改主DNS配置:
vim /etc/named.conf
options {
listen-on port 53 { 192.168.30.254; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
allow-transfer { none; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};zone "." IN {
type hint;
file "named.ca";};zone "lzxlinux.com" IN {
type master;
file "named.lzxlinux.com";
allow-transfer { 192.168.30.253; };};zone "30.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.30";
allow-transfer { 192.168.30.253; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";- 修改主DNS正向解析数据库文件:
vim /var/named/named.lzxlinux.com$TTL 1D @ IN SOA master.lzxlinux.com. www.lzxlinux.com. ( 2019053101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.lzxlinux.com. ;@ IN NS slave.lzxlinux.com. ;@ IN MX 10 www.lzxlinux.com. ;master.lzxlinux.com. IN A 192.168.30.254 ;slave.lzxlinux.com. IN A 192.168.30.253 ;www.lzxlinux.com. IN A 192.168.30.254 ;ftp.lzxlinux.com. IN CNAME www.lzxlinux.com. ;
- 修改主DNS反向解析数据库文件:
vim /var/named/named.192.168.30$TTL 1D @ IN SOA master.lzxlinux.com. www.lzxlinux.com. ( 2019053101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.lzxlinux.com. ;@ IN NS slave.lzxlinux.com. ;254 IN PTR master.lzxlinux.com. ;254 IN PTR www.lzxlinux.com. ;253 IN PTR slave.lzxlinux.com. ;
- 修改从DNS配置:
vim /etc/named.conf
options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
allow-transfer { none; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};zone "." IN {
type hint;
file "named.ca";};zone "lzxlinux.com" IN {
type slave;
file "slaves/named.lzxlinux.com";
masters { 192.168.30.254; };};zone "30.168.192.in-addr.arpa" IN {
type slave;
file "slaves/named.192.168.30";
masters { 192.168.30.254; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";- 重启主从DNS上named服务:
systemctl restart named
从DNS上/var/named/slaves/目录中自动多出两个文件,这是从DNS同步主DNS的解析数据库
ll /var/named/slaves/ total 8 -rw-r--r-- 1 named named 383 Jun 3 10:51 named.192.168.30 -rw-r--r-- 1 named named 449 Jun 3 10:51 named.lzxlinux.com
- 查看
/var/log/messages日志,有同步传输过程:
vim /var/log/messages Jun 3 10:51:02 test6 named[6660]: zone 30.168.192.in-addr.arpa/IN: Transfer started. Jun 3 10:51:02 test6 named[6660]: transfer of '30.168.192.in-addr.arpa/IN' from 192.168.30.254#53: connected using 192.168.30.253#44120Jun 3 10:51:02 test6 named[6660]: zone 30.168.192.in-addr.arpa/IN: transferred serial 2019053101 Jun 3 10:51:02 test6 named[6660]: transfer of '30.168.192.in-addr.arpa/IN' from 192.168.30.254#53: Transfer completed: 1 messages, 7 records, 220 bytes, 0.005 secs (44000 bytes/sec)Jun 3 10:51:02 test6 named[6660]: zone 30.168.192.in-addr.arpa/IN: sending notifies (serial 2019053101)Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.203.230.10#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:dc3::35#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.33.4.12#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.58.128.30#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:500:84::b#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.36.148.17#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 193.0.14.129#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 198.41.0.4#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:500:1::53#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 199.7.91.13#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.5.5.241#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 199.7.83.42#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:500:a8::e#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 202.12.27.33#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:500:2::c#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.228.79.201#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:7fe::53#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:7fd::1#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 192.112.36.4#53Jun 3 10:51:02 test6 named[6660]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53Jun 3 10:51:02 test6 named[6660]: FORMERR resolving './NS/IN': 198.97.190.53#53Jun 3 10:51:02 test6 named[6660]: zone lzxlinux.com/IN: Transfer started. Jun 3 10:51:02 test6 named[6660]: transfer of 'lzxlinux.com/IN' from 192.168.30.254#53: connected using 192.168.30.253#56074Jun 3 10:51:02 test6 named[6660]: zone lzxlinux.com/IN: transferred serial 2019053101 Jun 3 10:51:02 test6 named[6660]: transfer of 'lzxlinux.com/IN' from 192.168.30.254#53: Transfer completed: 1 messages, 9 records, 229 bytes, 0.033 secs (6939 bytes/sec)Jun 3 10:51:02 test6 named[6660]: zone lzxlinux.com/IN: sending notifies (serial 2019053101)
配置子域DNS
- 规划:
192.168.30.254作主DNS服务器,域名为master.lzxlinux.com,192.168.30.253作从DNS服务器,域名为slave.lzxlinux.com,他们共同管理区域lzxlinux.com。 在lzxlinux.com.下委派子域centos.lzxlinux.com.,192.168.30.128作子域的DNS服务器,域名是dns.centos.lzxlinux.com。
- 修改上层主DNS正向解析数据库文件:
vim /var/named/named.lzxlinux.com$TTL 1D @ IN SOA master.lzxlinux.com. www.lzxlinux.com. ( 2019053101 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS master.lzxlinux.com. ;@ IN NS slave.lzxlinux.com. ;@ IN MX 10 www.lzxlinux.com. ;centos.lzxlinux.com. IN NS dns.centos.lzxlinux.com. ;dns.centos.lzxlinux.com. IN A 192.168.30.128 ;master.lzxlinux.com. IN A 192.168.30.254 ;slave.lzxlinux.com. IN A 192.168.30.253 ;www.lzxlinux.com. IN A 192.168.30.254 ;ftp.lzxlinux.com. IN CNAME www.lzxlinux.com. ;
- 修改下层DNS配置:
注意:要开启子域DNS服务器的转发功能(forward),不开的话只能上层查询下层,下层查询不到上层
yum install -y bind*
vim /etc/named.conf
options {
listen-on port 53 { 192.168.30.128; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forward first;
forwarders { 192.168.30.254; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};zone "." IN {
type hint;
file "named.ca";};zone "centos.lzxlinux.com" IN {
type master;
file "named.centos.lzxlinux.com";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";- 修改下层DNS正向解析数据库文件:
注意:必须要指明邮件服务器 www.centos.lzxlinux.com.
vim /var/named/named.centos.lzxlinux.com$TTL 600 @ IN SOA dns.centos.lzxlinux.com. www.centos.lzxlinux.com. ( 2019053101 ; serial 3600 ; refresh 3600 ; retry 3600 ; expire 3600 ) ; minimum @ IN NS dns.centos.lzxlinux.com. ;@ IN MX 10 www.centos.lzxlinux.com. ;dns IN A 192.168.30.128 ;www IN A 192.168.30.128 ;
- 重启上层主DNS和下层DNS上named服务:
systemctl restart named
- 解析测试:
- 上层查询下层子域DNS服务器
dig dns.centos.lzxlinux.com @192.168.30.128; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> dns.centos.lzxlinux.com @192.168.30.128;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57592;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;dns.centos.lzxlinux.com. IN A;; ANSWER SECTION: dns.centos.lzxlinux.com. 600 IN A 192.168.30.128;; AUTHORITY SECTION: centos.lzxlinux.com. 600 IN NS dns.centos.lzxlinux.com.;; Query time: 2 msec;; SERVER: 192.168.30.128#53(192.168.30.128);; WHEN: Mon Jun 03 13:47:24 CST 2019;; MSG SIZE rcvd: 82
解析成功。
- 下层查询上层DNS服务器:
dig master.lzxlinux.com @192.168.30.254; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> master.lzxlinux.com @192.168.30.254;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26944;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;master.lzxlinux.com. IN A;; ANSWER SECTION: master.lzxlinux.com. 86400 IN A 192.168.30.254;; AUTHORITY SECTION: lzxlinux.com. 86400 IN NS slave.lzxlinux.com. lzxlinux.com. 86400 IN NS master.lzxlinux.com.;; ADDITIONAL SECTION: slave.lzxlinux.com. 86400 IN A 192.168.30.253;; Query time: 0 msec;; SERVER: 192.168.30.254#53(192.168.30.254);; WHEN: Mon Jun 03 13:49:39 CST 2019;; MSG SIZE rcvd: 114
解析成功。
整个DNS服务相关的部署没有问题,过程到此结束。
更多资料参考:
内容总结
以上是互联网集市为您收集整理的CentOS7部署DNS服务全部内容,希望文章能够帮你解决CentOS7部署DNS服务所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。
来源:【匿名】