redhat7.3 dns服务器配置
1.基本配置
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.10/24 type ethernet ipv4.method manual(内网网卡)
nmcli connection add con-name out ifname ens38 ipv4.addresses 192.168.2.10/24 type ethernet ipv4.method manual(外网网卡)
2.配置简单dns服务器
yum install -y bind bind-utils
2.1修改主配置文件
vim /etc/named.conf(修改该文件)
listen-on port 53 { any; };
allow-query { any; };
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.lan";
allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.lan";
allow-update {none;};
};
2.2编辑正解区域
cd /var/named/
cp named.localhost fengxiaoli41.com.lan
vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
2.3编辑反解区域
cp fengxiaoli41.com.lan 1.168.192.lan
vim 1.168.192.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10 IN PTR fengxiaoli41.com.
200 IN PTR client.fengxiaoli.com.
100 IN PTR slave.fengxiaoli.com.
chown named:named fengxiaoli41.com.lan
chown named:named 1.168.192.lan
2.4重启服务并测试
systemctl restart named
systemctl status named
dig fengxiaoli41.com
3.配置chroot环境
yum install -y bind-chroot
/usr/libexec/setup-named-chroot.sh /var/named/chroot/ on
systemctl stop named.service
systemctl disabled named
systemctl enable named-chroot.service
systemctl start named-chroot
dig fengxiaoli41.com
如果dns只为内网提供解析到此可以结束。
4.配置分离解析的dns(与2,3步独立)
4.1修改主配置文件
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
acl in {192.168.1.0/24;};
acl out { ! 192.168.1.0/24; any;};
view "internal"{
match-clients { in; localhost;};
zone "." IN {
type hint;
file "named.ca";
};
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.lan";
allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.lan";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
注意所有区域都要包含在view里
view "external"{
match-clients {out;};
zone "." IN {
type hint;
file "named.ca";
};
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.wan";
allow-update {none;};
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.wan";
allow-update {none;};
};
};
cd /var/named/chroot/var/named/
4.2编辑内网正解反解区域
vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
vim 1.168.192.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10 IN PTR fengxiaoli41.com.
200 IN PTR client.fengxiaoli.com.
100 IN PTR slave.fengxiaoli.com.
4.3编辑外围正解反解区域
vim fengxiaoli41.com.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.2.10
vim 2.168.192.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10IN PTR fengxiaoli41.com.
4.4设置权限重启服务
chown named:named -R /var/named/chroot/var/named/*
systemctl restart named-chroot
5.主从服务器配置(在2或者4的基础上配置)
5.1主服务器配置
vim /etc/named.conf
allow-transfer { 192.168.1.0/24;};
cd /var/named/chroot/var/named/
vim fengxiaoli41.com.lan
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
vim 1.168.192.lan
100 IN PTR slave.fengxiaoli.com.
5.2从服务器配置(注意firewalld和selinux)
nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.100/24 type ethernet ipv4.method manual
yum install -y bind-utils bind
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
zone "fengxiaoli41.com" IN {
type slave;
masters { 192.168.1.10; };
file "slaves/fengxiaoli.com.lan";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.10; };
file "slaves/1.168.192.lan";
};
systemctl restart named
ll /var/named/slaves/