构建企业DNS服务器
DNS服务器种类
- master(主DNS服务器):拥有区域数据的文件,并对整个区域数据进行管理
- slave(主服务器或叫辅助服务器):拥有主DNS服务器的区域文件的副本,辅助
- forwarld:将任何查询请求都转发给其他服务器,起到一个代理的作用
- cache:缓存服务器
- hint:根DNS intermet服务器集
DNS配置文件
/etc/named.conf DNS配置文件
listen-on port 53 { any; };
allow-query { any; };
forwarders { 10.213.1.56;61.128.114.133; };
options {
listen-on port 53 { 127.0.0.1; }; //配置DNS监听的端口,any就是监听所有地址
listen-on-v6 port 53 { ::1; }; //配置DNS监听的端口
directory "/var/named"; //域名服务器的目录
dump-file "/var/named/data/cache_dump.db"; //域名服务的缓存数据库
statistics-file "/var/named/data/named_stats.txt"; //域名服务的静态文件
memstatistics-file "/var/named/data/named_mem_stats.txt"; //域名内存静态文件
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; }; //any允许任何人来解析查询
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};日志
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};根域
zone "." IN {
type hint;
file "named.ca";
};
主配置文件/etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master; //类型
file "named.localhost"; //域名的主配置文件
allow-update { none; }; //是否允许同步,没有配置从服务器就none
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
一个zone就代表一个域名,自己定义域名的话后面加zone正向反向文件就可以了
//定义正向解析文件,此处以域hwf域为例
zone "hwf" IN {
type master;
file "hwf.zone"; //正向解析文件名字
allow-update { none; };
};
//定义反向解析文件
zone "1.168.192.in-addr.arpa" IN { //主机的反向,前三位
type master;
file "hwf.local"; //反向解析文件名字
allow-update { none; };
};
准备反向解析文件、正向解析文件
拷贝/var/named/目录下named.localhost和named.loopback分别为我们在named.rfc1912.zones中设置的正向解析文件hwf.zone和反向解析文件hwf,注意文件名的对应
hwf.local
cp /var/named/named.localhost /var/named/hwf.zone cp /var/named/named.loopback /var/named/hwf.local
正向解析domain->ip
[root@master01 ~]# vim /var/named/hwf.zone
$TTL 1D //缓存时间
@ IN SOA @ hwf. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
NS ns.hwf.
ns IN A 192.168.1.80 //DNS服务器就是自己
*.c7n.hwf. A 192.168.1.80
*.c7n.hwf. A 192.168.1.81
*.dev.hwf. A 192.168.1.82
*.dev.hwf. A 192.168.1.83
*.dev.hwf. A 192.168.1.84
*.dev.hwf. A 192.168.1.85
//举例
@ IN MX 10 mail.hwf.com.
mail IN A 192.168.1.12
@ IN NS ns.hwf.
x IN A 192.168.1.80
xx IN A 192.168.1.81
.....反向解析ip->domain
[root@master01 ~]# vim /var/named/hwf.com.zone
$TTL 1D
@ IN SOA hwf. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
NS ns.hwf.
ns A 192.168.1.80
更改网络设置DNS1
vim /etc/sysconfig/network-scripts/ifcfg-xxx
BOOTPROTO="static IPADDR=192.168.1.80 NETMASK=255.255.255.0 GATEWAY=192.168.1.254 DNS1=192.168.1.80
重启服务
[root@master01 ~]# systemctl restart namedc
测试域名解析
[root@node01 ~]# nslookup www.dev.hwf Server: 192.168.1.80 Address: 192.168.1.80#53 ** server can't find www.dev.hwf: SERVFAIL
[root@node01 ~]# nslookup ooo.dev.hwf Server: 192.168.1.80 Address: 192.168.1.80#53 ** server can't find ooo.dev.hwf: SERVFAIL
DNS server搭建
继续阅读
我的微信
这是我的微信扫一扫
![CI/CD-云主机场景CD篇-[前端后端项目|发布|回滚|ActiveChoice参数]](https://www.hebbao.com/wp-content/themes/begin/img/loading.png)
评论