主DNS服务部署

yum -y install bind bind-chroot bind-utils
systemctl start named    //开启named
systemctl enable named   //开机自启动
ss -tnl |grep 53   //查看端口是否正常启动
vim /etc/named.conf     //编辑全局配置文件listen-on port 53 {any;};    //监听所有allow-query	{any；}；		//允许所有用户查询

vim /etc/named.rfc1912.zone     //默认区域配置文件，可以自行修改zone "sdskills.net"	IN {type master;file "sdskills.net.zone";allow-update {none;};};zone "0.168.192.in-addr.arpa"	IN {type master;file "0.168.192.zone";allow-update {none;};};

cp -p /var/named/named.localhost /var/named/sdskills.net.zone   //复制正向区域模板
vim /var/named/sdskills.net.zone$TTL 1D@       IN SOA  @ root.sdskills.net. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@  		IN	 NS      Server01.sdskills.net.Server01   IN     A       192.168.0.2www   IN  A       192.168.0.7systemctl restart named   //重启服务

cp -p /var/named/named.loopback /var/named/0.168.192.zone   //复制反向区域模板
vim /var/named/0.168.192.zone$TTL 1D@       IN SOA  @ root.sdskills.net. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@       IN      NS      Server01.sdskills.net.2       IN      PTR     Server01.sdskills.net.2       IN      PTR     www.sdskills.net.

客户端查看

cat /etc/resolv.conf   search sdskills.netnameserver 192.168.0.2

委派DNS服务器部署

主DNS服务器

vim /etc/named.conf#dnssec-enable yes;           //注释掉以下三行#dnssec-validation yes;#include "/etc/named.root.key";

委派服务器

yum -y install bind bind-chroot bind-utils
systemctl restart named
systemctl enable named
vim /etc/named.conflisten-on port 53 {any;};    //监听所有allow-query	{any；}；		//允许所有用户查询

vim /etc/named.rfc1912.zone     //默认区域配置文件，可以自行修改zone "skills.net"	IN {type master;file "skills.net.zone";allow-update {none;};};

cp -p /var/named/named.localhost /var/named/sdskills.net.zone   //复制正向区域模板
vim /var/named/skills.net.zone$TTL 1D@       IN SOA  @ root.skills.net. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      Server02.skills.net.Server02        A       192.168.0.7www     A       192.168.0.10

在委派DNS上创建辅助DNS

vim /etc/named.rfc1912.zoneszone "sdskills.net"	IN {type slave;file "slaves/sdskills.net.zone";masters {192.168.0.2;};};
systemctl restart named
systemctl status named   //查看状态
ll /var/named/slaves   //查看是否由在主DNS服务器上复制到的文件

比赛

安装DNS相关服务软件；
建立sdskills.org域，为所有除Internet区域的主机或服务器建立正\反的域名解析;
当出现无法解析的域名时，向域skills.org申请更高层次的解析。

setenforce 0
systemctl stop firewalld    //关闭防火墙
yum -y install bind    //安装DNS服务
vim /etc/named.conflisten-on port 53 {any;};    //监听所有allow-query	{any；}；		//允许所有用户查询forwarders {192.168.10.4;};     //向192.168.10.4域转发申请解析recursion yes;  //开启递归，向更高域申请请求dnssec-enable no;   //不认证dnssec-validation no;#zone "." IN {   //把本地根域去掉#       type hint;#       file "named.ca";#};#include "/etc/named.rfc1912.zones"; //可以把区域配置写下面，那样就不需要在这个文件上配置了include "/etc/named.root.key";zone "sdskills.com" IN {type master;file "sdskills.com.zone";};zone "100.16.172.in-addr.arpa" IN {type master;file "100.16.172.zone";};

vim /etc/named.rfc1912.zones    //默认区域配置文件，可以自行修改   zone "sdskills.org" IN {           //正向解析域type master;file "sdskills.org.zone";allow-update { none;};};zone "100.16.172.in-addr.arpa" IN {   //反向解析域type master;file "100.16.172.zone";allow-update { none;};};

cd /var/named    //去DNS区域配置文件目录
cp -p named.loopback sdskills.org.zone    //复制模板
cp -p named.loopback 100.16.172.zone

vim sdskills.org.zone     //配置正向解析域$TTL 1D@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@       IN	    NS      www.sdskills.org.@       IN      MX      10      mailwww     IN      A       172.16.100.201ftp     IN      A       172.16.100.202mail    IN      A       172.16.100.202    imap	IN		A		172.16.100.202smtp	IN		A		172.16.100.202*.sdskills.org		IN		A		172.16.100.201

vim 100.16.172.zone     //配置反向解析域$TTL 1D@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum@		NS      www.sdskills.org.201     IN      PTR     www.sdskills.org.202     IN      PTR     ftp.sdskills.org.202     IN      PTR     mail.sdskills.org. 202		IN		PTR		imap.sdskills.org.202		IN		PTR		smtp.sdskills.org.

chmod 777 sdskills.com.zone 172.16.100.zone    //赋予权限，不然internet服务器无法申请本服务器解析
systemctl  restart named    //重启DNS服务

客户端查看

cat /etc/resolv.conf
# Generated by NetworkManager
search sdskills.org
nameserver 172.16.100.201
nameserver 192.168.10.4

UOS比赛

安装DNS相关服务软件包；

为域skills.org提供必要的域名解析；

当非skills.org域的解析时，统一解析到Rserver连接Internet网段的IP地址或Rserver.skills.org。

apt -y install bind9 dnsutils   //安装DNS服务跟DNS调试工具
cd /etc/bind/db.127    //反向区域数据库，用于将IP解析为对应的域名db.local	//正向区域数据库，用于将域名解析为对于的IP地址named.conf.default-zones	//默认区域named.conf.local	//用于定义解析域，也可以直接在named.conf中直接划定解析域named.conf.options   //配置文件，全局选项配置named.conf    //Bind的主配置文件，不包含DNS数据

定义解析域

vim named.conf.localzone "." {        //根域type master;file "/etc/bind/root.zone";};zone "skills.org" {     //正向解析域type master;file "/etc/bind/skills.org.zone";};zone "10.168.192.in-addr.arpa" {   //方向解析域type master;file "/etc/bind/10.168.192.zone";};cp -a db.local root.zone
cp -a db.local skills.org.zone
cp -a db.local 10.168.192.zone

vim skills.org.zone;; BIND data file for local loopback interface;$TTL    604800@       IN      SOA     localhost. root.localhost. (2         ; Serial604800         ; Refresh86400         ; Retry2419200         ; Expire604800 )       ; Negative Cache TTL;@       IN      NS      www.skills.org.www     IN      A       192.168.10.4Server02	IN	A		192.168.10.4*.skills.com		IN		A		192.168.10.4

vim root.zone;; BIND data file for local loopback interface;$TTL	604800@	IN	SOA	localhost. root.localhost. (2		; Serial604800		; Refresh86400		; Retry2419200		; Expire604800 )	; Negative Cache TTL;@	IN	NS	www.skills.com.*	IN	A	192.168.10.2     //解析其他域时，统一解析到192.168.10.2

vim 10.168.192.zone;; BIND data file for local loopback interface;$TTL    604800@       IN      SOA     localhost. root.localhost. (2         ; Serial604800         ; Refresh86400         ; Retry2419200         ; Expire604800 )       ; Negative Cache TTL;@       IN      NS      www.skills.com.3       IN      PTR     www.skills.com.3       IN      PTR     Server02.skills.com.systemctl restart bind9    //重启bind9服务

vim named.conf.optionsdnssec-validation no;    //不验证dnssec-enable no;listen-on { any; };   allow-query { any; };  //允许所有主机访问

客户端

vim /etc/resolv.conf     //配置DNS域nameserver 192.168.10.4[root@localhost ~]# nslookup www.skills.org
Server:		192.168.10.4
Address:	192.168.10.4#53Name:	www.skills.org
Address: 192.168.10.4[root@localhost ~]# nslookup any.any.any
Server:		192.168.10.4
Address:	192.168.10.4#53Name:	any.any.any
Address: 192.168.10.2

DNS

为 chinaskills.cn 域提供域名解析。

为 www.chinaskills.cn、download.chinaskills.cn 和 mail.chinaskills.cn 提供解析。

启用内外网解析功能，当内网客户端请求解析的时候，解析到对应的 内部服务器地址，当外部客户端请求解析的时候，请把解析结果解析 到提供服务的公有地址。

请将 IspSrv 作为上游 DNS 服务器，所有未知查询都由该服务器处理。

yum -y install bind bind-utils
vim /etc/named.conf listen-on port 53 { any; };allow-query     { any; };forwarders { 81.6.63.100;};recursion yes;dnssec-enable no;dnssec-validation no;#zone "." IN {#       type hint;#       file "named.ca";#};#include "/etc/named.rfc1912.zones";include "/etc/named.root.key";view insidecli {match-clients { 192.168.0.0/16;};zone "chinaskills.cn" IN {type master;file "chinaskills.cn.insidecli";};};view  outsidecli {match-clients { 0.0.0.0/0;};zone "chinaskills.cn" IN {type master;file "chinaskills.cn.outsidecli";};};

cd /var/named
cp name.localhost chinaskills.cn.insidecli -pNS      @A       127.0.0.1@	IN	MX	10	mailwww     A       192.168.100.100mail    A       192.168.100.100appsrv  A       192.168.100.100download        A       192.168.100.100ftp     A       192.168.100.200~                                  

cp chinaskills.cn.insidecli chinaskills.cn.outsidecli -p NS      @A       127.0.0.1www     A       81.6.63.254mail    A       81.6.63.254appsrv  A       81.6.63.254download        A       81.6.63.254ftp     A       81.6.63.254

chmod 777 chinaskills.cn.insidecli chinaskills.cn.outsidecli
named-checkconf   //检查是否有语法错误