主DNS服务部署
yum -y install bind bind-chroot bind-utils
systemctl start named //开启named
systemctl enable named //开机自启动
ss -tnl |grep 53 //查看端口是否正常启动
vim /etc/named.conf //编辑全局配置文件listen-on port 53 {any;}; //监听所有allow-query {any;}; //允许所有用户查询
vim /etc/named.rfc1912.zone //默认区域配置文件,可以自行修改zone "sdskills.net" IN {type master;file "sdskills.net.zone";allow-update {none;};};zone "0.168.192.in-addr.arpa" IN {type master;file "0.168.192.zone";allow-update {none;};};
cp -p /var/named/named.localhost /var/named/sdskills.net.zone //复制正向区域模板
vim /var/named/sdskills.net.zone$TTL 1D@ IN SOA @ root.sdskills.net. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ IN NS Server01.sdskills.net.Server01 IN A 192.168.0.2www IN A 192.168.0.7systemctl restart named //重启服务
cp -p /var/named/named.loopback /var/named/0.168.192.zone //复制反向区域模板
vim /var/named/0.168.192.zone$TTL 1D@ IN SOA @ root.sdskills.net. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ IN NS Server01.sdskills.net.2 IN PTR Server01.sdskills.net.2 IN PTR www.sdskills.net.
客户端查看
cat /etc/resolv.conf search sdskills.netnameserver 192.168.0.2
委派DNS服务器部署
主DNS服务器
vim /etc/named.conf#dnssec-enable yes; //注释掉以下三行#dnssec-validation yes;#include "/etc/named.root.key";
委派服务器
yum -y install bind bind-chroot bind-utils
systemctl restart named
systemctl enable named
vim /etc/named.conflisten-on port 53 {any;}; //监听所有allow-query {any;}; //允许所有用户查询
vim /etc/named.rfc1912.zone //默认区域配置文件,可以自行修改zone "skills.net" IN {type master;file "skills.net.zone";allow-update {none;};};
cp -p /var/named/named.localhost /var/named/sdskills.net.zone //复制正向区域模板
vim /var/named/skills.net.zone$TTL 1D@ IN SOA @ root.skills.net. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS Server02.skills.net.Server02 A 192.168.0.7www A 192.168.0.10
在委派DNS上创建辅助DNS
vim /etc/named.rfc1912.zoneszone "sdskills.net" IN {type slave;file "slaves/sdskills.net.zone";masters {192.168.0.2;};};
systemctl restart named
systemctl status named //查看状态
ll /var/named/slaves //查看是否由在主DNS服务器上复制到的文件
比赛
安装DNS相关服务软件;
建立sdskills.org域,为所有除Internet区域的主机或服务器建立正\反的域名解析;
当出现无法解析的域名时,向域skills.org申请更高层次的解析。
setenforce 0
systemctl stop firewalld //关闭防火墙
yum -y install bind //安装DNS服务
vim /etc/named.conflisten-on port 53 {any;}; //监听所有allow-query {any;}; //允许所有用户查询forwarders {192.168.10.4;}; //向192.168.10.4域转发申请解析recursion yes; //开启递归,向更高域申请请求dnssec-enable no; //不认证dnssec-validation no;#zone "." IN { //把本地根域去掉# type hint;# file "named.ca";#};#include "/etc/named.rfc1912.zones"; //可以把区域配置写下面,那样就不需要在这个文件上配置了include "/etc/named.root.key";zone "sdskills.com" IN {type master;file "sdskills.com.zone";};zone "100.16.172.in-addr.arpa" IN {type master;file "100.16.172.zone";};
vim /etc/named.rfc1912.zones //默认区域配置文件,可以自行修改 zone "sdskills.org" IN { //正向解析域type master;file "sdskills.org.zone";allow-update { none;};};zone "100.16.172.in-addr.arpa" IN { //反向解析域type master;file "100.16.172.zone";allow-update { none;};};
cd /var/named //去DNS区域配置文件目录
cp -p named.loopback sdskills.org.zone //复制模板
cp -p named.loopback 100.16.172.zone
vim sdskills.org.zone //配置正向解析域$TTL 1D@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ IN NS www.sdskills.org.@ IN MX 10 mailwww IN A 172.16.100.201ftp IN A 172.16.100.202mail IN A 172.16.100.202 imap IN A 172.16.100.202smtp IN A 172.16.100.202*.sdskills.org IN A 172.16.100.201
vim 100.16.172.zone //配置反向解析域$TTL 1D@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimum@ NS www.sdskills.org.201 IN PTR www.sdskills.org.202 IN PTR ftp.sdskills.org.202 IN PTR mail.sdskills.org. 202 IN PTR imap.sdskills.org.202 IN PTR smtp.sdskills.org.
chmod 777 sdskills.com.zone 172.16.100.zone //赋予权限,不然internet服务器无法申请本服务器解析
systemctl restart named //重启DNS服务
客户端查看
cat /etc/resolv.conf
# Generated by NetworkManager
search sdskills.org
nameserver 172.16.100.201
nameserver 192.168.10.4
UOS比赛
安装DNS相关服务软件包;
为域skills.org提供必要的域名解析;
当非skills.org域的解析时,统一解析到Rserver连接Internet网段的IP地址或Rserver.skills.org。
apt -y install bind9 dnsutils //安装DNS服务跟DNS调试工具
cd /etc/bind/db.127 //反向区域数据库,用于将IP解析为对应的域名db.local //正向区域数据库,用于将域名解析为对于的IP地址named.conf.default-zones //默认区域named.conf.local //用于定义解析域,也可以直接在named.conf中直接划定解析域named.conf.options //配置文件,全局选项配置named.conf //Bind的主配置文件,不包含DNS数据
定义解析域
vim named.conf.localzone "." { //根域type master;file "/etc/bind/root.zone";};zone "skills.org" { //正向解析域type master;file "/etc/bind/skills.org.zone";};zone "10.168.192.in-addr.arpa" { //方向解析域type master;file "/etc/bind/10.168.192.zone";};cp -a db.local root.zone
cp -a db.local skills.org.zone
cp -a db.local 10.168.192.zone
vim skills.org.zone;; BIND data file for local loopback interface;$TTL 604800@ IN SOA localhost. root.localhost. (2 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL;@ IN NS www.skills.org.www IN A 192.168.10.4Server02 IN A 192.168.10.4*.skills.com IN A 192.168.10.4
vim root.zone;; BIND data file for local loopback interface;$TTL 604800@ IN SOA localhost. root.localhost. (2 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL;@ IN NS www.skills.com.* IN A 192.168.10.2 //解析其他域时,统一解析到192.168.10.2
vim 10.168.192.zone;; BIND data file for local loopback interface;$TTL 604800@ IN SOA localhost. root.localhost. (2 ; Serial604800 ; Refresh86400 ; Retry2419200 ; Expire604800 ) ; Negative Cache TTL;@ IN NS www.skills.com.3 IN PTR www.skills.com.3 IN PTR Server02.skills.com.systemctl restart bind9 //重启bind9服务
vim named.conf.optionsdnssec-validation no; //不验证dnssec-enable no;listen-on { any; }; allow-query { any; }; //允许所有主机访问
客户端
vim /etc/resolv.conf //配置DNS域nameserver 192.168.10.4[root@localhost ~]# nslookup www.skills.org
Server: 192.168.10.4
Address: 192.168.10.4#53Name: www.skills.org
Address: 192.168.10.4[root@localhost ~]# nslookup any.any.any
Server: 192.168.10.4
Address: 192.168.10.4#53Name: any.any.any
Address: 192.168.10.2
DNS
为 chinaskills.cn 域提供域名解析。
为 www.chinaskills.cn、download.chinaskills.cn 和 mail.chinaskills.cn 提供解析。
启用内外网解析功能,当内网客户端请求解析的时候,解析到对应的 内部服务器地址,当外部客户端请求解析的时候,请把解析结果解析 到提供服务的公有地址。
请将 IspSrv 作为上游 DNS 服务器,所有未知查询都由该服务器处理。
yum -y install bind bind-utils
vim /etc/named.conf listen-on port 53 { any; };allow-query { any; };forwarders { 81.6.63.100;};recursion yes;dnssec-enable no;dnssec-validation no;#zone "." IN {# type hint;# file "named.ca";#};#include "/etc/named.rfc1912.zones";include "/etc/named.root.key";view insidecli {match-clients { 192.168.0.0/16;};zone "chinaskills.cn" IN {type master;file "chinaskills.cn.insidecli";};};view outsidecli {match-clients { 0.0.0.0/0;};zone "chinaskills.cn" IN {type master;file "chinaskills.cn.outsidecli";};};
cd /var/named
cp name.localhost chinaskills.cn.insidecli -pNS @A 127.0.0.1@ IN MX 10 mailwww A 192.168.100.100mail A 192.168.100.100appsrv A 192.168.100.100download A 192.168.100.100ftp A 192.168.100.200~
cp chinaskills.cn.insidecli chinaskills.cn.outsidecli -p NS @A 127.0.0.1www A 81.6.63.254mail A 81.6.63.254appsrv A 81.6.63.254download A 81.6.63.254ftp A 81.6.63.254
chmod 777 chinaskills.cn.insidecli chinaskills.cn.outsidecli
named-checkconf //检查是否有语法错误