本文详细介绍了如何在CentOS Linux环境下构建能够解析内网域名与互联网域名的DNS服务,并实现了反向地址解析功能。通过配置主DNS服务器与辅助DNS服务器,设置正确的路由与转发规则,确保了系统的稳定性和高效性。
基本要求:
Dns:
要保证即能够解析内网域名bigcloud.local的解析,又能解析互联网的域名。
主DNS服务器:ZZSRV1.BIGCLOUD.LOCAL
辅助DNS服务器:ZZSRV2.BIGCLOUD.LOCAL
包含以下域的信息:
1、bigcloud.local域的信息:
FQDN | IP地址 | 备注 |
zzsrv1. | 192.168.188.11 | DNS服务器 |
zzsrv2.bigcloud.local | 192.168.188.12 | DNS服务器 |
ftp.bigcloud.local | 192.168.188.11 | |
mailsrv1.bigcloud.local | 192.168.188.22 | |
smtp.bigcloud.local | 192.168.188.22 | |
pop3.bigcloud.local | 192.168.188.22 | |
www.bigcloud.local | 192.168.188.11 | |
crm.bigcloud.local | 192.168.188.11 |
smtp及pop3需要使用CNAME来进行解析。同时,需要实现反向地址解析。
2、192.168.188.0/24、192.168.189.0/24反向解析域
实现到202.102.224.68、202.102.227.68的DNS转发。
实验环境
服务器安装
[root@zzsrv1 ssh]# cat /etc/redhat-release
\CentOS Linux release 7.0.1406 (Core)
[root@zzsrv1 ssh]# uname -a
Linux zzsrv1.bigcloud.local 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
服务器基本配置
[root@zzsrv1 ssh]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777728
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
NAME=eno16777728
ONBOOT=yes
IPADDR=192.168.188.11
NETMASK=255.255.255.0
GATEWAY=192.168.188.2
修改主机名
[root@zzsrv1 ssh]# vi /etc/hostname centos不同于linux的是(vi /etc/sysconfig/network)
zzsrv1.bigcloud.local
修改主机名后应该重新启动机器后机器名才可以生效
[root@zzsrv1 ~]#reboot
关闭selinux
[root@zzsrv1 ~]# vi /etc/sysconfig/selinux
SELINUX=disabled
DNS 客户机配置
[root@zzsrv1 ~]# ifconfig
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.188.11 netmask 255.255.255.0 broadcast 192.168.188.255
inet6 fe80::20c:29ff:fe2b:6773 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2b:67:73 txqueuelen 1000 (Ethernet)
RX packets 5372 bytes 498900 (487.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3898 bytes 572732 (559.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 202 bytes 21304 (20.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 202 bytes 21304 (20.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
指向自己:
[root@zzsrv1 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search bigcloud.local
nameserver 192.168.188.11
主DNS服务器配置
[root@zzsrv1 ~]# mkdir /mnt/cdrom
[root@zzsrv1 ~]#mount /dev/cdrom /mnt/cdrom/
mount: /dev/sr0 is write-protected, mounting read-only
[root@zzsrv1 Packages]# ls bind*
bind-9.9.4-14.el7.x86_64.rpm bind-libs-lite-9.9.4-14.el7.x86_64.rpm
bind-chroot-9.9.4-14.el7.x86_64.rpm bind-license-9.9.4-14.el7.noarch.rpm
bind-dyndb-ldap-3.5-4.el7.x86_64.rpm bind-utils-9.9.4-14.el7.x86_64.rpm
bind-libs-9.9.4-14.el7.x86_64.rpm
[root@zzsrv1 Packages]# rpm -Uvh bind-9.9.4-14.el7.x86_64.rpm bind-libs-9.9.4-14.el7.x86_64.rpm
warning: bind-9.9.4-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bind-libs-32:9.9.4-14.el7 ################################# [ 50%]
2:bind-32:9.9.4-14.el7 ################################# [100%]
[root@zzsrv1 Packages]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@zzsrv1 Packages]# systemctl restart named (不同于linux:service restart named)\
[root@zzsrv1 Packages]# ps aux |grep named
named 2382 0.5 2.2 168088 22452 ? Ssl 18:12 0:00 /usr/sbin/name -u named
root 2396 0.0 0.0 112640 964 pts/0 R+ 18:14 0:00 grep --color=au to named
修改配置(修改前先备份)
[root@zzsrv1 Packages]# cp /etc/named.conf /etc/named.conf.original
[root@zzsrv1 Packages]# vi /etc/named.conf (建议:先将原有配置注释,再写新的配置,一般模式在当前行
按yy后按p就能复制)
//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { localhost; };
//allow-query { localhost; };
allow-query { any; };
//dnssec-enable yes;
dnssec-enable no;
//dnssec-validation yes;
dnssec-validation no;
dnssec-lookaside auto;
[root@zzsrv1 Packages]# systemctl restart named
[root@zzsrv1 Packages]# netstat -an | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 127.0.0.1:53625 TIME_WAIT
tcp 0 52 192.168.188.11:22 192.168.188.1:53653 ESTABLISHED
tcp6 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 ::1:53 :::*
[root@zzsrv1 Packages]# vi /etc/named.conf
末尾添加
zone "bigcloud.local" IN {
type master;
file "bigcloud.local.zone";
};
(一般模式下按G直接切换到最后一行)
[root@zzsrv1 Packages]# cd /var/named/
[root@zzsrv1 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@zzsrv1 named]# cp named.empty bigcloud.local.zone
[root@zzsrv1 named]# vi named.empty
$TTL 3H
@ IN SOA zzsrv1.bigcloud.local. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zzsrv1.bigcloud.local.
zzsrv1 A 192.168.188.11
ftp A 192.168.188.11
mailsrv1 A 192.168.188.22
www A 192.168.188.11
crm A 192.168.188.11
smtp CNAME mailsrvl.bigcloud.local.
pop3 CNAME mailsrvl.bigcloud.local.
[root@zzsrv1 named]# chown root:named /var/named/bigcloud.local.zone (修改权限让其可以访问)
[root@zzsrv1 named]# systemctl restart named
[root@zzsrv1 named]# rndc reload
server reload successful
举例一个解析对象
[root@zzsrv1 ~]# nslookup
> mailsrv1.bigcloud.local
Server: 192.168.188.11
Address: 192.168.188.11#53
Name: mailsrv1.bigcloud.local
Address: 192.168.188.22
[root@zzsrv1 named]# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
反向解析:
[root@zzsrv1 ~]# vi /etc/named.conf
末尾添加
zone "188.168.192.in-addr.arpa" IN { (ip后三位倒着写)
type master;
file "192.168.188.zone";
};
[root@zzsrv1 named]# cp bigcloud.local.zone 192.168.188.zone
[root@zzsrv1 named]# vi 192.168.188.zone
$TTL 3H
@ IN SOA zzsrv1.bigcloud.local.zone. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zzsrv1.bigcloud.local.
11 PTR zzsrev1
11 PTR ftp
22 PTR mailsrv1
11 PTR www
11 PTR crm
前面的是正向解析的后面的ip
[root@zzsrv1 named]# chown root:named /var/named/192.168.188.zone
[root@zzsrv1 named]# rndc reload
server reload successful
[root@zzsrv1 named]# rndc status
version: 9.9.4-RedHat-9.9.4-14.el7 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 103
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@zzsrv1 named]# nslookup 192.168.188.22
Server: 192.168.188.11
Address: 192.168.188.11#53
22.188.168.192.in-addr.arpa name = mailsrv1.188.168.192.in-addr.arpa.
配置转发器:
[root@zzsrv1 named]# vi /etc/named.conf
在全局配置语句 option 中添加 forwarders 配置,注意分号
forwarders {202.102.224.68;202.102.227.68;};
[root@zzsrv1 named]# nslookup www.msn.com
Server: 192.168.188.11
Address: 192.168.188.11#53
Non-authoritative answer: 非权威回答
www.msn.com canonical name = us.co1.cb3.glbdns2.microsoft.com.
Name: us.co1.cb3.glbdns2.microsoft.com
Address: 131.253.13.140
辅助dns的安装
同1配置
安装dns
在zzsrv1上修改(添加红色字体的)
[root@zzsrv1 named]# vi /var/named/bigcloud.local.zone
$TTL 3H
@ IN SOA zzsrv1.bigcloud.local.zone. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS zzsrv1.bigcloud.local.
NS zzsrv2.bigcloud.local.
zzsrv1 A 192.168.188.11
zzsrv2 A 192.168.188.12
ftp A 192.168.188.11
mailsrv1 A 192.168.188.22
www A 192.168.188.11
crm A 192.168.188.11
smtp CNAME mailsrvl.bigcloud.local.
pop3 CNAME mailsrvl.bigcloud.local.
[root@zzsrv2 ~]# rndc reload
server reload successful
[root@zzsrv2 ~]# vi /etc/named.conf
在最后添加
zone "bigcloud.local" IN {
type slave;
file"bigcloud.local.zone";
masters{192.168.188.11;};
};
[root@zzsrv2 ~]# ll -d /var/named/
drwxr-x---. 5 root named 4096 Aug 17 05:01 /var/named/
[root@zzsrv2 ~]# chmod g+w /var/named/ (也可以chmod 770 /var/named/)
[root@zzsrv2 ~]# ll -d /var/named/
drwxrwx---. 5 root named 4096 Aug 17 05:01 /var/named/
[root@zzsrv2 ~]# systemctl restart named
[root@zzsrv2 ~]# rndc reload
server reload successful
[root@zzsrv2 ~]# ls /var/named/ -l
total 20
-rw-r--r-- 1 named named 634 Aug 13 01:40 bigcloud.local.zone
drwxrwx---. 2 named named 47 Aug 17 03:50 data
drwxrwx---. 2 named named 30 Aug 17 05:06 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jun 10 16:13 slaves
ps:辅助dns只需要主的dns同步过来就可以
[root@zzsrv2 ~]# ls /var/named/ -l
total 20
-rw-r--r-- 1 named named 634 Aug 13 01:40 bigcloud.local.zone
drwxrwx---. 2 named named 47 Aug 17 03:50 data
drwxrwx---. 2 named named 30 Aug 17 05:06 dynamic
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jun 10 16:13 slaves
排错:
1.当nslookup不能用时候,少装一个rpm包.
[root@zzsrv1 Packages]# nslookup
-bash: nslookup: command not found
解决
[root@zzsrv1 Packages]# rpm -Uvh bind-utils-9.9.4-14.el7.x86_64.rpm
warning: bind-utils-9.9.4-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:bind-utils-32:9.9.4-14.el7 ################################# [100%]
[root@zzsrv1 Packages]# nslookup
>
2.报错为:
[root@zzsrv1 named]# systemctl restart named
Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details.
要进入配置文件看看你是否少添加了“.”和多加了空格
3.报错为:
(1);; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[root@zzsrv1 named]# nslookup
> server 192.168.188.11
Default server: 192.168.188.11
Address: 192.168.188.11#53
> mailsrv1.bigcloud.local
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
找不到
注意查看自己的配置文件:
[root@zzsrv1 ~]# vi /etc/named.conf
[root@zzsrv1 ~]# vi /var/named/bigcloud.local.zone
和selinux
[root@zzsrv1 ~]# vi /etc/sysconfig/selinux
[root@zzsrv1 ~]# vi /etc/resolv.conf
search bigcloud.local 自己的主机名
nameserver 192.168.188.11 指向自己的ip
(2)** server can't find 22.188.168.192.in-addr.arpa: SERVFAIL
这个错误看看配置文件的访问权限的问题
辅助的dns同步不过来
关闭防火墙53端口端口
转载于:https://blog.51cto.com/9283898/1542508
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
