DNS 服务器配置02

服务器架设图,搭设简单的cache-only DNS 服务器,可以进一步保证内网192.68.1.1/24用户的安全(防火墙这时可以禁止53端口)。

在这里插入图片描述

实验中,配置了两台www服务器,和一台mail服务器,ftp服务器设置成www的别名。

bind安装包

[root@paly tom]#rpm -qa | grep '^bind'
bind-chroot-9.8.2-0.68.rc1.el6_10.8.i686
bind-libs-9.8.2-0.68.rc1.el6_10.8.i686
bind-9.8.2-0.68.rc1.el6_10.8.i686
bind-utils-9.8.2-0.68.rc1.el6_10.8.i686
[root@paly tom]#rpm -ql  bind-utils   
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
bind:
	/etc/named.conf
		BIND进程的工作属性
		区域的定义
	/etc/rndc.key
		rndc: Remote Name Domain Controller
		密钥文件 
		配置信息:/etc/rndc.conf		
	/var/named/
		区域数据文件
	/etc/rc.d/init.d/named
		{start|stop|restart|status|reload}

配置文件

bind-chroot:			#切换根目录,保证系统安全
	#相对目录下的文件 
		etc/named.conf
		etc/rdnc.key
		sbin/named
		var/named/
[root@paly etc]# cat /etc/sysconfig/named | grep -v '^#'
ROOTDIR=/var/named/chroot
/etc/nsswitch.conf             #切换dns框架,切换不同的配置文件 
[root@paly tom]#cat /etc/hosts
hosts: 	files	dns
file: /etc/hosts
dns: DNS
#在ping 动作时会首先查询hosts文件
[root@paly etc]#rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/portreserve/named
/etc/rc.d/init.d/named
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/usr/lib/bind
/usr/sbin/arpaname
/usr/sbin/ddns-confgen
/usr/sbin/named
/usr/sbin/named-checkconf					#检测配置文件语法
/usr/sbin/named-checkzone					#检查zone文件语法
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
...
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca     				#13个根节点dns服务器地址
/var/named/named.empty
/var/named/named.localhost				#将localhost解析为127.0.0.1
/var/named/named.loopback				#将127.0.0.1解析为localhost
/var/named/slaves
/var/run/named
[root@paly etc]#
[root@paly ~]#service named start
Starting named:                                            [  OK  ]
[root@paly named]#chkconfig --list | grep named
named           0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@paly named]#chkconfig named on
[root@paly named]#netstat -utlnp  | grep named 					#监听的协议及端口
tcp        0      0 192.168.31.224:53           0.0.0.0:*                   LISTEN      2516/named          
tcp        0      0 192.168.1.254:53            0.0.0.0:*                   LISTEN      2516/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      2516/named          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2516/named          
tcp        0      0 ::1:953                     :::*                        LISTEN      2516/named          
udp        0      0 192.168.31.224:53           0.0.0.0:*                               2516/named          
udp        0      0 192.168.1.254:53            0.0.0.0:*                               2516/named          
udp        0      0 127.0.0.1:53                0.0.0.0:*                               2516/named  
#若 0.0.0.0:53,则对全网络53端口监听

主要配置及zone配置

区域:
zone "ZONE NAME" IN {
	type {master|slave|hint|forward};
	
};
主区域:
	file "区域数据文件";	
从区域:
	file "区域数据文件";
	masters { master1_ip; };
	
[root@paly ~]#mv /etc/named.conf /etc/named.conf.bak
[root@paly ~]#vim /etc/named.conf
[root@paly ~]#chown root:named /etc/named.conf
[root@paly ~]#chmod 640 /etc/named.conf
[root@paly ~]#named-checkconf 
/etc/named.conf:4: missing ';' before '}'
[root@paly ~]#named-checkconf    
[root@paly ~]#named-checkzone "." /var/named/named.ca    
zone ./IN: has 0 SOA records
zone ./IN: not loaded due to errors.
[root@paly ~]#named-checkzone "." /var/named/named.localhost 
zone ./IN: loaded serial 0
OK
[root@paly ~]#named-checkzone "." /var/named/named.loopback 
zone ./IN: loaded serial 0
OK
[root@paly ~]#service named configtest
zone tonixtom.com/IN: loaded serial 0
[root@paly ~]#

配置文件中每个段落之后均以分号结尾,//后写注释。
在这里插入图片描述

[root@paly named]#vim tontom.com.zone
[root@paly named]#chmod 640 tontom.com.zone 
[root@paly named]#chown root:named tontom.com.zone 
[root@paly named]#named-checkzone "tontom.com" tontom.com.zone    
zone tontom.com/IN: loaded serial 2022041401
OK

在这里插入图片描述

[root@paly named]#cp tontom.com.zone 192.168.1.zone -p
[root@paly named]#vim 192.168.1.zone 
[root@paly named]#named-checkzone "1.168.192.in-addr.arpa" 192.168.1.zone 
zone 1.168.192.in-addr.arpa/IN: loaded serial 2022041401
OK
[root@paly named]#

在这里插入图片描述

最后为了测试dns服务器配置,将可递归服务器仅设置为自己对外网的ip
在这里插入图片描述
同时确保selinux关了

[root@paly ~]#getenforce
Disabled
[root@paly ~]#

linux端测试

[root@paly named]#host -t a www.tontom.com
www.tontom.com has address 192.168.1.125
www.tontom.com has address 192.168.1.123
[root@paly named]#host -t cname www.tontom.com
www.tontom.com has no CNAME record
[root@paly named]#host -t cname ftp.tontom.com
ftp.tontom.com is an alias for www.tontom.com.
[root@paly named]#host -t ns tontom.com       
tontom.com name server ns1.tontom.com.
[root@paly named]#host -t mx tontom.com    
tontom.com mail is handled by 10 mail.tontom.com.
[root@paly named]#host -t ptr 192.168.1.123
123.1.168.192.in-addr.arpa domain name pointer ns1.tontom.com.
123.1.168.192.in-addr.arpa domain name pointer www.tontom.com.

whois查询是谁管理对应的域,及联系信息。

[root@paly named]#yum install jwhois
Loaded plugins: fastestmirror
Setting up Install Process
Repository base is listed more than once in the configuration
Loading mirror speeds from cached hostfile
Package jwhois-4.0-19.el6.i686 already installed and latest version
Nothing to do
[root@paly named]#whois tontom.com
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
   Domain Name: TONTOM.COM
   Registry Domain ID: 898454995_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.PublicDomainRegistry.com
   Registrar URL: http://www.publicdomainregistry.com
   Updated Date: 2022-02-28T19:07:22Z
   Creation Date: 2007-03-28T13:12:38Z
   Registry Expiry Date: 2023-03-28T13:12:38Z
   Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
   Registrar IANA ID: 303
   Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
   Registrar Abuse Contact Phone: +1.2013775952
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: SK.S5.CM.NS1.39.ZTOMY.COM
   Name Server: SK.S5.CM.NS2.39.ZTOMY.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-04-14T12:04:18Z <<<

dig命令见上一篇

win端测试

正解
在这里插入图片描述

反解
在这里插入图片描述

日志

[root@paly named]#service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@paly named]#tail -n 30 /var/log/messages | grep named 
Apr 14 20:00:08 paly named[7996]: listening on IPv4 interface eth0, 192.168.31.224#53
Apr 14 20:00:08 paly named[7996]: generating session key for dynamic DNS
Apr 14 20:00:08 paly named[7996]: sizing zone task pool based on 5 zones
Apr 14 20:00:08 paly named[7996]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
Apr 14 20:00:08 paly named[7996]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 0.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 127.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 254.169.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: D.F.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 8.E.F.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 9.E.F.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: A.E.F.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: B.E.F.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Apr 14 20:00:08 paly named[7996]: command channel listening on 127.0.0.1#953
Apr 14 20:00:08 paly named[7996]: command channel listening on ::1#953
Apr 14 20:00:08 paly named[7996]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 14 20:00:08 paly named[7996]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2022041401
Apr 14 20:00:08 paly named[7996]: zone tontom.com/IN: loaded serial 2022041401
Apr 14 20:00:08 paly named[7996]: zone localhost/IN: loaded serial 0
Apr 14 20:00:08 paly named[7996]: managed-keys-zone ./IN: loaded serial 47
Apr 14 20:00:08 paly named[7996]: running
Apr 14 20:00:08 paly named[7996]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2022041401)
Apr 14 20:00:08 paly named[7996]: zone tontom.com/IN: sending notifies (serial 2022041401)
[root@paly named]#


版权声明:本文为pop541111原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
THE END
< <上一篇
下一篇>>