一、简单介绍 1、dns服务:是 域名解析 服务,它的作用是将域名解析成IP地址,或者是将IP地址解析成域名。 2、实验环境:Centos7.6 IP192.168.10.129 物理机:192.168.10.1 二、关闭防
一、简单介绍
1、dns服务:是域名解析服务,它的作用是将域名解析成IP地址,或者是将IP地址解析成域名。
2、实验环境:Centos7.6 IP192.168.10.129 物理机:192.168.10.1
二、关闭防火墙与SELinux特性
2.1关闭防火墙
[root@centos ~]# systemctl stop firewalld //临时关闭防火墙[root@centos ~]# systemctl disable firewalld //永久关闭防火墙2.2关闭SELinux
[root@centos ~]# setenforce 0 //临时关闭selinux特性#永久关闭SELinux服务把上面的SELINUX=disabled即可,:wq保存退出
三、安装DNS服务
3.1安装bind,bind-utils
[root@centos ~]# yum install bind bind-utils -yLoaded plugins: fastestmirrorDetermining fastest mirrorsdvd | 3.6 kB 00:00:00 (1/2): dvd/group_gz | 166 kB 00:00:00 (2/2): dvd/primary_db | 3.1 MB 00:00:00 Resolving Dependencies--> Running transaction check---> Package bind.x86_64 32:9.9.4-72.el7 will be installed--> Processing Dependency: bind-libs = 32:9.9.4-72.el7 for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: python-ply for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: policycoreutils-python for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: policycoreutils-python for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64---> Package bind-utils.x86_64 32:9.9.4-72.el7 will be installed--> Running transaction check---> Package bind-libs.x86_64 32:9.9.4-72.el7 will be installed---> Package policycoreutils-python.x86_64 0:2.5-29.el7 will be installed--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64---> Package python-ply.noarch 0:3.4-11.el7 will be installed--> Running transaction check---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed---> Package python-IPy.noarch 0:0.75-6.el7 will be installed---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved====================================================================================================== Package Arch Version Repository Size======================================================================================================Installing: bind x86_64 32:9.9.4-72.el7 dvd 1.8 M bind-utils x86_64 32:9.9.4-72.el7 dvd 206 kInstalling for dependencies: audit-libs-python x86_64 2.8.4-4.el7 dvd 76 k bind-libs x86_64 32:9.9.4-72.el7 dvd 1.0 M checkpolicy x86_64 2.5-8.el7 dvd 295 k libcgroup x86_64 0.41-20.el7 dvd 66 k libsemanage-python x86_64 2.5-14.el7 dvd 113 k policycoreutils-python x86_64 2.5-29.el7 dvd 456 k python-IPy noarch 0.75-6.el7 dvd 32 k python-ply noarch 3.4-11.el7 dvd 123 k setools-libs x86_64 3.3.8-4.el7 dvd 620 kTransaction Summary======================================================================================================Install 2 Packages (+9 Dependent packages)Total download size: 4.8 MInstalled size: 13 MDownloading packages:------------------------------------------------------------------------------------------------------Total 56 MB/s | 4.8 MB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : 32:bind-libs-9.9.4-72.el7.x86_64 1/11 Installing : setools-libs-3.3.8-4.el7.x86_64 2/11 Installing : audit-libs-python-2.8.4-4.el7.x86_64 3/11 Installing : checkpolicy-2.5-8.el7.x86_64 4/11 Installing : python-IPy-0.75-6.el7.noarch 5/11 Installing : libsemanage-python-2.5-14.el7.x86_64 6/11 Installing : python-ply-3.4-11.el7.noarch 7/11 Installing : libcgroup-0.41-20.el7.x86_64 8/11 Installing : policycoreutils-python-2.5-29.el7.x86_64 9/11 Installing : 32:bind-9.9.4-72.el7.x86_64 10/11 Installing : 32:bind-utils-9.9.4-72.el7.x86_64 11/11 Verifying : libcgroup-0.41-20.el7.x86_64 1/11 Verifying : python-ply-3.4-11.el7.noarch 2/11 Verifying : libsemanage-python-2.5-14.el7.x86_64 3/11 Verifying : policycoreutils-python-2.5-29.el7.x86_64 4/11 Verifying : 32:bind-9.9.4-72.el7.x86_64 5/11 Verifying : python-IPy-0.75-6.el7.noarch 6/11 Verifying : checkpolicy-2.5-8.el7.x86_64 7/11 Verifying : 32:bind-utils-9.9.4-72.el7.x86_64 8/11 Verifying : 32:bind-libs-9.9.4-72.el7.x86_64 9/11 Verifying : audit-libs-python-2.8.4-4.el7.x86_64 10/11 Verifying : setools-libs-3.3.8-4.el7.x86_64 11/11 Installed: bind.x86_64 32:9.9.4-72.el7 bind-utils.x86_64 32:9.9.4-72.el7 Dependency Installed: audit-libs-python.x86_64 0:2.8.4-4.el7 bind-libs.x86_64 32:9.9.4-72.el7 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7 Complete!3.2安装成功,启动并查看named服务
[root@centos ~]# systemctl start named //启动named服务[root@centos ~]# systemctl status named //查看named服务状态● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2022-11-21 17:17:36 CST; 18s ago Process: 10433 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 10431 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 10435 (named) CGroup: /system.slice/named.service └─10435 /usr/sbin/named -u named -c /etc/named.confNov 21 17:17:36 centos named[10435]: command channel listening on ::1#953Nov 21 17:17:36 centos named[10435]: managed-keys-zone: loaded serial 0Nov 21 17:17:36 centos named[10435]: zone 0.in-addr.arpa/IN: loaded serial 0Nov 21 17:17:36 centos named[10435]: zone localhost/IN: loaded serial 0Nov 21 17:17:36 centos named[10435]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0Nov 21 17:17:36 centos named[10435]: zone localhost.localdomain/IN: loaded serial 0Nov 21 17:17:36 centos named[10435]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...al 0Nov 21 17:17:36 centos named[10435]: all zones loadedNov 21 17:17:36 centos named[10435]: runningNov 21 17:17:36 centos systemd[1]: Started Berkeley Internet Name Domain (DNS).Hint: Some lines were ellipsized, use -l to show in full.[root@centos ~]#四、修改配置文件
4.1进入dns配置文件,进行配置
[root@centos ~]# vim /etc/named.conf只需要修改以下文件里面的两个部分,其余的不要动
options { listen-on port 53 { 192.168.10.129; }; //设置为本地的IP地址 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; //设置为所有人都可以访问4.2配置文件,增加正反向解析
[root@centos ~]# vim /etc/named.rfc1912.zones输入快捷键G,直接跳转的最后一行,并添加正反向解析
43 zone "centos1.com" IN { 44 type master; 45 file "centos.com.zone"; //正向解析文件 46 allow-update { none; }; 47 }; 48 49 zone "10.186.192.in-addr.arpa" IN { 50 type master; 51 file "centos.com.local"; //反向解析文件 52 allow-update { none; }; 53 };正向解析:(1)正向解析zone是centos.com,它是通过centos.com找到对应的主机IP地址
反向解析:(2)对应的zone是本机IP192.168.10.129,前面部分192.168.10要过来写10.182.196,反向解析
4.3拷贝/var/named/目录下named.localhost和named.loopback文件
[root@centos ~]# cd /var/named/[root@centos named]# cp -p named.localhost contos.com.zone[root@centos named]# cp -p named.loopback contos.com.local4.4在拷贝的正反向解析里面添加主机记录
4.4.1正向解析内容
$TTL 1D@ IN SOA @ dns.centos.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS dns.centos.com.www A 192.168.10.129 //A代表的是IPV4的地址dns A 192.168.10.129email A 192.168.10.1294.4.2反向解析内容(照着正向解析反着写)
TTL 1D@ IN SOA @ dns.centos.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum@ NS dns.centos.com.192.168.10.129 PTR dns.centos.com. //PTR是反向解析指针192.168.10.129 PTR www.centos.com.192.168.10.129 PTR email.centos.com.4.4.3名词解释
NS dns.centos.com. 本机的域名dns A 192.168.10.129 dns为centos.com的域名前坠,对应着192.168.10.129www A 192.168.10.129 www为centos.com的域名前坠,对应着192.168.10.129email A 192.168.10.129 email为centos.com的域名前坠,对应着192.168.10.1294.4.4重启服务
[root@centos ~]# systemctl restart named五、在客户端上面进行验证
在客户端输入nslookup+IP地址或者域名访问即可,如果能获取到
服务器和IP地址
名称和IP地址
就行了
以上就是完整配置DNS服务的流程--------------------------------------------