Linux下DNS服务器配置
Linux下DNS服务器配置 简要描述各种DNS服务器的配置方法。包括正向解析DNS服务器、逆向解析DNS服务器、主从DNS服务器。 实验环境整体配置 关闭SElinux setenfore 0 清空防火墙 iptables -F 修改主配置文件 /etc/named.conf #监听本机外网端口 listen-on port 53 { 127.0.0.1;192.168.45.202; }; #不监听ipv6 //listen-on-v6 port 53 { ::1; }; #允许查询 allow-query { any; }; #关闭dnssec dnssec-enable no; dnssec-validation no; 配置正向解析DNS服务器配置 修改zone配置 /etc/named.rfc1912.zones #增加zone文件 zone "easylinux.com" IN { type master; file "easylinux.com.zone"; allow-update { none; }; }; 添加easylinux.com.zone文件至 /var/named $TTL 86400 $ORIGIN easylinux.com. @ IN SOA easylinux.com. nsadmin.easylinux.com. ( 20170528 2H 1M 1W 1D ) IN NS ns1.easylinux.com. IN NS ns2.easylinux.com. IN MX 10 mx.easylinux.com. ns1 IN A 192.168.45.100 ns2 IN A 192.168.45.101 mx IN A 192.168.45.102 www IN A 192.168.45.201 web IN CNAME www 验证解析 ~]# dig easylinux.com. @192.168.45.202 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> easylinux.com. @192.168.45.202 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48423 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;easylinux.com. IN A ;; AUTHORITY SECTION: easylinux.com. 86400 IN SOA easylinux.com. nsadmin.easylinux.com. 20170528 7200 60 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.45.202#53(192.168.45.202) ;; WHEN: Mon May 22 11:49:28 2017 ;; MSG SIZE rcvd: 75 [root@CentOS68every named]# host easylinux.com. @192.168.45.202 host: couldn't get address for '@192.168.45.202': failure [root@CentOS68every named]# host easylinux.com. 192.168.45.202 Using domain server: Name: 192.168.45.202 Address: 192.168.45.202#53 Aliases: easylinux.com mail is handled by 10 mx.easylinux.com. 配置逆向解析DNS 修改zone配置 /etc/named.rfc1912.zones zone "45.168.192.in-addr.arpa" IN { type master; file "192.168.45.zone"; allow-update { none; }; }; 添加192.168.45.zone文件至 /var/named $TTL 86400 $ORIGIN 45.168.192.in-addr.arpa. @ IN SOA ns1.easylinux.com. nsadmin.easylinux.com. ( 20170528 2H 1M 1W 1D ) IN NS ns1.easylinux.com. IN NS ns2.easylinux.com. 192.168.45.100 IN PTR ns1.easylinux.com. 192.168.45.101 IN PTR ns2.easylinux.com. 192.168.45.102 IN PTR mx.easylinux.com. 192.168.45.201 IN PTR www.easylinux.com. 验证解析 ~]# dig -x 192.168.45.201 @192.168.45.202 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 192.168.45.201 @192.168.45.202 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22989 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;201.45.168.192.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 45.168.192.in-addr.arpa. 86400 IN SOA ns1.easylinux.com. nsadmin.easylinux.com. 20170528 7200 60 604800 86400 ;; Query time: 1 msec ;; SERVER: 192.168.45.202#53(192.168.45.202) ;; WHEN: Mon May 22 12:06:51 2017 ;; MSG SIZE rcvd: 106 配置主从服务器 配置解析easylinux.com.的从服务器 增加一个从zone配置 /etc/named.rfc1912.zones zone "easylinux.com" IN { type slave; file "slaves/easylinux.com.zone"; masters { 192.168.45.202; }; }; 查看是否自动生成zone文件 ~]# ls /var/named/slaves/ easylinux.com.zone 验证配置 ~]# dig www.easylinux.com @192.168.45.203 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.easylinux.com @192.168.45.203 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28361 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.easylinux.com. IN A ;; ANSWER SECTION: www.easylinux.com. 86400 IN A 192.168.45.201 ;; AUTHORITY SECTION: easylinux.com. 86400 IN NS ns2.easylinux.com. easylinux.com. 86400 IN NS ns1.easylinux.com. ;; ADDITIONAL SECTION: ns1.easylinux.com. 86400 IN A 192.168.45.100 ns2.easylinux.com. 86400 IN A 192.168.45.101 ;; Query time: 1 msec ;; SERVER: 192.168.45.203#53(192.168.45.203) ;; WHEN: Fri May 26 18:01:36 2017 ;; MSG SIZE rcvd: 119
