RHEL7.0 DNS服务配置
系統版本:
[root@localhostnamed]# uname -a
Linuxmainserver.fengslab.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT2014 x86_64 x86_64 x86_64 GNU/Linux
?
1, resolv.conf
[root@localhostnamed]# cat /etc/resolv.conf
# Generated byNetworkManager
domain fengslab.com
search localdomain
nameserver 192.168.2.2
[root@localhostnamed]#
?
合法的參數及其意義如下:
nameserver 表明DNS服務器的IP地址。可以有很多行的nameserver,每一個帶一個IP地址。在查詢時就按nameserver在本文件中的順序進行,且只有當第一個nameserver沒有反應時才查詢下面的nameserver。?
domain 聲明主機的域名。很多程序用到它,如郵件系統;當為沒有域名的主機進行DNS查詢時,也要用到。如果沒有域名,主機名將被使用,刪除所有在第一個點(.)前面的內容。?
search 它的多個參數指明域名查詢順序。當要查詢沒有域名的主機,主機將在由search聲明的域中分別查找。domain和search不能共存;如果同時存在,后面出現的將會被使用。??
sortlist 允許將得到域名結果進行特定的排序。它的參數為網絡/掩碼對,允許任意的排列順序。?
?
Red Hat中沒有提供缺省的/etc/resolv.conf文件,它的內容是根據在安裝時給出的選項動態創建的。
來自 <http://www.linuxidc.com/Linux/2007-09/7645.htm>
?
2, host.conf
[root@localhostnamed]# cat /etc/host.conf
multi on
關于/etc/host.conf
移步至:http://lxsym.blog.51cto.com/1364623/311989
?
3, 安裝的bind:
?
[root@localhostnamed]# yum install bind-*
Loaded plugins:langpacks, product-id, subscription-manager
This system is notregistered to Red Hat Subscription Management. You can use subscription-managerto register.
ResolvingDependencies
--> Runningtransaction check
---> Packagebind.x86_64 32:9.9.4-14.el7 will be reinstalled
---> Packagebind-chroot.x86_64 32:9.9.4-14.el7 will be reinstalled
---> Packagebind-dyndb-ldap.x86_64 0:3.5-4.el7 will be reinstalled
---> Packagebind-libs.x86_64 32:9.9.4-14.el7 will be reinstalled
---> Packagebind-libs-lite.x86_64 32:9.9.4-14.el7 will be reinstalled
---> Packagebind-license.noarch 32:9.9.4-14.el7 will be reinstalled
---> Packagebind-utils.x86_64 32:9.9.4-14.el7 will be reinstalled
--> FinishedDependency Resolution
?
DependenciesResolved
?
============================================================================================================================================
?Package?????????????????????????????? Arch???????????????????????? Version?????????????????????????????? Repository?????????????????? Size
============================================================================================================================================
Reinstalling:
?bind????????????????????????????????? x86_64?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7?????????????????????? 1.8 M
?bind-chroot?????????????????????????? x86_64?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7??????????????????????? 81 k
?bind-dyndb-ldap?????????????????????? x86_64?????????????????????? 3.5-4.el7???????????????????????????? rhel7??????????????????????? 91 k
?bind-libs???????????????????????????? x86_64?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7?????????????????????? 1.0 M
?bind-libs-lite??????????????????????? x86_64?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7?????????????????????? 709 k
?bind-license????????????????????????? noarch?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7??????????????????????? 79 k
?bind-utils??????????????????????????? x86_64?????????????????????? 32:9.9.4-14.el7?????????????????????? rhel7?????????????????????? 198 k
?
Transaction Summary
============================================================================================================================================
Reinstall? 7 Packages
?
Total download size:3.9 M
Installed size: 9.2M
Is this ok [y/d/N]:y
Downloadingpackages:
--------------------------------------------------------------------------------------------------------------------------------------------
Total???????????????????????????????????????????????????????????????????????????????????????????????????????74 MB/s | 3.9 MB? 00:00:00????
Running transactioncheck
Running transactiontest
Transaction testsucceeded
Running transaction
? Installing :32:bind-license-9.9.4-14.el7.noarch?????????????????????????????????????????????????????????????????????????????????????1/7
? Installing :32:bind-libs-9.9.4-14.el7.x86_64????????????????????????????????????????????????????????????????????????????????????????2/7
? Installing : 32:bind-9.9.4-14.el7.x86_64?????????????????????????????????????????????????????????????????????????????????????????????3/7
? Installing :32:bind-chroot-9.9.4-14.el7.x86_64??????????????????????????????????????????????????????????????????????????????????????4/7
? Installing :bind-dyndb-ldap-3.5-4.el7.x86_64????????????????????????????????????????????????????????????????????????????????????????5/7
? Installing :32:bind-utils-9.9.4-14.el7.x86_64???????????????????????????????????????????????????????????????????????????????????????6/7
? Installing :32:bind-libs-lite-9.9.4-14.el7.x86_64???????????????????????????????????????????????????????????????????????????????????7/7
? Verifying?: 32:bind-9.9.4-14.el7.x86_64?????????????????????????????????????????????????????????????????????????????????????????????1/7
? Verifying?: 32:bind-libs-lite-9.9.4-14.el7.x86_64???????????????????????????????????????????????????????????????????????????????????2/7
? Verifying?: 32:bind-utils-9.9.4-14.el7.x86_64???????????????????????????????????????????????????????????????????????????????????????3/7
? Verifying?: 32:bind-libs-9.9.4-14.el7.x86_64????????????????????????????????????????????????????????????????????????????????????????4/7
? Verifying?: 32:bind-license-9.9.4-14.el7.noarch?????????????????????????????????????????????????????????????????????????????????????5/7
? Verifying?: 32:bind-chroot-9.9.4-14.el7.x86_64??????????????????????????????????????????????????????????????????????????????????????6/7
? Verifying?: bind-dyndb-ldap-3.5-4.el7.x86_64????????????????????????????????????????????????????????????????????????????????????????7/7
?
Installed:
? bind.x86_64 32:9.9.4-14.el7???????????????? bind-chroot.x86_6432:9.9.4-14.el7?????????????bind-dyndb-ldap.x86_64 0:3.5-4.el7??????????
? bind-libs.x86_64 32:9.9.4-14.el7??????????? bind-libs-lite.x86_6432:9.9.4-14.el7??????????bind-license.noarch 32:9.9.4-14.el7?????????
? bind-utils.x86_64 32:9.9.4-14.el7?????????
?
Complete!
?
4,修改named.conf
[root@localhostnamed]#cp /etc/named.conf /etc/named.conf.backup
[root@localhostnamed]# vi /etc/named.conf
[root@localhostnamed]# cat /etc/named.conf
//
// named.conf
//
// Provided by RedHat bind package to configure the ISC BIND named(8) DNS
// server as acaching only nameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
?
options {
listen-on port 53 { any; };
listen-on-v6port 53 { ::1; };
directory????????"/var/named";
dump-file????????"/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query???? { any; };
?
/*
?- If you are building an AUTHORITATIVE DNSserver, do NOT enable recursion.
?- If you are building a RECURSIVE (caching)DNS server, you need to enable
?? recursion.
?- If your recursive DNS server has a public IPaddress, you MUST enable access
?? control to limit queries to your legitimateusers. Failing to do so will
?? cause your server to become part of largescale DNS amplification
?? attacks. Implementing BCP38 within yournetwork would greatly
?? reduce such attack surface
*/
recursionyes;
?
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
?
/*Path to ISC DLV key */
bindkeys-file"/etc/named.iscdlv.key";
?
managed-keys-directory"/var/named/dynamic";
?
pid-file"/run/named/named.pid";
session-keyfile"/run/named/session.key";
};
?
logging {
??????? channel default_debug {
??????????????? file"data/named.run";
??????????????? severity dynamic;
??????? };
};
?
zone "."IN {
typehint;
file"named.ca";
};
?
include"/etc/named.rfc1912.zones";
include"/etc/named.root.key";
?
5, 修改/etc/named.rfc1912.zones
[root@localhostnamed]# cp/etc/named.rfc1912.zones/etc/named.rfc1912.zones.backup
[root@localhostnamed]# vi/etc/named.rfc1912.zones
[root@localhostnamed]# cat /etc/named.rfc1912.zones
//named.rfc1912.zones:
//
// Provided by RedHat caching-nameserver package
//
// ISC BIND namedzone configuration for zones recommended by
// RFC 1912 section4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R WFranks
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
?
zone"localhost.localdomain" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
?
zone"localhost" IN {
typemaster;
file"named.localhost";
allow-update{ none; };
};
?
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
?
zone"1.0.0.127.in-addr.arpa" IN {
typemaster;
file"named.loopback";
allow-update{ none; };
};
?
zone"0.in-addr.arpa" IN {
typemaster;
file"named.empty";
allow-update{ none; };
};
?
zone "fengslab.com" IN {
type master;
file"fengslab.com.forward";
};
?
zone "2.168.192.in-addr.arap" IN{
type master;
file"fengslab.com.reverse";
};
6, 修改具體的zone配置文件
?
[root@localhostnamed]# cp -rf named.localhost fengslab.com.forward
[root@localhost named]# cp -rf named.loopback fengslab.com.reverse
[root@localhost named]# cat fengslab.com.forward
$TTL 1D
@????????INSOA????????@ root.fengslab.com. (
0????????;serial
1D????????;refresh
1H????????;retry
1W????????;expire
3H)????????; minimum
NS????????@
A????????192.168.2.2
esxihost1 A 192.168.2.101
esxihost2 A 192.168.2.102
esxihost3 A 192.168.2.103
[root@localhostnamed]#
[root@localhostnamed]# cat fengslab.com.reverse
$TTL 1D
@????????INSOA????????@ root.fengslab.com. (
0????????;serial
1D????????;refresh
1H????????;retry
1W????????;expire
3H)????????; minimum
NS????????@
A????????192.168.2.2
PTR????????localhost.
101 PTR esxihost1
102 PTR esxihost2
103 PTR esxihost3
[root@localhostnamed]#
?
7,測試:
[root@localhostnamed]# dig -x 192.168.2.201
?
; <<>>DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 192.168.2.201
;; global options:+cmd
;; Got answer:
;;->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57644
;; flags: qr aa rdra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
?
;; OPTPSEUDOSECTION:
; EDNS: version: 0,flags:; udp: 4096
;; QUESTION SECTION:
;201.2.168.192.in-addr.arpa.????????IN????????PTR
?
;; AUTHORITYSECTION:
168.192.in-addr.arpa.????????86400????????IN????????SOA????????168.192.in-addr.arpa.. 0 28800 7200 604800 86400
?
;; Query time: 3msec
;; SERVER:192.168.2.2#53(192.168.2.2)
;; WHEN: Thu Feb 0421:31:05 CST 2016
;; MSG SIZE? rcvd: 90
?
[root@localhostnamed]#
[root@localhostnamed]# nslookup
>esxihost1.fengslab.com
Server:????????????????192.168.2.2
Address:????????192.168.2.2#53
?
Name:????????esxihost1.fengslab.com
Address:192.168.2.101
>esxihost2.fengslab.com
Server:????????????????192.168.2.2
Address:????????192.168.2.2#53
?
Name:????????esxihost2.fengslab.com
Address:192.168.2.102
>esxihost3.fengslab.com
Server:????????????????192.168.2.2
Address:????????192.168.2.2#53
?
Name:????????esxihost3.fengslab.com
Address:192.168.2.103
>
?
?
?
8, 參考注釋(部分內容與本實驗無關,參考用)
?
來自 <http://www.linuxde.net/2011/11/2000.html>
以下是一個整理的主配文件參數解釋(僅供參考)/**/代表注釋:
options { /*OPTIONS選項用來定義一些影響整個DNS服務器的環境,如這里的DI RECTORY用來指定在本文件指定的文件的路徑,如這里的是將其指定到 /var/named 下,在這里你還可以指定端口等等。不指定則端口是53
*/
directory "/var/named";
}; //
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN { //在這個文件中是用zone關鍵字來定義域區的,一個zone關鍵字定義一個域區
type hint;
/*在這里type類型有三種,它們分別是master,slave和hint它們的含義分別是:
master:表示定義的是主域名服務器
slave :表示定義的是輔助域名服務器
hint:表示是互聯網中根域名服務器
*/
file "named.ca"; //用來指定具體存放DNS記錄的文件
};
zone"localhost" IN { //定義一具域名為localhost的正向區域
type master;
file "localhost.zone" ;
allow-update { none; };
};
zone "test.net" IN { //指定一個域名為test.net的正向區域
type master;
file "test.net”
allow-update { none;};
};
zone"0.0.127.in-addr.arpa" IN { //定義一個IP為127.0.0.*的反向域區
type master;
file "named.local";
allow-update { none; };
};
zone "0.192.168.in-addr.arpa" IN { //定義一個IP為168.192.0.*反向域區
type master;
file "168.192.0";
/var/named/test.net文件
@ IN SOA linux.test.net. Webmaster.test.net. (SOA表示授權開始
/*上面的IN表示后面的數據使用的是INTERNET標準。而@則代表相應的域名,如在這里代表test.net,即表示一個域名記錄定義的開始。而linux.test.net則是這個域的主域名服務器,而webmaster.test.net則是管理員的郵件地址。注意這是郵件地址中用.來代替常見的郵件地址中的@.而SOA表示授權的開始
*/
2003012101 ; serial (d. adams)/*本行前面的數字表示配置文件的修改版本,格式是年月日當日修改的修改的次數,每次修改這個配置文件時都應該修改這個數字,要不然你所作的修改不會更新到網上的其它DNS服務器的數據庫上,即你所做的更新很可能對于不以你的所配置的DNS服務器為DNS服務器的客戶端來說就不會反映出你的更新,也就對他們來說你更新是沒有意義的。
*/
28800 ; refresh
/*定義的是以為單位的刷新頻率 即規定從域名服務器多長時間查詢一個主服務器,以保證從服務器的數據是最新的
*/
7200;retry
/*上面的這個值是規定了以秒為單位的重試的時間間隔,即當從服務試圖在主服務器上查詢更時,而連接失敗了,則這個值規定了從服務多長時間后再試
*/
3600000 ;expiry
/*上面這個用來規定從服務器在向主服務更新失敗后多長時間后清除對應的記錄,上述的數值是以分鐘為單位的
*/
8400 )
/*上面這個數據用來規定緩沖服務器不能與主服務聯系上后多長時間清除相應的記
錄
*/
IN NS linux
IN MX 10 linux
linux IN A 168.192.0.14
it-test1 IN A 168.192.0.133
www IN CNAME linux
/*上面的第一列表示是主機的名字,省去了后面的域。
NS:表示是這個主機是一個域名服務器,
A:定義了一條A記錄,即主機名到IP地址的對應記錄
MX 定義了一郵件記錄
CNAME:定義了對應主機的一個別名
/var/named/168.192.0
@ IN SOA linux.test.net. webmastert.linux.net. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS linux.test.net.
/*以上的各關鍵字的含義跟test.net是相同的
14 IN PTR linux.test.net.
133 IN PTRit-test1.test.net.
/*
上面的第一列表示的是主機的IP地址。省略了網絡地址部分。如14完整應該是:
168.192.0.14
PTR:表示反向記錄
最后一列表示的是主機的域名。
轉載于:https://blog.51cto.com/fengslab/1741164
總結
以上是生活随笔為你收集整理的RHEL7.0 DNS服务配置的全部內容,希望文章能夠幫你解決所遇到的問題。
