天天看点

[App] DNS 单点安装

os rhel 7.2
server 192.168.1.150
client 192.168.1.152

# yum -y install bind bind-chroot bind-utils caching-nameserver

# rndc-confgen > /etc/rndc.conf

# chgrp named /etc/rndc.conf

# chmod 640 /etc/rndc.conf

# tail -11 /etc/rndc.conf >> /etc/named.conf

# vi /etc/sysconfig/named   # 关闭ipv6

OPTIONS="-4"

# vi /etc/named.conf

options {

        listen-on port 53 { any; };       # 监听主机所有地址 53 端口

        #listen-on-v6 port 53 { ::1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { any; };          # 任何人都可以申请查询请求

      forwarders {

            192.168.1.1;           # 解析不了的丢给这边,上层服务器

      }

        recursion yes;

        dnssec-enable yes;

        dnssec-validation yes;

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";

        session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

        type hint;

        file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

# Use with the following in named.conf, adjusting the allow list as needed:

key "rndc-key" {

        algorithm hmac-md5;

        secret "h1APCmb0iG5Y/dstFk6sRA==";

};

controls {

        inet 127.0.0.1 port 953

                allow { 127.0.0.1; } keys { "rndc-key"; };

};

# vi /etc/named.rfc1912.zones    # 添加zone

zone "wxhp.cn" IN {

        type master;

        file "wxhp.cn.zone";

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "1.168.192.zone";

};

zone "wxjy.cn" IN {

        type master;

        file "wxjy.cn.zone";

};

# cd /var/named/

# cp named.localhost wxhp.cn.zone

# vi wxhp.cn.zone

$TTL 1D

@       IN SOA ns.wxhp.cn. root (

                                        2017101301      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       IN      NS      ns.wxhp.cn.

ns      IN      A       192.168.1.150

# cp named.localhost 1.168.192.zone

# vi 1.168.192.zone

$TTL 1D

@       IN SOA  ns.wxhp.cn. root (

                                        2017101302      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       IN      NS      ns.wxhp.cn.

150     IN      PTR     ns.wxhp.cn.

151     IN      PTR     www.wxjy.cn.

# cp -a wxhp.cn.zone wxjy.cn.zone

# vi wxjy.cn.zone

$TTL 1D

@       IN SOA ns.wxhp.cn. root (

                                        2017101303      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       IN      NS      ns.wxhp.cn.

www     IN      A       192.168.1.151

# chown :named *

# named-checkconf /etc/named.conf          # 测试配置文件有无报错

# named-checkzone 1.168.192 1.168.192.zone

# named-checkzone wxhp.cn wxhp.cn.zone

# named-checkzone wxjy.cn wxjy.cn.zone

#systemctl enable named && systemctl start named

# rndc status   # 可以通过 rndc reload 重新加载配置文件

# 客户端配置:

# vi /etc/resolv.conf

nameserver 192.168.1.150

# nslookup

> 192.168.1.150

Server:         192.168.1.150

Address:        192.168.1.150#53

150.1.168.192.in-addr.arpa      name = ns.wxhp.cn.

> ns.wxhp.cn

Server:         192.168.1.150

Address:        192.168.1.150#53

Name:   ns.wxhp.cn

Address: 192.168.1.150

> 192.168.1.151  

Server:         192.168.1.150

Address:        192.168.1.150#53

151.1.168.192.in-addr.arpa      name = www.wxjy.cn.

> www.wxjy.cn

Server:         192.168.1.150

Address:        192.168.1.150#53

Name:   www.wxjy.cn

Address: 192.168.1.151