Linux_配置辅助DNS服务(基础)
【RHEL8】—DNSserver1;【RHEL7】—DNSserver2;【Centos7】—DNSclient
!!!测试环境我们首关闭防火墙和selinux(DNSserver1、DNSserver2、DNSclient都需要)
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@localhost ~]# setenforce 0
前言— https://www.cnblogs.com/520qiangge/p/13395138.html 点这个链接查看
一、在DNSserver1和DNSserver2上安装DNS服务
1、安装DNS服务
//DNSserver1 [root@DNSserver1 ~]# yum install -y bind [root@DNSserver1 ~]# systemctl start named [root@DNSserver1 ~]# systemctl enable named Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service. //DNSserver2 [root@dnsserver2 ~]# yum install -y bind [root@dnsserver2 ~]# systemctl start named [root@dnsserver2 ~]# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
2、查看IP
//DNSserver1
[root@DNSserver1 ~]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.140 netmask 255.0.0.0 broadcast 10.255.255.255
inet6 fe80::fa13:32e0:3b9f:2196 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:6a:1b txqueuelen 1000 (Ethernet)
RX packets 1848 bytes 164945 (161.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1399 bytes 195583 (190.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 596 bytes 50400 (49.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 596 bytes 50400 (49.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//DNSserver2
[root@dnsserver2 ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.150 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::e220:bff8:e997:50c4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:4d:83 txqueuelen 1000 (Ethernet)
RX packets 1786 bytes 137533 (134.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1638 bytes 355972 (347.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 68 bytes 5772 (5.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5772 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
二、编辑配置文件
1、在/etc/named.conf文件里面修改全局配置信息(DNSserver1和DNSserver2都需要修改)
//DNSserver1
[root@DNSserver1 ~]# vim /etc/named.conf
.........
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
.........
//DNSserver2
[root@dnsserver2 ~]# vim /etc/named.conf
.........
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
.........
2、在DNSserver1上配置:在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域
[root@DNSserver1 ~]# arpaname 10.0.0.140
[root@DNSserver1 ~]# vim /etc/named.rfc1912.zones
.........
zone "test.com" IN {
type master;
file "test.zone";
allow-transfer { 10.0.0.150; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "10.0.0.arpa";
allow-transfer { 10.0.0.150; };
};
//在文件的最后添加
3、在DNSserver2上配置:在/etc/named.rfc1912.zones子配置文件里面添加正向和反向的解析区域
[root@dnsserver2 ~]# arpaname 10.0.0.150
150.0.0.10.IN-ADDR.ARPA
[root@dnsserver2 ~]# vim /etc/named.rfc1912.zones
..........
zone "test.com" IN {
type slave;
masters { 10.0.0.140; };
file "slaves/test.zone";
};
zone "0.0.10.in-addr.arpa" IN {
type slave;
masters { 10.0.0.140; };
file "slaves/10.0.0.arpa";
};
//在文件的最后添加
4、在DNSserver1上配置:复制生成正向和反向区域解析数据库文件
[root@DNSserver1 ~]# cd /var/named/ [root@DNSserver1 named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [root@DNSserver1 named]# cp -a named.localhost test.zone [root@DNSserver1 named]# cp -a named.loopback 10.0.0.arpa
5、在DNSserver1上配置:编辑正向区域解析数据库文件
[root@DNSserver1 named]# vim test.zone
$TTL 1D
@ IN SOA test.com. root.test.com. (
2020031601 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.test.com.
A 127.0.0.1
AAAA ::1
ns1 A 10.0.0.140
ns2 A 10.0.0.150
www A 10.0.0.1
aaa A 10.0.0.2
bbb A 10.0.0.3
ccc A 10.0.0.4
ddd A 10.0.0.5
6、在DNSserver1上配置:编辑反向区域解析数据库文件
[root@DNSserver1 named]# vim 10.0.0.arpa
$TTL 1D
@ IN SOA test.com root.test.com. (
2020031601 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.test.com.
NS ns2.tst.com.
A 127.0.0.1
AAAA ::1
PTR localhost.
ns1 A 10.0.0.140
ns2 A 10.0.0.150
1 PTR www
2 PTR aaa
3 PTR bbb
4 PTR ccc.test.com
5 PTR ddd.test.com
7、在DNSserver1、DNSserver2上配置:配置文件语法检测
//DNSserver1 [root@DNSserver1 ~]# named-checkconf /etc/named.conf [root@DNSserver1 ~]# named-checkconf /etc/named.rfc1912.zones //DNSserver2 [root@dnsserver2 ~]# named-checkconf /etc/named.conf [root@dnsserver2 ~]# named-checkconf /etc/named.rfc1912.zones
8、在DNSserver1上配置:正向和反向区域解析测试
[root@DNSserver1 ~]# named-checkzone test.com /var/named/test.zone zone test.com/IN: loaded serial 2020031601 OK [root@DNSserver1 ~]# named-checkzone test.com /var/named/10.0.0.arpa zone test.com/IN: loaded serial 2020031601 OK
9、重启DNS服务,查看端口(DNSserver1和DNSserver2都需要)
//DNSserver1 [root@DNSserver1 ~]# systemctl restart named [root@DNSserver1 ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.0.142:53 0.0.0.0:* LISTEN 27491/named tcp 0 0 10.0.0.140:53 0.0.0.0:* LISTEN 27491/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 27491/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1101/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 27491/named tcp6 0 0 :::53 :::* LISTEN 27491/named tcp6 0 0 :::22 :::* LISTEN 1101/sshd tcp6 0 0 ::1:953 :::* LISTEN 27491/named udp 0 0 10.0.0.142:53 0.0.0.0:* 27491/named udp 0 0 10.0.0.140:53 0.0.0.0:* 27491/named udp 0 0 127.0.0.1:53 0.0.0.0:* 27491/named udp 0 0 0.0.0.0:68 0.0.0.0:* 1611/dhclient udp 0 0 0.0.0.0:50590 0.0.0.0:* 27491/named udp6 0 0 :::53 :::* 27491/named //DNSserver2 [root@dnsserver2 ~]# systemctl restart named [root@dnsserver2 ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.0.0.150:53 0.0.0.0:* LISTEN 2118/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2118/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1049/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2118/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1296/master tcp6 0 0 :::53 :::* LISTEN 2118/named tcp6 0 0 :::22 :::* LISTEN 1049/sshd tcp6 0 0 ::1:953 :::* LISTEN 2118/named tcp6 0 0 ::1:25 :::* LISTEN 1296/master udp 0 0 10.0.0.150:53 0.0.0.0:* 2118/named udp 0 0 127.0.0.1:53 0.0.0.0:* 2118/named udp 0 0 0.0.0.0:68 0.0.0.0:* 1455/dhclient udp 0 0 0.0.0.0:21652 0.0.0.0:* 1455/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 767/chronyd udp 0 0 0.0.0.0:2421 0.0.0.0:* 2118/named udp6 0 0 :::61980 :::* 1455/dhclient udp6 0 0 :::53 :::* 2118/named udp6 0 0 ::1:323 :::* 767/chronyd
10、在DNSserver2上检查是否获取正向和反向区域解析数据库文件
[root@dnsserver2 ~]# ll /var/named/slaves/ 总用量 8 -rw-r--r--. 1 named named 834 7月 30 09:52 10.0.0.arpa -rw-r--r--. 1 named named 527 7月 30 09:52 test.zone
到这里DNS服务端搭建完成
三、DNS客户端测试
1、查看客户端主机的IP
[root@dnsclient ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.129 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::fe04:212a:5e53:cec4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b3:89:a5 txqueuelen 1000 (Ethernet)
RX packets 22880 bytes 29553230 (28.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4707 bytes 583379 (569.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 148 bytes 12796 (12.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 148 bytes 12796 (12.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2、测试是否能与服务器端互通
[root@dnsclient ~]# ping -c 3 10.0.0.140 PING 10.0.0.140 (10.0.0.140) 56(84) bytes of data. 64 bytes from 10.0.0.140: icmp_seq=1 ttl=64 time=2.15 ms 64 bytes from 10.0.0.140: icmp_seq=2 ttl=64 time=0.403 ms 64 bytes from 10.0.0.140: icmp_seq=3 ttl=64 time=0.424 ms --- 10.0.0.140 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 0.403/0.993/2.153/0.820 ms
3、安装bind-utils包
[root@dnsclient ~]# yum install -y bind-utils [root@dnsclient ~]# rpm -qa bind-utils bind-utils-9.11.4-16.P2.el7_8.6.x86_64
4、在客户端 /etc/resolv.conf 加入服务端的DNS
[root@dnsclient ~]# vim /etc/resolv.conf [root@dnsclient ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.0.0.140 nameserver 10.0.0.150 nameserver 8.8.8.8
5、测试
[root@dnsclient ~]# nslookup www.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: www.test.com Address: 10.0.0.1 [root@dnsclient ~]# nslookup 10.0.0.1 1.0.0.10.in-addr.arpa name = www.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup aaa.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: aaa.test.com Address: 10.0.0.2 [root@dnsclient ~]# nslookup 10.0.0.2 2.0.0.10.in-addr.arpa name = aaa.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup bbb.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: bbb.test.com Address: 10.0.0.3 [root@dnsclient ~]# nslookup 10.0.0.3 3.0.0.10.in-addr.arpa name = bbb.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ccc.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ccc.test.com Address: 10.0.0.4 [root@dnsclient ~]# nslookup 10.0.0.4 4.0.0.10.in-addr.arpa name = ccc.test.com.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup ddd.test.com Server: 10.0.0.140 Address: 10.0.0.140#53 Name: ddd.test.com Address: 10.0.0.5 [root@dnsclient ~]# nslookup 10.0.0.5 5.0.0.10.in-addr.arpa name = ddd.test.com.0.0.10.in-addr.arpa. [root@dnsclient ~]# nslookup > server 10.0.0.13 Default server: 10.0.0.13 Address: 10.0.0.13#53 > set q=mx > test.com
