部署dns服务
前言
目前只是部署了单点的DNS后期会更新集群的类型
安装yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &&
yum -y install epel-release
设置防火墙iptables
iptables -A INPUT -p icmp -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -j ACCEPT
/sbin/service iptables save 安装必要的工具
yum -y install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utilsDNS服务初始化
安装bind9
yum -y install bind主配置文件的修改/etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders {
172.16.111.1;
172.16.103.1;
219.141.140.10;
223.5.5.5; //阿里云的DNS服务器
223.6.6.6;
8.8.8.8;
8.8.4.4;
};
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
检查配置是否报错
[root@localhost ~]# named-checkconf
[root@localhost ~]#
区域配置文件/etc/named.rfc1912.zones
添加配置
zone "host.com" IN {
type master;
file "host.com.zone";
allow-update { 172.16.111.106; };
};
zone "92fuge.com" IN {
type master;
file "92fuge.com.zone";
allow-update { 172.16.111.106; };
};
zone "111.16.172.in-addr.arpa" IN {
type master;
file "111.16.172.zone";
};
配置主机域数据文件/var/named/host.com.zone
$ORIGIN host.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.host.com. dnsadmin.host.com. (
2021102610 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.host.com.
$TTL 60 ; 1 minute
dns A 172.16.111.106
harbor A 172.16.111.105
配置业务解析
(1)正向解析
cat >> /var/named/92fuge.com.zone <<EOF
$ORIGIN 92fuge.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.92fuge.com. dnsadmin.92fuge.com. (
2020081801 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.92fuge.com.
$TTL 60 ; 1 minute
dns A 172.16.111.106
harbor A 172.16.111.105
EOF(2)反向解析
cat >> /var/named/92fuge.com.zone <<EOF
$TTL 1D
@ IN SOA dns1.hichina.com. dns2.hichina.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dyrs.com.cn.
IN NS dns1.hichina.com.
IN NS dns2.hichina.com.
105 IN PTR harbor.92fuge.com.
EOF检测配置
[root@localhost ~]# named-checkconf
[root@localhost ~]#启动bind服务
named-checkconf
systemctl start named
netstat -antup |grep named![图片[1]-CentOS上部署DNS服务器-我的运维技术站](https://cdn.92fuge.com/92fuge.com//2024/02/801ab-e50ed-93fd8-20220412142224image746.png)
检查解析
[root@localhost named]# dig -t A harbor.host.com @172.16.111.106 +short
172.16.111.105
修改一下主机名称
[root@localhost named]# hostnamectl set-hostname 92fugedns
[root@localhost named]# bash客户端配置dns 解析
[root@harbor harbor]# cat /etc/resolv.conf
# Generated by NetworkManager
search host.com
nameserver 172.16.111.106
nameserver 219.141.140.10
感谢您的来访,获取更多精彩文章请收藏本站。
© 版权声明
THE END
暂无评论内容