linux6.5dns装什么,1、RHEL6.5下DNS服务器的安装及简单应用(一)
環境介紹:
操作系統:rhel6.5
node1.cn:slave
node2.cn:master
1、軟件包安裝[root@node2?~]#?yum?-y?install?bind
[root@node2?~]#?rpm?-ivh?/mnt/Packages/bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm
[root@node2?~]#?rpm?-ivh?/mnt/Packages/bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rp
2、服務啟動[root@node2?~]#?service?named?restart
DNS服務啟動之后的文件掛載信息[root@node2?~]#?mount
/dev/sda2?on?/?type?ext4?(rw)
proc?on?/proc?type?proc?(rw)
sysfs?on?/sys?type?sysfs?(rw)
devpts?on?/dev/pts?type?devpts?(rw,gid=5,mode=620)
tmpfs?on?/dev/shm?type?tmpfs?(rw)
/dev/sda1?on?/boot?type?ext4?(rw)
/dev/sr0?on?/mnt?type?iso9660?(ro)
none?on?/proc/sys/fs/binfmt_misc?type?binfmt_misc?(rw)
3、本地網卡eth0配置信息DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0c:29:47:1b:4A
IPADDR=192.168.31.102
PREFIX=24
GATEWAY=192.168.31.1
DNS1=192.168.31.102
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System?eth0"
4、服務相關配置文件[root@node2?~]#?ls?/etc/named.conf?????????//主要配置文件
[root@node2?~]#?vim?/var/named/chroot/etc/named.conf
options????為全局配置文件
options?{
listen-on?port?53?{?any;?};
listen-on-v6?port?53?{?any;?};
directory???????"/var/named";
dump-file???????"/var/named/data/cache_dump.db";
statistics-file?"/var/named/data/named_stats.txt";
memstatistics-file?"/var/named/data/named_mem_stats.txt";
allow-query?????{?any;?};
recursion?yes;
dnssec-enable?yes;
dnssec-validation?yes;
dnssec-lookaside?auto;
/*?Path?to?ISC?DLV?key?*/
bindkeys-file?"/etc/named.iscdlv.key";
managed-keys-directory?"/var/named/dynamic";
};
logging?{
channel?default_debug?{
file?"data/named.run";
severity?dynamic;
};
};
zone?"."?IN?{
type?hint;
file?"named.ca";
};
zone?"node2.cn"?IN?{????????//創建區域文件
type?master;
file?"node2.cn.zone";????//區域配置對應文件名
};
include?"/etc/named.rfc1912.zones";
include?"/etc/named.root.key";
創建新的區域文件[root@node2?named]#?cp?-rp?named.localhost?node2.cn.zone????????//保證權限的一致性
[root@node2?named]#?vim?node2.cn.zone
原文件內容
$TTL?1D
@???????IN?SOA??@?rname.invalid.?(????????#SOA授權資源記錄
0???????;?serial
1D??????;?refresh
1H??????;?retry
1W??????;?expire
3H?)????;?minimum
NS??????@
A???????127.0.0.1
AAAA????::1
修改之后配置文件
$TTL?1D????????????????????????緩存時間
@???????IN?SOA??ns.node2.cn.?root.node2.cn?(????????SOA授權資源記錄,每隔zone只能有一條SO?A記錄
0???????;?serial????手動設置
1D??????;?refresh????刷新時間
1H??????;?retry
1W??????;?expire
3H?)????;?minimum
NS??????ns.node2.cn.
ns??????A???????192.168.31.102????????????ns?A資源記錄
www?????A???????192.168.31.102????????????web服務器A資源記錄
mail????A???????192.168.31.101????????????????????????mail郵箱地址
www.zabbix.lexue.cc?????CNAME???jiankong.lexue.cc.????????別名
重啟named服務[root@node2?named]#?/etc/init.d/named?restart
驗證[root@node2?~]#?cat?/etc/resolv.conf
#?Generated?by?NetworkManager
nameserver?192.168.31.102
本地DNS服務基本配置完成
開啟迭代查詢功能使能查詢其他DNS服務器擁有記錄的功能[root@node2?~]#?vim?/var/named/chroot/etc/named.conf
options?{
listen-on?port?53?{?any;?};
listen-on-v6?port?53?{?any;?};
directory???????"/var/named";
dump-file???????"/var/named/data/cache_dump.db";
statistics-file?"/var/named/data/named_stats.txt";
memstatistics-file?"/var/named/data/named_mem_stats.txt";
allow-query?????{?any;?};
recursion?yes;
#dnssec-enable?yes;
#dnssec-validation?yes;
#dnssec-lookaside?auto;????????將其注釋掉即可開啟迭代查詢
forward?only;????????????#配置轉發功能
forwarders?{?114.114.114.114;?};???????#轉發的DNS地址
/*?Path?to?ISC?DLV?key?*/
bindkeys-file?"/etc/named.iscdlv.key";
managed-keys-directory?"/var/named/dynamic";
};
主從配置DNS服務器zone?"node2.cn"?IN?{
type?master;
file?"node2.cn.zone";
allow-transfer{?192.168.31.0/24;};????//區域配置中指定的從DNS服務器網段
};
配置從DNS服務器
[root@node1 ~]# yum -y install bind*
[root@node1 ~]# /etc/init.d/named restart????#啟動服務zone?"node2.cn"?IN?{
type?slave;
file?"slaves/node2.cn.zone.file";
masters?{?192.168.31.102;?};
};
添加主機信息$TTL?1D
@???????IN?SOA??ns.node1.cn.?root.node1.cn?(
0???????;?serial
1D??????;?refresh????默認同步時間
1H??????;?retry
1W??????;?expire
3H?)????;?minimum
NS??????ns.node1.cn.
ns??????A???????192.168.31.101
www?????A???????192.168.31.101
www.node1.cn????CNAME???jiankong.lexue.cc.
DNS主從密鑰認證
1、同步DNS服務器時間[root@node1?~]#?yum?-y?install?ntpdate
[root@node2?~]#?ntpdate?server?0.rhel.pool.ntp.org
[root@node2?~]#?/etc/init.d/ntpd?restart
^C[root@node1?~]#?crontab?-e
no?crontab?for?root?-?using?an?empty?one
0?5?*?*?*?/usr/sbin/ntpdate?192.168.31.102
2、生成密鑰,進行主從認證,在主DNS服務器操作[root@node2?~]#?dnssec-keygen?-a?hmac-md5?-b?128?-n?HOST?xyz
-a????指定加密類型????-b密鑰長度????-n????名字類型????xyz????密鑰[root@node2?~]#?ls
Kxyz.+157+02502.private????私鑰
Kxyz.+157+02502.key????????公鑰
修改主配置文件:dnssec-enable?yes;
dnssec-validation?yes;
dnssec-lookaside?auto;
key?xyzkey?{
algorithm?hmac-md5;
secret?"OWH6FbG9P2Op5CTEqi5muQ==";
zone?"node1.cn"?IN?{
type?master;
file?"node1.cn.zone";
allow-transfer{?key?abckey;};
};
從DNS服務器修改的內容key?xyzkey?{
algorithm?hmac-md5;
secret?"OWH6FbG9P2Op5CTEqi5muQ==";
};zone?"node2.cn"?IN?{
type?slave;
file?"slaves/node2.cn.zone.file";
masters?{?192.168.31.102?key?xyzkey;?};
};
重啟主從服務器驗證是否可通過密鑰對驗證是否成功
測試命令nslookup????????交互解析
dig????????????????可制定使用哪寫DNS服務器進行解析
通過不同DNS服務器對相同域名進行解析對比結果[root@node1?~]#?dig?@192.168.31.102?www.node1.cn
[root@node1?~]#?dig?@114.114.114.114?www.node1.cn
總結
以上是生活随笔為你收集整理的linux6.5dns装什么,1、RHEL6.5下DNS服务器的安装及简单应用(一)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: linux io负载解决方法,看你的li
- 下一篇: linux 其他常用命令