局域网DNS服务器搭建
局域网DNS服务器搭建
局域网DNS服务器搭建
前言
前面用的记事本写的,发现工作中自己的电脑可能会遇到故障,所以写在这个上面。
一、实验环境
centos 7以后
VMware Workstation
暂时只配DNS主服务器
网关192.168.10.2
DNS主服务器192.168.10.199
待更
二、配置步骤
1.DNS主服务器配置
① 安装bind包
# yum install bind -y
② 修改相关配置文件
#修改/etc/resolv.conf配置文件vim /etc/resolv.conf
#去掉公网DNS服务器IP,例如8.8.8.8
#!!!!!不要重启网络,否则网卡配置文件会加载进来。
#工作中这个情况会遇到,解决方案有好几种,最简单的是修改只读权限。#修改网卡配置文件,例如我的网卡名字是ifcfg-ens33
vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f804a10-4ab9-4225-a9e6-4abd7c55272a"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.10.199
PREFIX=24
GATEWAY=192.168.10.2
#DNS1=8.8.8.8
#DNS2=114.114.114.114
③创建demo.com.zone配置文件
vim /var/named/demo.com.zone$TTL 1D
@ IN SOA demo.com. root.demo.com. (0 ;serial #更新序列号1D ;refresh #更新时间1H ;retry #重试延时1W ;expire #失效时间3H) ;minimum #无效解析记录的缓存时间
@ IN NS ns1.demo.com.IN MX 10 mail.demo.com.
ns1 IN A 192.168.10.199
www IN A 192.168.10.101
vod IN CNAME ftp.demo.com.
news IN CNAME www.demo.com.
~
④ 创建192.168.10.in-addr-arpa配置文件
vim /var/named/192.168.10.in-addr-arpa$TTL 1D
@ IN SOA demo.com. root.demo.com. (0 ;serial1D ;refresh1H ;retry1W ;expire3H) ;minimum
@ IN NS ns1.demo.com.
199 IN PTR ns1
101 IN PTR www.demo.com.
102 IN PTR www.demo.com.
~
⑤创建192.168.10.zone配置文件
vim /var/named/192.168.10.zone$TTL 1D
@ IN SOA demo.com. root.demo.com. (0 ;serial1D ;refresh1H ;retry1W ;expire3H) ;minimum
@ IN NS ns1.demo.com.
199 IN PTR ns1
101 IN PTR www.demo.com.
102 IN PTR www.demo.com.
~
⑥ 修改named.conf配置文件
vim /etc/named.conf //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { any; };forwarders {192.168.10.2; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */
# recursion no;递归解析查询dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};
zone "." IN {type hint;file "named.ca";
};zone "demo.com" IN {type master;file "demo.com.zone";
};
zone "10.168.192.in-addr.arpa" IN {type master;file "192.168.10.zone";};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
⑦ 重启
systemctl restart network
systemctl restart named
二.测试
#开一台新机器,可以互相ping通vim /etc/sysconfig/network-scripts/ifcfg-ens33 #添加DNS=192.168.10.199ping www.demo.com
[root@nginx network-scripts]# ping www.demo.com
PING www.demo.com (192.168.10.101) 56(84) bytes of data.
64 bytes from www.demo.com (192.168.10.101): icmp_seq=1 ttl=64 time=0.531 ms
64 bytes from www.demo.com (192.168.10.101): icmp_seq=2 ttl=64 time=1.13 ms
64 bytes from www.demo.com (192.168.10.101): icmp_seq=3 ttl=64 time=1.02 ms
^C
--- www.demo.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.531/0.898/1.137/0.266 ms
总结
还没写完