Linux-BIND域名系统的配置(redhat)
<h2 id="bind域名系统的配置">BIND域名系统的配置</h2><h3 id="一实验目的">一、实验目的</h3>
<ol>
<li>学习如何安装BIND服务程序</li>
<li>熟悉使用BIND服务器的配置,了解相关参数</li>
</ol>
<h3 id="二实验内容">二、实验内容</h3>
<ul>
<li>配置yum本地源,安装BIND</li>
<li>安装BIND服务程序</li>
<li>配置BIND服务程序,了解配置语句和选项</li>
<li>配置BIND的泛域名解析</li>
</ul>
<h2 id="实验步骤">实验步骤</h2>
<h3 id="一配置服务器地址">一、配置服务器地址</h3>
<pre><code># cd /etc/sysconfig/network-scripts/
!
# cp -a ifcfg-eno16777728 ifcfg-eno16777728_bak #小习惯:建议配置前先备份配置文件
!
# vim ifcfg-eno16777728
</code></pre>
<h4 id="网卡配置文件">网卡配置文件:</h4>
<pre><code>HWADDR=HH:HH:HH:HH:HH:HH
TYPE=Ethernet
BOOTPROTO=static #配置地址获取方式为静态
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=a03cc821-e5c7-4b05-922f-add0975190d4
ONBOOT=yes #指明在系统启动时是否激活网卡
IPADDR=192.168.102.1 #配置IP地址
PREFIX=24 或 netmask=255.255.255.0#配置掩码为24为
GATEWAY=192.168.102.2 #配置默认网关
DNS0=192.168.102.1 #配置DNS服务器地址
</code></pre>
<h3 id="二配置本地yum源">二、配置本地yum源</h3>
<pre><code># mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only
# cd /etc/yum.repos.d/
# ls #建议编写本地yum源文件前,避免yum.repos.d/内有其他.repo文件避免冲突
# vim dvd.repo
</code></pre>
<h4 id="本地yum源文件">本地yum源文件:</h4>
<pre><code>
name=dvd
baseurl=file:///mnt
enabled=1
gpgcheck=0
</code></pre>
<h3 id="三安装bind服务程序">三、安装BIND服务程序</h3>
<pre><code># yum clean all
# yum install bind-chroot -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repository 'dvd' is missing name in configuration, using id
dvd | 4.1 kB00:00:00
(1/2): dvd/group_gz | 134 kB00:00:00
(2/2): dvd/primary_db | 3.4 MB00:00:00
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.x86_64 32:9.9.4-14.el7 will be installed
--> Processing Dependency: bind = 32:9.9.4-14.el7 for package: 32:bind-chroot-9.9.4-14.el7.x86_64
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-14.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================================================================
Installing:
bind-chroot x86_64 32:9.9.4-14.el7 dvd 81 k
Installing for dependencies:
bind x86_64 32:9.9.4-14.el7 dvd 1.8 M
Transaction Summary
======================================================================================================================================================================================================================
Install1 Package (+1 Dependent package)
………………中间省略部分信息………………
Dependency Installed:
bind.x86_64 32:9.9.4-14.el7
Complete!
</code></pre>
<blockquote>
<p>由于DNS域名解析作为互联网基础设施的重中之重,<strong>建议在生产环境安装部署bind时安装chroot(牢笼机制)</strong>,以便有效的限制bind服务程序仅对自身的配置文件操作,保证服务器的安全</p>
</blockquote>
<h3 id="四配置主配置文件etcnamedconf">四、配置主配置文件(/etc/named.conf)</h3>
<pre><code> 1 //
2 // named.conf
3 //
4 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
5 // server as a caching only nameserver (as a localhost DNS resolver only).
6 //
7 // See /usr/share/doc/bind*/sample/ for example named configuration files.
8 //
9
10 options {
11 listen-on port 53 { 127.0.0.1; }; ----> listen-on port 53 { any; };
12 listen-on-v6 port 53 { ::1; };
13 directory "/var/named";
14 dump-file "/var/named/data/cache_dump.db";
15 statistics-file "/var/named/data/named_stats.txt";
16 memstatistics-file "/var/named/data/named_mem_stats.txt";
17 listen-on port 53 { 127.0.0.1; }; ----> allow-query { any; };
</code></pre>
<h3 id="options语句">Options语句:</h3>
<table>
<thead>
<tr>
<th>语句</th>
<th>作用</th>
</tr>
</thead>
<tbody>
<tr>
<td>ACL</td>
<td>定义一个访问控制列表</td>
</tr>
<tr>
<td>Directoy</td>
<td>指定服务器的工作目录</td>
</tr>
<tr>
<td>view</td>
<td>view语句定义了视图功能。允许DNS服务器根据客户端的不同有区别地回答DNS查询</td>
</tr>
<tr>
<td>zone</td>
<td>定义一个区域,定义义了DNS服务器所管理的区,也就是哪一些域的域名是授权给该DNS服务器回答的</td>
</tr>
</tbody>
</table>
<h3 id="五配置区域配置文件etcnamedrfc1912zones">五、配置区域配置文件(/etc/named.rfc1912.zones)</h3>
<blockquote>
<p>此文件默认已有一些无关紧要的解析参数,用作参考,可以将新的参数配置到最下方,也可以将原有的信息清空,保留自己的域名解析信息</p>
</blockquote>
<pre><code>zone "ceshi.com" IN {
type master; #配置域名服务器类型,hint(根区域)、master(主区域)slave(辅助区域)、forward(转发)
file "ceshi.com.zone";#指定对应的区域文件
allow-update { none; }; #允许客户机动态更新解析信息
};
zone "102.168.192.in-addr.arpa" IN {
type master;
file "192.168.102.arpa";
allow-update { none; };
};
</code></pre>
<blockquote>
<p>配置完后,可以执行named-checkconf检查主配置文件中的语法和参数错误。</p>
</blockquote>
<h3 id="六配置区域数据文件etcnamed">六、配置区域数据文件(/etc/named)</h3>
<pre><code># cp -a named.localhost ceshi.com.zone
# cp -a named.loopback 192.168.102.arpa
</code></pre>
<blockquote>
<p>可以复制已有的模板文件,填写相应的域名信息</p>
</blockquote>
<h5 id="正向解析文件">正向解析文件:</h5>
<pre><code># vi ceshi.com.zone
$TTL 1D #DNS区域的地址 #域名管理员的邮箱(不要用@符号)
@ IN SOAceshi.com. root.ceshi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.ceshi.com.
ns IN A 192.168.102.10
www IN A 192.168.102.10
* IN A 192.168.102.10 #"*"代表泛指"ceshi.com"前所有主机和子域名都解析到此IP地址
</code></pre>
<blockquote>
<p>区域数据文件使用";"分号符号注释</p>
</blockquote>
<h5 id="反向解析文件">反向解析文件:</h5>
<pre><code># vi 192.168.102.arpa
$TTL 1D
@ IN SOAceshi.com. root.ceshi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.ceshi.com.
ns A 192.168.102.10
10 PTR ns.ceshi.com.
10 PTR www.ceshi.com.
</code></pre>
<h3 id="资源记录">资源记录:</h3>
<table>
<thead>
<tr>
<th>资源记录</th>
<th>作用和说明</th>
</tr>
</thead>
<tbody>
<tr>
<td>SOA</td>
<td>定义了该区域中哪个域名服务器时权威服务器</td>
</tr>
<tr>
<td>NS</td>
<td>表示是该区域的域名服务器(包含SOA中指定的该区域的主域名服务器和辅助域名服务器)</td>
</tr>
<tr>
<td>A</td>
<td>列出区域中域名到IP地址映射</td>
</tr>
<tr>
<td>PTR</td>
<td>将IP地址映射到域名</td>
</tr>
<tr>
<td>MX</td>
<td>邮件交换器记录</td>
</tr>
<tr>
<td>CNAME</td>
<td>基于A记录的主机,作出一个别名记录</td>
</tr>
</tbody>
</table>
<h3 id="七测试bind服务">七、测试BIND服务</h3>
<pre><code># nslookup
> 192.168.102.10
Server: 127.0.0.1
Address: 127.0.0.1#53
10.102.168.192.in-addr.arpa name = ns.ceshi.com.
10.102.168.192.in-addr.arpa name = www.ceshi.com.
> ns.ceshi.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ns.ceshi.com
Address: 192.168.102.10
> www.ceshi.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.ceshi.com
Address: 192.168.102.10
> dns.ceshi.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: dns.ceshi.com
Address: 192.168.102.10
>
</code></pre>
<h3 id="相关参考链接">相关参考链接:</h3>
<p> :https://www.linuxprobe.com/basic-learning-13.html</p>
<p> :http://www.hangdaowangluo.com/archives/tag/dns</p><br><br>
来源:https://www.cnblogs.com/wm-plengong/p/16187462.html
頁:
[1]