操作系统版本:
[[email protected] named]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Linux下设置DNS的位置主要是,
1网卡设置配置文件里面DNS服务器地址设置,
2.系统默认DNS服务器地址设置。
3,hosts文件指定
生效顺序是:
1 hosts文件
2 网卡配置文件DNS服务地址
3 /etc/resolv.conf
安装DNS
yum install bind -y
1 [[email protected] named]# cat /etc/named.conf 2 // 3 // named.conf 4 // 5 // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS 6 // server as a caching only nameserver (as a localhost DNS resolver only). 7 // 8 // See /usr/share/doc/bind*/sample/ for example named configuration files. 9 // 10 11 options { 12 listen-on port 53 { any; }; 13 listen-on-v6 port 53 { ::1; }; 14 directory "/var/named"; 15 dump-file "/var/named/data/cache_dump.db"; 16 statistics-file "/var/named/data/named_stats.txt"; 17 memstatistics-file "/var/named/data/named_mem_stats.txt"; 18 allow-query { any; }; 19 recursion yes; 20 21 dnssec-enable yes; 22 dnssec-validation yes; 23 dnssec-lookaside auto; 24 25 /* Path to ISC DLV key */ 26 bindkeys-file "/etc/named.iscdlv.key"; 27 28 managed-keys-directory "/var/named/dynamic"; 29 }; 30 31 logging { 32 channel default_debug { 33 file "data/named.run"; 34 severity dynamic; 35 }; 36 }; 37 38 zone "." IN { 39 type hint; 40 file "named.ca"; 41 }; 42 43 include "/etc/named.rfc1912.zones"; 44 include "/etc/named.root.key";
1 [[email protected] named]# cat /etc/named.rfc1912.zones 2 // named.rfc1912.zones: 3 // 4 // Provided by Red Hat caching-nameserver package 5 // 6 // ISC BIND named zone configuration for zones recommended by 7 // RFC 1912 section 4.1 : localhost TLDs and address zones 8 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt 9 // (c)2007 R W Franks 10 // 11 // See /usr/share/doc/bind*/sample/ for example named configuration files. 12 // 13 14 zone "localhost.localdomain" IN { 15 type master; 16 file "named.localhost"; 17 allow-update { none; }; 18 }; 19 20 zone "localhost" IN { 21 type master; 22 file "named.localhost"; 23 allow-update { none; }; 24 }; 25 26 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { 27 type master; 28 file "named.loopback"; 29 allow-update { none; }; 30 }; 31 32 zone "1.0.0.127.in-addr.arpa" IN { 33 type master; 34 file "named.loopback"; 35 allow-update { none; }; 36 }; 37 38 zone "0.in-addr.arpa" IN { 39 type master; 40 file "named.empty"; 41 allow-update { none; }; 42 }; 43 44 zone "cbf.com" IN{ 45 type master; 46 file "cbf.com.zone"; 47 }; 48 49 zone "4.168.192.in-addr.arpa" IN { 50 type master; 51 file "4.168.192.zone"; 52 };
1 [[email protected] named]# pwd 2 /var/named 3 [[email protected] named]# cat 4.168.192.zone 4 $TTL 1D 5 @ IN SOA ns.cbf.com. root ( 6 0 ;serial 7 1D ;refresh 8 1H ;retry 9 1w ;expire 10 3H ) ;minimum 11 IN NS ns.cbf.com. 12 92 IN PTR www.cbf.com. 13 14 [[email protected] named]# cat cbf.com.zone 15 $TTL 1D 16 @ IN SOA ns.cbf.com. root ( 17 0 ;serial 18 1D ;refresh 19 1H ;retry 20 1w ;expire 21 3H ) ;minimum 22 NS ns.cbf.com. 23 MX 5 mail.cbf.com. 24 www IN A 192.168.4.92 25 ns IN A 192.168.4.92 26 mail IN A 192.168.4.92 27 smtp IN A 192.168.4.92 28 pop3 IN A 192.168.4.92 29 pop IN A 192.168.4.92
检查防火墙状态
1 [[email protected] named]# service iptables status 2 iptables: Firewall is not running.[[email protected] named]# getenforce Disabled
检查53端口
1 [[email protected] named]# netstat -anlpe | grep named 2 tcp 0 0 192.168.1.70:53 0.0.0.0:* LISTEN 25 1291049098 17887/named 3 tcp 0 0 6.55.4.171:53 0.0.0.0:* LISTEN 25 1291049096 17887/named 4 tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 1291049094 17887/named 5 tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 1291049103 17887/named 6 tcp 0 0 ::1:53 :::* LISTEN 25 1291049100 17887/named 7 tcp 0 0 ::1:953 :::* LISTEN 25 1291049104 17887/named 8 udp 0 0 192.168.1.70:53 0.0.0.0:* 25 1291049097 17887/named 9 udp 0 0 6.55.4.171:53 0.0.0.0:* 25 1291049095 17887/named 10 udp 0 0 127.0.0.1:53 0.0.0.0:* 25 1291049093 17887/named 11 udp 0 0 ::1:53 :::* 25 1291049099 17887/named 12 unix 2 [ ] DGRAM 1291049077 17887/named
启动DNS服务
service named start
==========================
本地测试
1 [[email protected] named]# service iptables status 2 iptables: Firewall is not running. 3 [[email protected] named]# getenforce 4 Disabled 5 [[email protected] named]# nslookup www.cbf.com 6 Server: 127.0.0.1 7 Address: 127.0.0.1#53 8 9 Name: www.cbf.com 10 Address: 192.168.4.92 11 12 [[email protected] named]# nslookup mail.cbf.com 13 Server: 127.0.0.1 14 Address: 127.0.0.1#53 15 16 Name: mail.cbf.com 17 Address: 192.168.4.92 18 19 [[email protected] named]# nslookup smtp.cbf.com 20 Server: 127.0.0.1 21 Address: 127.0.0.1#53 22 23 Name: smtp.cbf.com 24 Address: 192.168.4.92 25 26 [[email protected] named]# nslookup 192.168.4.92 27 Server: 127.0.0.1 28 Address: 127.0.0.1#53 29 30 92.4.168.192.in-addr.arpa name = www.cbf.com.
==========================
客户端测试
1 [[email protected] ~]# cat /etc/resolv.conf 2 nameserver <node IP> 3 [[email protected] ~]# nslookup 192.168.4.92 4 Server: 16.155.14.171 5 Address: 16.155.14.171#53 6 7 92.4.168.192.in-addr.arpa name = www.cbf.com. 8 9 [[email protected] ~]# nslookup www.cbf.com 10 Server: 16.155.14.171 11 Address: 16.155.14.171#53 12 13 Name: www.cbf.com 14 Address: 192.168.4.92
原文地址:https://www.cnblogs.com/coreloving/p/11287874.html
时间: 2024-10-09 00:24:57