• centos7 搭建dns服务器


    1:环境配置:

      服务器:demo1 ip:192.168.75.100

    2:  安装dns

      [root@demo1 ~]# yum install bind bind-chroot bind-utils -y

    bind-9.7.3-8.P3.el6.x86_64.rpm #该包为DNS 服务的主程序包。
    bind-chroot-9.7.3-8.P3.el6.x86_64.rpm # 提高安全性。
    [root@demo1 ~]# ls /etc/named.conf
    /etc/named.conf
    named.conf 是BIND 的核心配置文件,它包含了BIND 的基本配置,但其并不包括区域数据。
    /var/named/ 目录为DNS数据库文件存放目录,每一个域文件都放在这里
    [root@demo1 ~]# less /etc/named.conf
    [root@demo1 ~]# ls /var/named/chroot/
    dev etc run usr var
    启动:
    [root@demo1 ~]# systemctl start named
    [root@demo1 ~]# systemctl enable named

    [root@demo1 etc]# vim /etc/named.conf
    options {
    listen-on port 53 { any; }; #any是修改后的
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes; #默认支持递归查询
    dnssec-lookaside auto; #添加这行,为了安全
    };
    #自定义区域
    zone "demo1.cn" IN {
    type master;
    file "demo1.cn.zone";
    };

    创建区域文件:
    [root@demo1 etc]# cd /var/named/
    [root@demo1 named]# ls
    chroot data dynamic named.ca named.empty named.localhost named.loopback slaves
    [root@demo1 named]# cp -a named.localhost demo1.cn.zone
    [root@demo1 named]# ls
    chroot demo1.cn.zone named.ca named.localhost slaves
    data dynamic named.empty named.loopback
    [root@demo1 named]# vim demo1.cn.zone

    [root@demo1 named]# cat /var/named/demo1.cn.zone

    $TTL 1D
    demo1.cn. IN SOA dns.demo1.cn. root.demo1.cn. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
    demo1.cn. NS dns.demo1.cn.
    dns.demo1.cn. A 192.168.75.100
    www.demo1.cn. A 192.168.75.100
    www1.demo1.cn. CNAME www.demo1.cn.

      [root@demo1 etc]# systemctl restart named #重启

    3:dns主从服务器

      1:主服务器配置:

      生成密钥:

      [root@demo1 named]# cd /var/named/chroot/etc/

      [root@demo1 etc]# dnssec-keygen -a hmac-md5 -b 128 -n HOST abc

    [root@demo1 etc]# ll
    总用量 8
    -rw------- 1 root root 47 1月 28 16:21 Kabc.+157+03280.key
    -rw------- 1 root root 165 1月 28 16:21 Kabc.+157+03280.private
    drwxr-x--- 2 root named 6 4月 13 2018 named
    drwxr-x--- 3 root named 25 1月 28 15:56 pki

    [root@demo1 etc]# cat Kabc.+157+03280.private
    Private-key-format: v1.3
    Algorithm: 157 (HMAC_MD5)
    Key: LefeTThm3O7IaXvg6ii3NQ==
    Bits: AAA=
    Created: 20190128082129
    Publish: 20190128082129
    Activate: 20190128082129

    [root@demo1 etc]# vim /etc/named.conf 

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };

    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    forward only;
    forwarders { 8.8.8.8; };
    bindkeys-file "/etc/named.iscdlv.key";

    }

    key abckey{
    algorithm hmac-md5;
    secret "LefeTThm3O7IaXvg6ii3NQ==";
    };

    zone "demo1.cn" IN {
    type master;
    file "demo1.cn.zone";
    allow-transfer { key abckey; };
    };

      2:从服务器:

      服务器: demo2 ip:192.168.75.101

    [root@demo2 ~]# yum install bind bind-chroot bind-utils -y
    [root@demo2 ~]# vim /etc/named.conf

      

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };

    recursion yes;

    dnssec-enable yes;

    dnssec-validation yes;
    dnssec-lookaside auto;

    }

    key abckey{
    algorithm hmac-md5;
    secret "LefeTThm3O7IaXvg6ii3NQ==";
    };
    zone "demo1.cn" IN {
    type slave;
    file "slaves/demo1.cn.zone";
    masters { 192.168.75.100 key abckey; }; #采用密钥进行同步
    };

    [root@demo2 slaves]# systemctl enable named
    Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
    [root@demo2 slaves]# systemctl start named

    [root@demo2 named]# cat /etc/resolv.conf
    # Generated by NetworkManager
    #search demo.cn
    nameserver 192.168.75.100
    nameserver 192.168.1.1

    [root@demo2 named]# nslookup www.demo1.cn
    Server: 192.168.75.100
    Address: 192.168.75.100#53

    Name: www.demo1.cn
    Address: 192.168.75.100

    [root@demo2 named]# ping www.demo1.cn
    PING www.demo1.cn (192.168.75.100) 56(84) bytes of data.
    64 bytes from demo1.cn (192.168.75.100): icmp_seq=1 ttl=64 time=0.244 ms
    64 bytes from demo1.cn (192.168.75.100): icmp_seq=2 ttl=64 time=0.399 ms

     

    菜鸟的自白
  • 相关阅读:
    spring-boot整合freemarker 出现404
    java rmi的基本使用
    spring的Autowired、Resource、Inject的使用
    RabbitMQ topic 交换器
    RabbitMQ direct交换器
    RabbitMQ java 原生代码
    RabbitMQ基本概念
    消息中间件
    设计模式——模板模式
    设计模式——代理模式
  • 原文地址:https://www.cnblogs.com/lzjloveit/p/10330894.html
Copyright © 2020-2023  润新知