现状
管理内部的局域网的机器过多,不想浪费精力在对IP的记忆上,为了更方便的管理和使用,需要搭建一台内部
局域网服务器。准备两台最小化Centos 7 服务器,一台用来搭建dns服务器,一台用来测试dns;一台window 10 用来测试dns,机器IP如下:
- dns 服务器 IP:192.168.122.254
- linux 客户端IP:192.168.0.71
- window 客户端IP:192.168.0.254
实现步骤
- 我们测试的域名:szlz.com
- 使用bind搭建dns服务器
- 防火墙开启53端口访问
- 配置客户端的dsn服务
- 测试dns使用
配置部署服务端
在需要搭建dns服务的centos 7机器上操作
- 安装bind
yum -y install bind bind-chroot bind-utils
# 主要文件目录解析
/etc/named.conf #主配置文件
/etc/named.rfc1912.zones #拓展配置文件
/var/named/ #zone 配置文件目录
- 配置
#需要修改的配置如下:
listen-on port 53 { any; };
vim /etc/named.conf
options {
listen-on port 53 { any; }; #监听0.0.0.0 53端口,ipv4
listen-on-v6 port 53 { ::1; }; #监听0.0.0.0 53端口,ipv6
directory "/var/named"; #zone 目录
dump-file "/var/named/data/cache_dump.db"; #服务器存放数据库文件的路径名
statistics-file "/var/named/data/named_stats.txt"; #
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; #允许查询
recursion yes; #运行迭代
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; #扩展配置文件
include "/etc/named.root.key";
#修改拓展文件
#添加下面信息:
zone "szlz.com" IN {
type master;
file "szlz.com.zone";
};
vim /etc/named.rfc1912.zones
zone "szlz.com" IN {
type master;
file "szlz.com.zone";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
#配置zone
cd /var/name/
#需要-a选项,保留权限,如果named没有权限,无法启动
cp -a named.localhost szlz.com.zone
vim szlz.com.zone
$TTL 1D
@ IN SOA @ dns.szlz.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns
dns A 192.168.122.254
web1 A 192.168.122.8
mail A 192.168.122.2
MX 10 mail.szlz.com.
test1 A 192.168.0.71
#检测
named-checkconf
named-checkzone szlz.com /var/named/szlz.com.zone
#启动bind并开机自启动
systemctl start named
systemctl enable named
开启防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
配置linux客户端
登录dns测试服务器
vim /etc/resolv.conf
nameserver 192.168.122.254
nameserver 114.114.114.114
配置windows客户端
WIN+R 输入ncpa.cpl
网络连接
点击以太网属性
IPV4
输入dns服务器地址
测试
linux
测试1
window
测试2
注意事项
- zone文件的权限,需要是named
-rw-r-----. 1 root named 240 Apr 10 23:09 /var/named/szlz.com.zone
网友评论