构建 DNS
一. 主 DNS 服务部署
1.1 修改网络配置, 主机名
- VIM /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- TYPE=Ethernet
- ONBOOT=yes
- NM_CONTROLLED=no
- BOOTPROTO=static
- IPADDR=192.168.1.30
- NETMASK=255.255.255.0
- DNS1=192.168.1.30
- DNS2=192.168.1.40
- /etc/init.d/network restart
- VIM /etc/sysconfig/network
- NETWORKING=yes
- HOSTNAME=ns1.duanyufei.org
1.2 安装服务, 修改主配置文件
- mount /dev/sr0 /mnt/
- yum -y install bind bind-utils
- VIM /etc/named.conf
- options {
- listen-on port 53 {
- 192.168.1.30;
- };
- directory "/var/named";
- allow-query {
- localhost;
- };
- dnssec-enable no;
- dnssec-validation no;
- zone "duanyufei.org" IN {
- type master;
- file "duanyufei.org.zone";
- allow-transfer {
- 192.168.1.40;
- };
- };
- zone "1.168.192.in-addr.arpa" IN {
- type master;
- file "192.168.1.arpa";
- allow-transfer {
- 192.168.1.40;
- };
- };
1.3 配置区域正向解析文件
- cp /var/named/named.empty /var/named/duanyufei.org.zone
- VIM /var/named/duanyufei.org.zone
- $TTL 86400
- @ IN SOA duanyufei.org. admin.duanyufei.org.(管理员邮箱) (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
- IN NS ns1.duanyufei.org. // 主 DNS 和从 DNS 服务器的主机名
IN NS ns2.duanyufei.org.
- ns1 IN A 192.168.1.30 //DNS 服务器对应的 IP 地址
- ns2 IN A 192.168.1.40
- www IN A 192.168.1.100 //www.duanyufei.org 对应的 IP
- ftp IN CNAME www
1.4 配置区域反向解析文件
- cp /var/named/duanyufei.org.zone /var/named/192.168.1.arpa
- $TTL 86400
- @ IN SOA duanyufei.org. admin.duanyufei.org.(管理员邮箱) (
- 0 ; serial
- 1D ; refresh
- 1H ; retry
- 1W ; expire
- 3H ) ; minimum
IN NS ns1.duanyufei.org.
IN NS ns2.duanyufei.org.
10 IN PTR ns1.duanyufei.org.
20 IN PTR ns2.duanyufei.org.
100 IN PTR www.duanyufei.org.
ftp IN CNAME www
1.5 更改区域配置文件的属主属组
chown named:named /var/named/192.168.1.arpa /var/named/duanyufei.org.zone
1.6 开启服务, 并设置开机自启
/etc/init.d/named start && chkconfig --level 35 named on
二.从 DNS 服务部署
2.1 修改网络配置
- VIM /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- TYPE=Ethernet
- ONBOOT=yes
- NM_CONTROLLED=no
- BOOTPROTO=static
- IPADDR=192.168.1.40
- NETMASK=255.255.255.0
- DNS1=192.168.1.40
- DNS2=192.168.1.30
- /etc/init.d/network restart
- VIM /etc/sysconfig/network
- NETWORKING=yes
- HOSTNAME=ns2.duanyufei.org
2.2 安装 bind 软件包
yum -y install bind bind-utils
2.3 编辑主配置文件
- scp root@192.168.1.30:/etc/named.conf /etc/
- VIM /etc/named.conf
- options {
- listen-on port 53 {
- 192.168.1.40;
- };
- directory "/var/named";
- zone "duanyufei.org" IN {
- type slave;
- file "slaves/duanyufei.org.zone";
- masters {
- 192.168.1.30;
- };
- };
- zone "1.168.192.in-addr.arpa" IN {
- type slave;
- file "slaves/192.168.1.arpa";
- masters {
- 192.168.1.30;
- };
- };
2.4 启动 named 服务并设置为开机自启
/etc/init.d/named start && chkconfig --level 35 named on
2.5 验证是否有拷贝的文件
ll /var/named/slaves/
客户端验证配置
一块网卡 vmnet1, 首选 DNS 192.168.1.30, 备用 DNS 192.168.1.40
cmd --> nslookup duanyufei.org
三.缓存 DNS 服务部署
3.1 构建网络
两块网卡, 第一块网卡为桥接, 第二块 vmnet1
- cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1
- VIM /etc/sysconfig/network-scripts/ifcfg-eth0
- DEVICE=eth0
- TYPE=Ethernet
- ONBOOT=yes
- NM_CONTROLLED=no
- BOOTPROTO=dhcp
- VIM /etc/sysconfig/network-scripts/ifcfg-eth1
- DEVICE=eth1
- TYPE=Ethernet
- ONBOOT=yes
- NM_CONTROLLED=no
- BOOTPROTO=static
- IPADDR=192.168.1.254
- NETMASK=255.255.255.0
- /etc/init.d/network restart
- VIM /etc/sysctl.conf
- 7.NET.ipv4.ip_forward = 1 (开启路由转发)
- sysctl -p
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.20.186(换为桥接获取的 IP // 允许 192.168.1.0 上网) 编辑 iptables 防护墙规则
3.2 安装 DNS 服务
- mount /dev/sr0 /mnt/
- yum -y install bind bind-utils
3.3 修改主配置文件
- cp /etc/named.conf /etc/named.conf.bak
- VIM /etc/named.conf
- options {
- listen-on port 53 {
- 192.168.1.254;
- };
- directory "/var/named";
- allow-query {
- any;
- };
- forwarders {
- 114.114.114.114;8.8.8.8;
- };
- dnssec-enable no;
- dnssec-validation no;
- zone "." IN {
- type hint;
- file "named.ca";
- /etc/init.d/named start && chkconfig --level 35 named on
3.4 客户端配置, 测试
一块网卡 vmnet1, 网关 192.168.1.254, 首选 DNS 192.168.1.254
来源: http://www.bubuko.com/infodetail-2802674.html