redhat7.3 dns服务器配置

2168575

　　1.基本配置
　　systemctl stop firewalld.service
　　systemctl disable firewalld.service
　　setenforce 0
　　nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.10/24 type ethernet ipv4.method manual（内网网卡）
　　nmcli connection add con-name out ifname ens38 ipv4.addresses 192.168.2.10/24 type ethernet ipv4.method manual（外网网卡）
　　2.配置简单dns服务器
　　yum install -y bind bind-utils
　　2.1修改主配置文件
　　vim /etc/named.conf（修改该文件）
   listen-on port 53 { any; };
   allow-query     { any; };
　　       zone "fengxiaoli41.com" IN {
　　        type master;
　　        file "fengxiaoli41.com.lan";
　　        allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
　　        type master;
　　        file "1.168.192.lan";
　　        allow-update {none;};

};


　　2.2编辑正解区域
　　cd /var/named/
　　cp named.localhost fengxiaoli41.com.lan
　　vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
　　2017062900; serial
　　3600; refresh
　　1800; retry
　　604800; expire
　　665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@       IN NS   slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
　　2.3编辑反解区域
　　cp fengxiaoli41.com.lan 1.168.192.lan
　　vim 1.168.192.lan  
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
　　2017062900; serial
　　3600; refresh
　　1800; retry
　　604800; expire
　　665 ); minimum
@IN NSfengxiaoli41.com.
10      IN PTR fengxiaoli41.com.
200     IN PTR client.fengxiaoli.com.
100     IN PTR slave.fengxiaoli.com.
　　chown named:named fengxiaoli41.com.lan
　　chown named:named 1.168.192.lan
　　2.4重启服务并测试
　　systemctl restart named
　　systemctl status named
　　dig fengxiaoli41.com
　　3.配置chroot环境
　　yum install -y bind-chroot
　　/usr/libexec/setup-named-chroot.sh /var/named/chroot/ on
　　systemctl stop named.service
　　systemctl disabled named
　　systemctl enable named-chroot.service
　　systemctl start named-chroot
　　dig fengxiaoli41.com
　　如果dns只为内网提供解析到此可以结束。
　　

　　4.配置分离解析的dns（与2，3步独立）
　　4.1修改主配置文件
　　 vim /etc/named.conf
listen-on port 53 { any; };
allow-query     { any; };
acl in {192.168.1.0/24;};
acl out { ! 192.168.1.0/24; any;};
view "internal"{
match-clients { in; localhost;};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "fengxiaoli41.com" IN {
        type master;
        file "fengxiaoli41.com.lan";
        allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "1.168.192.lan";
        allow-update {none;};

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
注意所有区域都要包含在view里
view "external"{
match-clients {out;};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "fengxiaoli41.com" IN {
        type master;
        file "fengxiaoli41.com.wan";
        allow-update {none;};
};
zone "2.168.192.in-addr.arpa" IN {
        type master;
        file "2.168.192.wan";
        allow-update {none;};

};
};
cd /var/named/chroot/var/named/

4.2编辑内网正解反解区域
vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@       IN NS   slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100


　　
vim 1.168.192.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10      IN PTR fengxiaoli41.com.
200     IN PTR client.fengxiaoli.com.
100     IN PTR slave.fengxiaoli.com.
　　
4.3编辑外围正解反解区域
　　vim fengxiaoli41.com.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.2.10

　　vim 2.168.192.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10IN PTR fengxiaoli41.com.
　　4.4设置权限重启服务
　　chown named:named -R  /var/named/chroot/var/named/*
　　systemctl restart named-chroot
　　5.主从服务器配置（在2或者4的基础上配置）
　　5.1主服务器配置
　　 vim /etc/named.conf
allow-transfer { 192.168.1.0/24;};
　　cd /var/named/chroot/var/named/
　　vim fengxiaoli41.com.lan
@       IN NS   slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
　　
　　vim 1.168.192.lan
100     IN PTR slave.fengxiaoli.com.
　　
　　5.2从服务器配置（注意firewalld和selinux）
　　nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.100/24 type ethernet ipv4.method manual
　　yum install -y bind-utils bind
　　vim /etc/named.conf
　　  listen-on port 53 { any; };
　　  allow-query     { any; };
　　  zone "fengxiaoli41.com" IN {
　　        type slave;
　　        masters { 192.168.1.10; };
　　        file "slaves/fengxiaoli.com.lan";
　　};
　　zone "1.168.192.in-addr.arpa" IN {
　　        type slave;
　　        masters { 192.168.1.10; };
　　        file "slaves/1.168.192.lan";
　　
　　};
　　systemctl restart named
　　ll /var/named/slaves/