1、centos7安装dnsserver傻瓜操作指南第一步:安装bind-chrootrootlocalhost named# yum install y bind bind-chroot bind-utils 效果如下rootlocalhost # yum install y bind bind-chroot bind-utilsLoaded plugins: fastestmirror, langpacksRepodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fastbase | kB 00:00:00 ex
2、tras | kB 00:00:00 updates | kB 00:00:00 (1/2): extras/7/x86_64/primary_db | 117 kB 00:00:00 (2/2): updates/7/x86_64/primary_db | MB 00:00:01 Determining fastest mirrors * base: * extras: * updates: Dependencies- Running transaction check- Package 32: will be installed- Processing Dependency: bind-l
3、ibs = 32: for package: 32: Package 32: will be installed- Package 32: will be updated- Package 32: will be an update- Running transaction check- Package 32: will be updated- Package 32: will be an update- Processing Dependency: bind-license = 32: for package: 32: Running transaction check- Package 3
4、2: will be updated- Processing Dependency: bind-license = 32: for package: 32: Package 32: will be an update- Running transaction check- Package 32: will be updated- Package 32: will be an update- Finished Dependency ResolutionDependencies Resolved= Package Arch Version Repository Size=Installing: b
5、ind x86_64 32: updates M bind-chroot x86_64 32: updates 82 kUpdating: bind-utils x86_64 32: updates 199 kUpdating for dependencies: bind-libs x86_64 32: updates M bind-libs-lite x86_64 32: updates 713 k bind-license noarch 32: updates 80 kTransaction Summary=Install 2 PackagesUpgrade 1 Package (+3 D
6、ependent packages)Total download size: MIs this ok y/d/N: yDownloading packages:updates/7/x86_64/prestodelta | 297 kB 00:00:05 Delta RPMs reduced M of updates to 307 k (82% saved)(1/6): | 139 kB 00:00:00 (2/6): | 168 kB 00:00:00 warning: /var/cache/yum/x86_64/7/updates/packages/ Header V3 RSA/SHA256
7、 Signature, key ID f4a80eb5: NOKEYPublic key for is not installed(3/6): | 82 kB 00:00:00 (4/6): | 80 kB 00:00:00 (5/6): | 199 kB 00:00:00 (6/6): | MB 00:00:00 Finishing delta rebuilds of 2 package(s) M)-Total MB/s | MB 00:00:01 Retrieving key from GPG key 0xF4A80EB5: Userid : CentOS-7 Key (CentOS 7
8、Official Signing Key) Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : (anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7Is this ok y/N: yRunning transaction checkRunning transaction testTransaction test succeededRunning transaction Updating : 32: 1/10 Updating : 32: 2/1
9、0 Installing : 32: 3/10 Installing : 32: 4/10 Updating : 32: 5/10 Updating : 32: 6/10 Cleanup : 32: 7/10 Cleanup : 32: 8/10 Cleanup : 32: 9/10 Cleanup : 32: 10/10 Verifying : 32: 1/10 Verifying : 32: 2/10 Verifying : 32: 3/10 Verifying : 32: 4/10 Verifying : 32: 5/10 Verifying : 32: 6/10 Verifying :
10、 32: 7/10 Verifying : 32: 8/10 Verifying : 32: 9/10 Verifying : 32: 10/10 Installed: 32: 32: Updated: 32: Dependency Updated: 32: 32: 32: Complete!第二步:修改 文件 配置文件是 /etc/ 文件。【不是 /var/named/chroot/var/named/ 文件。】 - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If
11、 your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surfa
12、ce */recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file /etc/;managed-keys-directory /var/named/dynamic;pid-file /run/named/;session-keyfile /run/named/;logging channel default_debug file data/; severity dynamic; ;zone . IN type hint;fi
13、le ;zone INtype master;file ;zone IN type master;file ; 这部分为我实验的时候增加的内容。 需要注意的是这里涉及了 两个文件: 这两个文件位于: /var/named 目录下。include /etc/;include /etc/;第三步:增加 Zone 文件,并对zone 文件授权。实验域名: 网络地址 : /24 在/var/named目录下, 有两个文件可供模版进行修改:和rootlocalhost named# lltotal 16drwxr-x-. 7 root named 56 Nov 15 15:36 chrootdrwxrw
14、x-. 2 named named 6 Sep 3 18:35 datadrwxrwx-. 2 named named 6 Sep 3 18:35 dynamic-rw-r-. 1 root named 2076 Jan 28 2021 -rw-r-. 1 root named 152 Dec 15 2021 -rw-r-. 1 root named 152 Jun 21 2021 -rw-r-. 1 root named 168 Dec 15 2021 drwxrwx-. 2 named named 6 Sep 3 18:35 slavesrootlocalhost named# rootl
15、ocalhost named# cp named# cp 【其实,文件可以随意,没有明确的强制要求】$TTL 1DIN SOA . ( 0; serial 1D; refresh 1H; retry 1W; expire 3H ); minimumNSAAAAA:1oa IN A fs IN A 1DIN SOA . ( 0; serial 1D; refresh 1H; retry 1W; expire 3H ); minimumNSAAAAA:1PTRlocalhost.5 IN PTR IN PTR 关于两个文件的拥有者的修改,在实验的时候,忘了对这两文件的拥有者的修改,一度让我陷入崩溃
16、,系统一直提示找不到该文件。若是是在图形界面下,操作很简单。 命令行的方式 也很容易:chown named:named zone_filerootlocalhost named# chown named:named *rootlocalhost named# ls .* named# ll -all total 32drwxr-x-. 6 root named 4096 Nov 15 16:33 .drwxr-xr-x. 23 root root 4096 Nov 15 15:36 .-rw-r-. 1 named named 220 Nov 15 16:33 1 named named 1
17、94 Nov 15 16:33 7 root named 56 Nov 15 15:36 chrootdrwxrwx-. 2 named named 6 Sep 3 18:35 datadrwxrwx-. 2 named named 6 Sep 3 18:35 dynamic-rw-r-. 1 root named 2076 Jan 28 2013 -rw-r-. 1 root named 152 Dec 15 2009 -rw-r-. 1 root named 152 Jun 21 2007 -rw-r-. 1 root named 168 Dec 15 2009 drwxrwx-. 2 n
18、amed named 6 Sep 3 18:35 slavesChown 使用帮助chmod -cfhvR -help -version user:group file.参数描述user 新的档案拥有者的使用者 IDgroup 新的档案拥有者的使用者群体(group)-c 若该档案拥有者确实已经更改,才显示其更改动作-f 若该档案拥有者无法被更改也不要显示错误讯息-h 只对于连结(link)进行变更,而非该 link 真正指向的档案-v 显示拥有者变更的详细资料-R 对目前目录下的所有档案与子目录进行相同的拥有者变更(即以递回的方式逐个变更)例子.53Nov 15 16:39:57 named
19、31691: error (network unreachable) resolving p.53Nov 15 16:39:57 named31691: error (network unreachable) resolving n.53Nov 15 16:39:57 named31691: error (network unreachable) resolving n.53Nov 15 16:39:57 named31691: error (network unreachable) resolving n.53Nov 15 16:39:57 named31691: error (networ
20、k unreachable) resolving p.53Nov 15 16:39:57 named31691: error (network unreachable) resolving p.53Nov 15 16:39:57 named31691: error (network unreachable) resolving p.53Nov 15 16:39:57 named31691: error (network unreachable) resolving p.53Nov 15 16:39:57 named31691: error (network unreachable) resol
21、ving p.53Hint: Some lines were ellipsized, use -l to show in full.rootlocalhost named# 停止: #systemctl stop named重启: #systemctl restart named简单诊断方式:1 #systemctl statu namednamed如果无法启动,就会有提示启动失败,这个命令可以查询失败的原因。rootlocalhost # systemctl status named - Berkeley Internet Name Domain (DNS) Loaded: loaded (
22、/usr/lib/systemd/system/; enabled) Active: active (running) since Sun 2015-11-15 14:10:07 CST; 2h 4min ago Process: 14597 ExecReload=/bin/sh -c /usr/sbin/rndc reload /dev/null 2&1 | /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 1828 ExecStart=/usr/sbin/named -u named $OPTIONS (cod
23、e=exited, status=0/SUCCESS) Process: 1374 ExecStartPre=/usr/sbin/named-checkconf -z /etc/ (code=exited, status=0/SUCCESS) Main PID: 1844 (named) CGroup: / 1844 /usr/sbin/named -u namedNov 15 16:10:07 named1844: error (network unreachable.Nov 15 16:10:07 named1844: error (network unreachable.Nov 15 1
24、6:10:07 named1844: error (network unreachable.Nov 15 16:10:07 named1844: error (network unreachable.Nov 15 16:10:07 named1844: error (network unreachable.Nov 15 16:10:07 named1844: error (network unreachable.Nov 15 16:10:08 named1844: error (network unreachable.Nov 15 16:10:08 named1844: error (netw
25、ork unreachable.Nov 15 16:10:09 named1844: error (network unreachable.Nov 15 16:10:09 named1844: error (network unreachable.Hint: Some lines were ellipsized, use -l to show in full.2 #netstat -atulpn 查询端口是否开发,DNS 的端口是53.rootlocalhost # netstat -atulpnActive Internet connections (servers and establis
26、hed)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 :53 :* LISTEN 1844/named tcp 0 0 :53 :* LISTEN 1844/named tcp 0 0 :22 :* LISTEN 1369/sshd tcp 0 0 :631 :* LISTEN 13631/cupsd tcp 0 0 :25 :* LISTEN 2461/master tcp 0 0 :953 :* LISTEN 1844/named tcp6 0 0 :53 :* LISTEN
27、 1844/named tcp6 0 0 :22 :* LISTEN 1369/sshd tcp6 0 0 :1:631 :* LISTEN 13631/cupsd tcp6 0 0 :1:25 :* LISTEN 2461/master tcp6 0 0 :1:953 :* LISTEN 1844/named udp 0 0 :53 :* 1844/named udp 0 0 :53 :* 1844/named udp 0 0 :68 :* 14556/dhclient udp 0 0 :123 :* 764/chronyd udp 0 0 :55425 :* 14556/dhclient udp 0 0 :5353 :* 760/avahi-daemon: r udp 0 0 :323 :* 764/chronyd udp 0 0 :41330 :* 760/avahi-daemon: r udp6 0 0 :53 :* 1844/named udp6 0 0 :123 :* 764/chronyd udp6 0 0 :1:323 :* 764/chronyd udp6 0 0 :62031 :* 14556/dhclient第五步:测试(linux上用dig测试;windows客户端nslookup 测试)
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1