您好,登錄后才能下訂單哦!
1.基本配置
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.10/24 type ethernet ipv4.method manual(內網網卡)
nmcli connection add con-name out ifname ens38 ipv4.addresses 192.168.2.10/24 type ethernet ipv4.method manual(外網網卡)
yum install -y bind bind-utils
2.1修改主配置文件
vim /etc/named.conf(修改該文件)
listen-on port 53 { any; };
allow-query { any; };
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.lan";
allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.lan";
allow-update {none;};
};
2.2編輯正解區域
cd /var/named/
cp named.localhost fengxiaoli41.com.lan
vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
2.3編輯反解區域
cp fengxiaoli41.com.lan 1.168.192.lan
vim 1.168.192.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10 IN PTR fengxiaoli41.com.
200 IN PTR client.fengxiaoli.com.
100 IN PTR slave.fengxiaoli.com.
chown named:named fengxiaoli41.com.lan
chown named:named 1.168.192.lan
2.4重啟服務并測試
systemctl restart named
systemctl status named
dig fengxiaoli41.com
3.配置chroot環境
yum install -y bind-chroot
/usr/libexec/setup-named-chroot.sh /var/named/chroot/ on
systemctl stop named.service
systemctl disabled named
systemctl enable named-chroot.service
systemctl start named-chroot
dig fengxiaoli41.com
如果dns只為內網提供解析到此可以結束。
4.配置分離解析的dns(與2,3步獨立)
4.1修改主配置文件
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
acl in {192.168.1.0/24;};
acl out { ! 192.168.1.0/24; any;};
view "internal"{
match-clients { in; localhost;};
zone "." IN {
type hint;
file "named.ca";
};
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.lan";
allow-update {none;};
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.lan";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
注意所有區域都要包含在view里
view "external"{
match-clients {out;};
zone "." IN {
type hint;
file "named.ca";
};
zone "fengxiaoli41.com" IN {
type master;
file "fengxiaoli41.com.wan";
allow-update {none;};
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.wan";
allow-update {none;};
};
};
cd /var/named/chroot/var/named/
4.2編輯內網正解反解區域
vim fengxiaoli41.com.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.1.10
www.fengxiaoli41.com. IN CNAME fengxiaoli41.com.
client.fengxiaoli41.com. IN A 192.168.1.200
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
vim 1.168.192.lan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10 IN PTR fengxiaoli41.com.
200 IN PTR client.fengxiaoli.com.
100 IN PTR slave.fengxiaoli.com.
4.3編輯外圍正解反解區域
vim fengxiaoli41.com.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
fengxiaoli41.com. IN A 192.168.2.10
vim 2.168.192.wan
$TTL 665
@IN SOAfengxiaoli41.com. 123@qq.com (
2017062900; serial
3600; refresh
1800; retry
604800; expire
665 ); minimum
@IN NSfengxiaoli41.com.
10IN PTR fengxiaoli41.com.
4.4設置權限重啟服務
chown named:named -R /var/named/chroot/var/named/*
systemctl restart named-chroot
5.主從服務器配置(在2或者4的基礎上配置)
5.1主服務器配置
vim /etc/named.conf
allow-transfer { 192.168.1.0/24;};
cd /var/named/chroot/var/named/
vim fengxiaoli41.com.lan
@ IN NS slave.fengxiaoli41.com.
slave.fengxiaoli41.com. IN A 192.168.1.100
vim 1.168.192.lan
100 IN PTR slave.fengxiaoli.com.
5.2從服務器配置(注意firewalld和selinux)
nmcli connection add con-name in ifname ens33 ipv4.addresses 192.168.1.100/24 type ethernet ipv4.method manual
yum install -y bind-utils bind
vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
zone "fengxiaoli41.com" IN {
type slave;
masters { 192.168.1.10; };
file "slaves/fengxiaoli.com.lan";
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.1.10; };
file "slaves/1.168.192.lan";
};
systemctl restart named
ll /var/named/slaves/
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。