中科方德服务器操作系统部署DNS(域控)服务器
系统环境:
操作系统:三期及以上中科方德
CPU类型:Hygon
旧的Windows的DNS服务器未开启反向解析,只有正向解析,准备将DNS服务器从Windows系统过度到中科方德服务器上。
功能概述:
解决目标平台上使用 dns 服务,满足服务器系统使用域名解析的需求。
依赖包:
root# rpm -qa |grep bind
bind-9.11.4-26.P2.nfs.x86_64
bind-libs-lite-9.11.4-26.P2.nfs.x86_64
bind-libs-9.11.4-26.P2.nfs.x86_64
bind-utils-9.11.4-26.P2.nfs.x86_64
bind-license-9.11.4-26.P2.nfs.noarch
bind-chroot-9.11.4-26.P2.x86_64
bind-export-9.11.4-26.P2.nfs.x86_64
备份文件:
[root@]# cp -p /etc/named.conf /etc/named.conf.bak0
[root@]# cp -p /etc/resolv.conf /etc/resolv.conf.bak0
[root@]# cp -rp /var/named /var/named.bak0
[root@]# cp -p /var/named/named.localhost .net.zone //如.net域,有几个主要区域就复制几个
修改配置文件:
[root@]# vim /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files.
options { listen-on port 53 { any; }; //允许本地所有网络接口监听UDP 53端口 # listen-on-v6 port 53 { ::1; }; //我这里没开启IPv6地址,就注释掉了。 directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; //统计档案、文件 memstatistics-file "/var/named/data/named_mem_stats.txt"; //分配统计目录 recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; //允许某个网段的用户查询,可以写any或地址段如192.0.0.0/8。 forwarders { 8.8.8.8; }; //其他的转发器地址,比如上级域名解析服务器地址,没有就不需要添加这一条。
/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; //允许递归 dnssec-enable yes; dnssec-validation no; //禁用DNS自动检测功能,使DNS能缓存外部信息到本机
managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config";
}; logging { //指定日志记录分类和他们的目标位置 channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; };
zone ".net" IN { //区域配置内容 type master; //主名称服务器 file ".net.zone"; // };
include "/etc/named.rfc1912.zones"; //包含其他的配置文件 include "/etc/named.root.key";
[root@]# vim /etc/resolv.conf
#Generated by NetworkManager
nameserver 192.168.1.1 //这里填写服务器IPv4地址
domain localdomain
search localdomain
[root@]# vim /var/named/.net.zone
$TTL 1D
@ IN SOA ns..net. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns..net.ns IN A 192.168.1.1 //服务器IP地址mail IN A 192.168.1.1
.net. IN MX 5 mail..net
www IN A 192.168.1.1 //服务器IP地址
[root@]# cd /var/named
[root@]# chown named.named * //文件赋权
[root@]# ll total 24 drwxr-x--- 7 named named 61 Jun 23 10:55 chroot drwxrwx--- 2 named named 23 Jun 23 10:57 data drwxrwx--- 2 named named 60 Jun 23 17:28 dynamic -rw-r----- 1 named named 2253 Apr 5 2018 named.ca -rw-r----- 1 named named 152 Dec 15 2009 named.empty -rw-r----- 1 named named 152 Jun 23 11:58 named.localhost -rw-r----- 1 named named 168 Dec 15 2009 named.loopback -rw-r----- 1 named named 271 Jun 23 14:13 .net.zone drwxrwx--- 2 named named 6 Feb 25 2019 slaves
[root@]# systemctl restart named //重启服务
[root@]# systemctl enable --now named //开机自启动
验证:
[root@]# nslookup www..net
[root@]# dig www..net
参考文献:
https://blog..net/jks212454/article/details/118146815
linux下的DNS服务器部署(详细)_linux配置dns-博客Linux设备配置DNS服务器,实现正向解析和反向解析,实现DNS主从服务器同步,实现批量域名正/反向解析_linux c dns 解析-博客
