环境:vmware workstation 系统:Red Hat7.4
DNS服务部署:
IP地址:192.168.100.151 DNS:192.168.100.151
实验:
在此系统中安装配置bing服务,负责区域“chinaskills.net”内主机解析,七台主机分别为dns.chinaskills.net、mail.chinaskills.net 、www1.chinaskills.net、www2.chinaskills.net、ssm.chinaskills.net 、www3. chinaskils.net 、www.chinaskils.net,做好正反向DNS服务解析;并禁止192.168.70.0网段访问DNS服务器。
- 七台主机IP地址分别为:192.168.100.151-157以此排列。
安装DNS服务:
[root@localhost ~]# yum install bind -y
编辑主配置目录:
/etc/named.conf
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.100.151; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
blackhole { 192.168.70.0/24; }; //禁止网段访问
allow-query { any; };
设置解析区域:
/etc/named.rfc1912.zones
[root@localhost ~]# cat /etc/named.rfc1912.zones
zone "chinaskills.net" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
正向解析区域:
/var/named/named.localhost
[root@localhost ~]# cat /var/named/named.localhost
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
dns IN A 192.168.100.151
mail IN A 192.168.100.152
WWW1 IN A 192.168.100.153
www2 IN A 192.168.100.154
ssm IN A 192.168.100.155
www3 IN A 192.168.100.156
www IN A 192.168.100.157
反向解析区域:
/var/named/named.loopback
[root@localhost ~]# cat /var/named/named.loopback
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
PTR localhost.
151 IN PTR dns.chinaskills.net
152 IN PTR mail.chinaskills.net
153 IN PTR www1.chinaskills.net
154 IN PTR www2.chinaskills.net
155 IN PTR ssm.chinaskills.net
156 IN PTR www3.chinaskills.net
157 IN PTR www.chinaskills.net
[root@localhost ~]#systemctl restart named
测试DNS服务器 :
安装bind-utils ,在这里就不一个一个解析了。
[root@localhost ~]# nslookup
> www1.chinaskills.net
Server: 192.168.100.151
Address: 192.168.100.151#53
Name: www1.chinaskills.net
Address: 192.168.100.153
> 192.168.100.157
Server: 192.168.100.151
Address: 192.168.100.151#53
157.100.168.192.in-addr.arpa name = www.chinaskills.net.100.168.192.in-addr.arpa.
unbound服务部署:
实验:
在此服务器中安装配置unbound服务,负责区域“netskills.net”内主机解析,四台主机分别为pxe.netskills.net、tcat.netskills.net、mail.netskills.net 、www.netskills.net、,做好正反向DNS服务解析;
4台主机IP地址分别为:192.168.100.151-154以此排列。
安装unbound服务:
[root@localhost ~]# yum install unbound -y
编辑主配置目录:
/etc/unbound/unbound.conf
将interface 0.0.0.0和port:53注释去掉
去掉access-control: 0.0.0.0/refuse注释
并将refuse改为allow
[root@localhost ~]# vim /etc/unbound/unbound.conf
...........
37 # The listen interfaces are not changed on reload, only on restart.
38 interface: 0.0.0.0
39 # interface: ::0
40 # interface: 192.0.2.153
41 # interface: 192.0.2.154
42 # interface: 2001:DB8::5
43 #
44 # for dns over tls and raw dns over port 80
45 # interface: 0.0.0.0@443
46 # interface: ::0@443
47 # interface: 0.0.0.0@80
48 # interface: ::0@80
49
50 # enable this feature to copy the source address of queries to reply.
51 # Socket options are not supported on all platforms. experimental.
52 # interface-automatic: yes
53 #
54 # NOTE: Enable this option when specifying interface 0.0.0.0 or ::0
55 # NOTE: Disabled per Fedora policy not to listen to * on default install
56 # NOTE: If deploying on non-default port, eg 80/443, this needs to be disabled
57 interface-automatic: no
58
59 # port to answer queries from
60 port: 53
.......................
178 # allow (recursive ok), allow_snoop (recursive and nonrecursive ok)
179 access-control: 0.0.0.0/0 allow
180 # access-control: 127.0.0.0/8 allow
181 # access-control: ::0/0 refuse
182 # access-control: ::1 allow
183 # access-control: ::ffff:127.0.0.1 allow
....................
找到include: /etc/unbound/local.d/*.conf
这里指的是解析文件的位置
不需要改动
:wq
创建解析区域文件:
[root@localhost ~]# touch /etc/unbound/local.d/netskills.conf
配置netskills.conf文件:
[root@localhost ~]# vim /etc/unbound/local.d/netskills.conf
1 local-zone: "netskills.net." static
2 local-data: "pxe.netskills.net. A 192.168.100.151"
3 local-data: "tcat.netskills.net. A 192.168.100.152"
4 local-data: "mail.netskills.net. A 192.168.100.153"
5 local-data: "www.netskills.net. A 192.168.100.154"
6 local-data-ptr: "192.168.100.151 pxe.netskills.net."
7 local-data-ptr: "192.168.100.152 tcat.netskills.net."
8 local-data-ptr: "192.168.100.153 mail.netskills.net."
9 local-data-ptr: "192.168.100.154 www.netskills.net."
- 输入以上内容
- 在unbound里正向和反向是合在一起的,配置文件需要自己创建,并无模板
- Local-zone: “netskills.net.” static 代表区域
- Local-data: “pxe.netskills.net. A IP” 代表正向解析
- Local-data-ptr 反向解析
解析:
[root@localhost ~]# nslookup
> pxe.netskills.net
Server: 192.168.100.151
Address: 192.168.100.151#53
Name: pxe.netskills.net
Address: 192.168.100.151
..........................
> www.netskills.net
Server: 192.168.100.151
Address: 192.168.100.151#53
Name: www.netskills.net
Address: 192.168.100.154
此文章若有错误请大佬指正