1- 环境
1.1- OS
| role | OS | ip |
|---|---|---|
| bind-server | centos7.7-mini | 192.168.141.134 (nat) 192.168.23.130 (host-only) |
| client | ubuntu-mate-20.04 desktop | 192.168.23.131 (host-only) |
1.2- DNS 映射计划
| DNS NAME | IP |
|---|---|
| demo.scom | 192.168.23.1 |
| www.demo.scom | 192.168.23.130 |
| jenkins.demo.scom | 192.168.23.131 |
| ftp.demo.scom | 192.168.141.1 |
| sharepoint.demo.scom | 192.168.141.134 |
| web.com | 10.10.10.100 |
| www.web.com | 10.10.10.10 |
| ftp.web.com | 11.11.11.11 |
2- 安装bind服务
2.1- 安装bind
yum install -y bind
systemctl enable named
systemctl start named
2.2- 修改全局配置文件
vim /etc/named.conf ##注意,配置文件以//为注释
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; }; //any 监听本地所有地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/demo.scom.zones"; //新添加
include "/etc/named/web.com.zones"; //新添加
2.3- 全局管理分配置文件
mkdir -p /etc/named #新建一个目录
chgrp named /etc/named -R #修改所属组
2.4- demo.scom配置文件
-
zone配置文件
vim /etc/named/demo.scom.zones #新建zone文件,添加以下内容##正向查询 zone "demo.scom" IN { type master; file "/etc/named/demo.scom/demo.scom"; allow-update { none; }; }; ##反向查询192.168.23段 zone "23.168.192.in-addr.arpa" IN { type master; file "/etc/named/demo.scom/named.192.168.23"; allow-update { none; }; }; ##反向查询192.168.141段 zone "141.168.192.in-addr.arpa" IN { type master; file "/etc/named/demo.scom/named.192.168.141"; allow-update { none; }; }; -
正向查询配置
mkdir -p /etc/named/demo.scom #新建demo.scom zone文件夹 cp /var/named/named.empty /etc/named/demo.scom/demo.scom #拷贝模板,作正向查询配置文件 cp /var/named/named.empty /etc/named/demo.scom/named.192.168.23 #拷贝模板,作反向查询192.168.23段配置 cp /var/named/named.empty /etc/named/demo.scom/named.192.168.141 #拷贝模板,作反向查询192.168.141段配置vim /etc/named/demo.scom/demo.scom ##写入以下内容,分号为注释 $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ ; A 127.0.0.1 A 192.168.23.1 ;;demo.scom www A 192.168.23.130 ;;www.demo.scom jenkins A 192.168.23.131 ;;jenkins.demo.scom ftp A 192.168.141.1 ;; ftp.demo.scom sharepoint A 192.168.141.134 ;;sharepoint.demo.scom -
反向查询192.168.23段配置
vim /etc/named/demo.scom/named.192.168.23 ##写入以下内容 $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 1 PTR demo.scom. 130 PTR www.demo.scom. 131 PTR jenkins.demo.scom. -
反向查询192.168.141段配置
vim /etc/named/demo.scom/named.192.168.141 ##写入以下内容 $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 1 PTR ftp.demo.scom. 134 PTR sharepoint.demo.scom.
2.5- web.com配置文件
-
zone配置文件
vim /etc/named/web.com.zones #新建zone文件,添加以下内容zone "web.com" IN { type master; file "/etc/named/web.com/web.com"; allow-update { none; }; }; zone "10.10.10.in-addr.arpa" IN { type master; file "/etc/named/web.com/named.10.10.10"; allow-update { none; }; }; zone "11.11.11.in-addr.arpa" IN { type master; file "/etc/named/web.com/named.11.11.11"; allow-update { none; }; }; -
正向查询配置
mkdir -p /etc/named/web.com #新建web.com zone文件夹 cp /var/named/named.empty /etc/named/web.scom/web.com #拷贝模板,作正向查询配置文件 cp /var/named/named.empty /etc/named/demo.scom/named.10.10.10 #拷贝模板,作反向查询10.10.10段配置 cp /var/named/named.empty /etc/named/demo.scom/named.11.11.11 #拷贝模板,作反向查询11.11.11段配置vim /etc/named/web.com/web.com ##写入以下内容,分号为注释 $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 10.10.10.100 ;;web.com地址 www A 10.10.10.10 ;; www.web.com ftp A 11.11.11.11 ;; ftp.web.com -
反向查询10.10.10段配置
vim /etc/named/web.com/named.10.10.10 ##写入以下内容 $TTL 1D @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1 100 PTR web.com 10 PTR www.web.com. -
反向查询11.11.11段配置
vim /etc/named/web.com/named.11.11.11 ##写入以下内容 $TTL 3H @ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 127.0.0.1S 11 PTR ftp.web.com.
2.6- 重启服务
chgrp named -R /etc/named/ ##修改组属性
systemctl restart named #重启服务
3- 验证
3.1- 本机验证[结果符合预期]
-
demo.scom 正向查询
[root@localhost named]# nslookup demo.scom 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: demo.scom Address: 192.168.23.1 [root@localhost named]# nslookup www.demo.scom 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.demo.scom Address: 192.168.23.130 [root@localhost named]# nslookup jenkins.demo.scom 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: jenkins.demo.scom Address: 192.168.23.131 [root@localhost named]# nslookup ftp.demo.scom 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ftp.demo.scom Address: 192.168.141.1 [root@localhost named]# nslookup sharepoint.demo.scom 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: sharepoint.demo.scom Address: 192.168.141.134 -
demo.scom反向查询
[root@localhost demo.scom]# nslookup 192.168.23.1 127.0.0.1 1.23.168.192.in-addr.arpa name = demo.scom. [root@localhost demo.scom]# nslookup 192.168.23.130 127.0.0.1 130.23.168.192.in-addr.arpa name = www.demo.scom. [root@localhost demo.scom]# nslookup 192.168.23.131 127.0.0.1 131.23.168.192.in-addr.arpa name = jenkins.demo.scom. [root@localhost demo.scom]# nslookup 192.168.141.1 127.0.0.1 1.141.168.192.in-addr.arpa name = ftp.demo.scom. [root@localhost demo.scom]# nslookup 192.168.141.134 127.0.0.1 134.141.168.192.in-addr.arpa name = sharepoint.demo.scom. -
web.com 正向查询
[root@localhost demo.scom]# nslookup web.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: web.com Address: 10.10.10.100 [root@localhost demo.scom]# nslookup www.web.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.web.com Address: 10.10.10.10 [root@localhost demo.scom]# nslookup ftp.web.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ftp.web.com Address: 11.11.11.11 -
web.com反向查询
[root@localhost demo.scom]# nslookup 10.10.10.100 127.0.0.1 100.10.10.10.in-addr.arpa name = web.com. [root@localhost demo.scom]# nslookup 10.10.10.10 127.0.0.1 10.10.10.10.in-addr.arpa name = www.web.com. [root@localhost demo.scom]# nslookup 11.11.11.11 127.0.0.1 11.11.11.11.in-addr.arpa name = ftp.web.com.
3.2- 客户端验证[结果符合预期]
-
客户端设置dns地址为dns服务器
cat /etc/resolv.conf nameserver 192.168.23.130 ##添加这条 nameserver 127.0.0.53 options edns0 search localdomain -
demo.scom正向查询
root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup demo.scom Server: 192.168.23.130 Address: 192.168.23.130#53 Name: demo.scom Address: 192.168.23.1 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup www.demo.scom Server: 192.168.23.130 Address: 192.168.23.130#53 Name: www.demo.scom Address: 192.168.23.130 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup jenkins.demo.scom Server: 192.168.23.130 Address: 192.168.23.130#53 Name: jenkins.demo.scom Address: 192.168.23.131 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup ftp.demo.scom Server: 192.168.23.130 Address: 192.168.23.130#53 Name: ftp.demo.scom Address: 192.168.141.1 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup sharepoint.demo.scom Server: 192.168.23.130 Address: 192.168.23.130#53 Name: sharepoint.demo.scom Address: 192.168.141.134 -
demo.scom反向查询
root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 192.168.23.1 1.23.168.192.in-addr.arpa name = demo.scom. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 192.168.23.130 130.23.168.192.in-addr.arpa name = www.demo.scom. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 192.168.23.131 131.23.168.192.in-addr.arpa name = jenkins.demo.scom. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 192.168.141.1 1.141.168.192.in-addr.arpa name = ftp.demo.scom. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 192.168.141.134 134.141.168.192.in-addr.arpa name = sharepoint.demo.scom. -
web.com正向查询
root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup web.com Server: 192.168.23.130 Address: 192.168.23.130#53 Name: web.com Address: 10.10.10.100 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup www.web.com Server: 192.168.23.130 Address: 192.168.23.130#53 Name: www.web.com Address: 10.10.10.10 root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup ftp.web.com Server: 192.168.23.130 Address: 192.168.23.130#53 Name: ftp.web.com Address: 11.11.11.11 -
web.com反向查询
root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 10.10.10.100 100.10.10.10.in-addr.arpa name = web.com. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 10.10.10.10 10.10.10.10.in-addr.arpa name = www.web.com. root@ubuntu-virtual-machine:/home/ubuntu/Desktop# nslookup 11.11.11.11 11.11.11.11.in-addr.arpa name = ftp.web.com.