共计 7303 个字符,预计需要花费 19 分钟才能阅读完成。
这篇文章将为大家详细讲解有关 Oracle Linux 7.1 如何配置 DNS 服务,丸趣 TV 小编觉得挺实用的,因此分享给大家做个参考,希望大家阅读完这篇文章后可以有所收获。
Oracle Linux 7.1 配置 DNS 服务
一. 安装 DNS 需要的软件包
# yum install bind-libs bind bind-utils
二. 编辑 named.conf 文件
在编辑前先复制一份 named.conf 文件
[root@jytest1 ~]# cp /etc/named.conf /etc/named.conf.backup
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
options { listen-on port 53 { any; };-- 将 127.0.0.1 修改成 any
listen-on-v6 port 53 { ::1; };
directory /var/named
dump-file /var/named/data/cache_dump.db
statistics-file /var/named/data/named_stats.txt
memstatistics-file /var/named/data/named_mem_stats.txt
allow-query { any; };-- 将 127.0.0.1 修改成 any
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file /etc/named.iscdlv.key
managed-keys-directory /var/named/dynamic
pid-file /run/named/named.pid
session-keyfile /run/named/session.key
logging {
channel default_debug {
file data/named.run
severity dynamic;
};
zone . IN {
type hint;
file named.ca
include /etc/named.rfc1912.zones
include /etc/named.root.key三. 配置 host.conf
[root@jytest1 ~]# cat /etc/host.conf
multi on
该文件指定如何解析主机名。Linux 通过解析器库来获得主机名对应的 IP 地址。下面是一个“/etc/host.conf”的示例:
order bind,hosts
multi on
nospoof on
“order bind,hosts”指定主机名查询顺序,这里规定先使用 DNS 来解析域名,然后再查询“/etc/hosts”文件(也可以相反)。
“multi on”指定是否“/etc/hosts”文件中指定的主机可以有多个地址,拥有多个 IP 地址的主机一般称为多穴主机。
“nospoof on”指不允许对该服务器进行 IP 地址欺骗。IP 欺骗是一种攻击系统安全的手段,通过把 IP 地址伪装成别的计算机,来取得其它计算机的信任。
四. 修改 /etc/named.rfc1912.zones
[root@jytest1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.backup
[root@jytest1 ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
// Provided by Red Hat caching-nameserver package
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// See /usr/share/doc/bind*/sample/ for example named configuration files.
zone localhost.localdomain IN {
type master;
file named.localhost
allow-update { none; };
zone localhost IN {
type master;
file named.localhost
allow-update { none; };
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa IN {
type master;
file named.loopback
allow-update { none; };
zone 1.0.0.127.in-addr.arpa IN {
type master;
file named.loopback
allow-update { none; };
zone 0.in-addr.arpa IN {
type master;
file named.empty
allow-update { none; };
-- 下面为增加的内容,jybd.net.forward 为正向解析,jydba.net.reverse 为反向解析
zone jydba.net IN {
type master;
file jydba.net.forward
allow-update { none; };
zone 130.138.10.in-addr.arpa IN {
type master;
file jydba.net.reverse
allow-update { none; };
/etc/named.rfc1912.zones 54L, 1171C written五. 修改具体的 zone 配置文件
[root@jytest1 named]# cd /var/named
[root@jytest1 named]# cp named.localhost jydba.net.forward
[root@jytest1 named]# cp named.loopback jydba.net.reverse
[root@jytest1 named]# vi jydba.net.forward
$TTL 1D
@ IN SOA @ root.jydba.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.138.130.171
AAAA ::1
jytest1 A 10.138.130.171
jytest2 A 10.138.130.172
jytest1-vip A 10.138.130.175
jytest2-vip A 10.138.130.176
jytest-scan A 10.138.130.177
jytest-scan A 10.138.130.178
jytest-scan A 10.138.130.179
179 PTR jytest-scan六. 配置 resolv.conf
[root@jytest1 named]# cat /etc/resolv.conf
# Generated by NetworkManager
search jydba.net
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
search jydba.net
nameserver 10.138.130.171七. 测试
[root@jytest1 named]# dig -x 10.138.130.172
; DiG 9.9.4-RedHat-9.9.4-18.el7 -x 10.138.130.172
;; global options: +cmd
;; Got answer:
;; - HEADER上面出现错误,server can t find jytest1: SERVFAIL,错误信息是因为之前创建文件时使用的是 root 用户,将这些创建的文件修改为 named 用户与组。
[root@jytest1 named]# ls -lrt
total 32
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
drwxrwx---. 2 root named 6 Mar 6 2015 dyndb-ldap
drwxrwx---. 2 named named 6 Mar 6 2015 slaves
drwxr-x---. 7 root named 56 Nov 5 11:03 chroot
-rw-r----- 1 root named 728 Mar 17 18:45 named.jydba
-rw-r--r-- 1 root root 829 Mar 17 18:45 jydba.zone
drwxrwx---. 2 named named 22 Mar 17 18:45 data
-rw-r----- 1 root root 503 Mar 17 19:13 jydba.net.forward
-rw-r----- 1 root root 406 Mar 17 19:15 jydba.net.reverse
drwxrwx---. 2 named named 58 Mar 17 19:16 dynamic
[root@jytest1 named]# chown -R named:named jydba*
[root@jytest1 named]# ls -lrt
total 32
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 2076 Jan 28 2013 named.ca
drwxrwx---. 2 root named 6 Mar 6 2015 dyndb-ldap
drwxrwx---. 2 named named 6 Mar 6 2015 slaves
drwxr-x---. 7 root named 56 Nov 5 11:03 chroot
-rw-r----- 1 root named 728 Mar 17 18:45 named.jydba
-rw-r--r-- 1 named named 829 Mar 17 18:45 jydba.zone
drwxrwx---. 2 named named 22 Mar 17 18:45 data
-rw-r----- 1 named named 503 Mar 17 19:13 jydba.net.forward
-rw-r----- 1 named named 406 Mar 17 19:15 jydba.net.reverse
drwxrwx---. 2 named named 58 Mar 17 19:16 dynamic[root@jytest1 named]# systemctl restart named.service
[root@jytest1 named]# nslookup jytest1
Server: 10.138.130.171
Address: 10.138.130.171#53
Name: jytest1.jydba.net
Address: 10.138.130.171
[root@jytest1 named]# nslookup jytest1.jydba.net
Server: 10.138.130.171
Address: 10.138.130.171#53
Name: jytest1.jydba.net
Address: 10.138.130.171
[root@jytest1 named]# nslookup jytest2-priv.jydba.net
Server: 10.138.130.171
Address: 10.138.130.171#53
** server can t find jytest2-priv.jydba.net: NXDOMAIN
[root@jytest1 named]# nslookup jytest2-vip.jydba.net
Server: 10.138.130.171
Address: 10.138.130.171#53
Name: jytest2-vip.jydba.net
Address: 10.138.130.176
[root@jytest1 named]# nslookup jytest-scan.jydba.net
Server: 10.138.130.171
Address: 10.138.130.171#53
Name: jytest-scan.jydba.net
Address: 10.138.130.178
Name: jytest-scan.jydba.net
Address: 10.138.130.179
Name: jytest-scan.jydba.net
Address: 10.138.130.177
[root@jytest1 named]# nslookup 10.138.130.179
Server: 10.138.130.171
Address: 10.138.130.171#53
179.130.138.10.in-addr.arpa name = jytest-scan.130.138.10.in-addr.arpa.通过测试可以看到 DNS 通过正向与反向解析都是正常的,说明配置成功。
注意:
对于 Linux 使用 NetworkManager 来控制网络的操作系统,当主机重启之前 /etc/resolv.conf 文件可能会被重写。如果发生这种情况,需要对相应的网卡配置文件增加以下记录
对于 Oracle Linux 6 修改类似文件 /etc/sysconfig/network-scripts/ifcfg-eth0 (ifcfg-eth2 etc.)
对于 Oracle Linux 7 修改类似文 /etc/sysconfig/network-scripts/ifcfg-ens160 (ifcfg-ens34 etc.)
DNS1=10.138.130.171
DOMAIN=jydba.net
关于“Oracle Linux 7.1 如何配置 DNS 服务”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,使各位可以学到更多知识,如果觉得文章不错,请把它分享出去让更多的人看到。
正文完
