Preface:
Centos set up DNS service learning record
DNS role:
Forward Analysis: based on the host name (domain name) to find the corresponding IP address
reverse lookup: lookup domain name corresponding to the host based on IP
DNS modes of operation:
recursive query: the client only made one request to the other party gives the final results of
iterative query: the client makes a request, if the other party is not authorized to answer, it will return a list of name servers can answer other this query
service name: named
port number: 53
main configuration file: /etc/named.conf
save DNS resolution recorded data files are located in: / var / named
Profiles
listen-on port monitored ip address
directory data stored in the file directory (parse file)
file dump-file backup cache
which allows end customers to allow-query query on the host, you can set any parse all segments
( the most important settings)
Turn off the firewall, SELinux
Before doing the experiment is due because of a firewall, SELinux did not shut the card for a long time, this time in the first turn it off before doing the experiment
# 查看当前selinux的运行状态
getenforce
Execution state, it first off, I'm here to direct permanently switched off after each experiment had to manually shut Province
SELinux permanently closed
after modifying it to restart
#重启命令
reboot
OK, so permanently switched off, if not permanently closed temporarily command can be used
to temporarily turn off SELinux
setenforce 0
Turn off the firewall
#关闭防火墙
systemctl stop firewalld
#关闭开机启动
systemctl disable firewalld
#查看防火墙状态
systemctl status firewalld
也可以
iptables -F
Install the DNS Service
yum -y install bind
Other inquiries about the file directory
rpm -ql bind
The installation is successful, then modify its configuration file
Edit Profile
The main configuration file
Before you start editing, first look at the role which the main parameters in the configuration file
listen-on | Set named server listening port and IP address |
---|---|
directory | The default setting regional database file storage address |
dump-file | Backup file cache |
allow-query | Allow DNS queries the client, you can set any parse all segments |
vi /etc/named.conf
Modifying the master configuration files only need to change the two places you can, add a server's IP address into their own as any you can add a
Check to see if the main configuration file is wrong, if not then the normal Echo
named-checkconf /etc/named.conf
Regional Profiles
Also we have to look at some of the parameters in the configuration file area
#DNS正向解析
zone "localdomain" IN { //定义正向DNS区域
type master; //定义区域类型
file "localdomain.zone"; //设置对应的正向区域地址数据库文件
allow-update { none; }; //设置允许动态更新的客户端地址(none为禁止)
};
#DNS反向解析
zone "0.0.127.in-addr.arpa" IN { //设置反向DNS区域
type master;
file "named.local";
allow-update { none; };
};
Regional profile without a template, so before changing back up a bit, just in case make mistakes
[root@localhost etc]# cp named.rfc1912.zones named.rfc1912.zones.bak
vi /etc/named.rfc1912.zones
The profile comments deleted, leaving a positive resolution and reverse lookup on it
Configuration data file
Data files are located /var/named
, there are positive resolution and reverse analysis template file
Then copy the template file to use forward resolution lemon.zone
file, you must fill in the area with your file names remain the same, or can not visit, in addition, must pay attention to copy the time to add parameters -p
, or a copy of lemon.zone
the file is a group that root, will not have permission to access other people, so here with this command:
cp -p named.localhost lemon.zone
Open the data file to be modified (analytical positive)
$TTL 1D
@ IN SOA lemon.com. rname.invalid. (#完全域名及管理员邮箱地址
0 ; serial
1D ; refresh# 主从刷新时间
1H ; retry# 主从通讯失败后重试间隔
1W ; expire# 缓存过期时间
3H ) ; minimum# 没有TTL定义时的最小生存周期
NS dns.lemon.com.//定义域名服务器,切记域名后面的“.”,表示这是一个FQDN
MX 5 mail.lemon.com.
dns A 192.168.186.129//主机记录
mail A 192.168.186.130
www A 192.168.186.131
ftp CNAME www
* A 192.168.1.100
After a good editor, check to see if an error
named-checkzone /var/named/lemon.zone /var/named/lemon.zone
OK can occur, but prompt name above problem does not affect the operation of the back of the
next copy of the reverse analysis template file
[root@localhost named]# cp -p named.empty lemon.blog
Edit reverse lookup file
check
starts
systemctl start named.service
或
systemctl restart named
If the error, you go back and look at this place is not no semicolon
outset that fucked me
Here's what I encountered, you can pass the test can not refer to this:
(
Note that the last native to modify the default DNS server
/etc/resolv.conf
Change the DNS server to host your current ip address set
)
Client Authentication
First off the firewall and SELinux
iptables -F
setenforce 0
NIC configuration file
vi /etc/sysconfig/network-scripts/ifcfg-ens33
Add the DNS server
Note must be added when DNS1
, instead of writing DNS
to restart the network card
service network restart
carry out testing
nslookup #安装 nslookup yum -y install bind-utils
Forward test
resolution succeeds
Reverse lookup on the line, really fast autistic, but before each autistic are somehow, disgusting! ! !