Training environment
server:
Operating system: CentOS7.4
IP address: 192.168.37.70
Subnet mask: 255.255.255.0
Gateway: 192.168.37.1
DNS:114.114.114.114
Linux client:
Operating system: CentOS7.4
IP address: 192.168.37.60
Subnet mask: 255.255.255.0
Gateway: 192.168.37.1
DNS:192.168.37.60
Training task
Configure a DNS server for the school to be responsible for domain name resolution of the school's lcvc.com domain.
The FQDN of the DNS server: dns.lcvc.com The IP address is 192.168.128.66.
It is required to implement forward and reverse domain name resolution for the following domain names
dns.lcvc.com DNS server |
192.168.37.70 |
mail.lcvc.com mail exchange server |
192.168.37.50 |
www.lcvc.com website server |
192.168.37.40 |
In addition, set web.lcvc.com as the alias of the website server
1. Server configuration
1. Install bind software
2. Modify the main configuration file /etc/named.conf
(1) Backup
[root@localhost ~]# cp /etc/named.conf /etc/named.conf.bak
(2) open
[root@localhost ~]# vi /etc/named.conf
Modification: Change the two places to {any}
options {
listen-on port 53 { any; };
#any means listening on port 53 of any host; it can also be replaced by the IP address of the server
listen-on-v6 port 53 { ::1; };
directory "/var/named";
#/var/named is the storage directory for zone files. The default is sufficient and does not need to be modified.
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
#any means any client is allowed to use this DNS server; it can also be changed to a specific IP address range, such as: 192.168.37.0/24
After modification, save and exit
3. Modify the zone file /etc/named.rfc1912.zones
(1) Backup
[root@localhost ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
(2) Open the zone file
[root@localhost ~]# vi /etc/named.rfc1912.zones.bak
Modify based on the original, or add the following content
zone "lcvc.com" IN {
type master;
# master|slave|hint|forward respectively means master DNS|slave DNS|root server|forwarding (cache) server
file "lcvc.zheng";
#Forward parsing the name of the file, the absolute path is /var/named/ lcvc.zheng
allow-update { none; };
};
zone "128.168.192.in-addr.arpa" IN {
type master;
file "lcvc.fan";
#Reverse the name of the parsed file. The absolute path is /var/named/ lcvc.fan
allow-update { none; };
After modification, save and exit
4. Modify the forward parsing file and reverse parsing file
(1) Switch to the zone file directory # cd /var/named/
(2) Modify the forward analysis file
①Copy the original file and rename it to lcvc.zheng (note that it must be consistent with the name defined in the zone file /etc/named.rfc1912.zones)
-p means to retain the group and owner
②Open the forward analysis file lcvc.zheng
save and exit
type of resource record
(1) A record (Address) forward resolution, IPv4, use domain name resolution to obtain the IP address
(2) AAAA record (Address) forward resolution, IPv6, use domain name resolution to obtain the IP address
(3) PTR record (Pointer) reverse analysis, use IP resolution to obtain the domain name
(4) CNAME record (Canonical Name) alias
(5) MX records (Mail eXchange)
Mail exchange records, which point to a mail server , are used by the e-mail system to locate the mail server according to the recipient's address suffix when sending mail.
(6) NS record (Name Server)
Domain name server records, also called authorization servers, are used to specify which DNS server should resolve the domain name .
NS records take precedence over A records . That is, if a host address has both an NS record and an A record, the A record will not take effect.
When there are multiple MX records (that is, multiple mail servers), you need to set values to determine their priority. Indicate the preferred server by setting a priority number , with lower numbers indicating higher priority.
(3) Modify the reverse analysis file
①Copy the original file and rename it to lcvc.fan (note that it must be consistent with the name defined in the zone file /etc/named.rfc1912.zones)
②Open the forward analysis file lcvc.fan
Modify as follows:
save and exit
5. Start the DNS service
# systemctl start named
6. Set the service to automatically start at boot
# systemctl enable named
7. Close selinux
# setenforce 0
8. Turn off the firewall
# systemctl stop firewalld
2. Client testing
1. Install nslookup software bind-utils
Modify the client's DNS to point to the DNS server
Restart network#systemctl restart network
3. Check whether you have obtained the correct DNS
View the /etc/resolv.conf file
If the nameserver is not obtained, you can use the command #vi /etc/resolv.conf to open the configuration file and manually add a line: nameserver 192.168.37.70
4. Test whether the analysis result is correct
(1) Forward analysis
(2) Reverse analysis
3. How to check if DNS is not working properly?
1. Check whether the main configuration file is correct
There is no prompt, indicating that there is no error in the main configuration file /etc/named.conf
2. Check whether the forward parsing file and reverse parsing file are correct.
OK means there is no forward parsing file and no error in the reverse parsing file.
3、检查主配置文件和区域文件的权限,要把属主和属组分别修改为root和named
(1)检查主配置文件/etc/named.conf
正确
(2)检查正向和反向解析文件