1. Install DNS service
1. Install DNS service related software packages
bind: DNS server package
bind-utils: DNS testing tools, including dig, host and nslookup.
bind-chroot: Make BIND run the two-point security enhancement tool in the specified directory.
My choicebind和bind-utilsuse Completed:yum install bind bind-utils
2. Startup of BIND
systemctl start named //Start DNS service
systemctl enable named //Start DNS service automatically at boot
rndc status
3. Firewall configuration
Summary: The firewall does not allow DNS services to pass by default. The administrator needs to add a policy that allows the firewall to pass DNS services.
systemctl start firewalld //Start the firewall
firewall-cmd --get-services //Display the predefined services of the firewall (we can find dns through this command)
firewall-cmd --permanent --add-service=dns //Allow firewall to pass DNS service
firewall-cmd --reload //Reload the firewall
The next step is to createDNS service forward lookup zone and reverse lookup zone. In order to better understand, let’s base it on an actual /span> Explain the training task.
Practical training tasks:
A company requires the deployment of a DNS server on the internal network, and uses the internal DNS server to provide domain name resolution services for the internal network and the Internet for computers in the internal network.
The deployment information is as follows:
Task 1: Install the DNS service on server1 and configure it as the primary DNS server
(1) Install DNS service
(2) Create a forward lookup area and add resource records to the area based on the information provided in the above table;
Create a reverse lookup zone and add resource records to the zone based on the information provided in the table above.
(3) Check the regional data file for syntax errors
(4) Start/restart DNS service
(5) Turn on the firewall and add corresponding services
Task 2: Use client to test the primary DNS server and secondary DNS server
(1) client network configuration
(2) Perform DNS domain name query test on the client and domain name query test on the DNS server
2. Create a DNS server forward lookup zone
1. Configure the DNS server main configuration file (forward lookup)
because /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 211.136.192.6;120.196.165.24; }; //转发DNS服务器IP地址
forward only;recursion yes;
dnssec-enable no;
dnssec-validation no;/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};zone "." IN {
type hint;
file "named.ca";
};zone "junyi.com" IN { //此处的xxx.com由自己命名
type master;
file "junyi.com.zone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named-checkconf //Check the syntax of the DNS service main configuration file
2. Create a regional data file (forward search region)
cd /var/named
cp -a named.localhost junyi.com.zone //xxx here. com.zone is consistent with the one defined in the main configuration file
because junyi.com.zone
$TTL 1D
@ IN SOA server 3094588253.qq.com. ( //邮箱改为自己的
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS server
server A 192.168.1.10
www A 192.168.1.100
ftp CNAME server
mail A 192.168.1.200
@ MX 10 mail
~
named-checkzone junyi.com /var/named/junyi.com.zone //Check the syntax of the zone file (forward)
3. Create a DNS server reverse lookup zone
1. Configure the DNS server main configuration file (reverse lookup)
because /etc/named.conf
Summary: Edit based on forward search.
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 211.136.192.6;120.196.165.24; }; //转发DNS服务器IP地址
forward only;recursion yes;
dnssec-enable no;
dnssec-validation no;/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
zone "junyi.com" IN { //此处的xxx.com由自己命名
type master;
file "junyi.com.zone";
allow-update { none; };
};zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
allow-update { none; };
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2. Create a regional data file (reverse search region)
cd /var/named
cp -a named.loopback 1.168.192.zone //Copy the template file to the zone data file
because 1.168.192.zone
$TTL 1D
@ IN SOA @ 3094588253.qq.com. ( //邮箱改为自己的
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.1.10
10 PTR server.junyi.com.
100 PTR www.junyi.com.
100 PTR ftp.junyi.com.
200 PTR mail.junyi.com.
named-checkzone 1.168.192 /var/named/1.168.192.zone //Check zone file syntax (reverse)
4. Restart DNS service
systemctl restart named
5. Test
1. Client IP configuration
cd /etc/sysconfig/network-scripts/
vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.20
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=ee00f1c4-4501-4750-bb76-a1b226380d07
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.1.10
2. Forward domain name query and reverse domain name query
Forward domain name query:
Reverse domain name query:
At this point, the DNS server is set up!