Turn off the firewall and Selinux practice before this project, please modify the network card configuration for this experiment Linux IP address is 192.168.100.20 (VM1 host mode only card named eth0) proceed according to the actual situation
If you can not use linux ifconfig command, use the -y install NET-Tools yum
DIG command, nslookup command, use the -y install the bind yum *
as follows, for VM1 card on Windows (Linux specified NIC) for DNS settings, linux is set to host address, if not set the Linux network card, with the following modifications
1, the installation dns service
2, dns edit the configuration file, the interface will open
#vi /etc/named.conf
modify the 11 lines and 17 lines, as follows
listen-on port 53 {127.0.0.1; }; modified to listen-on port 53 {any; }; // show DNS server address and listening ports 53
allow-query {localhost;}; modified to allow-query { any;}; // address which allows clients make an inquiry.
或设置为如下内容:(此处192.168.100.20为linux的IP地址,请根据实际情况设置)
listen-on port 53 { 127.0.0.1; }; 修改为 listen-on port 53 { 192.168.100.20; };//表明DNS服务监听的地址和53号端口
allow-query { localhost; }; 修改为 allow-query { any; };//允许哪些地址的客户端提出查询。
3、添加正向反向解析域
#vi /etc/etc/named.rfc1912.zones
移动到末行,添加如下代码,建议直接复制37-41行,再进行如下修改
zone “fl.com” IN {//需要管理的域,名字自定义,此处以fl.com为例
type master;
file “fl.com.zone”;//正向解析文件地址,名字自定义,此处以fl.com.zone为例
allow-update { none; };
};
zone “100.168.192.in-addr.arpa” IN {//需要管理的域,名字自定义,此处以100.168.192为例
type master;
file "100.168.192.arpa";//反向解析文件地址.名字自定义,此处以100.168.192.arpa为例
allow-update { none; };
};
4、创建正向以及反向解析文件
1)使用cp命令复制/var/named/named.localhost文件,并修改文件名为之前正向反向解析中的文件名,此处使用”-p”参数是将named.localhost文件的权限都赋予其新复制的文件
#cp -p /var/named/named.localhost fl.com.zone
#cp -p /var/named/named.localhost 100.168.192.arpa
2)编辑正向解析文件,进行如下修改,切莫忘记打掉com后面的小数点
$TTL 1D
@ IN SOA dns.fl.com. root.fl.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.fl.com.
dns IN A 192.168.100.20
IN MX 10 mail.fl.com.
mail IN A 192.168.100.21
www IN A 192.168.100.22
bbs IN A 192.168.100.21
web IN CNAME www.fl.com.
3)编辑反向解析文件,进行如下修改,切莫忘记打掉com后面的小数点
$TTL 1D
@ IN SOA dns.fl.com. root.fl.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.fl.com.
20 PTR dns.fl.com.
21 PTR mail.fl.com.
22 PTR www.fl.com.
23 PTR bbs.fl.com.
重启named服务,使用windows主机进行测试
部署并测试缓存DNS服务器
请先保证,您的CentOS7.2 拥有2张网卡VM1(仅主机模式网段192.168.100.0/24)
VM8(net模式) 192.168.200.0/24 可以上网,
并且firewalld和SELinux已关闭
对named服务进行如下修改
#vi /etc/named.conf
recursion yes; // line 29, indicating that this DNS server allows recursive resolution, the cache server configuration here, you need to forward queries to other DNS servers, so there must be set to yes
DNSSEC-enable yes; // line 31, with to set whether to enable support for DNSSEC, DNS security extensions (DNSSEC) provides the effectiveness of the verification system by the DNS data.
dnssec-validation no; // line 32, specifies whether to encrypt the DNS query process, in order to enhance the efficiency provided here NO
forwarders along {114.114.114.114;}; // add new set here is the IP address of the Primary DNS, when the local cache does not correspond to the resolution, the client will forward queries to DNS servers which can be added to address more DNS servers
forward only; // add new, it only means that the server forwards the query to other DNS client server up
# Editor Analysis DNS server used
#vi /etc/resolv.conf
nameserver 192.168.100.20 
NIC address of the client's DNS cache server to point (192.168.100.20), there will also be used as a DNS server cache client for testing.
