CentOS7下DNS服务器的搭建（局域网DNS、辅助DNS、缓存DNS）

一、DNS服务器的安装与测试

二、配置文件详解

三、配置内网（局域网）DNS

四．辅DNS的配置

     五、缓存DNS配置

---

一、DNS服务器的安装与测试

1.查看是否安装DNS软件包

[root@mylocalhost ~]# rpm -qa|grep bind

未安装：bind-9.9.4-61.el7_5.1.x86_64

2.安装DNS服务器软件包bind

[root@mylocalhost ~]# yum install bind

3.再次查看bind包是否安装

[root@mylocalhost ~]# rpm -qa|grep bind

已安装。

4.启动DNS服务（说明：DNS服务的守护进程为named）

[root@mylocalhost ~]# systemctl start named.service

5.将DNS设为开机自启动

[root@mylocalhost ~]# systemctl enable named.service

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

6.查看DNS服务的状态

[root@mylocalhost ~]# systemctl status named.service

7.测试域名解析（能够正确解析外网和本机）

[root@www ~]# nslookup www.baidu.com

[root@www ~]# nslookup www.sohu.com

[root@www ~]# nslookup localhost

[root@www ~]# nslookup 127.0.0.1

#

二、配置文件详解

1.配置文件/etc/named.conf详解

[root@www ~]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator’s Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options { #选项

listen-on port 53 \{ 127.0.0.1; \};                        \#服务监听端口为53
listen-on-v6 port 53 \{ ::1; \};                              \#服务监听端口为53（ipv6）
directory "/var/named";                           \#配置文件存放的目录
dump-file "/var/named/data/cache\_dump.db";           \#解析过的内容的缓存
statistics-file "/var/named/data/named\_stats.txt";      \#静态缓存（一般不用）
memstatistics-file "/var/named/data/named\_mem\_stats.txt";   \#静态缓存（放内存里的,一般不用）
allow-query \{ localhost; \};                                 \#允许连接的客户机
recursion yes;                                            \#递归查找
dnssec-enable yes;                                    \#DNS加密
dnssec-validation yes;                              \#DNS加密高级算法
dnssec-lookaside auto;                             \#DNS加密的相关东西
/\* Path to ISC DLV key \*/
bindkeys-file “/etc/named.iscdlv.key”;           \#加密用的key（私钥公钥的加密,很强）

};

logging { #日志

channel default\_debug \{
    file "data/named.run";           \#运行状态文件
    severity dynamic;            \#静态服务器地址（根域）

};

};

zone “.” IN { #根域解析

type hint;
file "named.ca";                       \#根域配置文件

};

include “/etc/named.rfc1912.zones”; #扩展配置文件（新开域名）

include “/etc/named.root.key”;

2.扩展配置文件/etc/named.rfc1912.zones详解

zone “localhost.localdomain” IN { #本地主机全名解析

type master;                    \#类型为主域
file "named.localhost";           \#域配置文件（文件存放在/var/named目录中）
allow-update \{ none; \};           \#不允许客户端更新

};

zone “localhost” IN { #本地主机名解析

type master;
file "named.localhost";
allow-update \{ none; \};

};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

                                        \#ipv6本地地址反向解析

type master;

file "named.loopback";
allow-update \{ none; \}; zone "1.0.0.127.in-addr.arpa" IN \{   \#本地地址反向解析
type master;
file "named.loopback";
allow-update \{ none; \};

};

zone “0.in-addr.arpa” IN { #本地全网地址反向解析（和/域更新用的）

type master;
file "named.empty";
allow-update \{ none; \};

};

三、配置内网（局域网）DNS

   本局域网有6台机器，定义：域名为abc.com，主机名分别为：pc1、pc2、pc3、pc4、pc5、pc6，其中pc1为域名服务器，负责对局域网中的6台机器进行域名解析，其IP地址为：192.168.190.10，pc2~pc6主机的IP地址分别为192.168.190.11、192.168.190.12、192.168.190.13、192.168.190.14、192.168.190.15。

1.先把子网ip改为192.168.190.0

2.改主机pc1的IP地址为静态地址

[root@pc1 named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=a461b66a-ab58-405c-9feb-abb2e888f40d

DEVICE=ens33

ONBOOT=yes

PROXY_METHOD=none

BROWSER_ONLY=no

ZONE=public

IPADDR=192.168.190.10

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.10

3.编辑/etc/resolv.conf

[root@pc1 named]# vim /etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.190.10

4.重启网卡或重启系统

(1)重启网卡

[root@pc1 named]# ifdown ens33

成功断开设备 ‘ens33’。

[root@pc1 named]# ifup ens33

连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/3）

(2)重启系统

[root@pc1 named]# reboot

5.编辑配置文件/etc/named.conf

root@www ~]# vim /etc/named.conf

options {

    listen-on port 53 \{ any; \};
    listen-on-v6 port 53 \{ ::1; \};
    directory       "/var/named";
    dump-file       "/var/named/data/cache\_dump.db";
    statistics-file "/var/named/data/named\_stats.txt";
    memstatistics-file "/var/named/data/named\_mem\_stats.txt";
    allow-query     \{ any; \};
    allow-transfer \{ 192.168.190.0/24;  \};

保存退出（：wq）

6.编辑扩展配置文件/etc/named.rfc1912.zones

（1）添加abc.com域的正向解析和方向解析

[root@www ~]# vim /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

zone “localhost.localdomain” IN {

     type master;
     file "named.localhost";
     allow-update \{ none; \};

};

zone “localhost” IN {

     type master;
     file "named.localhost";
     allow-update \{ none; \};

};

zone “abc.com” IN {//说明：正向解析域

     type master;
     file "named.abc.com.zones";
    allow-transfer \{ 192.168.190.11; \}; 
     allow-update \{ none; \};

};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

     type master;
     file "named.loopback";
     allow-update \{ none; \};

};

zone “1.0.0.127.in-addr.arpa” IN {

     type master;
     file "named.loopback";
     allow-update \{ none; \};

};

zone “190.168.192.in-addr.arpa” IN {//说明：反向解析域

     type master;
     file "named.190.168.192.zones";
    allow-transfer \{ 192.168.190.11; \}; 
     allow-update \{ none; \};

};

zone “0.in-addr.arpa” IN {

     type master;
     file "named.empty";
     allow-update \{ none; \};

};

//保存退出(:wq)

7.编辑区文件

(1)编辑正向解析区文件

[root@www named]# ls

data dynamic named.ca named.empty named.localhost named.loopback slaves

(2)更换所属组

[root@www named]# cp -p named.localhost named.abc.com.zonesll

[root@www named]# chgrp named named.190.168.192.zones

[root@www named]# vim /var/named/named.abc.com.zones

$TTL 1D

@ IN SOA @ root.pc1.abc.com. (

                                        0       ; serial
                                        1D    ; refresh
                                        1H    ; retry
                                        1W   ; expire
                                        3H )  ; minimum
     IN     NS    pc1.abc.com.

pc1 IN A 192.168.190.10

pc2 IN A 192.168.190.11

pc3 IN A 192.168.190.12

pc4 IN A 192.168.190.13

pc5 IN A 192.168.190.14

pc6 IN A 192.168.190.15

(3)编辑反向解析区文件

[root@www named]# vim /var/named/named.190.168.192.zones

$TTL 1D

@ IN SOA @ root.pc1.abc.com. (

                                        0       ; serial
                                        1D    ; refresh
                                        1H    ; retry
                                        1W   ; expire
                                        3H )  ; minimum
     IN     NS    pc1.abc.com.

10 IN PTR pc1.abc.com.

11 IN PTR pc2.abc.com.

12 IN PTR pc3.abc.com.

13 IN PTR pc4.abc.com.

14 IN PTR pc5.abc.com.

15 IN PTR pc6.abc.com.

#

8.重启DNS服务

[root@www named]# systemctl restart named

#

9.修改主机名为pc1并查看是否修改成功

[root@pc1 named]# hostnamectl set-hostname pc1

[root@pc1 named]# hostname

10.编辑NetworkManager管理工具的配置文件，不让其分配DNS

[root@pc1 named]# vim /etc/NetworkManager/NetworkManager.conf

# Configuration file for NetworkManager.

#

# See “man 5 NetworkManager.conf” for details.

#

# The directories /usr/lib/NetworkManager/conf.d/ and /var/run/NetworkManager/conf.d/

# can contain additional configuration snippets installed by packages. These files are

# read before NetworkManager.conf and have thus lowest priority.

# The directory /etc/NetworkManager/conf.d/ can contain additional configuration

# snippets. Those snippets are merged last and overwrite the settings from this main

# file.

#

# The files within one conf.d/ directory are read in asciibetical order.

#

# If /etc/NetworkManager/conf.d/ contains a file with the same name as

# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.

# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can

# put an empty file to /etc with the same name. The same applies with respect

# to the directory /var/run/NetworkManager/conf.d where files in /var/run shadow

# /usr/lib and are themselves shadowed by files under /etc.

#

# If two files define the same key, the one that is read afterwards will overwrite

# the previous one.

[main]

#plugins=ifcfg-rh,ibft

dns=none

[logging]

# When debugging NetworkManager, enabling debug logging is of great help.

#

# Logfiles contain no passwords and little sensitive information. But please

# check before posting the file online. You can also personally hand over the

# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.

# Please post full logfiles except minimal modifications of private data.

#

# You can also change the log-level at runtime via

# $ nmcli general logging level TRACE domains ALL

# However, usually it’s cleaner to enable debug logging

# in the configuration and restart NetworkManager so that

# debug logging is enabled from the start.

#

# You will find the logfiles in syslog, for example via

# $ journalctl -u NetworkManager

#

# Note that debug logging of NetworkManager can be quite verbose. Some messages

# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst

# in man journald.conf).

#

#level=TRACE

#domains=ALL

11.DNS测试

(1)命令测试

[root@pc1 named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[root@pc1 named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[root@pc1 named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!！！

四．辅DNS的配置

在之前将计算机配置为的基础上，将IP地址为192.168.190.11的计算机pc2配置为辅助DNS服务器，并从IP地址为192.168.190.10的主DNS服务器pc1复制正向解析和反向解析的区文件named.abc.com.zones和named.190.168.192.zones。

1.安装DNS软件包bind

[root@www ~]# yum install bind

2.编辑配置文件/etc/named.conf

root@www ~]# vim /etc/named.conf

options {

    listen-on port 53 \{ any; \};
    listen-on-v6 port 53 \{ ::1; \};
    directory       "/var/named";
    dump-file       "/var/named/data/cache\_dump.db";
    statistics-file "/var/named/data/named\_stats.txt";
    memstatistics-file "/var/named/data/named\_mem\_stats.txt";
    allow-query     \{ any; \};
    allow-transfer \{ none;  \};

保存退出（：wq）

3.编辑扩展配置文件/etc/named.rfc1912.zones

（1）定义abc.com域的正向解析和方向解析

[root@www ~]# vim /etc/named.rfc1912.zones

// named.rfc1912.zones:

//

// Provided by Red Hat caching-nameserver package

//

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// (c)2007 R W Franks

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

zone “localhost.localdomain” IN {

     type master;
     file "named.localhost";
     allow-update \{ none; \};

};

zone “localhost” IN {

     type master;
     file "named.localhost";
     allow-update \{ none; \};

};

zone “abc.com” IN {

     type slave;
     file "slaves/named.abc.com.zones";
     masters \{ 192.168.190.10; \};
     \};

zone “1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {

     type master;
     file "named.loopback";
     allow-update \{ none; \};

};

zone “1.0.0.127.in-addr.arpa” IN {

     type master;
     file "named.loopback";
     allow-update \{ none; \};

};

zone “190.168.192.in-addr.arpa” IN {//说明：反向解析域

     type slave;
     file "slaves/named.190.168.192.zones";
     masters \{ 192.168.190.10; \};

};

zone “0.in-addr.arpa” IN {

     type master;
     file "named.empty";
     allow-update \{ none; \};

};

//保存退出(:wq)

4.在主DNS的区域配置文件中（/etc/named.rfc1912.zones)允许该从服务器的更新要求。

[root@www named]# vim /etc/named.rfc1912.zones

zone “abc.com” IN {

    type master;
    file "named.abc.com";
    allow-update \{ 192.168.190.11; \};//允许从服务器的更新要求

};

zone “192.168.192.in-addr.arpa” IN {

    type master;
    file "named.192.168.144.zones";
    allow-update \{ 192.168.190.11; \};

};

5.关闭防火墙和安全

主服务器和从服务器的都要关闭

[root@pc2 ~]# systemctl stop firewalld

[root@pc2 ~]# setenforce 0

6.改主机pc2的IP地址为静态地址

[root@pc2 named]# vi /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

NAME=ens33

UUID=a461b66a-ab58-405c-9feb-abb2e888f40d

DEVICE=ens33

ONBOOT=yes

PROXY_METHOD=none

BROWSER_ONLY=no

ZONE=public

IPADDR=192.168.190.11

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.11

7.编辑/etc/resolv.conf

[root@pc2 ~]# vim /etc/resolv.conf

# Generated by NetworkManager

nameserver 192.168.190.10

8.重启网卡或重启系统

(1)重启网卡

[root@pc2 named]# ifdown ens33

成功断开设备 ‘ens33’。

[root@pc2 named]# ifup ens33

连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/3）

9.重启DNS服务

[root@pc2 ~]# systemctl restart named

10.查看/var/named/slaves/文件夹下是否传过来正向解析和反向解析的区文件

[root@pc2 ~]# ls /var/named/slaves/

named.190.168.192.zones named.abc.com.zones

11.DNS测试

[root@pc2 named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[root@pc2 named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[root@pc2 named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!！！

五、缓存DNS配置

在之前将计算机配置为的基础上，将IP地址为192.168.190.12的计算机配置为缓存DNS服务器，将解析请求转发到主域名服务器192.168.190.10

1. 安装DNS软件包bind

[root@www ~]# yum install bind

2. 编辑配置文件/etc/named.conf

root@www ~]# vim /etc/named.conf

options {

    listen-on port 53 \{ any; \};
    listen-on-v6 port 53 \{ ::1; \};
    directory       "/var/named";
    dump-file       "/var/named/data/cache\_dump.db";
    statistics-file "/var/named/data/named\_stats.txt";
    memstatistics-file "/var/named/data/named\_mem\_stats.txt";
   //全局转发
    allow-query     \{ any; \};
    forward first; //首先转发，转发器不响应，则递归查询。取值为only时只转发。
    forwarders  \{ 192.168.190.10;  \};

保存退出（：wq）

3.编辑扩展配置文件/etc/named.rfc1912.zones

[root@www ~]# vim /etc/named.rfc1912.zones

在最后加上：

//转发指定域

zone “abc.com” IN {

     type forward;//转发
     forward first;
     forwarders \{ 192.168.190.10; \};
     \};

//保存退出(:wq)

4.改主机pc3的IP地址为静态地址(192.168.190.12)

[root@pc1 named]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736

BOOTPROTO=static

…….

IPADDR=192.168.190.12

PREFIX=24

GATEWAY=192.168.190.2

DNS=192.168.190.12

5.重启网卡或重启系统

[root@pc3 named]# ifdown ens33

成功断开设备 ‘ens33’。

[root@pc3 named]# ifup ens33

连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/3）

[root@pc3 named]#

6.重启DNS服务

[root@www named]# systemctl restart named

7.DNS测试

[root@pc1 named]# nslookup pc1.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc1.abc.com

Address: 192.168.190.10

[root@pc1 named]# nslookup pc3.abc.com

Server: 192.168.190.10

Address: 192.168.190.10#53

Name: pc3.abc.com

Address: 192.168.190.12

[root@pc1 named]# nslookup 192.168.190.13

Server: 192.168.190.10

Address: 192.168.190.10#53

13.190.168.192.in-addr.arpa name = pc4.abc.com.

成功!！！