centos7安装dnsserver傻瓜操作指南.docx
《centos7安装dnsserver傻瓜操作指南.docx》由会员分享,可在线阅读,更多相关《centos7安装dnsserver傻瓜操作指南.docx(14页珍藏版)》请在冰点文库上搜索。
centos7安装dnsserver傻瓜操作指南
第一步:
安装bind-chroot
[root@localhostnamed]#yuminstall–ybindbind-chrootbind-utils
效果如下
[root@localhost~]#yuminstall–ybindbind-chrootbind-utils
Loadedplugins:
fastestmirror,langpacks
Repodataisover2weeksold.Installyum-cron?
Orrun:
yummakecachefast
base|kB00:
00:
00
extras|kB00:
00:
00
updates|kB00:
00:
00
(1/2):
extras/7/x86_64/primary_db|117kB00:
00:
00
(2/2):
updates/7/x86_64/primary_db|MB00:
00:
01
Determiningfastestmirrors
*base:
*extras:
*updates:
Dependencies
-->Runningtransactioncheck
--->Package32:
willbeinstalled
-->ProcessingDependency:
bind-libs=32:
forpackage:
32:
Package32:
willbeinstalled
--->Package32:
willbeupdated
--->Package32:
willbeanupdate
-->Runningtransactioncheck
--->Package32:
willbeupdated
--->Package32:
willbeanupdate
-->ProcessingDependency:
bind-license=32:
forpackage:
32:
Runningtransactioncheck
--->Package32:
willbeupdated
-->ProcessingDependency:
bind-license=32:
forpackage:
32:
Package32:
willbeanupdate
-->Runningtransactioncheck
--->Package32:
willbeupdated
--->Package32:
willbeanupdate
-->FinishedDependencyResolution
DependenciesResolved
=================================================================================================
PackageArchVersionRepositorySize
=================================================================================================
Installing:
bindx86_6432:
updatesM
bind-chrootx86_6432:
updates82k
Updating:
bind-utilsx86_6432:
updates199k
Updatingfordependencies:
bind-libsx86_6432:
updatesM
bind-libs-litex86_6432:
updates713k
bind-licensenoarch32:
updates80k
TransactionSummary
=================================================================================================
Install2Packages
Upgrade1Package(+3Dependentpackages)
Totaldownloadsize:
M
Isthisok[y/d/N]:
y
Downloadingpackages:
updates/7/x86_64/prestodelta|297kB00:
00:
05
DeltaRPMsreducedMofupdatesto307k(82%saved)
(1/6):
|139kB00:
00:
00
(2/6):
|168kB00:
00:
00
warning:
/var/cache/yum/x86_64/7/updates/packages/HeaderV3RSA/SHA256Signature,keyIDf4a80eb5:
NOKEY
Publickeyforisnotinstalled
(3/6):
|82kB00:
00:
00
(4/6):
|80kB00:
00:
00
(5/6):
|199kB00:
00:
00
(6/6):
|MB00:
00:
00
Finishingdeltarebuildsof2package(s)M)
---------------------------------------------------------------------------------------------------------------------
TotalMB/s|MB00:
00:
01
RetrievingkeyfromGPGkey0xF4A80EB5:
Userid:
"CentOS-7Key(CentOS7OfficialSigningKey)>"
Fingerprint:
6341ab2753d78a78a7c27bb124c6a8a7f4a80eb5
Package:
(@anaconda)
From:
/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Isthisok[y/N]:
y
Runningtransactioncheck
Runningtransactiontest
Transactiontestsucceeded
Runningtransaction
Updating:
32:
1/10
Updating:
32:
2/10
Installing:
32:
3/10
Installing:
32:
4/10
Updating:
32:
5/10
Updating:
32:
6/10
Cleanup:
32:
7/10
Cleanup:
32:
8/10
Cleanup:
32:
9/10
Cleanup:
32:
10/10
Verifying:
32:
1/10
Verifying:
32:
2/10
Verifying:
32:
3/10
Verifying:
32:
4/10
Verifying:
32:
5/10
Verifying:
32:
6/10
Verifying:
32:
7/10
Verifying:
32:
8/10
Verifying:
32:
9/10
Verifying:
32:
10/10
Installed:
32:
32:
Updated:
32:
DependencyUpdated:
32:
32:
32:
Complete!
第二步:
修改文件
配置文件是/etc/文件。
【不是/var/named/chroot/var/named/文件。
】
-IfyouarebuildingaRECURSIVE(caching)DNSserver,youneedtoenable
recursion.
-IfyourrecursiveDNSserverhasapublicIPaddress,youMUSTenableaccess
controltolimitqueriestoyourlegitimateusers.Failingtodosowill
causeyourservertobecomepartoflargescaleDNSamplification
attacks.ImplementingBCP38withinyournetworkwouldgreatly
reducesuchattacksurface
*/
recursionyes;
dnssec-enableyes;
dnssec-validationyes;
dnssec-lookasideauto;
/*PathtoISCDLVkey*/
bindkeys-file"/etc/";
managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/";
session-keyfile"/run/named/";
};
logging{
channeldefault_debug{
file"data/";
severitydynamic;
};
};
zone"."IN{
typehint;
file"";
};
zone""IN{
typemaster;
file"";
};
zone""IN{
typemaster;
file"";
};
这部分为我实验的时候增加的内容。
需要注意的是这里涉及了两个文件:
这两个文件位于:
/var/named目录下。
include"/etc/";
include"/etc/";
第三步:
增加Zone文件,并对zone文件授权。
实验域名:
网络地
址:
/24
在/var/named目录下,有两个文件可供模版进行修改:
和
[root@localhostnamed]#ll
total16
drwxr-x---.7rootnamed56Nov1515:
36chroot
drwxrwx---.2namednamed6Sep318:
35data
drwxrwx---.2namednamed6Sep318:
35dynamic
-rw-r-----.1rootnamed2076Jan282021
-rw-r-----.1rootnamed152Dec152021
-rw-r-----.1rootnamed152Jun212021
-rw-r-----.1rootnamed168Dec152021
drwxrwx---.2namednamed6Sep318:
35slaves
[root@localhostnamed]#
[root@localhostnamed]#cpnamed]#cp【其实,文件可以随意,没有明确的强制要求】
$TTL1D
@ INSOA @.(
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H) ;minimum
NS @
A
AAAA :
:
1
oaINA
fsINA
1D
@ INSOA @.(
0 ;serial
1D ;refresh
1H ;retry
1W ;expire
3H) ;minimum
NS @
A
AAAA :
:
1
PTR localhost.
5INPTRINPTR
关于两个文件的拥有者的修改,在实验的时候,忘了对这两文件的拥有者的修改,一度让我陷入崩溃,系统一直提示找不到该文件。
若是是在图形界面下,操作很简单。
命令行的方式也很容易:
chown named:
namedzone_file
[root@localhostnamed]#chownnamed:
named*
[root@localhostnamed]#ls.*
named]#ll-all
total32
drwxr-x---.6rootnamed4096Nov1516:
33.
drwxr-xr-x.23rootroot4096Nov1515:
36..
-rw-r-----.1namednamed220Nov1516:
331namednamed194Nov1516:
337rootnamed56Nov1515:
36chroot
drwxrwx---.2namednamed6Sep318:
35data
drwxrwx---.2namednamed6Sep318:
35dynamic
-rw-r-----.1rootnamed2076Jan282013
-rw-r-----.1rootnamed152Dec152009
-rw-r-----.1rootnamed152Jun212007
-rw-r-----.1rootnamed168Dec152009
drwxrwx---.2namednamed6Sep318:
35slaves
Chown使用帮助
chmod[-cfhvR][--help][--version]user[:
group]file...
参数
描述
user新的档案拥有者的使用者ID
group新的档案拥有者的使用者群体(group)
-c若该档案拥有者确实已经更改,才显示其更改动作
-f若该档案拥有者无法被更改也不要显示错误讯息
-h只对于连结(link)进行变更,而非该link真正指向的档案
-v显示拥有者变更的详细资料
-R对目前目录下的所有档案与子目录进行相同的拥有者变更(即以递回的方式逐个变更)
例子
.53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'n...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'n...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'n...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Nov1516:
39:
57named[31691]:
error(networkunreachable)resolving'p...53
Hint:
Somelineswereellipsized,use-ltoshowinfull.
[root@localhostnamed]#
停止:
#systemctlstopnamed
重启:
#systemctlrestartnamed
简单诊断方式:
1#systemctlstatunamed
named如果无法启动,就会有提示启动失败,这个命令可以查询失败的原因。
[root@localhost~]#systemctlstatusnamed
-BerkeleyInternetNameDomain(DNS)
Loaded:
loaded(/usr/lib/systemd/system/;enabled)
Active:
active(running)sinceSun2015-11-1514:
10:
07CST;2h4minago
Process:
14597ExecReload=/bin/sh-c/usr/sbin/rndcreload>/dev/null2>&1||/bin/kill-HUP$MAINPID(code=exited,status=0/SUCCESS)
Process:
1828ExecStart=/usr/sbin/named-unamed$OPTIONS(code=exited,status=0/SUCCESS)
Process:
1374ExecStartPre=/usr/sbin/named-checkconf-z/etc/(code=exited,status=0/SUCCESS)
MainPID:
1844(named)
CGroup:
/
└─1844/usr/sbin/named-unamed
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
07named[1844]:
error(networkunreachable...
Nov1516:
10:
08named[1844]:
error(networkunreachable...
Nov1516:
10:
08named[1844]:
error(networkunreachable...
Nov1516:
10:
09named[1844]:
error(networkunreachable...
Nov1516:
10:
09named[1844]:
error(networkunreachable...
Hint:
Somelineswereellipsized,use-ltoshowinfull.
2#netstat-atulpn
查询端口是否开发,DNS的端口是53.
[root@localhost~]#netstat-atulpn
ActiveInternetconnections(serversandestablished)
ProtoRecv-QSend-QLocalAddressForeignAddressStatePID/Programname
tcp00:
53:
*LISTEN1844/named
tcp00:
53:
*LISTEN1844/named
tcp00:
22:
*LISTEN1369/sshd
tcp00:
631:
*LISTEN13631/cupsd
tcp00:
25:
*LISTEN2461/master
tcp00:
953:
*LISTEN1844/named
tcp600:
:
:
53:
:
:
*LISTEN1844/named
tcp600:
:
:
22:
:
:
*LISTEN1369/sshd
tcp600:
:
1:
631:
:
:
*LISTEN13631/cupsd
tcp600:
:
1:
25:
:
:
*LISTEN2461/master
tcp600:
:
1:
953:
:
:
*LISTEN1844/named
udp00:
53:
*1844/named
udp00:
53:
*1844/named
udp00:
68:
*14556/dhclient
udp00:
123:
*764/chronyd
udp00:
55425:
*14556/dhclient
udp00:
5353:
*760/avahi-daemon:
r
udp00:
323:
*764/chronyd
udp00:
41330:
*760/avahi-daemon:
r
udp600:
:
:
53:
:
:
*1844/named
udp600:
:
:
123:
:
:
*764/chronyd
udp600:
:
1:
323:
:
:
*764/chronyd
udp600:
:
:
62031:
:
:
*14556/dhclient
第五步:
测试(linux上用dig测试;windows客户端nslookup测试)