导航：首页 > 服务器 >

Oracle Linux 7.1如何配置DNS服务

发表于：2025-01-24 作者：千家信息网编辑

千家信息网最后更新 2025年01月24日，这篇文章将为大家详细讲解有关Oracle Linux 7.1如何配置DNS服务，小编觉得挺实用的，因此分享给大家做个参考，希望大家阅读完这篇文章后可以有所收获。Oracle Linux 7.1配置DN

千家信息网最后更新 2025年01月24日Oracle Linux 7.1如何配置DNS服务

这篇文章将为大家详细讲解有关Oracle Linux 7.1如何配置DNS服务，小编觉得挺实用的，因此分享给大家做个参考，希望大家阅读完这篇文章后可以有所收获。

Oracle Linux 7.1配置DNS服务
一.安装DNS需要的软件包

# yum install bind-libs bind bind-utils

二.编辑named.conf文件
在编辑前先复制一份named.conf文件

[root@jytest1 ~]# cp /etc/named.conf /etc/named.conf.backup[root@jytest1 ~]# vi /etc/named.conf//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {        listen-on port 53 { any; };--将127.0.0.1修改成any        listen-on-v6 port 53 { ::1; };        directory       "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };--将127.0.0.1修改成any        /*          - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.         - If you are building a RECURSIVE (caching) DNS server, you need to enable            recursion.          - If your recursive DNS server has a public IP address, you MUST enable access            control to limit queries to your legitimate users. Failing to do so will           cause your server to become part of large scale DNS amplification            attacks. Implementing BCP38 within your network would greatly           reduce such attack surface         */        recursion yes;        dnssec-enable yes;        dnssec-validation yes;        dnssec-lookaside auto;        /* Path to ISC DLV key */        bindkeys-file "/etc/named.iscdlv.key";        managed-keys-directory "/var/named/dynamic";        pid-file "/run/named/named.pid";        session-keyfile "/run/named/session.key";};logging {        channel default_debug {                file "data/named.run";                severity dynamic;        };};zone "." IN {        type hint;        file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";

三.配置host.conf

[root@jytest1 ~]# cat /etc/host.confmulti on

该文件指定如何解析主机名。Linux通过解析器库来获得主机名对应的IP地址。下面是一个"/etc/host.conf"的示例：
order bind,hosts
multi on
nospoof on
"order bind,hosts"指定主机名查询顺序，这里规定先使用DNS来解析域名，然后再查询"/etc/hosts"文件(也可以相反)。
"multi on"指定是否"/etc/hosts"文件中指定的主机可以有多个地址，拥有多个IP地址的主机一般称为多穴主机。
"nospoof on"指不允许对该服务器进行IP地址欺骗。IP欺骗是一种攻击系统安全的手段，通过把IP地址伪装成别的计算机，来取得其它计算机的信任。

四.修改/etc/named.rfc1912.zones

[root@jytest1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.backup[root@jytest1 ~]# vi /etc/named.rfc1912.zones// named.rfc1912.zones://// Provided by Red Hat caching-nameserver package//// ISC BIND named zone configuration for zones recommended by// RFC 1912 section 4.1 : localhost TLDs and address zones// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt// (c)2007 R W Franks//// See /usr/share/doc/bind*/sample/ for example named configuration files.//zone "localhost.localdomain" IN {        type master;        file "named.localhost";        allow-update { none; };};zone "localhost" IN {        type master;        file "named.localhost";        allow-update { none; };};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };};zone "1.0.0.127.in-addr.arpa" IN {        type master;        file "named.loopback";        allow-update { none; };};zone "0.in-addr.arpa" IN {        type master;        file "named.empty";        allow-update { none; };};--下面为增加的内容，jybd.net.forward为正向解析,jydba.net.reverse为反向解析zone "jydba.net" IN {        type master;        file "jydba.net.forward";        allow-update { none; };};zone "130.138.10.in-addr.arpa" IN {        type master;        file "jydba.net.reverse";        allow-update { none; };};"/etc/named.rfc1912.zones" 54L, 1171C written

五.修改具体的zone配置文件

[root@jytest1 named]# cd /var/named[root@jytest1 named]# cp named.localhost jydba.net.forward[root@jytest1 named]# cp named.loopback jydba.net.reverse[root@jytest1 named]# vi jydba.net.forward$TTL 1D@       IN SOA  @ root.jydba.net. (                                        0       ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H )    ; minimum        NS      @        A       10.138.130.171        AAAA    ::1jytest1              A            10.138.130.171jytest2              A            10.138.130.172jytest1-vip          A            10.138.130.175jytest2-vip          A            10.138.130.176jytest-scan          A            10.138.130.177jytest-scan          A            10.138.130.178jytest-scan          A            10.138.130.179[root@jytest1 named]# vi jydba.net.reverse$TTL 1D@       IN SOA  @ root.jydba.net. (                                        0       ; serial                                        1D      ; refresh                                        1H      ; retry                                        1W      ; expire                                        3H )    ; minimum        NS      @        A       10.138.130.171        AAAA    ::1        PTR     localhost.171           PTR     jytest1172           PTR     jytest2175           PTR     jytest1-vip176           PTR     jytest2-vip177           PTR     jytest-scan178           PTR     jytest-scan179           PTR     jytest-scan

六.配置resolv.conf

[root@jytest1 named]# cat /etc/resolv.conf# Generated by NetworkManagersearch jydba.net# No nameservers found; try putting DNS servers into your# ifcfg files in /etc/sysconfig/network-scripts like so:## DNS1=xxx.xxx.xxx.xxx# DNS2=xxx.xxx.xxx.xxx# DOMAIN=lab.foo.com bar.foo.comsearch jydba.netnameserver       10.138.130.171

七.测试

[root@jytest1 named]# dig -x 10.138.130.172; < <>> DiG 9.9.4-RedHat-9.9.4-18.el7 < <>> -x 10.138.130.172;; global options: +cmd;; Got answer:;; ->>HEADER<

上面出现错误，server can't find jytest1: SERVFAIL，错误信息是因为之前创建文件时使用的是root用户，将这些创建的文件修改为named用户与组。

[root@jytest1 named]# ls -lrttotal 32-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty-rw-r-----. 1 root  named 2076 Jan 28  2013 named.cadrwxrwx---. 2 root  named    6 Mar  6  2015 dyndb-ldapdrwxrwx---. 2 named named    6 Mar  6  2015 slavesdrwxr-x---. 7 root  named   56 Nov  5 11:03 chroot-rw-r-----  1 root  named  728 Mar 17 18:45 named.jydba-rw-r--r--  1 root  root   829 Mar 17 18:45 jydba.zonedrwxrwx---. 2 named named   22 Mar 17 18:45 data-rw-r-----  1 root  root   503 Mar 17 19:13 jydba.net.forward-rw-r-----  1 root  root   406 Mar 17 19:15 jydba.net.reversedrwxrwx---. 2 named named   58 Mar 17 19:16 dynamic[root@jytest1 named]# chown -R named:named jydba*[root@jytest1 named]# ls -lrttotal 32-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty-rw-r-----. 1 root  named 2076 Jan 28  2013 named.cadrwxrwx---. 2 root  named    6 Mar  6  2015 dyndb-ldapdrwxrwx---. 2 named named    6 Mar  6  2015 slavesdrwxr-x---. 7 root  named   56 Nov  5 11:03 chroot-rw-r-----  1 root  named  728 Mar 17 18:45 named.jydba-rw-r--r--  1 named named  829 Mar 17 18:45 jydba.zonedrwxrwx---. 2 named named   22 Mar 17 18:45 data-rw-r-----  1 named named  503 Mar 17 19:13 jydba.net.forward-rw-r-----  1 named named  406 Mar 17 19:15 jydba.net.reversedrwxrwx---. 2 named named   58 Mar 17 19:16 dynamic

[root@jytest1 named]# systemctl restart  named.service[root@jytest1 named]# nslookup jytest1Server:         10.138.130.171Address:        10.138.130.171#53Name:   jytest1.jydba.netAddress: 10.138.130.171[root@jytest1 named]# nslookup jytest1.jydba.netServer:         10.138.130.171Address:        10.138.130.171#53Name:   jytest1.jydba.netAddress: 10.138.130.171[root@jytest1 named]# nslookup jytest2-priv.jydba.netServer:         10.138.130.171Address:        10.138.130.171#53** server can't find jytest2-priv.jydba.net: NXDOMAIN[root@jytest1 named]# nslookup jytest2-vip.jydba.netServer:         10.138.130.171Address:        10.138.130.171#53Name:   jytest2-vip.jydba.netAddress: 10.138.130.176[root@jytest1 named]# nslookup jytest-scan.jydba.netServer:         10.138.130.171Address:        10.138.130.171#53Name:   jytest-scan.jydba.netAddress: 10.138.130.178Name:   jytest-scan.jydba.netAddress: 10.138.130.179Name:   jytest-scan.jydba.netAddress: 10.138.130.177[root@jytest1 named]# nslookup 10.138.130.179Server:         10.138.130.171Address:        10.138.130.171#53179.130.138.10.in-addr.arpa     name = jytest-scan.130.138.10.in-addr.arpa.

通过测试可以看到DNS通过正向与反向解析都是正常的，说明配置成功。

注意:
对于Linux 使用NetworkManager来控制网络的操作系统，当主机重启之前/etc/resolv.conf文件可能会被重写。如果发生这种情况，需要对相应的网卡配置文件增加以下记录
对于Oracle Linux 6修改类似文件 /etc/sysconfig/network-scripts/ifcfg-eth0 (ifcfg-eth2 etc.)
对于Oracle Linux 7修改类似文/etc/sysconfig/network-scripts/ifcfg-ens160 (ifcfg-ens34 etc.)
DNS1=10.138.130.171
DOMAIN=jydba.net

关于"Oracle Linux 7.1如何配置DNS服务"这篇文章就分享到这里了，希望以上内容可以对大家有一定的帮助，使各位可以学到更多知识，如果觉得文章不错，请把它分享出去让更多的人看到。

很赞哦！