DNS Server Installation Step b
发表于:2025-01-23 作者:千家信息网编辑
千家信息网最后更新 2025年01月23日,DNS Server Installation Step by Step Using CentOS 6.5DNS, Domain Name System, translates hostnames o
千家信息网最后更新 2025年01月23日DNS Server Installation Step b
DNS Server Installation Step by Step Using CentOS 6.5
DNS, Domain Name System, translates hostnames or URLs into IP addresses. For example if we type www.unixmen.com in browser, the DNS server translates the domain name into its associated ip address. Since the IP addresses are hard to remember, DNS servers are used to translate the hostnames likewww.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names instead of its IP address.Scenario
Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 serverHostname : masterdns.unixmen.localIP Address : 192.168.1.100/24
Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.5 serverHostname : secondarydns.unixmen.localIP Address : 192.168.1.101/24
Client Details:
Operating System : CentOS 6.5 Desktop Hostname : Client.unixmen.localIP Address : 192.168.1.102/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
Add the lines as shown below in '/etc/named.conf' file
[root@masterdns ~]# vi /etc/named.conf //// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### Master DNS IP ###listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; 192.168.1.0/24; }; ### IP Range ### allow-transfer{ localhost; 192.168.1.101; }; ### Slave DNS IP ###recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen";allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";2. Create Zone files
Create forward and reverse zone files which we mentioned in the '/etc/named.conf' file.
2.1 Create Forward Zone
Create forward.unixmen file in the '/var/named' directory.
[root@masterdns ~]# vi /var/named/forward.unixmen$TTL 86400@ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL)@ IN NS masterdns.unixmen.local.@ IN NS secondarydns.unixmen.local.@ IN MX 10 mail.unixmen.local.@ IN A 192.168.1.100@ IN A 192.168.1.101@ IN A 192.168.1.102masterdns IN A 192.168.1.100secondarydns IN A 192.168.1.101client IN A 192.168.1.102mail IN A 192.168.1.50
2.2 Create Reverse Zone
Create reverse.unixmen file in the '/var/named' directory.
[root@masterdns ~]# vi /var/named/reverse.unixmen $TTL 86400@ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL)@ IN NS masterdns.unixmen.local.@ IN NS secondarydns.unixmen.local.@ IN PTR unixmen.local.masterdns IN A 192.168.1.100secondarydns IN A 192.168.1.101client IN A 192.168.1.102mail IN A 192.168.1.50100 IN PTR masterdns.unixmen.local.101 IN PTR secondarydns.unixmen.local.102 IN PTR client.unixmen.local.50 IN PTR mail.unixmen.local.
3. Start the DNS service
[root@masterdns ~]# service named startStarting named: [ OK ][root@masterdns ~]# chkconfig named on
4. Adjust iptables to allow DNS server from outside of the network
Add the lines as shown below in '/etc/sysconfig/iptables' file.
[root@masterdns ~]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
5. Restart iptables
[root@masterdns ~]# service iptables restartiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ]
6. Test DNS configuration and zone files for any syntax errors
[root@masterdns ~]# named-checkconf /etc/named.conf [root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen zone unixmen.local/IN: loaded serial 2011071001OK[root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen zone unixmen.local/IN: loaded serial 2011071001OK
7. Test DNS Server
[root@masterdns ~]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSsecondarydns.unixmen.local.unixmen.local.86400INNSmasterdns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 6 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:07:56 2013;; MSG SIZE rcvd: 114
[root@masterdns ~]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100Name:unixmen.localAddress: 192.168.1.101
Now the Primary DNS server is ready to use.
Setup Secondary(Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
1. Configure Slave DNS Server
Open the main configuration file '/etc/named.conf' and add the lines as shown below.
[root@secondarydns ~]# vi /etc/named.conf //// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { 127.0.0.1; 192.168.1.101; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; 192.168.1.0/24; };recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";2. Start the DNS Service
[root@secondarydns ~]# service named startGenerating /etc/rndc.key: [ OK ]Starting named: [ OK ][root@secondarydns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to'/var/named/slaves/' in Secondary DNS server.
[root@secondarydns ~]# ls /var/named/slaves/unixmen.fwd unixmen.rev
[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd $ORIGIN .$TTL 86400; 1 dayunixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. (2011071001 ; serial3600 ; refresh (1 hour)1800 ; retry (30 minutes)604800 ; expire (1 week)86400 ; minimum (1 day))NS masterdns.unixmen.local.NS secondarydns.unixmen.local.A192.168.1.100A192.168.1.101A192.168.1.102$ORIGIN unixmen.local.clientA192.168.1.102masterdnsA192.168.1.100secondarydnsA192.168.1.101
[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev $ORIGIN .$TTL 86400; 1 day1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. (2011071001 ; serial3600 ; refresh (1 hour)1800 ; retry (30 minutes)604800 ; expire (1 week)86400 ; minimum (1 day))NS masterdns.unixmen.local.NS secondarydns.unixmen.local.PTRunixmen.local.$ORIGIN 1.168.192.in-addr.arpa.100PTRmasterdns.unixmen.local.101PTRsecondarydns.unixmen.local.102PTRclient.unixmen.local.clientA192.168.1.102masterdnsA192.168.1.100secondarydnsA192.168.1.101
3. Add the DNS Server details to all systems
[root@secondarydns ~]# vi /etc/resolv.conf# Generated by NetworkManagersearch ostechnix.comnameserver 192.168.1.100nameserver 192.168.1.101nameserver 8.8.8.8
4. Test DNS Server
[root@secondarydns ~]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 15 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:27:57 2013;; MSG SIZE rcvd: 114
[root@secondarydns ~]# dig secondarydns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;secondarydns.unixmen.local.INA;; ANSWER SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; Query time: 4 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:31:53 2013;; MSG SIZE rcvd: 114
[root@secondarydns ~]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.101Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100
Client Side Configuration
Add the DNS server details in '/etc/resolv.conf' file in all client systems
[root@client unixmen]# vi /etc/resolv.conf# Generated by NetworkManagersearch unixmen.localnameserver 192.168.1.100nameserver 192.168.1.101nameserver 8.8.8.8
Test DNS Server
[root@client unixmen]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 30 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:47:55 2013;; MSG SIZE rcvd: 114
[root@client unixmen]# dig secondarydns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;secondarydns.unixmen.local.INA;; ANSWER SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; AUTHORITY SECTION:unixmen.local.86400INNSsecondarydns.unixmen.local.unixmen.local.86400INNSmasterdns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; Query time: 8 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:48:38 2013;; MSG SIZE rcvd: 114
[root@client unixmen]# dig client.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;client.unixmen.local.INA;; ANSWER SECTION:client.unixmen.local.86400INA192.168.1.102;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 5 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:49:11 2013;; MSG SIZE rcvd: 137
[root@client unixmen]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100Name:unixmen.localAddress: 192.168.1.101
Now the primary and secondary DNS servers are ready.
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
校园网络安全的预防
网络安全态势评估模型
苹果帐号登录服务器出现问题
逆战无法登陆服务器超时
餐饮服务器管理器
软件开发过程中复杂性控制
哪所军校网络安全专业比较好
服务器管理+软件
支持ip伪装的大流量服务器价格
扬州自动量化交易软件开发公司
rails数据库连接池
计算机电子与网络技术
数据库表命名规范td
武汉软件开发驻场价钱
渤海银行网络安全工作
php是一种什么服务器
国家网络安全参与企业
为服务器一块硬盘故障灯亮起
江苏机电网络技术质量服务
北京尚鹏科技网络技术
南浔网络技术招聘
网络安全性能仿真
杭州苹果软件开发公司如何选择
数据库的日志已满mysql
参加网络安全知识答题活动
策略服务器课件
拜城县网络安全
pubchem数据库查靶点
网络安全风险范围包括什么
网络安全面试官说我网上抄的
