1实战案例-DNS服务与管理

第3章Linux系统与服务构建运维3.11实战案例——DNS服务与管理目录2010203案例目标案例分析案例实施301案例目标学习目标

配置DNS服务的正反向解析

了解BIND服务的安装配置

使用bind-chroot搭建DNS服务使用4（1）了解BIND服务的安装配置（2）使用bind-chroot搭建DNS服务（3）配置DNS服务的正反向解析01案例目标502案例分析学习目标规划节点基础准备61.规划节点部署主从节点DNS服务的节点规划IP主机名节点masterslaver主DNS服务器从DNS服务器12.基础准备使用VMWareWorkstation软件安装CentOS7.2操作系统，镜像使用提供的CentOS-7-x86_64-DVD-1511.iso，最小化CentOS7.2虚拟机两台。YUM源使用本地CetnOS7.2系统源。02案例分析703案例实施学习目标配置主从DNS配置YUM源（两个节点）

安装配置DNS软件BIND（两个节点）81.配置YUM源（两个节点）（1）YUM源备份[root@master~]#mv/etc/yum.repos.d/*/opt/（2）创建repo文件[root@master~]#vi/etc/yum.repos.d/local.repo[centos]name=centosbaseurl=0/centos7.2gpgcheck=0enabled=103案例实施9（3）测试YUM源配置[root@master~]#yumlist（4）关闭防火墙和SELinux[root@master~]#setenforce0[root@master~]#systemctlstopfirewalld2.安装配置DNS软件BIND（两个节点）使用如下命令安装bind-chrootDNS服务器，示例结果如图所示。[root@master~]#yuminstallbind-chrootbind-utils-y03案例实施10通过rpm-qlbind-chroot查询所安装的文件。03案例实施11进入bind-chroot目录。拷贝bind相关文件，准备bind-chroot环境：[root@masterchroot]#cp-R/usr/share/doc/bind-9.9.4/sample/etc/*/var/named/chroot/etc/[root@masterchroot]#cp-R/usr/share/doc/bind-9.9.4/sample/var/*/var/named/chroot/var/03案例实施12创建dynamic目录，将bind文件设置为可写，如图所示。[root@masterchroot]#cdvar/named/[root@masternamed]#chmod-R777/var/named/chroot/var/named/data/[root@masternamed]#mkdirdynamic[root@masternamed]#chmod-R777/var/named/chroot/var/named/dynamic03案例实施13将DNS服务named.conf文件拷贝到bind-chroot目录中。[root@masterchroot]#cp/etc/named.conf/var/named/chroot/etc/named.conf编辑配置文件named.conf，具体示例代码如下：-IfyouarebuildinganAUTHORITATIVEDNSserver,doNOTenablerecursion.-IfyouarebuildingaRECURSIVE(caching)DNSserver,youneedtoenable[root@masterchroot]#vi/var/named/chroot/etc/named.confrecursion.//named.conf………..-IfyourrecursiveDNSserverhasapublicIPaddress,youMUSTenableaccesscontroltolimitqueriestoyourlegitimateusers.Failingtodosowilloptions{causeyourservertobecomepartoflargescaleDNSamplificationlisten-onport53{any;};attacks.ImplementingBCP38withinyournetworkwouldgreatly//listen-on-v6port53{::1;};reducesuchattacksurface*/directory"/var/named";dump-file"/var/named/data/cache_dump.db";recursionyes;statistics-file"/var/named/data/named_stats.txt";dnssec-enableyes;memstatistics-file"/var/named/data/named_mem_stats.txt";allow-query{any;};/*dnssec-validationyes;/*PathtoISCDLVkey*/bindkeys-file"/etc/named.iscdlv.key";03案例实施14managed-keys-directory"/var/named/dynamic";pid-file"/run/named/named.pid";session-keyfile"/run/named/session.key";};logging{channeldefault_debug{file"data/named.run";severitydynamic;};};zone""{typemaster;file".zon";};include"/etc/named.rfc1912.zones";include"/etc/named.root.key";设置named.conf文件的用户权限为named，示例代码如下：[root@masternamed]#chownnamed/var/named/chroot/etc/named.conf03案例实施15创建转发域拷贝模板文件named.localhost到.zon，示例代码如下：[root@masternamed]#cp/var/named/named.localhost/var/named/chroot/var/named/.zon编辑.zon文件，示例代码如下：[root@masternamed]#vi.zon$TTL1D$ORIGIN.@INSOA..(2019001;serial1D;refresh1H;retry1W;expire3H;minimum)INNS.ns1INA0wwwINA1ftpINA03案例实施16赋予.zon所有权限，命令如下：chmod-R777.zon检查配置，如图所示。[root@masternamed]#named-checkconf/var/named/chroot/etc/named.conf[root@masternamed]#named-checkzone.zon03案例实施17配置服务设置主机时间，示例代码如下：[root@masternamed]#date-s15:47:00关闭named服务，取消开机启动，命令如下：[root@masternamed]#systemctlstopnamed[root@masternamed]#systemctldisablenamed设置bind-chroot服务开机启动，并重启。[root@masternamed]#systemctlenablenamed-chrootln-s'/usr/lib/systemd/system/named-chroot.service''/etc/systemd/system/multi-user.target.wants/named-chroot.service'[root@masternamed]#systemctlrestartnamed-chroot03案例实施18查看bind-chroot服务状态，如图所示。[root@masternamed]#systemctlstatusnamed-chroot03案例实施19配置主机DNS服务器。[root@masternamed]#vi/etc/resolv.conf;generatedby/usr/sbin/dhclient-scriptsearchopenstacklocallocaldomain.localdomainnameserver//修改为当前主机IP使用bind基本命令重载主配置文件和区域解析库文件，如图所示。[root@masternamed]#rndcreload[root@masternamed]#rndcreload[root@masternamed]#rndcnotify[root@masternamed]#rndcreconfig03案例实施20测试DNS解析是否正常，如图所示。03案例实施213.配置主从DNS在Master上操作，修改Master的named.conf配置文件[root@masterchroot]#cat/var/named/chroot/etc/named.conf////named.conf…………..//listen-onport53{any;};listen-on-v6port53{::1;};//dump-file"/var/named/data/cache_dump.db";statistics-file"/var/named/data/named_stats.txt";memstatistics-file"/var/named/data/named_mem_stats.txt";allow-query{any;};03案例实施22logging{channeldefault_debug{file"data/named.run";severitydynamic;/*};…………..};zone""{typemaster;recursionyes;dnssec-enableyes;dnssec-validationyes;/*PathtoISCDLVkey*/file".zon";allow-transfer{1;};notifyyes;bindkeys-file"/etc/named.iscdlv.key";managed-keys-directory"/var/named/dynamic";};includesession-keyfile"/run/named/session.key";"/etc/named.rfc1912.zones";include"/etc/named.root.key";};03案例实施23在Master编辑主服务器解析库文件，添加解析记录，示例代码如下。[root@masterchroot]#catvar/named/.zon$TTL1D@INSOA..(2019002;serial//改值比修改前的要大，才能同步1D;refresh1W;expireINNS.ns1INA0wwwINA1www2INA//添加记录ftpINA03案例实施24重新加载配置文件。03案例实施25在slave上操作，修改slave服务器上的named.conf文件，示例代码如下：[root@slavenamed]#vi/var/named/chroot/etc/named.conf//named.conf//ProvidedbyRedHatbindpackagetoconfiguretheISCBINDnamed(8)DNS////See/usr/share/doc/bind*/sample/forexamplenamedconfigurationfiles.//options{listen-onport53{any;};//listen-on-v6port53{::1;};directory"/var/named";03案例实施26dump-file"/var/named/data/cache_dump.db";statistics-file"/var/named/data/named_stats.txt";memstatistics-file"/var/named/data/named_mem_stats.txt";allow-query{any;};/*…………..*/recursionyes;dnssec-enableyes;dnssec-validationyes;/*PathtoISCDLVkey*/bindkeys-file"/etc/named.iscdlv.key";managed-keys-directory"/v