Service的域调控器,DNS服务器架设

Centos7.1最小化安装搭建Active Directory Service的域调整器

尝试平台

I3二代,8G内存,WIN7陆拾叁人系统,安装Virtualbox4.3.26,创立CENTOS7.1设想机,挂载minimal光盘安装系统。

再便是下载希图了三个Centos everything的7G
VCD光盘,方便安装信任包,不用实时联网YUM安装。

生龙活虎、最小化安装CENTOS7.1,进度略。

二、登录Centos7.1系统,安装依赖。作者钟爱用下载的Centos
DVD安装软件,比互连网快。

1.
如果要从WIN7系统用PUTTY等软件SSH连接设想机,要配置好定点IP,展开SSH。笔者是用securecrt连的虚构机,互联网选了二个网卡桥接本机网卡动态IP,二个选host-only网络,IP段设置192.168.6.*。

Last login: Thu Apr 16 04:20:06 2015 from 192.168.6.1

2.挂载everything的光盘
[[email protected]
~]# mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only

3.进来/etc/yum.repos.d/目录,批量化名备份repo文件

[[email protected]
~]# cd /etc/yum.repos.d/
[[email protected]
yum.repos.d]# find . -type f |xargs -i mv {} {}.bkp
[[email protected]
yum.repos.d]# ls
CentOS-Base.repo.bkp CentOS-Debuginfo.repo.bkp CentOS-Sources.repo.bkp
CentOS-CR.repo.bkp CentOS-fasttrack.repo.bkp CentOS-Vault.repo.bkp

4.用编辑器新确立贰个光盘安装源。
[[email protected]
yum.repos.d]# vi CentOS-Media.repo
[c7-media]
name=CentOS-$releasever- Media
baseurl=file:///mnt
gpgcheck=0
enabled=1

“CentOS-Media.repo” 5L, 83C written
5.从光盘安装”development tools”

[[email protected]
yum.repos.d]# yum groupinstall “development tools”

设置进度略

6.安装一些依靠

[[email protected]
samba-4.2.1]# yum -y install libacl-devel libblkid-devel gnutls-devel
readline-devel python-devel autoconf gdb bind rsyslog-gssapi
cyrus-sasl-gssapi

再有多少个RPM包小编用RPM命令是前面编写翻译报错再设置的,也得以在上头的YUM二次安装

[[email protected]
samba-4.2.1]# rpm -ivh
/mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm
warning: /mnt/Packages/python-devel-2.7.5-16.el7.x86_64.rpm: Header V3
RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing…
#################################
[100%]
package python-devel-2.7.5-16.el7.x86_64 is already installed
[[email protected]
samba-4.2.1]# rpm -ivh
/mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm
warning: /mnt/Packages/cyrus-sasl-2.1.26-17.el7.x86_64.rpm: Header V3
RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing…
#################################
[100%]
Updating / installing…
1:cyrus-sasl-2.1.26-17.el7
#################################
[100%]
[[email protected]
samba-4.2.1]# rpm -ivh
/mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm
warning: /mnt/Packages/cyrus-sasl-devel-2.1.26-17.el7.x86_64.rpm:
Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing…
#################################
[100%]
Updating / installing…
1:cyrus-sasl-devel-2.1.26-17.el7
#################################
[100%]
[[email protected]
samba-4.2.1]# rpm -ivh
/mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm
warning: /mnt/Packages/openldap-devel-2.4.39-6.el7.x86_64.rpm: Header
V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing…
#################################
[100%]
Updating / installing…
1:openldap-devel-2.4.39-6.el7
#################################
[100%]

三、下载编写翻译萨姆da

7.下载SAMB凯越.2.1源码包,用SECUREFXP上流传/tmp目录,wget实在太慢了。

8.未来进入/tmp目录,解压准备编写翻译samba4.2.1

[[email protected]
~]# cd /tmp
[[email protected]
tmp]# ls
ks-script-BL7c5a samba-latest.tar.gz yum.log
[[email protected]
tmp]# tar -xvf samba-latest.tar.gz
[[email protected]
tmp]# ls
ks-script-BL7c5a samba-4.2.1 samba-latest.tar.gz yum.log
[[email protected]
tmp]# cd samba-4.2.1/

编写翻译以前要运维buildtools/scripts/目录下的autogen-waf.sh

[[email protected]
samba-4.2.1]# cd buildtools/scripts/
[[email protected]
scripts]# ./autogen-waf.sh

Setting up for waf build
Looking for the buildtools directory
Found buildtools in ./../../buildtools
Setting up configure
Setting up Makefile
done. Now run ./configure or ./configure.developer then make.

再次来到解压的目录,起头编写翻译samba

[[email protected]
scripts]# cd /tmp/samba-4.2.1/
[[email protected]
samba-4.2.1]# ./configure

编写翻译进度略……
‘configure’ finished successfully (1m8.178s)

到那边编写翻译完毕.

9.开始make安装

[[email protected]
samba-4.2.1]# make && make install

设置进度略……
Waf: Leaving directory `/tmp/samba-4.2.1/bin’
‘install’ finished successfully (3m22.415s)

至此samba4.2.1源码编写翻译安装实现。

10.退换主机名称叫DC1,把FQDN完全域名写上,好处是等下进步为域控免输域名了。

[[email protected]
samba-4.2.1]#vi /etc/hostname
DC1.contoso.com

四、进步为域控

11.设想机能够关机做个快速照相,然后运行,登入,发轫把那台linux主机提高为域调控器。

[[email protected]
~]# cd /usr/local/samba/bin

[[email protected]
bin]# ./samba-tool domain provision

Realm [CONTOSO.COM]:

Domain [CONTOSO]:

Server Role (dc, member, standalone) [dc]:

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]: BIND9_FLATFILE
#此地选的BIND9的DNS,也足以安装萨姆ba自带的DNS.

Administrator
password:输入域控管理员密码,密码必要求复杂,大小写字母+数字,如Ab123456&
Retype password:再输入一次Ab123456&

Looking up IPv4 addresses More than one IPv4 address found. Using
192.168.6.3

Looking up IPv6 address

No IPv6 addresswill be assigned

Setting up secrets.ldb

Setting up the registry

Setting up the privileges database

Setting up idmap db

Setting up sam.ldb partitions and settings

Setting up sam.ldb rootDSE

Pre-loading the Samba 4 and AD schema

Adding DomainDN: DC=contoso,DC=com

Adding configuration container

Setting up sam.ldb schema

Setting up sam.ldb configuration data

Setting up display specifiers

Modifying display specifiers

Adding users container

Modifying users container

Adding computers container

Modifying computers container

金沙js8331,Setting up sam.ldb data

Setting up well known security principals

Setting up sam.ldb users and groups

Setting up self join

Adding DNS accounts

Creating CN=MicrosoftDNS,CN=System,DC=contoso,DC=com

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

See /usr/local/samba/private/named.conf for an example configuration
include file for BIND

and /usr/local/samba/private/named.txt for further documentation
required for secure DNS updates

Setting up sam.ldb rootDSE marking as synchronized

Fixing provision GUIDs

A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf

Once the above files are installed, your Samba4 server will be ready to
use

Server Role: active directory domain controller

Hostname: DC1

NetBIOS Domain: CONTOSO

DNS Domain: contoso.com

DOMAIN SID: S-1-5-21-3366851103-1622988557-2824442447

[[Service的域调控器,DNS服务器架设。email protected]
bin]#

必然要来看DOMAIN SID才算配置成功

启动samba
[[email protected]
bin]# /usr/local/samba/sbin/samba

查阅版本

[[email protected]
bin]# /usr/local/samba/bin/smbclient –version

Version 4.2.1

测试

[[email protected]
bin]# /usr/local/samba/bin/smbclient -L localhost -U%

Domain=[CONTOSO]

OS=[Unix]

Server=[Samba 4.2.1]

Sharename Type Comment


netlogon Disk

sysvol Disk

IPC$ IPC IPC Service (Samba 4.2.1)

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]

Server Comment


Workgroup Master


[[email protected]
bin]# /usr/local/samba/bin/smbclient //localhost/netlogon
-Uadministrator

Enter administrator’s password:

Domain=[CONTOSO] OS=[Unix] Server=[Samba 4.2.1]

smb: > q

[[email protected]
bin]#

检查一下BIND

[[email protected]
bin]# rpm -qa|grep bind

bind-libs-lite-9.9.4-18.el7.x86_64

bind-license-9.9.4-18.el7.noarch

bind-libs-9.9.4-18.el7.x86_64

bind-9.9.4-18.el7.x86_64

在/etc/named.conf文件中能够见到bind9的目录是/var/named,进入该目录:
[[email protected]
etc]# cd /var/named

复制生机勃勃份named.localhost作为contoso.com.zone,然后改善,作为contoso.com的正向拆解分析文件。

[[email protected]
named]# cp named.localhost contoso.com.zone

[[email protected]
named]# vim contoso.com.zone

$TTL
[email protected]
IN SOA @ contoso.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

IN NS DC1.contoso.com.

@ IN A 192.168.6.3

DC1 IN A 192.168.6.3

上述就是修改后的,双网卡的虚机,IP大概是其它一个的,要订正。

再把samba发生的DNS文件的尾巴部分复制过来。可是绝不复制gc._msdcs这一条,作者测验报错,删除了能运维bind

[[email protected]
~]# cd /usr/local/samba/private/dns

[[email protected]
dns]# ls

contoso.com.zone

[[email protected]
dns]# vim contoso.com.zone

复制上面部分

79aef472-c658-49c0-a2b4-3988bc00338a._msdcs IN CNAME DC1

;

; global catalog servers

_gc._tcp IN SRV 0 100 3268 DC1

_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 DC1

_ldap._tcp.gc._msdcs IN SRV 0 100 3268 DC1

_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100
3268 DC1

;

; ldap servers_ldap._tcp IN SRV 0 100 389 DC1

_ldap._tcp.dc._msdcs IN SRV 0 100 389 DC1

_ldap._tcp.pdc._msdcs IN SRV 0 100 389 DC1

_ldap._tcp.8b2afba7-4d3a-4b88-8b45-381cf145c623.domains._msdcs IN SRV
0 100 389 DC1

_ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 DC1

_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389
DC1

;

; krb5 servers_kerberos._tcp IN SRV 0 100 88 DC1

_kerberos._tcp.dc._msdcs IN SRV 0 100 88 DC1

_kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 DC1

_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100
88 DC1_kerberos._udp IN SRV 0 100 88 DC1

; MIT kpasswd likes to lookup this name on password change

_kerberos-master._tcp IN SRV 0 100 88 DC1

_kerberos-master._udp IN SRV 0 100 88 DC1

;

; kpasswd_kpasswd._tcp IN SRV 0 100 464 DC1

_kpasswd._udp IN SRV 0 100 464 DC1

;

; heimdal ‘find realm for host’ hack

_kerberos IN TXT CONTOSO.COM

然后粘贴到/var/named/contoso.com.zone改过进的末端。具体操作中,能够在SecureCRT里克隆会话,进到目录,打开文件,拖选要复制的,然后切换来原本的会话点右键就粘贴上了,然后按ESC,:wq保存退出。

开拓/etc/named.rfc一九一三.zones, 后边加多如下字段,扩大正向解析区域

[[email protected]
etc]# vim /etc/named.rfc1912.zones

zone “contoso.com” IN {

type master;

file “contoso.com.zone”;

allow-update { none; };

};

运营BIND服务,要是报错,须求检查etc/named.rfc1914.zones和contoso.com.zone文件配置

[[email protected]
dns]# systemctl start named.service

[[email protected]
dns]# systemctl status named.service

测验剖判,要求host命令。暗中认可未安装。

[[email protected]
named]# host -t SRV _ldap._tcp.contoso.com.

-bash: host: 未找到命令

再一次挂载光盘安装。

[[email protected]
named]# mount /dev/cdrom /mnt

mount: /dev/sr0 写体贴,将以只读方式挂载

[[email protected]
named]# yum -y install bind-utils

然后测量试验

[[email protected]
~]# host -t SRV _ldap._tcp.contoso.com

_ldap._tcp.contoso.com has SRV record 0 100 389 DC1.contoso.com.

[[email protected]
~]# host -t SRV _kerberos._udp.contoso.com
_kerberos._udp.contoso.com has SRV record 0 100 88 DC1.contoso.com.

[[email protected]
~]# host -t A dc1.contoso.com.

dc1.contoso.com has address 192.168.6.3

然后再开WIN7虚构机,配置同网段IP如192.168.6.5, DNS配置192.168.6.3。
先用PING测量检验能ping通域名,即便打断尝试消除IPTABLES防火墙法则:

[[email protected]
~]# iptables -F

到此服务器端全体的配置达成,能够在WIN7系统下载WINDOWS服务器远程管理工科具包。
安装后增加组件,在调整面板–管理工科具里看到域控的管理工科具,能远程管理了。

Directory
Service的域调整器 实验平台
I3二代,8G内部存款和储蓄器,WIN7陆14位系统,安装Virtualbox4.3.26,建设构造CENTOS7.1虚构机,挂载…

CentOS 7 DNS服务器架设

CentOS 7 DNS服务器安插

品类背景和供给

要保管即能够深入分析内网域名bkjia.local的分析,又能剖判互连网的域名。

主DNS服务器:ZZYH1.LINUXIDC.LOCAL

辅助DNS服务器:ZZYH2.LINUXIDC.LOCAL

含蓄以下域的消息:

1、bkjia.local域的音信:

FQDN IP地址 备注
zzyh1.bkjia.local 192.168.188.15 DNS1服务器
zzyh2.bkjia.local 192.168.188.16 DNS2服务器
ftp.bkjia.local 192.168.188.15  
mailyh1.bkjia.local 192.168.188.22  
smtp.bkjia.local 192.168.188.22  
pop3.bkjia.local 192.168.188.22  
www.bkjia.local 192.168.188.15  
crm.bkjia.local 192.168.188.15

2、192.168.188.0/24、192.168.189.0/24反向剖析域

必要落到实处chroot效用,以抓好安全性

实现到202.102.224.68、202.102.227.68的DNS转发。

谨防非授权客户的DNS记录的枚举(防止现身相像北京烟草公司的安全隐患卡塔尔(قطر‎。仅允许管理员在192.168.188.10上进展操作。

DNS互联网配置

除开守旧的校勘/etc/resolv.conf之外,还应该有通过在ifcfg文件中加多配置的法子。

Tip: 与Windows在某个网卡中安装DNS服务器的IP地址相像

 

# vi/etc/sysconfig/network-scripts/ifcfg-eno16777728

# Generated by parse-kickstart
IPV6INIT=no

BOOTPROTO=static

DEVICE=eno16777728

ONBOOT=yes

TYPE=Ethernet

DEFROUTE=yes

PEERDNS=yes

PEERROUTES=yes

IPV4_FAILURE_FATAL=no

NAME=”System eno16777728″

IPADDR=192.168.188.15

NETMASK=255.255.255.0

GATEWAY=192.168.188.2

DNS1=192.168.188.15
DNS2=192.168.188.16

如此那般,当再一次起动network服务时,会生成/etc/resolv.conf中的配置

# servicenetwork restart

Restarting network (via systemctl):                        [  OK  ]

# cat/etc/resolv.conf

# Generated by NetworkManager

search bkjia.local

nameserver 192.168.188.15
nameserver192.168.188.16

配置Yum库

[[email protected]
~]# cd /etc/yum.repos.d/

[[email protected]
yum.repos.d]# ls

CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Sources.repo 
CentOS-Vault.repo

[[email protected]
yum.repos.d]#

[[email protected]
yum.repos.d]# cpCentOS-Base.repo CentOS-Base.repo.origin

[[email protected]
yum.repos.d]# viCentOS-Base.repo

构造内容

[base]

name=CentOS-$releasever – Base

baseurl=file:///media

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

安装DNS支持包

#yum -y installbind bind-util bind-chroot    //

[[email protected]
~]# cd /media/Packages/

[[email protected]
Packages]# yum -y install bindbind-util bind-chroot

Warning: RPMDB altered outside of yum.

 Installing : 32:bind-libs-9.9.4-14.el7.x86_64                         
  1/3

 Installing : 32:bind-9.9.4-14.el7.x86_64                             
    2/3

 Installing : 32:bind-chroot-9.9.4-14.el7.x86_64                       
  3/3

 Verifying  :32:bind-9.9.4-14.el7.x86_64                               
  1/3

 Verifying  : 32:bind-libs-9.9.4-14.el7.x86_64                         
  2/3

 Verifying  :32:bind-chroot-9.9.4-14.el7.x86_64                       
  3/3

 

Installed:

 bind.x86_64 32:9.9.4-14.el7        bind-chroot.x86_64 32:9.9.4-14.el7

 

Dependency Installed:

  bind-libs.x86_6432:9.9.4-14.el7

 Complete!

查看bind的生成包

[[email protected]
~]# rpm -qc bind

/etc/logrotate.d/named

/etc/named.conf

/etc/named.iscdlv.key

/etc/named.rfc1912.zones

/etc/named.root.key

/etc/rndc.conf

/etc/rndc.key

/etc/sysconfig/named

/var/named/named.ca

/var/named/named.empty

/var/named/named.localhost

/var/named/named.loopback

配备文件

[[email protected]
~]# cd /etc

[[email protected]
etc]# cp named.confnamed.conf.origin

[[email protected]
etc]# vi /etc/named.conf

[[email protected]
etc]# cat /etc/named.conf、

 //listen-on port 53 { 127.0.0.1; };

      listen-on port 53 { any; };

 //dnssec-enable yes;

      //dnssec-validation yes;

      dnssec-enable no;

      dnssec-validation no;

安顿转载地址:

 forwarders {202.102.224.68; 202.102.227.68;};

      allow-transfer {192.168.188.15; 192.168.188.12;};

翻看情况

[[email protected]
etc]# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 101

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

测量试验一下深入分析

补给一下

#find / -name nslookup

/usr/bin/nslookup

#rpm -qf/usr/bin/nslookup  //查询那一个命令依赖于那么些包
bind-utils-9.9.4-14.el7.x86_64.rpm

 

执行

#nslookup             
//假若找不到nslookup那是因为从没安装bind-utils-9.9.4-14.el7.x86_64.rpm

> server 192.168.188.15

Default server: 192.168.188.15

Address: 192.168.188.15#53

> g.cn                                //尝试深入分析g.cn

Server:        192.168.188.15

Address:        192.168.188.15#53

 

Non-authoritative answer:

Name:  g.cn

Address: 203.208.36.17

Name:  g.cn

Address: 203.208.36.18

Name:  g.cn

Address: 203.208.36.16

Name:  g.cn

Address: 203.208.36.20

Name:  g.cn

Address: 203.208.36.19

//拆解解析成功

增加自定义zone

自定义,修正配置文件

[[email protected]~]#
vi /etc/named.conf

在最后增添

zone “bkjia.local” IN {

    type mester;

    file “bkjia.local.zone”;

}

zone “188.168.192.in-addr.arpa”IN {

    type master;

    file “192.168.188.zone”;

}

zone “189.168.192.in-addr.arpa”IN {

    type master;

    file “192.168.189.zone”;

}

 

include”/etc/named.rfc1912.zones”;

include “/etc/named.root.key”;

 

 

[[email protected]]#
cp named.empty bkjia.local.zone  //修正前备份一下

[[email protected]
named]# ls

bkjia.local.zone  data    named.ca    named.localhost  slaves

chroot              dynamic  named.empty named.loopback

配置文件

[[email protected]]#
vi  bkjia.local.zone

$TTL 3H

@      IN SOA  zzyh1.bkjia.local.  chenzhou312.blog.51cto.com (

                                        0      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H)    ; minimum

                      IN      NS          zzyh1.bkjia.local.

                      IN      NS          zzyh2.bkjia.local.

zzyh1                IN      A            192.168.188.15

zzyh2                IN      A            192.168.188.16

ftp                  IN      A            192.168.188.15

mailyh1              IN      A            192.168.188.22

smtp                  IN      CNAME        mailyh1.bkjia.local.

pop3                  IN      CNAME        mailyh1.bkjia.local.

www                  IN      A            192.168.188.15

crm                  IN      A            192.168.188.15

 

#vi192.168.188.zone

$TTL 3H

@      IN SOA  zzyh1.bkjia.local.  chenzhou312.blog.51cto.com (

                                        0      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expiredgG

                                        3H)    ; minimum

        IN        NS          zzyh1.bkjia.local.

        IN        NS          zzyh2.bkjia.local.

15      IN        PTR          zzyh1.bkjia.local.

15      IN        PTR          ftp.bkjia.local.

16      IN        PTR          zzyh2.bkjia.local.

16      IN        PTR          mailyh1.bkjia.local.

 

#vi192.168.189.zone

 

$TTL 3H

@      IN SOA zzyh1.bkjia.local. chenzhou312.blog.51cto.com (

                                        0      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H)    ; minimum

        IN    NS                  zzyh1.bkjia.local.

        IN    NS                  zzyh2.bkjia.local.

www    IN    NS                  192.168.188.15

重启服务

[[email protected]
named]# systemctl restartnamed.service

[[email protected]
named]# service named restart

Redirecting to /bin/systemctl restart  named.service

 

[[email protected]
named]# rndc status

version: 9.9.4-RedHat-9.9.4-14.el7<id:8f9657aa>

CPUs found: 1

worker threads: 1

UDP listeners per interface: 1

number of zones: 104

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/0/1000

tcp clients: 0/100

server is up and running

安装为电动运营

# systemctl enable named

[[email protected]
named]# systemctl status named

named.service – Berkeley Internet NameDomain (DNS)

  Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)

  Active: active (running) since Mon 2014-08-25 00:36:59 CST; 3min 47s
ago

 MainPID: 2807 (named)

  CGroup: /system.slice/named.service

          a””a”2807 /usr/sbin/named -u named

 

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
189.168.192.in-addr.ar…

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
189.168.192.in-addr.ar…

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
1.0.0.127.in-addr.arpa…

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
1.0.0.0.0.0.0.0.0.0.0….

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: all zones loaded

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: running

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
188.168.192.in-addr.ar…

Aug 25 00:36:59 zzyh1.bkjia.localnamed[2807]: zone
189.168.192.in-addr.ar…

Aug 25 00:36:59 zzyh1.bkjia.localsystemd[1]: Started Berkeley Internet
N….

Aug 25 00:37:00 zzyh1.bkjia.localnamed[2807]: managed-keys-zone: No
DNSKE…

Hint: Some lines were ellipsized, use -l toshow in full.
 

 

测试

# nslookup

> server192.168.188.15

Default server: 192.168.188.15

Address: 192.168.188.15#53

>www.bkjia.local.

Server:        192.168.188.15

Address:      192.168.188.15#53

 

Name:  www.bkjia.local

Address: 192.168.188.15

>smtp.bkjia.local.

Server:        192.168.188.15

Address:      192.168.188.15#53

 

smtp.bkjia.local    canonical name = mailyh1.bkjia.local.

Name:  mailyh1.bkjia.local

Address: 192.168.188.22

>192.168.188.15

Server:        192.168.188.15

Address:      192.168.188.15#53

 

15.188.168.192.in-addr.arpa    name = ftp.bkjia.local.

15.188.168.192.in-addr.arpa    name = zzsrv1.bkjia.local.

> exit

 

zzyh2上的DNS配置

      安装BIND

与zzyh1上的主DNS配安装一样。

操作略。       

      配置

Cache Only Server

与zzyh1上的主DNS配安装肖似。

操作略。

 

丰裕扶持Zone

# vi /etc/named.conf

累积如下zone新闻

 

zone “bkjia.local” IN {

      type slave;

      masters {192.168.188.15; };

      file “bkjia.local.zone”;

};

 

zone “188.168.192.in-addr.arpa”IN {

      type slave;

      masters {192.168.188.15; };

      file “192.168.188.zone”;

};

 

zone “189.168.192.in-addr.arpa”IN {

      type slave;

      masters {192.168.188.15; };

      file “192.168.189.zone”;

};

 

 

改良目录权限

[[email protected]
named]# ll /var/named/ -d

drwxr-x— 6 root named 133 Aug 15 14:06/var/named/

[[email protected]
named]# chmod g+w /var/named/

[[email protected]
named]# ll /var/named/ -d

drwxrwx— 6 root named 133 Aug 15 14:06/var/named/

 

 

 

初始服务

[[email protected]
~]# systemctl startnamed.service

Redirecting to /bin/systemctl restart  named.service

设置为电动运转

[[email protected]
~]# systemctl enable named

ln
-s’/usr/lib/systemd/system/named.service”/etc/systemd/system/multi-user.target.wants/named.service’

 

翻开日志,检查是还是不是有报错信息。(提议在运维时,就在其它二个会话时就开荒)

# tail -f /var/log/messages

测试BIND

在zzyh1上生成了对应的zone文件

[[email protected]
~]# ll /var/named/

total 28

-rw-r–r– 1 named named  451 Aug 15 14:58 192.168.188.zone

-rw-r–r– 1 named named  254 Aug 15 15:05 192.168.189.zone

-rw-r–r– 1 named named  647 Aug 15 15:16 bkjia.local.zone

drwxr-x— 7 root  named  56 Aug 15 14:06 chroot

drwxrwx— 2 named named  22 Aug 15 14:19 data

drwxrwx— 2 named named  58 Aug 15 16:20 dynamic

-rw-r—– 1 root  named 2076 Jan 28  2013 named.ca

-rw-r—– 1 root  named 152 Dec 15  2009 named.empty

-rw-r—– 1 root  named 152 Jun 21  2007 named.localhost

-rw-r—– 1 root  named 168 Dec 15  2009 named.loopback

drwxrwx— 2 named named    6 Jun 10 16:13 slaves

 

 

[[email protected]
~]# vi /var/named/bkjia.local.zone

累计多少个A记录

test    IN A 10.0.0.1

还要将,zone的队列号增大

 

[[email protected]
~]# rndc reload

server reload successful

 

在zzyh1的日志中会看见

zone bkjia.local/IN: sending notifiesrial 15)

client 192.168.188.16#41658 (bkjia.loc:transfer of ‘bkjia.local/IN’:
AXFR-style IXFR started

client 192.168.188.16#41658 (bkjia.loc:transfer of ‘bkjia.local/IN’:
AXFR-style IXFR ended

 

 

在zzyh2的日志中会看见

client 192.168.188.15#33856: received notifyfor zone ‘bkjia.local’

zone bkjia.local/IN: Transfer started.

transfer of ‘bkjia.local/IN’ from192.168.188.15#53: connected using
192.168.188.16#41658

zone bkjia.local/IN: transferred serial15

transfer of ‘bkjia.local/IN’ from192.168.188.15#53: Transfer completed:
1 messages, 13 records, 339 bytes, 0.005secs (67800 bytes/sec)

zone bkjia.local/IN: sending notifies(serial 15)

测试

# nslookup

> server 192.168.188.16

Default server: 192.168.188.16

Address: 192.168.188.16#53

> test.bkjia.local.

Server:        192.168.188.16

Address:        192.168.188.16#53

 

Name:  test.bkjia.local

Address: 10.0.0.1

> exit

————————————–分割线

CentOS下源码安吹嘘ind 9.6.1搭建DNS服务器

使用BIND配置DNS服务器—初级篇

BIND+DLZ+MySQL智能DNS的正向剖析和反向深入分析落成情势

域名服务BIND营造与运用配置

Ubuntu BIND9泛域名解析配置

CentOS 5.2下安装BIND9.6

DNS服务器配置图像和文字详整

————————————–分割线

7 DNS服务器架设 CentOS 7 DNS服务器安排项目背景和必要要保险即能够深入分析内网域名bkjia.local的剖判,又能解析互连网的域名。
主DNS服务…

发表评论

电子邮件地址不会被公开。 必填项已用*标注