Kev txhais cov lus uas tau npaj rau cov menyuam kawm ntawv
Hauv tsab xov xwm no, kuv yuav taug kev koj los ntawm cov kauj ruam los teeb tsa DNS server ntawm RHEL 7 lossis CentOS 7. Kuv siv Red Hat Enterprise Linux 7.4 rau kev ua qauv qhia. Peb lub hom phiaj yog los tsim ib daim ntawv A thiab ib PTR cov ntaub ntawv rau pem hauv ntej thiab rov qab saib thaj tsam, raws li.
Ua ntej, nruab cov pob khoom tsim nyog rpm rau DNS server.
CEEB TOOM: Rau RHEL koj yuav tsum muaj
# yum install bind bind-chroot caching-nameserver
Kuv qhov chaw:
# hostname
golinuxhub-client.example
Мой IP-адрес 192.168.1.7
# ip address | egrep 'inet.*enp0s3'
inet 192.168.1.7/24 brd 192.168.1.255 scope global dynamic enp0s3
Txij li thaum peb yuav siv chroot, peb yuav tsum tau lov tes taw qhov kev pabcuam.
# systemctl stop named
# systemctl disable named
Tom qab ntawd luam cov ntaub ntawv xav tau rau hauv chroot directory.
Nco tseg. Siv kev sib cav -p hauv ib pab neeg cp khaws cia cov cai thiab cov tswv.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/
‘/usr/share/doc/bind-9.9.4/sample/etc/named.conf’ -> ‘/var/named/chroot/etc/named.conf’
‘/usr/share/doc/bind-9.9.4/sample/etc/named.rfc1912.zones’ -> ‘/var/named/chroot/etc/named.rfc1912.zones’
Tom qab ntawd luam cov ntaub ntawv cuam tshuam nrog cheeb tsam mus rau qhov chaw tshiab.
[root@golinuxhub-client ~]# cp -rpvf /usr/share/doc/bind-9.9.4/sample/var/named/* /var/named/chroot/var/named/
‘/usr/share/doc/bind-9.9.4/sample/var/named/data’ -> ‘/var/named/chroot/var/named/data’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.external.zone.db’ -> ‘/var/named/chroot/var/named/my.external.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/my.internal.zone.db’ -> ‘/var/named/chroot/var/named/my.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.ca’ -> ‘/var/named/chroot/var/named/named.ca’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.empty’ -> ‘/var/named/chroot/var/named/named.empty’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.localhost’ -> ‘/var/named/chroot/var/named/named.localhost’
‘/usr/share/doc/bind-9.9.4/sample/var/named/named.loopback’ -> ‘/var/named/chroot/var/named/named.loopback’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves’ -> ‘/var/named/chroot/var/named/slaves’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.ddns.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.ddns.internal.zone.db’
‘/usr/share/doc/bind-9.9.4/sample/var/named/slaves/my.slave.internal.zone.db’ -> ‘/var/named/chroot/var/named/slaves/my.slave.internal.zone.db’
```bash
Теперь давайте посмотрим на основной файл конфигурации.
```bash
# cd /var/named/chroot/etc/
Tshem tawm cov ntsiab lus ntawm name.conf thiab muab tshuaj txhuam cov hauv qab no.
[root@golinuxhub-client etc]# vim named.conf
options {
listen-on port 53 { 127.0.0.1; any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view my_resolver {
match-clients { localhost; any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
Zone cov ntaub ntawv tshwj xeeb yuav tsum muab ntxiv rau /var/named/chroot/etc/named.rfc1912.zones. Ntxiv cov ntawv hauv qab no. Cov ntaub ntawv example.zone yog cov ntaub ntawv nrhiav thaj tsam yav tom ntej, thiab piv. rzone - rov qab cov ntaub ntawv.
CEEB TOOM: Qhov rov qab saib tsam muaj 1.168.192 vim kuv qhov chaw nyob IP yog 192.168.1.7
zone "example" IN {
type master;
file "example.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "example.rzone";
allow-update { none; };
};
Cov ntaub ntawv cuam tshuam nrog thaj chaw nyob ntawm no:
# cd /var/named/chroot/var/named/
Tom ntej no, peb yuav tsim cov ntaub ntawv rau pem hauv ntej thiab rov qab zones. Cov npe ntawm cov ntaub ntawv yuav zoo ib yam li saum toj no hauv cov ntaub ntawv npe.rfc1912.zones. Peb twb muaj ob peb lub default templates uas peb yuav siv tau.
# cp -p named.localhost example.zone
# cp -p named.loopback example.rzone
Raws li koj tuaj yeem pom, qhov kev tso cai tam sim no ntawm txhua cov ntaub ntawv thiab cov ntawv teev npe yog hauv paus.
[root@golinuxhub-client named]# ll
total 32
drwxr-xr-x. 2 root root 6 May 22 2017 data
-rw-r--r--. 1 root root 168 May 22 2017 example.rzone
-rw-r--r--. 1 root root 152 May 22 2017 example.zone
-rw-r--r--. 1 root root 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root root 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root root 2281 May 22 2017 named.ca
-rw-r--r--. 1 root root 152 May 22 2017 named.empty
-rw-r--r--. 1 root root 152 May 22 2017 named.localhost
-rw-r--r--. 1 root root 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root root 71 Feb 12 21:02 slaves
Hloov cov kev tso cai ntawm txhua cov ntaub ntawv los qhia tus neeg siv ua tus tswv hauv paus thiab pab pawg npe hu.
# chown root:named *
Tab sis rau cov ntaub ntawv tus tswv yuav tsum yog npe:.
# chown -R named:named data
# ls -l
total 32
drwxr-xr-x. 2 named named 6 May 22 2017 data
-rw-r--r--. 1 root named 168 May 22 2017 example.rzone
-rw-r--r--. 1 root named 152 May 22 2017 example.zone
-rw-r--r--. 1 root named 56 May 22 2017 my.external.zone.db
-rw-r--r--. 1 root named 56 May 22 2017 my.internal.zone.db
-rw-r--r--. 1 root named 2281 May 22 2017 named.ca
-rw-r--r--. 1 root named 152 May 22 2017 named.empty
-rw-r--r--. 1 root named 152 May 22 2017 named.localhost
-rw-r--r--. 1 root named 168 May 22 2017 named.loopback
drwxr-xr-x. 2 root named 71 Feb 12 21:02 slaves
Ntxiv cov ntsiab lus hauv qab no rau koj cov ntaub ntawv thaj tsam pem hauv ntej. Ntawm no peb tsim cov ntaub ntawv rau localhost (golinuxhub-neeg siv) thiab lwm tus rau server (golinuxhub-server).
# vim example.zone
$TTL 1D
@ IN SOA example. root (
1 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
IN NS example.
IN A 192.168.1.7
golinuxhub-server IN A 192.168.1.5
golinuxhub-client IN A 192.169.1.7
Tom ntej no, ntxiv cov ntsiab lus rau cov ntaub ntawv thim rov qab. Ntawm no peb tsim cov ntaub ntawv PTR rau golinuxhub-neeg siv khoom thiab rau golinuxhub-server.
# vim example.rzone
$TTL 1D
@ IN SOA example. root.example. (
1997022700 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ) ; minimum
IN NS example.
5 IN PTR golinuxhub-server.example.
7 IN PTR golinuxhub-client.example.
Ua ntej peb pib qhov kev pabcuam npe-chroot, cia peb tshawb xyuas qhov teeb tsa ntawm thaj chaw cov ntaub ntawv.
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.zone
zone golinuxhub-client.example/IN: loaded serial 1
OK
[root@golinuxhub-client named]# named-checkzone golinuxhub-client.example example.rzone
zone golinuxhub-client.example/IN: loaded serial 1997022700
OK
Txhua yam zoo li zoo. Tam sim no xyuas cov ntaub ntawv teeb tsa siv cov lus txib hauv qab no.
[root@golinuxhub-client named]# named-checkconf -t /var/named/chroot/ /etc/named.conf
Yog li, txhua yam tau ua tiav tiav.
[root@golinuxhub-client named]# echo $?
0
CEEB TOOM: Kuv muaj SELinux hauv hom kev tso cai
# getenforce
Permissive
Txhua yam zoo li zoo, yog li nws yog lub sijhawm los pib peb qhov kev pabcuam npe-chroot .
[root@golinuxhub-client named]# systemctl restart named-chroot
[root@golinuxhub-client named]# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2018-02-12 21:53:23 IST; 19s ago
Process: 5236 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 5327 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5325 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 5330 (named)
CGroup: /system.slice/named-chroot.service
└─5330 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Feb 12 21:53:23 golinuxhub-client.example named[5330]: managed-keys-zone/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 0.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.127.in-addr.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.168.192.in-addr.arpa/IN/my_resolver: loaded serial 1997022700
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone example/IN/my_resolver: loaded serial 1
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: zone localhost.localdomain/IN/my_resolver: loaded serial 0
Feb 12 21:53:23 golinuxhub-client.example named[5330]: all zones loaded
Feb 12 21:53:23 golinuxhub-client.example named[5330]: running
```bash
Убедитесь, что resolv.conf содержит ваш IP-адрес, чтобы он мог работать в качестве DNS-сервера.
```bash
# cat /etc/resolv.conf
search example
nameserver 192.168.1.7
```bash
Давайте проверим наш DNS-сервер для обратной зоны, используя dig.
```bash
[root@golinuxhub-client named]# dig -x 192.168.1.5
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40331
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
5.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-server.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:13:17 IST 2018
;; MSG SIZE rcvd: 122
Raws li koj tuaj yeem pom, peb tau txais cov lus teb zoo (ANSWER) rau peb qhov kev thov (QUERY).
[root@golinuxhub-client named]# dig -x 192.168.1.7
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7 <<>> -x 192.168.1.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55804
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;7.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
7.1.168.192.in-addr.arpa. 86400 IN PTR golinuxhub-client.example.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 86400 IN NS example.
;; ADDITIONAL SECTION:
example. 86400 IN A 192.168.1.7
;; Query time: 1 msec
;; SERVER: 192.168.1.7#53(192.168.1.7)
;; WHEN: Mon Feb 12 22:12:54 IST 2018
;; MSG SIZE rcvd: 122
Peb tuaj yeem tshawb xyuas thaj chaw ncaj qha rau tib txoj kev.
[root@golinuxhub-client named]# nslookup golinuxhub-client.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-client.example
Address: 192.169.1.7
[root@golinuxhub-client named]# nslookup golinuxhub-server.example
Server: 192.168.1.7
Address: 192.168.1.7#53
Name: golinuxhub-server.example
Address: 192.168.1.5
Kab lus no yog me ntsis outdated raws li nyob rau hauv RHEL 7 koj tsis tas yuav luam cov ntaub ntawv khi configuration rau hauv chroot.
Tau qhov twg los: www.hab.com