企业内部配置一台DNS服务器
一,项目背景
xx公司是一家快速发展的科技企业,随着公司规模的扩大,内部网络的复杂性也不断增加。不同部门,不同服务器之间的网络通信变得愈发频繁,手动管理网络配置和主机名解析的效率低下且容易出错。为了提高内部网络管理的效率和稳定性,公司决定部署一台内部DNS服务器,通过集中管理域名解析,简化网络配置,提升网络通信的可靠性和速度。Bind(Berkeley Internet Name Domain) 是当前最流行的DNS服务器软件,具有高效,稳定,灵活的特点,能够满足公司的需求。
二,项目步骤
1,环境准备:安装 Bind 软件包
2,配置Bind: 定义Bind监听的IPV4地址和端口,工作目录等。
3,验证备份配置区域文件
4,启用Bind服务并设置其为开机自启
5,配置防火墙:永久开放DNS服务端口
6,配置DNS客户端,定义DNS服务器的IP地址
7,验证DNS解析
安装 Bind 软件包
1. 配置 yum 源
[root@client ~]# cd /etc/yum.repos.d/
[root@client yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-x86_64-kernel.repo
[root@client yum.repos.d]# mkdir bak
[root@client yum.repos.d]# mv C* bak
[root@client yum.repos.d]# ls
bak
[root@client yum.repos.d]# ls
bak CentOS-Base.repo epel.repo
[root@client yum.repos.d]# yum clean all
Loaded plugins: fastestmirror, langpacks
Cleaning repos: base centosplus epel epel-debuginfo epel-source extras updates
Cleaning up list of fastest mirrors
[root@client yum.repos.d]# yum makecache
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
base | 3.6 kB 00:00:00
centosplus | 2.9 kB 00:00:00
epel | 4.3 kB 00:00:00
epel-debuginfo | 3.0 kB 00:00:00
epel-source | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/26): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/26): base/7/x86_64/primary_db | 6.1 MB 00:00:01
(3/26): base/7/x86_64/other_db | 2.6 MB 00:00:00
(4/26): base/7/x86_64/filelists_db | 7.2 MB 00:00:02
(5/26): centosplus/7/x86_64/filelists_db | 3.7 MB 00:00:00
(6/26): centosplus/7/x86_64/other_db | 175 kB 00:00:00
(7/26): epel/x86_64/group | 399 kB 00:00:00
(8/26): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(9/26): epel/x86_64/prestodelta | 592 B 00:00:00
(10/26): centosplus/7/x86_64/primary_db | 8.3 MB 00:00:03
(11/26): epel/x86_64/primary_db | 8.7 MB 00:00:02
(12/26): epel-debuginfo/x86_64/primary_db | 1.1 MB 00:00:00
(13/26): epel-debuginfo/x86_64/other_db | 1.1 MB 00:00:00
(14/26): epel/x86_64/other_db | 4.1 MB 00:00:01
(15/26): epel-source/updateinfo | 1.0 MB 00:00:00
(16/26): epel-source/filelists_db | 943 kB 00:00:00
(17/26): epel/x86_64/filelists_db | 15 MB 00:00:05
(18/26): extras/7/x86_64/filelists_db | 305 kB 00:00:00
(19/26): extras/7/x86_64/primary_db | 253 kB 00:00:00
(20/26): extras/7/x86_64/other_db | 154 kB 00:00:00
(21/26): epel-source/primary_db | 3.1 MB 00:00:01
(22/26): epel-source/other_db | 2.5 MB 00:00:01
(23/26): epel-debuginfo/x86_64/filelists_db | 6.6 MB 00:00:04
(24/26): updates/7/x86_64/primary_db | 27 MB 00:00:05
(25/26): updates/7/x86_64/other_db | 1.6 MB 00:00:00
(26/26): updates/7/x86_64/filelists_db | 15 MB 00:00:07
Metadata Cache Created[root@client yum.repos.d]# yum repolist
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
repo id repo name status
base/7/x86_64 CentOS7 10,072
centosplus/7/x86_64 CentOS-7 - Plus - repo.huaweicloud.com 277
epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,791
epel-debuginfo/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 - Debug 2,920
epel-source Extra Packages for Enterprise Linux 7 - x86_64 - Source 0
extras/7/x86_64 CentOS-7 - Extras - repo.huaweicloud.com 526
updates/7/x86_64 CentOS-7 - Updates - repo.huaweicloud.com 6,173
repolist: 33,759
[root@client yum.repos.d]# ls
bak CentOS-Base.repo epel.repo2,安装 Bind 软件包
yum -y install bind bind-utils[root@client yum.repos.d]# yum -y install bind bind-utils
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.11.4-26.P2.el7_9.16 will be installed
--> Processing Dependency: bind-libs-lite(x86-64) = 32:9.11.4-26.P2.el7_9.16 for package: 32:bind-9.11.4-26.P2.el7_9.16.x86_64
--> Processing Dependency: bind-libs(x86-64) = 32:9.11.4-26.P2.el7_9.16 for package: 32:bind-9.11.4-26.P2.el7_9.16.x86_64
---> Package bind-utils.x86_64 32:9.11.4-26.P2.el7 will be updated
---> Package bind-utils.x86_64 32:9.11.4-26.P2.el7_9.16 will be an update
--> Running transaction check
---> Package bind-libs.x86_64 32:9.11.4-26.P2.el7 will be updated
---> Package bind-libs.x86_64 32:9.11.4-26.P2.el7_9.16 will be an update
--> Processing Dependency: bind-license = 32:9.11.4-26.P2.el7_9.16 for package: 32:bind-libs-9.11.4-26.P2.el7_9.16.x86_64
---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.16 will be an update
--> Running transaction check
---> Package bind-license.noarch 32:9.11.4-26.P2.el7 will be updated
---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.16 will be an update
--> Finished Dependency ResolutionDependencies Resolved===========================================================================================================================================================Package Arch Version Repository Size
===========================================================================================================================================================
Installing:bind x86_64 32:9.11.4-26.P2.el7_9.16 updates 2.3 M
Updating:bind-utils x86_64 32:9.11.4-26.P2.el7_9.16 updates 262 k
Updating for dependencies:bind-libs x86_64 32:9.11.4-26.P2.el7_9.16 updates 159 kbind-libs-lite x86_64 32:9.11.4-26.P2.el7_9.16 updates 1.1 Mbind-license noarch 32:9.11.4-26.P2.el7_9.16 updates 92 kTransaction Summary
===========================================================================================================================================================
Install 1 Package
Upgrade 1 Package (+3 Dependent packages)Total download size: 4.0 M
Downloading packages:
No Presto metadata available for updates
(1/5): bind-libs-9.11.4-26.P2.el7_9.16.x86_64.rpm | 159 kB 00:00:00
(2/5): bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64.rpm | 1.1 MB 00:00:00
(3/5): bind-license-9.11.4-26.P2.el7_9.16.noarch.rpm | 92 kB 00:00:00
(4/5): bind-utils-9.11.4-26.P2.el7_9.16.x86_64.rpm | 262 kB 00:00:00
(5/5): bind-9.11.4-26.P2.el7_9.16.x86_64.rpm | 2.3 MB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.8 MB/s | 4.0 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionUpdating : 32:bind-license-9.11.4-26.P2.el7_9.16.noarch 1/9Updating : 32:bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64 2/9Updating : 32:bind-libs-9.11.4-26.P2.el7_9.16.x86_64 3/9Installing : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 4/9Updating : 32:bind-utils-9.11.4-26.P2.el7_9.16.x86_64 5/9Cleanup : 32:bind-utils-9.11.4-26.P2.el7.x86_64 6/9Cleanup : 32:bind-libs-9.11.4-26.P2.el7.x86_64 7/9Cleanup : 32:bind-libs-lite-9.11.4-26.P2.el7.x86_64 8/9Cleanup : 32:bind-license-9.11.4-26.P2.el7.noarch 9/9Verifying : 32:bind-9.11.4-26.P2.el7_9.16.x86_64 1/9Verifying : 32:bind-libs-9.11.4-26.P2.el7_9.16.x86_64 2/9Verifying : 32:bind-utils-9.11.4-26.P2.el7_9.16.x86_64 3/9Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7_9.16.x86_64 4/9Verifying : 32:bind-license-9.11.4-26.P2.el7_9.16.noarch 5/9Verifying : 32:bind-libs-9.11.4-26.P2.el7.x86_64 6/9Verifying : 32:bind-license-9.11.4-26.P2.el7.noarch 7/9Verifying : 32:bind-utils-9.11.4-26.P2.el7.x86_64 8/9Verifying : 32:bind-libs-lite-9.11.4-26.P2.el7.x86_64 9/9Installed:bind.x86_64 32:9.11.4-26.P2.el7_9.16Updated:bind-utils.x86_64 32:9.11.4-26.P2.el7_9.16Dependency Updated:bind-libs.x86_64 32:9.11.4-26.P2.el7_9.16 bind-libs-lite.x86_64 32:9.11.4-26.P2.el7_9.16 bind-license.noarch 32:9.11.4-26.P2.el7_9.16Complete!
[root@client yum.repos.d]#
主配置文件的解释
[root@client ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1; 192.168.222.169; };# 指向服务器监听的IP地址和端口(127.0.0.1 回环地址代表指向本地设备)listen-on-v6 port 53 { ::1; };# 指向的就是 IPV6 的一个端口和地址directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost; 192.168.222.0/24; };# 允许哪些主机可以去查询DNS记录,我们可以加上同一个网段,或者说允许解析的网段/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes; # 允许递归查询dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/dns.server.zones" # 创建区域配置文件在 /etc/ 下创建区域配置文件(注意该文件的后缀必须是 '.zones')
vim /etc/dns.server.zones
[root@client ~]# cat /etc/dns.server.zones#zone "server.com" IN {
# type master;
# file "server.com.zone";
# allow-update { none; };
#}zone "longchi.xyz" IN {type master;file "/var/named/longchi.xyz.zone";allow-update { none; };
};zone "222.168.192.in-addr.arpa" IN {type master;file "/var/named/222.168.192.in-addr.arpa.zone";allow-update { none; };
};-------
# 区域配置文件的解释
zone "server.com" IN {
# 定义了一个为 'server.com' 正向解析区域type master;# 该区域为主区域file "server.com.zone";# 指定区域的数据文件allow-update { none; };# 不允许动态更新区域数据
}
在 /var/named/lonchi.xyz.zone 去创建一个区域的数据文件(正向解析文件)
[root@client ~]# cat /var/named/longchi.xyz.zone$TTL 86400
@ IN SOA ns1.longchi.xyz. admin.longchi.xyz. (2022010101 ; Serial3600 ; Refresh1800 ; Retry1209600 ; Expire86400 ; Minimum TTL)
;
@ IN NS ns1.longchi.xyz.
@ IN A 192.38.22.169
ns1 IN A 192.38.22.169
www IN A 192.38.22.169通过防火墙将 bind 服务永久放行的
firewall-cmd --add-service=dns --permanent # 设置放行服务永久生效
firewall-cmd --reload # 立即生效[root@client named]# firewall-cmd --add-service=dns --permanent
success
[root@client named]# firewall-cmd --reload
success
-----------
[root@client ~]# firewall-cmd --zone=public --add-port=53/tcp --permanent
success
[root@client ~]# firewall-cmd --zone=public --add-port=53/udp --permanent
success
[root@client ~]# firewall-cmd --reload
success此时 DNS服务端配置完成,以下在完成DNS客户端配置
DNS客户端配置
# 查看当前有哪些网络连接命令:nmcli connection show[root@client named]# nmcli connection show
NAME UUID TYPE DEVICE
ens33 d0dcce4f-7739-413f-b91a-8f9a6b2e63bf ethernet ens33
virbr0 03265806-1e75-4de7-a9d0-85f8430fe2ed bridge virbr0# 使用如下这条命令 ,来配置客户端DNS地址
nmcli connection modify ens33 ipv4.dns "182.168.222.169"# 使用如下命令来忽略自动分配DNS服务器地址,即改手动分配DNS服务器地址
nmcli connection modify ens33 ipv4.ignore-auto-dns yes# 然后重新启动一下 ens33 接口网卡命令 nmcli connection up ens33[root@client named]# nmcli connection modify ens33 ipv4.dns "182.168.222.169"
[root@client named]# nmcli connection modify ens33 ipv4.ignore-auto-dns yes
[root@client named]# nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)# 设置正向文件与反向文件权限
sudo chown named:named /var/named/222.168.192.in-addr.arpa.zone
sudo chown named:named /var/named/domain.com.zone[root@client named]# sudo chown named:named /var/named/222.168.192.in-addr.arpa.zone
[root@client named]# sudo chown named:named /var/named/domain.com.zone# 确保named用户对该文件具有读权限。通常,区域文件的推荐权限是640(即所有者有读写权限,组有读权限),可以使用chmod命令设置👇
sudo chmod 640 /var/named/222.168.192.in-addr.arpa.zone
sudo chmod 640 /var/named/domain.com.zone[root@client named]# sudo chmod 640 /var/named/222.168.192.in-addr.arpa.zone
[root@client named]# sudo chmod 640 /var/named/domain.com.zone
[root@client named]## 我们也可以通过下面命令查看SELinux日志来确认SELinux是否确实是导致权限问题的原因
[root@client named]# sudo ausearch -m avc -c named | audit2why
<no matches>
Nothing to do# 验证当前的 ipv4 的 DNS 服务器地址 命令 如下:
nmcli connection show ens33 | grep ipv4.dns[root@client named]# nmcli connection show ens33 | grep ipv4.dns
ipv4.dns: 182.168.222.169
ipv4.dns-search: --
ipv4.dns-options: ""
ipv4.dns-priority: 0# 测试 DNS 的解析 命令 如:
1. 用 nslookup 跟上我们刚才设置过的域名[root@client ~]# nslookup www.longchi.xyz2.用 dig 跟上我们刚才设置过的域名
[root@client ~]# dig www.longchi.xyz查看bind服务启动配置文件
# bind 的 systemctl 管理服务文件
[root@client ~]# cat /usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pidExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONSExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'PrivateTmp=true[Install]
WantedBy=multi-user.target
bind 实战
# 检查配置文件否正确
[root@client named]# named-checkconf
[root@client named]# named-checkzone domain.com /var/named/domain.com.zone
zone domain.com/IN: loaded serial 2022010101
OK
[root@client named]# named-checkzone 222.168.192.in-addr.arpa /var/named/222.168.192.in-addr.arpa.zone
zone 222.168.192.in-addr.arpa/IN: loaded serial 2022010101
OK# bind 服务启动并配置开机自启服务
[root@client named]# systemctl start named
[root@client named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@client named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)Active: active (running) since Fri 2024-08-30 17:23:29 PDT; 34s agoMain PID: 4388 (named)CGroup: /system.slice/named.service└─4388 /usr/sbin/named -u named -c /etc/named.confAug 30 17:23:29 client named[4388]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Aug 30 17:23:29 client named[4388]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Aug 30 17:23:29 client named[4388]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Aug 30 17:23:29 client named[4388]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Aug 30 17:23:29 client named[4388]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Aug 30 17:23:29 client named[4388]: resolver priming query complete
Aug 30 17:23:29 client named[4388]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
Aug 30 17:23:29 client named[4388]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
Aug 30 17:23:29 client named[4388]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Aug 30 17:23:29 client named[4388]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints[root@client named]# ll
total 32
-rw-r-----. 1 named named 404 Aug 30 21:31 222.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 23 Aug 30 17:23 data
drwxrwx---. 2 named named 60 Aug 30 19:17 dynamic
-rw-r-----. 1 named named 480 Aug 30 21:29 longchi.xyz.zone
-rw-r--r--. 1 root root 259 Aug 30 17:01 longchi.xyz.zone.bak
-rw-r-----. 1 root named 2253 Aug 30 16:24 named.ca
-rw-r-----. 1 root root 2253 Aug 30 16:22 named.ca.bak
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jun 11 07:40 slaves
[root@client named]## 配置正向区域文件
[root@client named]# cat longchi.xyz.zone$TTL 86400
@ IN SOA ns1.longchi.xyz. admin.longchi.xyz. (2022010101 ; Serial3600 ; Refresh1800 ; Retry1209600 ; Expire86400 ; Minimum TTL)
;
@ IN NS ns1.longchi.xyz.
@ IN A 192.168.222.169
ns1 IN A 192.168.222.169
www IN A 192.168.222.169# # 配置反向区域文件
[root@client named]# cat 222.168.192.in-addr.arpa.zone$TTL 86400
@ IN SOA ns1.longchi.xyz. admin.longchi.xyz. (2022010101 ; Serial3600 ; Refresh1800 ; Retry1209600 ; Expire86400 ; Minimum TTL)
;
@ IN NS ns1.longchi.xyz.
169 IN PTR server.longchi.xyz.# 在 /etc/ 下创建区域配置文件(注意该文件的后缀必须是 '.zones')
[root@client named]# cat /etc/dns.server.zones#zone "server.com" IN {
# type master;
# file "server.com.zone";
# allow-update { none; };
#}zone "longchi.xyz" IN {type master;file "/var/named/longchi.xyz.zone";
};zone "222.168.192.in-addr.arpa" IN {type master;file "/var/named/222.168.192.in-addr.arpa.zone";
};# 修改主配置文件,并将 '/etc/dns.server.zones' 引入到主配置文件中
[root@client named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1; 192.168.222.169; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { localhost; 192.168.222.0/24; };/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/dns.server.zones";
[root@client named]# firewall-cmd --add-service=dns --permanent
success
[root@client named]# firewall-cmd --reload
success
[root@client named]# nmcli connection show
NAME UUID TYPE DEVICE
ens33 d0dcce4f-7739-413f-b91a-8f9a6b2e63bf ethernet ens33
virbr0 03265806-1e75-4de7-a9d0-85f8430fe2ed bridge virbr0
[root@client named]# nmcli connection modify ens33 ipv4.dns "182.168.222.169"
[root@client named]# nmcli connection modify ens33 ipv4.ignore-auto-dns yes
[root@client named]# nmcli connection up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@client named]# nmcli connection show ens33 | grep ipv4.dns
ipv4.dns: 182.168.222.169
ipv4.dns-search: --
ipv4.dns-options: ""
ipv4.dns-priority: 0
[root@client named]# nslookup server.longchi.xyz
^C
[root@client named]# nslookup 169.domain.com
^C
[root@client named]# vim /var/named/server.com.zone
[root@client named]# ll
total 32
-rw-r--r--. 1 root root 398 Aug 30 17:03 222.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 23 Aug 30 17:23 data
-rw-r--r--. 1 root root 434 Aug 30 17:05 domain.com.zone
drwxrwx---. 2 named named 60 Aug 30 17:23 dynamic
-rw-r-----. 1 root named 2253 Aug 30 16:24 named.ca
-rw-r-----. 1 root root 2253 Aug 30 16:22 named.ca.bak
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r--r--. 1 root root 259 Aug 30 17:01 server.com.zone.bak
drwxrwx---. 2 named named 6 Jun 11 07:40 slaves
[root@client named]# vim domain.com.zone
[root@client named]# vim 222.168.192.in-addr.arpa.zone
[root@client named]# systemctl restart named[root@client named]# ll
total 32
-rw-r--r--. 1 root root 398 Aug 30 18:32 222.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 23 Aug 30 17:23 data
-rw-r--r--. 1 root root 474 Aug 30 18:31 domain.com.zone
drwxrwx---. 2 named named 60 Aug 30 18:24 dynamic
-rw-r-----. 1 root named 2253 Aug 30 16:24 named.ca
-rw-r-----. 1 root root 2253 Aug 30 16:22 named.ca.bak
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r--r--. 1 root root 259 Aug 30 17:01 server.com.zone.bak
drwxrwx---. 2 named named 6 Jun 11 07:40 slaves
[root@client named]## 设置正向文件与反向文件权限
sudo chown named:named /var/named/222.168.192.in-addr.arpa.zone
sudo chown named:named /var/named/domain.com.zone[root@client named]# sudo chown named:named /var/named/222.168.192.in-addr.arpa.zone
[root@client named]# sudo chown named:named /var/named/domain.com.zone
[root@client named]# ll
total 32
-rw-r--r--. 1 named named 398 Aug 30 18:32 222.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 23 Aug 30 17:23 data
-rw-r--r--. 1 named named 474 Aug 30 18:31 domain.com.zone
drwxrwx---. 2 named named 60 Aug 30 18:24 dynamic
-rw-r-----. 1 root named 2253 Aug 30 16:24 named.ca
-rw-r-----. 1 root root 2253 Aug 30 16:22 named.ca.bak
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
-rw-r--r--. 1 root root 259 Aug 30 17:01 server.com.zone.bak
drwxrwx---. 2 named named 6 Jun 11 07:40 slaves
[root@client named]#
至此,Bind 服务器搭建结束。