Linux Learning Notes < 27 >--dns Server Configuration instance

Configuration planning: (Vmware9 under RHEL5.8 system implementation)

In the cqy.com domain, the 192.168.0.0/24 network segment

NS server: 192.168.0.150;

www server: 192.168.0.151,192.168.0.152

Mail server: 192.168.0.153

FTP Server is the alias of WWW server

Configure the master-slave server from the server ip:192.168.0.160

The primary server authorizes a child server, ip:192.168.0.170, and implements a child server to resolve the parent domain

Note: You must ensure that the server firewall is not blocking DNS traffic

# service Iptables Stop firewall off

Configuration on the primary server:

First, install the BIND97 package

1. Configure Yum Source

[Email protected] ~]# Cat/etc/yum.repos.d/local.repo [base]name=serverbaseurl=file:///media/cdrom/serverenabled= 1gpgcheck=0

2. Delete Redhat automatically installed bind93 two packages Bind-libs and bind-utils

# rpm-e Bind-libs bind-utils

3. Install the BIND97 Master package and its child packages

# yum Install bind97-libs bind97-utils

# yum Install Bind97-y

Second, the configuration bind97 main configuration file:/etc/named.conf

1. Delete or rename the official Master profile generated during installation

# Mv/etc/named.conf/etc/named.conf.orgi

2. Create a new profile,/etc/named.conf, and add the following:

[[email protected] named]# cat/etc/named.confoptions {directory "/var/named"; allow-recursion {192.168.0.0/24; 127.0.0.0/8; };}; Zone "." {type hint;file "named.ca";}; Zone "localhost" {type master;file "Named.localhost"; allow-transfer {none;};}; Zone "0.0.127.in-addr.arpa" {type master;file "Named.loopback"; allow-transfer {192.168.0.160;};}; Zone "cqy.com" {type master;file "Cqy.com.zone"; allow-transfer {192.168.0.160;};}; Zone "0.168.192.in-addr.arpa" {type master;file "192.168.0.zone"; allow-transfer {192.168.0.160;};};

3, modify the configuration file group and permissions

# chown Root:namde/etc/named.conf

# chmod 640/etc/named.conf

Third, configure the zone data file:/var/namd/

Create and configure two forward zone files cqy.com.zone  and  192.168.0.zone

that are resolved in the master configuration file

[[email protected] named]# cat cqy.com.zone  $TTL   600cqy.com.insoans1.cqy.com.admin.cqy.com.  (20150820011h5m2d6h ) nsns1ns       ns2MX  10mailns1INA192.168.0.150ns2              IN      A        192.168.0.160mailina192.168.0.152wwwin a192.168.0.150wwwina192.168.0.151ftpin cnamewww[[email  protected] named]# cat 192.168.0.zone  $TTL  600@  insoans1.cqy.com.admin.cqy.com.  (20150819011h5m2d6h ) nsns1.cqy.com.ns       ns2.cqy.com.150INPTRns1.cqy.com.150INPTRwww.cqy.com.152INPTRmail.cqy.com.151INPTRwww.cqy.com.160              IN       Ptr     ns2.cqy.com.

Iv. Edit the/etc/resolv.conf file and modify its nameserver as the native IP

# vim/etc/resolv.conf

NameServer 192.168.0.150

Search Localdomain

Five, close SELinux

# Setenforce 0 off SELinux

# Getenforce View

[[email protected] named]# getenforce enforcing[[email protected] named]# setenforce 0[[email protected] named]# getenfor Ce Permissive

Vi. checking configuration files and positive and negative Zone files for errors

# named-checkconf

# named-checkzone "Cqy.com"/var/named/cqy.com

# named-checkzone "0.168.192.in-addr.arpa"/var/named/192.168.0.zone

Vii. restarting or rereading a DNS server

# Service named Restart|reload

On the configuration from the server:

Steps are the same as the primary server, the difference is/etc/named.conf, and you do not have to manually create zone data files

First, create the main configuration file, edit the following

[[email protected] named]# cat/etc/named.confoptions {directory "/var/named"; allow-recursion {192.168.0.0/24; 127.0.0.0/8; };}; Zone "." {type hint;file "named.ca";}; Zone "localhost" {type master;file "Named.localhost"; allow-transfer {none;};}; Zone "0.0.127.in-addr.arpa" {type master;file "Named.loopback"; allow-transfer {none;};}; Zone "cqy.com" {type slave;file "Slaves/cqy.com.zone"; Masters {192.168.0.150;}; Allow-transfer {none;};}; Zone "0.168.192.in-addr.arpa" {type slave;file "Slaves/192.168.0.zone"; Masters {192.168.0.150;}; Allow-transfer {none;};};

Subdomain authorization

Configuration on the primary server

First, add the following in the zone file/var/named/cqy.com.zone

fininnsns1.finns1.finina192.168.0.170

Second, restart or reread the DNS server

# Service named Restart|reload

Configuration on a child server

First, create the/etc/named.conf, and add the following content

Options {directory "/var/named"; allow-recursion {192.168.0.0/24; 127.0.0.1;};}; Zone "." In {type hint;file "named.ca";}; Zone "localhost" in {type Master;file "Named.localhost"; allow-transfer {none;};}; Zone "0.0.127.in-addr.arpa" in {type Master;file "Named.loopback"; allow-transfer {none;};}; Zone "fin.cqy.com" in {type Master;file "Fin.cqy.com.zone";}; Zone "cqy.com" in {type Forward;forward first;forwarders {192.168.0.150;};};

Second, modify the/etc/named.conf group and permissions

# chown Root:namde/etc/named.conf

# chmod 640/etc/named.conf

Third, create the/var/named/fin.cqy.com.zone and add the following content:

$TTL 600fin.cqy.com.insoans1.fin.cqy.com.admin.fin.cqy.com. (20150819011h5m2d6h) NSNS1MX 10mailns1ina192.168.0.170mailina192.168.0.172wwwin A192.168.0.171

Four, modify the file permissions as follows

[email protected] named]# ll fin.cqy.com.zone-rw-r-----1 root named 211 08:13

V. Restart or reread the DNS server

# Service named Restart|reload

Linux Learning Notes < 27 >--dns Server Configuration instance