DNS Server Installation Step b
发表于:2025-12-01 作者:千家信息网编辑
千家信息网最后更新 2025年12月01日,DNS Server Installation Step by Step Using CentOS 6.5DNS, Domain Name System, translates hostnames o
千家信息网最后更新 2025年12月01日DNS Server Installation Step b
DNS Server Installation Step by Step Using CentOS 6.5
DNS, Domain Name System, translates hostnames or URLs into IP addresses. For example if we type www.unixmen.com in browser, the DNS server translates the domain name into its associated ip address. Since the IP addresses are hard to remember, DNS servers are used to translate the hostnames likewww.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names instead of its IP address.Scenario
Primary(Master) DNS Server Details:
Operating System : CentOS 6.5 serverHostname : masterdns.unixmen.localIP Address : 192.168.1.100/24
Secondary(Slave) DNS Server Details:
Operating System : CentOS 6.5 serverHostname : secondarydns.unixmen.localIP Address : 192.168.1.101/24
Client Details:
Operating System : CentOS 6.5 Desktop Hostname : Client.unixmen.localIP Address : 192.168.1.102/24
Setup Primary(Master) DNS Server
[root@masterdns ~]# yum install bind* -y
1. Configure DNS Server
Add the lines as shown below in '/etc/named.conf' file
[root@masterdns ~]# vi /etc/named.conf //// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### Master DNS IP ###listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; 192.168.1.0/24; }; ### IP Range ### allow-transfer{ localhost; 192.168.1.101; }; ### Slave DNS IP ###recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type master;file "forward.unixmen";allow-update { none; };};zone"1.168.192.in-addr.arpa" IN {type master;file "reverse.unixmen";allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";2. Create Zone files
Create forward and reverse zone files which we mentioned in the '/etc/named.conf' file.
2.1 Create Forward Zone
Create forward.unixmen file in the '/var/named' directory.
[root@masterdns ~]# vi /var/named/forward.unixmen$TTL 86400@ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL)@ IN NS masterdns.unixmen.local.@ IN NS secondarydns.unixmen.local.@ IN MX 10 mail.unixmen.local.@ IN A 192.168.1.100@ IN A 192.168.1.101@ IN A 192.168.1.102masterdns IN A 192.168.1.100secondarydns IN A 192.168.1.101client IN A 192.168.1.102mail IN A 192.168.1.50
2.2 Create Reverse Zone
Create reverse.unixmen file in the '/var/named' directory.
[root@masterdns ~]# vi /var/named/reverse.unixmen $TTL 86400@ IN SOA masterdns.unixmen.local. root.unixmen.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL)@ IN NS masterdns.unixmen.local.@ IN NS secondarydns.unixmen.local.@ IN PTR unixmen.local.masterdns IN A 192.168.1.100secondarydns IN A 192.168.1.101client IN A 192.168.1.102mail IN A 192.168.1.50100 IN PTR masterdns.unixmen.local.101 IN PTR secondarydns.unixmen.local.102 IN PTR client.unixmen.local.50 IN PTR mail.unixmen.local.
3. Start the DNS service
[root@masterdns ~]# service named startStarting named: [ OK ][root@masterdns ~]# chkconfig named on
4. Adjust iptables to allow DNS server from outside of the network
Add the lines as shown below in '/etc/sysconfig/iptables' file.
[root@masterdns ~]# vi /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
5. Restart iptables
[root@masterdns ~]# service iptables restartiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ]
6. Test DNS configuration and zone files for any syntax errors
[root@masterdns ~]# named-checkconf /etc/named.conf [root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen zone unixmen.local/IN: loaded serial 2011071001OK[root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen zone unixmen.local/IN: loaded serial 2011071001OK
7. Test DNS Server
[root@masterdns ~]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSsecondarydns.unixmen.local.unixmen.local.86400INNSmasterdns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 6 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:07:56 2013;; MSG SIZE rcvd: 114
[root@masterdns ~]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100Name:unixmen.localAddress: 192.168.1.101
Now the Primary DNS server is ready to use.
Setup Secondary(Slave) DNS Server
[root@secondarydns ~]# yum install bind* -y
1. Configure Slave DNS Server
Open the main configuration file '/etc/named.conf' and add the lines as shown below.
[root@secondarydns ~]# vi /etc/named.conf //// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//options {listen-on port 53 { 127.0.0.1; 192.168.1.101; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";allow-query { localhost; 192.168.1.0/24; };recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN {type hint;file "named.ca";};zone"unixmen.local" IN {type slave;file "slaves/unixmen.fwd";masters { 192.168.1.100; };};zone"1.168.192.in-addr.arpa" IN {type slave;file "slaves/unixmen.rev";masters { 192.168.1.100; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";2. Start the DNS Service
[root@secondarydns ~]# service named startGenerating /etc/rndc.key: [ OK ]Starting named: [ OK ][root@secondarydns ~]# chkconfig named on
Now the forward and reverse zones are automatically replicated from Master DNS server to'/var/named/slaves/' in Secondary DNS server.
[root@secondarydns ~]# ls /var/named/slaves/unixmen.fwd unixmen.rev
[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd $ORIGIN .$TTL 86400; 1 dayunixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. (2011071001 ; serial3600 ; refresh (1 hour)1800 ; retry (30 minutes)604800 ; expire (1 week)86400 ; minimum (1 day))NS masterdns.unixmen.local.NS secondarydns.unixmen.local.A192.168.1.100A192.168.1.101A192.168.1.102$ORIGIN unixmen.local.clientA192.168.1.102masterdnsA192.168.1.100secondarydnsA192.168.1.101
[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev $ORIGIN .$TTL 86400; 1 day1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. (2011071001 ; serial3600 ; refresh (1 hour)1800 ; retry (30 minutes)604800 ; expire (1 week)86400 ; minimum (1 day))NS masterdns.unixmen.local.NS secondarydns.unixmen.local.PTRunixmen.local.$ORIGIN 1.168.192.in-addr.arpa.100PTRmasterdns.unixmen.local.101PTRsecondarydns.unixmen.local.102PTRclient.unixmen.local.clientA192.168.1.102masterdnsA192.168.1.100secondarydnsA192.168.1.101
3. Add the DNS Server details to all systems
[root@secondarydns ~]# vi /etc/resolv.conf# Generated by NetworkManagersearch ostechnix.comnameserver 192.168.1.100nameserver 192.168.1.101nameserver 8.8.8.8
4. Test DNS Server
[root@secondarydns ~]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 15 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:27:57 2013;; MSG SIZE rcvd: 114
[root@secondarydns ~]# dig secondarydns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;secondarydns.unixmen.local.INA;; ANSWER SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; Query time: 4 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:31:53 2013;; MSG SIZE rcvd: 114
[root@secondarydns ~]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.101Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100
Client Side Configuration
Add the DNS server details in '/etc/resolv.conf' file in all client systems
[root@client unixmen]# vi /etc/resolv.conf# Generated by NetworkManagersearch unixmen.localnameserver 192.168.1.100nameserver 192.168.1.101nameserver 8.8.8.8
Test DNS Server
[root@client unixmen]# dig masterdns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;masterdns.unixmen.local.INA;; ANSWER SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 30 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:47:55 2013;; MSG SIZE rcvd: 114
[root@client unixmen]# dig secondarydns.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1;; QUESTION SECTION:;secondarydns.unixmen.local.INA;; ANSWER SECTION:secondarydns.unixmen.local. 86400 INA192.168.1.101;; AUTHORITY SECTION:unixmen.local.86400INNSsecondarydns.unixmen.local.unixmen.local.86400INNSmasterdns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100;; Query time: 8 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:48:38 2013;; MSG SIZE rcvd: 114
[root@client unixmen]# dig client.unixmen.local; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:;client.unixmen.local.INA;; ANSWER SECTION:client.unixmen.local.86400INA192.168.1.102;; AUTHORITY SECTION:unixmen.local.86400INNSmasterdns.unixmen.local.unixmen.local.86400INNSsecondarydns.unixmen.local.;; ADDITIONAL SECTION:masterdns.unixmen.local. 86400INA192.168.1.100secondarydns.unixmen.local. 86400 INA192.168.1.101;; Query time: 5 msec;; SERVER: 192.168.1.100#53(192.168.1.100);; WHEN: Thu Mar 7 13:49:11 2013;; MSG SIZE rcvd: 137
[root@client unixmen]# nslookup unixmen.localServer:192.168.1.100Address:192.168.1.100#53Name:unixmen.localAddress: 192.168.1.102Name:unixmen.localAddress: 192.168.1.100Name:unixmen.localAddress: 192.168.1.101
Now the primary and secondary DNS servers are ready.
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
校园网络安全保障工作的通知
上海精益管理软件开发
html接入数据库变量
东兔网络技术有限公司
cs韩国服务器正处于脱机状态
cf手游一进服务器就死机
服务器 流量矿石
网络安全教育活动结果
太极下载模块服务器请求失败
上海企想网络技术
实况2018ps4连不上服务器
怎么编程app软件开发
服务器数目
nari网络安全
摩尔庄园梦幻家园服务器
数据库设计的总结体会
倩女幽魂长安月下服务器怎么样
神秘时代6傀儡在服务器里面
网络安全短视频观后感
北京智能建模软件开发
管理类软件开发服务平台
染色体数据库在哪里查
下沙住宿软件开发
幼儿园重大节日网络安全防范措施
5g网络技术标准是什么
广州思敏网络技术公司
php本地数据库地址
如何保护wifi网络安全
锦州手机软件开发
广东省网络安全应急办公室
