آموزش نصب BIND و تنظیمات راه اندازی DNS در لینوکس به زبان ساده
توی این بحث میخواهم نصب bind و راه اندازی یک DNS سرور رو در دو حالت Master, Slave برروی سیستم عامل CentOS 7 توضیح بدم. امیدوارم مورد توجه دوستان عزیز قرار بگیره.از اساتید هم درخواست دارم در صورتیکه جایی اشتباهی رخ داد تصحیح بفرمایند. سناریو:
دوره های شبکه، برنامه نویسی، مجازی سازی، امنیت، نفوذ و ... با برترین های ایران
سرفصل های این مطلب
Primary(Master) DNS Server Details:
- Operating System : CentOS 7 server
- Hostname : masterdns.itpro.local
- IP Address : 192.168.1.100/24
Secondary(Slave) DNS Server Details:
- Operating System : CentOS 7 server
- Hostname : secondarydns.itpro.local
- IP Address : 192.168.1.101/24
Client Details:
web Server
- Operating System : CentOS 7 Desktop
- Hostname : www.itpro.local
- IP Address : 192.168.1.102/24
Setup Primary(Master) DNS Server
[root@itpro.masterdns ~]# yum install bind* -y
1. Configure DNS Server
با استفاده از دستور vim و بصورت زیر تغییرات لازم رو در فایل etcnamed.confانجام بدهید.
مهم مهم مهم:
قبل از اعمال تغییرات با استفاده از دستور زیر یک backup از فایل named.conf بگیرید.
root@itpro.masterdns ~]# cp /etc/named.conf /etc/named.conf.bk
[root@itpro.masterdns ~]# vim /etc/named.conf
/ /
/ named.conf
/
/ Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
/ server as a caching only nameserver (as a localhost DNS resolver only).
/
/ See /usr/share/doc/bind*sample for example named configuration files.
/
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### *Master DNS IP* ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "var/named/data/named/memstats.txt";
allow-query { localhost; 192.168.1.0/24; }; ### *IP Range* ###
allow-transfer{ localhost; 192.168.1.101; }; ### *Slave DNS IP* ###
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Path to ISC DLV key
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"itpro.local" IN {
type master;
file "forward.itpro";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.itpro";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key
2. Create Zone files
Create forward and reverse zone files which we mentioned in the
"/etc/named.conf"
file.
2.1 Create Forward Zone
Create forward.itpro file in the
<text>
"varnamed"
<text>
directory.
[root@itpromasterdns ~]# vim /var/named/forward.itpro $TTL 86400 @ IN SOA masterdns.itpro.local. admin.itpro.local. ( 2015011801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.itpro.local. @ IN NS secondarydns.itpro.local. @ IN A 192.168.1.100 @ IN A 192.168.1.101 @ IN A 192.168.1.102 masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 www IN A 192.168.1.102
2.2 Create Reverse Zone
Create reverse.itpro file in the ‘varnamed’ directory.
[root@itpro.masterdns ~]# vim /var/named/reverse.itpro $TTL 86400 @ IN SOA masterdns.itpro.local. admin.itpro.local. ( 2015011802 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS masterdns.itpro.local. @ IN NS secondarydns.itpro.local. @ IN PTR itpro.local. masterdns IN A 192.168.1.100 secondarydns IN A 192.168.1.101 www IN A 192.168.1.102 100 IN PTR masterdns.itpro.local. 101 IN PTR secondarydns.itpro.local. 102 IN PTR www.itpro.local.
3. Start the DNS service
[root@itpro.masterdns ~]# systemctl names start.service
[root@itpro.masterdns ~]# systemctl enable named.service
4. Adjust iptables to allow DNS server from outside of the network
[root@itpro.masterdns ~]# iptables -I INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
[root@itpro.masterdns ~]# service iptables save
[root@itpro.masterdns ~]# service iptables restart
Test DNS configuration and zone files for any syntax errors
[root@itpro.masterdns ~]# named-checkconf /etc/named.conf
[root@itpro.masterdns ~]# named-checkzone itpro.local /var/named/forward.itpro
zone itpro.local/IN: loaded serial 2015011801
OK
[root@itpro.masterdns ~]# named-checkzone itpro.local /var/named/reverse.itpro
zone itpro.local/IN: loaded serial 2015011802
OK
- Test DNS Server*
[root@itpro.masterdns ~]# dig masterdns.itpro.local ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.itpro.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834 ;; flags: qr aa rd ra; QUERY: 1, *ANSWER: 1*, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;masterdns.itpro.local.INA ;; ANSWER SECTION: masterdns.itpro.local. 86400 IN A 192.168.1.100 ;; AUTHORITY SECTION: itpro.local.86400 IN NS secondarydns.itpro.local. itpro.local.86400 IN NS masterdns.itpro.local. ;; ADDITIONAL SECTION: secondarydns.itpro.local. 86400 IN A 192.168.1.101 ;; Query time: 6 msec ;; SERVER: 192.168.1.100#53(192.168.1.100) ;; WHEN: Thu Mar 7 13:07:56 2013 ;; MSG SIZE rcvd: 114
پایان قسمت اول