Oracle Linux 7 Configure DNS
Oracle Linux 7.1配置DNS服務
一.安裝DNS需要的軟體包
# yum install bind-libs bind bind-utils
二.編輯named.conf檔案
在編輯前先複製一份named.conf檔案
[root@jytest1 ~]# cp /etc/named.conf /etc/named.conf.backup
[root@jytest1 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };--將127.0.0.1修改成any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };--將127.0.0.1修改成any
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
三.配置host.conf
[root@jytest1 ~]# cat /etc/host.conf multi on
該檔案指定如何解析主機名。Linux透過解析器庫來獲得主機名對應的IP地址。下面是一個“/etc/host.conf”的示例:
order bind,hosts
multi on
nospoof on
“order bind,hosts”指定主機名查詢順序,這裡規定先使用DNS來解析域名,然後再查詢“/etc/hosts”檔案(也可以相反)。
“multi on”指定是否“/etc/hosts”檔案中指定的主機可以有多個地址,擁有多個IP地址的主機一般稱為多穴主機。
“nospoof on”指不允許對該伺服器進行IP地址欺騙。IP欺騙是一種攻擊系統安全的手段,透過把IP地址偽裝成別的計算機,來取得其它計算機的信任。
四.修改/etc/named.rfc1912.zones
[root@jytest1 ~]# cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.backup
[root@jytest1 ~]# vi /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
--下面為增加的內容,jybd.net.forward為正向解析,jydba.net.reverse為反向解析
zone "jydba.net" IN {
type master;
file "jydba.net.forward";
allow-update { none; };
};
zone "130.138.10.in-addr.arpa" IN {
type master;
file "jydba.net.reverse";
allow-update { none; };
};
"/etc/named.rfc1912.zones" 54L, 1171C written
五.修改具體的zone配置檔案
[root@jytest1 named]# cd /var/named
[root@jytest1 named]# cp named.localhost jydba.net.forward
[root@jytest1 named]# cp named.loopback jydba.net.reverse
[root@jytest1 named]# vi jydba.net.forward
$TTL 1D
@ IN SOA @ root.jydba.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.138.130.171
AAAA ::1
jytest1 A 10.138.130.171
jytest2 A 10.138.130.172
jytest1-vip A 10.138.130.175
jytest2-vip A 10.138.130.176
jytest-scan A 10.138.130.177
jytest-scan A 10.138.130.178
jytest-scan A 10.138.130.179
[root@jytest1 named]# vi jydba.net.reverse
$TTL 1D
@ IN SOA @ root.jydba.net. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.138.130.171
AAAA ::1
PTR localhost.
171 PTR jytest1
172 PTR jytest2
175 PTR jytest1-vip
176 PTR jytest2-vip
177 PTR jytest-scan
178 PTR jytest-scan
179 PTR jytest-scan
六.配置resolv.conf
[root@jytest1 named]# cat /etc/resolv.conf # Generated by NetworkManager search jydba.net # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com search jydba.net nameserver 10.138.130.171
七.測試
[root@jytest1 named]# dig -x 10.138.130.172 ; < <>> DiG 9.9.4-RedHat-9.9.4-18.el7 < <>> -x 10.138.130.172 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<
上面出現錯誤,server can't find jytest1: SERVFAIL,錯誤資訊是因為之前建立檔案時使用的是root使用者,將這些建立的檔案修改為named使用者與組。
[root@jytest1 named]# ls -lrt total 32 -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 2076 Jan 28 2013 named.ca drwxrwx---. 2 root named 6 Mar 6 2015 dyndb-ldap drwxrwx---. 2 named named 6 Mar 6 2015 slaves drwxr-x---. 7 root named 56 Nov 5 11:03 chroot -rw-r----- 1 root named 728 Mar 17 18:45 named.jydba -rw-r--r-- 1 root root 829 Mar 17 18:45 jydba.zone drwxrwx---. 2 named named 22 Mar 17 18:45 data -rw-r----- 1 root root 503 Mar 17 19:13 jydba.net.forward -rw-r----- 1 root root 406 Mar 17 19:15 jydba.net.reverse drwxrwx---. 2 named named 58 Mar 17 19:16 dynamic [root@jytest1 named]# chown -R named:named jydba* [root@jytest1 named]# ls -lrt total 32 -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 2076 Jan 28 2013 named.ca drwxrwx---. 2 root named 6 Mar 6 2015 dyndb-ldap drwxrwx---. 2 named named 6 Mar 6 2015 slaves drwxr-x---. 7 root named 56 Nov 5 11:03 chroot -rw-r----- 1 root named 728 Mar 17 18:45 named.jydba -rw-r--r-- 1 named named 829 Mar 17 18:45 jydba.zone drwxrwx---. 2 named named 22 Mar 17 18:45 data -rw-r----- 1 named named 503 Mar 17 19:13 jydba.net.forward -rw-r----- 1 named named 406 Mar 17 19:15 jydba.net.reverse drwxrwx---. 2 named named 58 Mar 17 19:16 dynamic
[root@jytest1 named]# systemctl restart named.service [root@jytest1 named]# nslookup jytest1 Server: 10.138.130.171 Address: 10.138.130.171#53 Name: jytest1.jydba.net Address: 10.138.130.171 [root@jytest1 named]# nslookup jytest1.jydba.net Server: 10.138.130.171 Address: 10.138.130.171#53 Name: jytest1.jydba.net Address: 10.138.130.171 [root@jytest1 named]# nslookup jytest2-priv.jydba.net Server: 10.138.130.171 Address: 10.138.130.171#53 ** server can't find jytest2-priv.jydba.net: NXDOMAIN [root@jytest1 named]# nslookup jytest2-vip.jydba.net Server: 10.138.130.171 Address: 10.138.130.171#53 Name: jytest2-vip.jydba.net Address: 10.138.130.176 [root@jytest1 named]# nslookup jytest-scan.jydba.net Server: 10.138.130.171 Address: 10.138.130.171#53 Name: jytest-scan.jydba.net Address: 10.138.130.178 Name: jytest-scan.jydba.net Address: 10.138.130.179 Name: jytest-scan.jydba.net Address: 10.138.130.177 [root@jytest1 named]# nslookup 10.138.130.179 Server: 10.138.130.171 Address: 10.138.130.171#53 179.130.138.10.in-addr.arpa name = jytest-scan.130.138.10.in-addr.arpa.
透過測試可以看到DNS透過正向與反向解析都是正常的,說明配置成功。
注意:
對於Linux 使用NetworkManager來控制網路的作業系統,當主機重啟之前/etc/resolv.conf檔案可能會被重寫。如果發生這種情況,需要對相應的網路卡配置檔案增加以下記錄
對於Oracle Linux 6修改類似檔案 /etc/sysconfig/network-scripts/ifcfg-eth0 (ifcfg-eth1 etc.)
對於Oracle Linux 7修改類似文/etc/sysconfig/network-scripts/ifcfg-ens160 (ifcfg-ens34 etc.)
DNS1=10.138.130.171
DOMAIN=jydba.net
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-2135575/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 【Autofs】How to Configure Autofs on CentOS 7?CentOS
- How to Install and Configure VNC Server in CentOS 7VNCServerCentOS
- Oracle 19c Database Configure the HTTPS Port for EM ExpressOracleDatabaseHTTPExpress
- Centos 7 新增dnsCentOSDNS
- oracle linux 7 安裝圖形化介面OracleLinux
- linux7 開機自啟動oracleLinuxOracle
- Oracle Linux 7使用syslog來管理Oracle ASM的審計檔案OracleLinuxASM
- Oracle Linux 7設定中文字符集OracleLinux
- Oracle RAC啟動失敗(DNS故障)OracleDNS
- 清空linux的dns快取LinuxDNS快取
- Oracle Linux 7使用cron來管理Oracle ASM審計檔案目錄的增長OracleLinuxASM
- centos7搭建DNS伺服器CentOSDNS伺服器
- Oracle Linux7下部署oralce 11gr2 dataguardOracleLinux
- Linux——DNS域名解析服務LinuxDNS
- Linux 中檢視 DNS 與 配置LinuxDNS
- 【configure】如何用automake、autoconf指令生成configure並建立自己的linux tar.gz安裝包【初級篇:簡單建立-測試】Linux
- Oracle Linux 7.1中安裝達夢資料庫DM7OracleLinux資料庫
- Centos7系統配置DNS服務CentOSDNS
- 7 Oracle 函式Oracle函式
- Unable to boot ApiServiceProvider configure..bootAPIIDE
- Configure innodb 表空間
- Linux與DNS的學習筆記LinuxDNS筆記
- Linux給特定程式單獨指定DNSLinuxDNS
- 如何清空DNS快取Windows&linuxDNS快取WindowsLinux
- Linux---DNS域名解析如何配置LinuxDNS
- linux系統雲主機修改DNSLinuxDNS
- 24_linux筆記-DNS服務Linux筆記DNS
- oracle11g在linux7的靜默安裝指令碼OracleLinux指令碼
- How to Install and Configure VNC on Ubuntu 18.04VNCUbuntu
- Install and configure VMware_vSphere 5
- ./configure,make,make install的作用
- 【知識分享】 清空linux的DNS快取LinuxDNS快取
- Linux安裝oracleLinuxOracle
- 使用unbound在RHEL7上搭建DNS服務DNS
- linux apache泛域名解析及dns相關LinuxApacheDNS
- Failed to configure a DataSource: ‘url‘ attribute is not specified and no embeddedAI
- Linux雜記7Linux
- Linux Use ODBC Connect OracleLinuxOracle
- AUTO START ORACLE ON LINUX(zt)OracleLinux