DNS / DHCP服务器
为内部网络配置
安装 BIND 以配置 DNS(域名系统)服务器,为客户端提供名称或地址解析服务。
[1] 安装 BIND
[root@dlp ~]# dnf -y install bind bind-utils[2] 在此示例中,为内部网络配置 BIND。
下面的例子是本地网络是[10.0.0.0/24],域名是[srv.world]的情况,替换成你自己的环境。
[root@dlp ~]# vi /etc/named.conf
.....
.....
# add : set ACL entry for local network
acl internal-network {
10.0.0.0/24;
};
options {
# change ( listen all )
listen-on port 53 { any; };
# change if need ( if not listen IPv6, set [none] )
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
# add local network set on [acl] section above
# network range you allow to recive queries from hosts
allow-query { localhost; internal-network; };
# network range you allow to transfer zone files to clients
# add secondary DNS servers if it exist
allow-transfer { localhost; };
.....
.....
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# add zones for your network and domain name
zone "srv.world" IN {
type master;
file "srv.world.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.db";
allow-update { none; };
};
# if you don't use IPv6 and also suppress logs for IPv6 related, possible to change
# set BIND to use only IPv4
[root@dlp ~]# vi /etc/sysconfig/named
# add to the end
OPTIONS="-4"
# For how to write the section [*.*.*.*.in-addr.arpa], write your network address reversely like follows
# case of 10.0.0.0/24
# network address ⇒ 10.0.0.0
# network range ⇒ 10.0.0.0 - 10.0.0.255
# how to write ⇒ 0.0.10.in-addr.arpa
# case of 192.168.1.0/24
# network address ⇒ 192.168.1.0
# network range ⇒ 192.168.1.0 - 192.168.1.255
# how to write ⇒ 1.168.192.in-addr.arpa
[3]接下来,为您在上面的 [named.conf] 中设置的每个区域配置区域文件
BIND : 配置区域文件
将以下示例中的网络或域名替换为您自己的环境。
[1] 创建服务器从域名解析 IP 地址的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/srv.world.lan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# any numerical values are OK for serial number but
# recommendation is [YYYYMMDDnn] (update date + number)
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define Name Server's IP address
IN A 10.0.0.30
# define Mail Exchanger Server
IN MX 10 dlp.srv.world.
# define each IP address of a hostname
dlp IN A 10.0.0.30
www IN A 10.0.0.31[3] 接下来,启动 BIND 并验证名称或地址解析,请参阅此处。
BIND : 验证分辨率
[1] 启动并启用 BIND。
[root@dlp ~]# systemctl enable --now named[2] 如果 Firewalld 正在运行,请允许 DNS 服务。DNS 使用 [53/TCP,UDP]。
[root@dlp ~]# firewall-cmd --add-service=dns
success
[root@dlp ~]# firewall-cmd --runtime-to-permanent
success[3] 如果需要,更改 DNS 设置以引用自己的 DNS。(将 [enp1s0] 替换为您自己的环境)。
root@dlp ~]# nmcli connection modify enp1s0 ipv4.dns 10.0.0.30
[root@dlp ~]# nmcli connection down enp1s0; nmcli connection up enp1s0[4] 验证名称和地址解析。如果显示 [ANSWER SECTION],则可以。
[root@dlp ~]# dig dlp.srv.world.
; <<>> DiG 9.16.22-RH <<>> dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dfa3f5cee693b548010000006189b47fd276e33a7ce318ef (good)
;; QUESTION SECTION:
;dlp.srv.world. IN A
;; ANSWER SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30
;; Query time: 2 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:36:31 JST 2021
;; MSG SIZE rcvd: 86
[root@dlp ~]# dig -x 10.0.0.30
; <<>> DiG 9.16.22-RH <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7fa0458fcfcb227e010000006189b4a41afc0733b0cca9e3 (good)
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400 IN PTR dlp.srv.world.
;; Query time: 4 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:37:08 JST 2021
;; MSG SIZE rcvd: 106BIND : 为外部网络配置
安装 BIND 以配置 DNS(域名系统)服务器,为客户端提供名称或地址解析服务。
[1] 安装 BIND。
[root@dlp ~]# dnf -y install bind bind-utils[2] 在此示例中,为外部网络配置 BIND。
下面的例子是针对外部网络是[172.16.0.80/29],域名是[srv.world]的情况,替换成你自己的环境。
(实际上,[172.16.0.80/29] 是用于私有 IP 地址的。)
[root@dlp ~]# vi /etc/named.conf
.....
.....
options {
# change ( listen all )
listen-on port 53 { any; };
# change if need ( if not listen IPv6, set [none] )
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
# change : receive queries from all hosts
allow-query { any; };
# network range you allow to transfer zone files to clients
# add secondary DNS servers if it exist
allow-transfer { localhost; };
.....
.....
# change : not allow recursive queries
# answer to zones only this server has their entries
recursion no;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# add zones for your network and domain name
zone "srv.world" IN {
type master;
file "srv.world.wan";
allow-update { none; };
};
zone "80.0.16.172.in-addr.arpa" IN {
type master;
file "80.0.16.172.db";
allow-update { none; };
};
# if you don't use IPv6 and also suppress logs for IPv6 related, possible to change
# set BIND to use only IPv4
[root@dlp ~]# vi /etc/sysconfig/named
# add to the end
OPTIONS="-4"
# For how to write the section [*.*.*.*.in-addr.arpa], write your network address reversely like follows
# case of 172.16.0.80/29
# network address ⇒ 172.16.0.80
# network range ⇒ 172.16.0.80 - 172.16.0.87
# how to write ⇒ 80.0.16.172.in-addr.arpa[3] 接下来,为您在上面的 [named.conf] 中设置的每个区域配置区域文件。
将以下示例中的网络或域名替换为您自己的环境。
[1] 创建服务器从域名解析 IP 地址的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/srv.world.lan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# any numerical values are OK for serial number but
# recommendation is [YYYYMMDDnn] (update date + number)
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define Name Server's IP address
IN A 10.0.0.30
# define Mail Exchanger Server
IN MX 10 dlp.srv.world.
# define each IP address of a hostname
dlp IN A 10.0.0.30
www IN A 10.0.0.31[2] 创建服务器从 IP 地址解析域名的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/0.0.10.db
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define each hostname of an IP address
30 IN PTR dlp.srv.world.
31 IN PTR www.srv.world.[3] 接下来,启动 BIND 并验证名称或地址解析,请参阅此处。
BIND : 验证分辨率
[1] 启动并启用 BIND。
[root@dlp ~]# systemctl enable --now named[2] 如果 Firewalld 正在运行,请允许 DNS 服务。DNS 使用 [53/TCP,UDP]。
[root@dlp ~]# firewall-cmd --add-service=dns
success
[root@dlp ~]# firewall-cmd --runtime-to-permanent
success[3] 如果需要,更改 DNS 设置以引用自己的 DNS。
(将 [enp1s0] 替换为您自己的环境)。
[root@dlp ~]# nmcli connection modify enp1s0 ipv4.dns 10.0.0.30
[root@dlp ~]# nmcli connection down enp1s0; nmcli connection up enp1s0[4] 验证名称和地址解析。如果显示 [ANSWER SECTION],则可以。
[root@dlp ~]# dig dlp.srv.world.
; <<>> DiG 9.16.22-RH <<>> dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dfa3f5cee693b548010000006189b47fd276e33a7ce318ef (good)
;; QUESTION SECTION:
;dlp.srv.world. IN A
;; ANSWER SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30
;; Query time: 2 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:36:31 JST 2021
;; MSG SIZE rcvd: 86
[root@dlp ~]# dig -x 10.0.0.30
; <<>> DiG 9.16.22-RH <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7fa0458fcfcb227e010000006189b4a41afc0733b0cca9e3 (good)
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400 IN PTR dlp.srv.world.
;; Query time: 4 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:37:08 JST 2021
;; MSG SIZE rcvd: 106
BIND : 配置区域文件
将以下示例中的网络或域名替换为您自己的环境。
[1] 创建服务器从域名解析 IP 地址的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/srv.world.lan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# any numerical values are OK for serial number but
# recommendation is [YYYYMMDDnn] (update date + number)
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define Name Server's IP address
IN A 10.0.0.30
# define Mail Exchanger Server
IN MX 10 dlp.srv.world.
# define each IP address of a hostname
dlp IN A 10.0.0.30
www IN A 10.0.0.31[2] 创建服务器从 IP 地址解析域名的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/0.0.10.db
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define each hostname of an IP address
30 IN PTR dlp.srv.world.
31 IN PTR www.srv.world.[3] 接下来,启动 BIND 并验证名称或地址解析,请参阅此处。
BIND : 验证分辨率
[1] 启动并启用 BIND。
[root@dlp ~]# systemctl enable --now named[2] 如果 Firewalld 正在运行,请允许 DNS 服务。DNS 使用 [53/TCP,UDP]。
[root@dlp ~]# firewall-cmd --add-service=dns
success
[root@dlp ~]# firewall-cmd --runtime-to-permanent
success[3] 如果需要,更改 DNS 设置以引用自己的 DNS。
(将 [enp1s0] 替换为您自己的环境)。
[root@dlp ~]# nmcli connection modify enp1s0 ipv4.dns 10.0.0.30
[root@dlp ~]# nmcli connection down enp1s0; nmcli connection up enp1s0[4] 验证名称和地址解析。如果显示 [ANSWER SECTION],则可以。
[root@dlp ~]# dig dlp.srv.world.
; <<>> DiG 9.16.22-RH <<>> dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dfa3f5cee693b548010000006189b47fd276e33a7ce318ef (good)
;; QUESTION SECTION:
;dlp.srv.world. IN A
;; ANSWER SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30
;; Query time: 2 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:36:31 JST 2021
;; MSG SIZE rcvd: 86
[root@dlp ~]# dig -x 10.0.0.30
; <<>> DiG 9.16.22-RH <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7fa0458fcfcb227e010000006189b4a41afc0733b0cca9e3 (good)
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400 IN PTR dlp.srv.world.
;; Query time: 4 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:37:08 JST 2021
;; MSG SIZE rcvd: 106BIND : 使用视图语句
这是在 [named.conf] 中使用 View 语句的示例。
在此示例中,使用 [named.conf] 中的查看语句 配置内部网络的 设置和外部网络的设置,如此处。
[1] 本例使用内网[10.0.0.0/24],外网[172.16.0.80/29],域名[srv.world],替换成自己的环境。
(实际上,[172.16.0.80/29] 是用于私有 IP 地址的。)
[root@dlp ~]# vi /etc/named.conf
.....
.....
# add : set ACL entry for local network
acl internal-network {
10.0.0.0/24;
};
options {
# change ( listen all )
listen-on port 53 { any; };
# change if need ( if not listen IPv6, set [none] )
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
# add local network set on [acl] section above
# network range you allow to recive queries from hosts
allow-query { localhost; internal-network; };
# network range you allow to transfer zone files to clients
# add secondary DNS servers if it exist
allow-transfer { localhost; };
.....
.....
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
# change all lines follows
# set internal network zones
view "internal" {
match-clients {
localhost;
internal-network;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "srv.world" IN {
type master;
file "srv.world.lan";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.db";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
# set external network zones
view "external" {
# match all except targets defined on [match-clients] on internal section
match-clients { any; };
allow-query { any; };
# not allow recursive queries
recursion no;
zone "srv.world" IN {
type master;
file "srv.world.wan";
allow-update { none; };
};
zone "80.0.16.172.in-addr.arpa" IN {
type master;
file "80.0.16.172.db";
allow-update { none; };
};
};[2] 以上 [named.conf] 中设置的各个 Zone 文件的配置,请参考此处。
BIND : 配置区域文件
为 [named.conf] 中设置的每个区域配置区域文件。
将以下示例中的网络或域名替换为您自己的环境。
[1] 创建服务器从域名解析 IP 地址的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/srv.world.lan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# any numerical values are OK for serial number but
# recommendation is [YYYYMMDDnn] (update date + number)
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define Name Server's IP address
IN A 10.0.0.30
# define Mail Exchanger Server
IN MX 10 dlp.srv.world.
# define each IP address of a hostname
dlp IN A 10.0.0.30
www IN A 10.0.0.31[2] 创建服务器从 IP 地址解析域名的区域文件。
下面的示例使用内部网络 [10.0.0.0/24],域名 [srv.world]。
替换为您自己的环境。
[root@dlp ~]# vi /var/named/0.0.10.db
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
2021110901 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
# define Name Server
IN NS dlp.srv.world.
# define each hostname of an IP address
30 IN PTR dlp.srv.world.
31 IN PTR www.srv.world.[3] 接下来,启动 BIND 并验证名称或地址解析,请参阅此处。
BIND : 验证分辨率
[1] 启动并启用 BIND。
[root@dlp ~]# systemctl enable --now named
[2] 如果 Firewalld 正在运行,请允许 DNS 服务。DNS 使用 [53/TCP,UDP]。
[root@dlp ~]# firewall-cmd --add-service=dns
success
[root@dlp ~]# firewall-cmd --runtime-to-permanent
success[3] 如果需要,更改 DNS 设置以引用自己的 DNS。
(将 [enp1s0] 替换为您自己的环境)。
[root@dlp ~]# nmcli connection modify enp1s0 ipv4.dns 10.0.0.30
[root@dlp ~]# nmcli connection down enp1s0; nmcli connection up enp1s0[4] 验证名称和地址解析。如果显示 [ANSWER SECTION],则可以。
[root@dlp ~]# dig dlp.srv.world.
; <<>> DiG 9.16.22-RH <<>> dlp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dfa3f5cee693b548010000006189b47fd276e33a7ce318ef (good)
;; QUESTION SECTION:
;dlp.srv.world. IN A
;; ANSWER SECTION:
dlp.srv.world. 86400 IN A 10.0.0.30
;; Query time: 2 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:36:31 JST 2021
;; MSG SIZE rcvd: 86
[root@dlp ~]# dig -x 10.0.0.30
; <<>> DiG 9.16.22-RH <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7fa0458fcfcb227e010000006189b4a41afc0733b0cca9e3 (good)
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa. IN PTR
;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400 IN PTR dlp.srv.world.
;; Query time: 4 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:37:08 JST 2021
;; MSG SIZE rcvd: 106BIND : 设置别名 (CNAME)
如果您想将别名(另一个名称)设置为主机,请在区域文件中设置 CNAME 记录。
[1] 在区域文件中设置 CNAME 记录。
[root@dlp ~]# vi /var/named/srv.world.lan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# update serial if update zone file
2021110902 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dlp.srv.world.
IN A 10.0.0.30
IN MX 10 dlp.srv.world.
dlp IN A 10.0.0.30
www IN A 10.0.0.31
# [Alias] IN CNAME [Original Name]
ftp IN CNAME dlp.srv.world.
[root@dlp ~]# rndc reload
server reload successful
# verify resolution
[root@dlp ~]# dig ftp.srv.world.
; <<>> DiG 9.16.22-RH <<>> ftp.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44967
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 04c6ca63bc5d1dde010000006189b6eb91495a7eb8875559 (good)
;; QUESTION SECTION:
;ftp.srv.world. IN A
;; ANSWER SECTION:
ftp.srv.world. 86400 IN CNAME dlp.srv.world.
dlp.srv.world. 86400 IN A 10.0.0.30
;; Query time: 2 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Tue Nov 09 08:46:51 JST 2021
;; MSG SIZE rcvd: 104BIND : 配置 Chroot 环境
如果你想为命名配置 Chroot 环境,设置如下。
[1] 设置好 Chroot 环境后,配置文件放在 [/var/named/chroot] 下。
[named.conf] 放在 [/var/named/chroot/etc/named.conf] 下,
区域文件放在 [/var/named/chroot/var/named/***] 下。
修改设置时,请在 [/var/named/chroot] 文件下进行更改。
[root@dlp ~]# dnf -y install bind-chroot
[root@dlp ~]# mkdir /var/named/chroot/usr/lib64/named
[root@dlp ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@dlp ~]# systemctl disable --now named
[root@dlp ~]# systemctl enable --now named-chroot
Created symlink /etc/systemd/system/multi-user.target.wants/named-chroot.service → /usr/lib/systemd/system/named-chroot.service.
[root@dlp ~]# ll /var/named/chroot/etc
total 716
drwxr-x---. 3 root named 23 Nov 2 04:55 crypto-policies
-rw-r--r--. 2 root root 309 Sep 27 05:32 localtime
drwxr-x---. 2 root named 6 Nov 2 04:55 named
-rw-r-----. 1 root named 2390 Nov 9 08:45 named.conf
-rw-r-----. 1 root named 1029 Nov 2 04:55 named.rfc1912.zones
-rw-r--r--. 1 root named 686 Nov 2 04:55 named.root.key
drwxr-x---. 3 root named 25 Nov 2 04:55 pki
-rw-r--r--. 1 root root 6568 Jul 16 17:35 protocols
-rw-r-----. 1 root named 100 Nov 9 08:35 rndc.key
-rw-r--r--. 1 root root 701745 Jul 16 17:35 services
[root@dlp ~]# ll /var/named/chroot/var/named
total 24
-rw-r--r--. 1 root root 313 Nov 9 08:34 0.0.10.db
drwxr-x---. 7 root named 61 Nov 2 04:55 chroot
drwxrwx---. 2 named named 23 Nov 9 08:35 data
drwxrwx---. 2 named named 108 Nov 9 08:47 dynamic
-rw-r-----. 1 root named 2253 Nov 2 04:55 named.ca
-rw-r-----. 1 root named 152 Nov 2 04:55 named.empty
-rw-r-----. 1 root named 152 Nov 2 04:55 named.localhost
-rw-r-----. 1 root named 168 Nov 2 04:55 named.loopback
drwxrwx---. 2 named named 6 Nov 2 04:55 slaves
-rw-r--r--. 1 root root 404 Nov 9 08:46 srv.world.lanBIND :配置辅助服务器
配置 DNS 辅助服务器(从服务器)。
在此示例中,它显示配置 DNS 辅助服务器 [ns.server.education] (192.168.100.85),DNS 主服务器是 [dlp.srv.world] (172.16.0.82),如下所示。将 IP 地址和主机名替换为您自己的环境。
[1] 在 DNS 主服务器主机上配置。
[root@dlp ~]# vi /etc/named.conf
.....
.....
options {
listen-on port 53 { any; };
listen-on-v6 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; internal-network; };
# add secondary server to allow to transfer zone files
allow-transfer { localhost; 192.168.100.85; };
.....
.....
[root@dlp ~]# vi /var/named/srv.world.wan
$TTL 86400
@ IN SOA dlp.srv.world. root.srv.world. (
# update serial if update zone file
2021110903 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dlp.srv.world.
# add secondary server
IN NS ns.server.education.
IN A 172.16.0.82
IN MX 10 dlp.srv.world.
dlp IN A 172.16.0.82
www IN A 172.16.0.83
[root@dlp ~]# systemctl restart named
[2] 配置 onDNS 辅助服务器主机。
[root@ns ~]# vi /etc/named.conf
# add target zone info
# for IP address, it's the Master server's IP address
zone "srv.world" IN {
type slave;
masters { 172.16.0.82; };
file "slaves/srv.world.wan";
notify no;
};
[root@ns ~]# systemctl restart named
[root@ns ~]# ls /var/named/slaves
srv.world.wan # zone file transferedDHCP : 配置 DHCP 服务器
配置 DHCP(动态主机配置协议)服务器以将 IP 地址分配给本地网络中的客户端主机。
[1] 安装和配置 DHCP。在此示例中,它仅显示 IPv4 配置。
[root@dlp ~]# dnf -y install dhcp-server
[root@dlp ~]# vi /etc/dhcp/dhcpd.conf
# create new
# specify domain name
option domain-name "srv.world";
# specify DNS server's hostname or IP address
option domain-name-servers dlp.srv.world;
# default lease time
default-lease-time 600;
# max lease time
max-lease-time 7200;
# this DHCP server to be declared valid
authoritative;
# specify network address and subnetmask
subnet 10.0.0.0 netmask 255.255.255.0 {
# specify the range of lease IP address
range dynamic-bootp 10.0.0.200 10.0.0.254;
# specify broadcast address
option broadcast-address 10.0.0.255;
# specify gateway
option routers 10.0.0.1;
}
[root@dlp ~]# systemctl enable --now dhcpd[2] 如果 Firewalld 正在运行,请允许 DHCP 服务。DHCP 服务器使用 [67/UDP]。
[root@dlp ~]# firewall-cmd --add-service=dhcp
success
[root@dlp ~]# firewall-cmd --runtime-to-permanent
successDHCP:配置 DHCP 客户端:Fedora2021/11/09
配置 DHCP 客户端以从本地网络中的 DHCP 服务器获取 IP 地址。
[1] 对于 Fedora 客户端,配置如下。(将 [enp1s0] 替换为您自己的设备名称)
# install DHCP client if not installed (generally installed by default)
[root@client ~]# dnf -y install dhcp-client
[root@client ~]# nmcli connection modify enp1s0 ipv4.method auto
[root@client ~]# nmcli connection down enp1s0; nmcli connection up enp1s0DHCP:配置 DHCP 客户端:Windows
在 Windows 计算机上配置 DHCP 客户端。此示例基于 Windows 11。
[2] 右键单击开始按钮并打开[网络连接],然后单击[属性]。
[3] 如果 [IP 分配] 是 [DHCP] 就可以了。如果没有,请单击 [编辑] 按钮。
[4] 如果单击上一部分的[编辑]按钮,将显示以下窗口。选择 [自动 (DHCP)] 并保存。
[5] 确认网络连接状态,如果分配了 IP 就可以了。
