字数
1641 字
阅读时间
9 分钟
前置操作
主域名服务器
安装软件包
dnf install -y bind bind-utils启动与开机自启服务
systemctl enable --now named配置主域名服务器
主配置文件
vi /etc/named.conf详细见以下配置
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// 设置listen-on为any,允许所有地址访问
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
// 设置allow-query为any,允许访问
allow-query { any; };
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// 创建内网视图
view "internel" {
zone "." IN {
type hint;
file "named.ca";
};
zone "mlishu.local" IN {
type master;
file "internel/mlishu.local.zone";
allow-update { none; };
};
zone "159.159.192.in-addr.arpa" IN {
type master;
file "internel/192.159.159.zone";
allow-update { none; };
};
};根域名文件配置
mkdir -p /var/named/internel/
vi /var/named/internel/mlishu.local.zone配置文件如下
$TTL 1H
@ IN SOA ns1.mlishu.local. hostmaster.mlishu.local. (
2025021801
1H
10M
1W
1H )
IN NS ns1.mlishu.local.
IN NS ns2.mlishu.local.
ns1 IN A 192.159.159.254
ns2 IN A 192.159.159.254
@ IN A 192.159.159.254
smb IN A 192.159.159.254
ftp IN A 192.159.159.254
dhcp IN A 192.159.159.254
dns IN A 192.159.159.254反向区域文件配置
vi /var/named/internel/192.159.159.zone配置样例如下
$TTL 1H
@ IN SOA ns1.mlishu.local. hostmaster.mlishu.local. (
2025021801
1H
10M
1W
1H )
IN NS ns1.mlishu.local.
IN NS ns2.mlishu.local.
254 IN PTR dns.mlishu.local.设置文件权限
chown root:named /etc/named.conf
chown named:named /var/named/internel/*.zone
restorecon -Rv /var/named防火墙与SELinux配置
firewall-cmd --add-service=dns --permanent
firewall-cmd --reload
setsebool -P named_write_master_zones on重启服务
systemctl restart named配置从域名服务器
主从域名服务器可以提高DNS系统可靠性和性能
安装软件包
dnf install -y bind bind-utils修改主域名服务器配置文件
在主域名服务器上的每个zone添加allow-transfer,配置如下:
view "internel" {
zone "." IN {
type hint;
file "named.ca";
};
zone "mlishu.local" IN {
type master;
file "internel/mlishu.local.zone";
allow-update { none; };
// 添加allow-transfer字段允许传输到从域名服务器
allow-transfer { 192.159.159.253; };
};
zone "159.159.192.in-addr.arpa" IN {
type master;
file "internel/192.159.159.zone";
allow-update { none; };
// 添加allow-transfer字段允许传输到从域名服务器
allow-transfer { 192.159.159.253; };
};
};重启主服务器
systemctl restart named创建从域名服务器
修改配置文件
vi /etc/named.conf配置如下
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
// 从域名服务器不开启递归查询
recursion no;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
view "internel" {
zone "." IN {
type hint;
file "named.ca";
};
zone "mlishu.local" IN {
type slave;
// 主域名服务器的地址
masters { 192.159.159.254; };
file "mlishu.local.zone";
};
zone "159.159.192.in-addr.arpa" IN {
type slave;
// 主域名服务器的地址
file "192.159.159.zone";
};
};创建存储目录
mkdir -p /var/named/slaves
chown named:named /var/named/slaves
restorecon -Rv /var/named重启并检查连接
systemctl restart named
journalctl -xeu named | grep "zone mlishu.local"![[Pasted image 20251028160033.png]]
添加解析
在完成配置后,在主服务器的mlishu.local.zone和反向解析上加上 ns.mlishu.local---192.168.159.250,如下图: 
反向解析: ![[Pasted image 20251104155910.png]]
分离解析
内网网段:192.168.159.0/24 外网网段:203.0.113.0/24
修改named.conf文件
// 内网视图
view "internal" {
match-clients { 192.168.159.0/24; 127.0.0.1; };
recursion yes;
zone "gong.com" IN {
type master;
file "internal/gong.com.zone";
allow-update { none; };
};
};
// 外网视图
view "external" {
match-clients { any; }; // 除内网外的全部请求
recursion no;
zone "gong.com" IN {
type master;
file "external/gong.com.zone";
allow-update { none; };
};
};mkdir -p /var/named/internal
mkdir -p /var/named/external
chown -R named:named /var/named/internal /var/named/external
restorecon -Rv /var/namedvi /var/named/internal/gong.com.zone$TTL 1D
@ IN SOA ns1.gong.com. admin.gong.com. (
2025101401
1H
10M
1W
1D )
IN NS ns1.gong.com.
ns1 IN A 192.168.159.254
smb IN A 192.168.159.254
ftp IN A 192.168.159.254
dhcp IN A 192.168.159.254vi /var/named/external/gong.com.zone$TTL 1D
@ IN SOA ns1.gong.com. admin.gong.com. (
2025101401
1H
10M
1W
1D )
IN NS ns1.gong.com.
ns1 IN A 203.0.113.101
smb IN A 203.0.113.101
ftp IN A 203.0.113.101vi /var/named/internal/159.168.192.zone$TTL 1D
@ IN SOA ns1.gong.com. admin.gong.com. (
2025101401
1H
10M
1W
1D )
IN NS ns1.gong.com.
254 IN PTR ns1.gong.com
254 IN PTR smb.gong.com
254 IN PTR ftp.gong.com完整配置
网卡说明
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:d2:0a:12 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.78.66/24 brd 192.168.78.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed2:a12/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:d2:0a:1c brd ff:ff:ff:ff:ff:ff
altname enp19s0
inet 192.168.159.254/24 brd 192.168.159.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::1274:1e8f:e8a2:ebdf/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:d2:0a:26 brd ff:ff:ff:ff:ff:ff
altname enp27s0
inet 203.0.113.101/24 brd 203.0.113.255 scope global noprefixroute ens256
valid_lft forever preferred_lft forever
inet6 fe80::7732:f015:c0f8:82d3/64 scope link noprefixroute
valid_lft forever preferred_lft foreverens160用于管理服务器(192.168.78.0/24)(VMnet8) ens224用于提供内网服务(192.168.159.0/24)(VMnet1) ens256用于提供外网服务(203.0.113.0/24)(VMnet2)
named.conf
vi /etc/named.conf由于所有配置均需要在视图下,因此将mlishu.local这个域名包含入内网中
// 监听配置
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};
// 内网视图
view "internal" {
// 内网用户配置
match-clients { 192.168.159.0/24; 127.0.0.1; };
recursion yes;
// 根提示区
zone "." IN {
type hint;
file "named.ca";
};
// 内网的正向解析
zone "gong.com" IN {
type master;
file "internal/gong.com.zone";
allow-update { none; };
allow-transfer { 192.168.159.250; };
};
// mlishu.local域名
zone "mlishu.local" IN {
type master;
file "mlishu.local.zone";
allow-update { none; };
allow-transfer { 192.168.159.250; };
};
// mlishu.local反向解析
zone "159.168.192.in-addr.arpa" IN {
type master;
file "159.168.192.zone";
allow-update { none; };
allow-transfer { 192.168.159.250; };
};
};
// 外网视图
view "external" {
// 允许除内网以外的所有请求
match-clients { any; };
recursion no;
// 根提示区
zone "." IN {
type hint;
file "named.ca";
};
// 外网的正向解析
zone "gong.com" IN {
type master;
file "external/gong.com.zone";
allow-update { none; };
};
};mlishu.local.zone
vi /var/named/internal/mlishu.local.zone$TTL 1D
@ IN SOA mlishu.local. admin.mlishu.local. (
2025101401 ;
1H ;
10M ;
1W ;
1D ) ;
IN NS ns1.mlishu.local.
ns1 IN A 192.168.159.254
smb IN A 192.168.159.254
ftp IN A 192.168.159.254
dhcp IN A 192.168.159.254
dns IN A 192.168.159.254gong.com
vi /var/named/internal/gong.com.zone
$TTL 1D
@ IN SOA ns1.gong.com. admin.gong.com. (
2025101401
1H
10M
1W
1D )
IN NS ns1.gong.com.
ns1 IN A 192.168.159.254
smb IN A 192.168.159.254
ftp IN A 192.168.159.254
dhcp IN A 192.168.159.254vi /var/named/external/gong.com.zone$TTL 1D
@ IN SOA ns1.gong.com. admin.gong.com. (
2025101401
1H
10M
1W
1D )
IN NS ns1.gong.com.
ns1 IN A 203.0.113.101
smb IN A 203.0.113.101
ftp IN A 203.0.113.101添加本地解析:
vi /etc/resolv.confnameserver 127.0.0.1从域名服务器配置
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/named";
allow-query { any; };
// 从服务器一般不开启递归
recursion no;
};
zone "mlishu.local" IN {
type slave;
// 主服务器IP及文件存放位置
masters { 192.168.159.254; };
file "slaves/mlishu.local.zone";
};验证
内网主域名
客户端IP配置: ![[Pasted image 20251104163058.png]] 客户端解析: ![[Pasted image 20251104163155.png]]
内网从域名
将客户端的DNS修改为从域名服务器的IP ![[Pasted image 20251104163240.png]] 客户端解析: ![[Pasted image 20251104163302.png]]
分离解析(内网)
![[Pasted image 20251104163347.png]]
分离解析(外网)
![[Pasted image 20251104163829.png]]
贡献者
lishu620