DNS là từ viết tắt của Domain Name System, là Hệ thống tên miềnHôm nay Adminvietnam xin hướng dẫn các bạn cấu hình DNS server sử dụng BIND trên CentOS 7.
Bài viết gồm các phần
- Preliminary Note
- Installing BIND
- Configure BIND
- Create Forward Zone file
- Create Reverse Zone file
- Create Local Forward Zone file
- Create Local Reverse Zone file
- Testing
Chuẩn bị
- Máy CentOS 7 – DNS Server
IP:172.16.1.14
Hostname: server.adminvietnam.org
1 Preliminary Note
Đặt IP tĩnh cho DNS server , eno16777736 là tên interface
nano /etc/sysconfig/network-scripts/ifcf-eno16777736
TYPE="Ethernet" BOOTPROTO="static" IPADDR=172.16.1.14 NETMASK=255.255.255.0 GATEWAY=172.16.1.2 DNS1=172.16.1.14 DEFROUTE="yes" IPV4_FAILURE_FATAL="no" NAME="eno16777736" DEVICE="eno16777736" ONBOOT="yes"
2.Installing BIND
yum install bind* -y
3. Configure BIND
Edit file named.conf
nano /etc/named.conf
options
{
query-source port 53;
query-source-v6 port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
notify yes;
};
zone "." in {
type hint;
file "named.root";
};
Thêm Forward Zone bằng các dòng sau
zone "adminvietnam.org" in { ## Forward Zone Name type master; file "adminvietnam.db"; ## Forward Zone File };
Chúng ta có đường mạng 172.16.1.0/24 , ta thêm reverse zone bằng các dòng sau
zone "1.16.172.in-addr.arpa" in { ## Reverse Zone Name type master; file "1.16.172.db"; ## Reverse Zone File };
Tạo Local Forward Zone
zone "localhost" in { type master; file "localhost.db"; };
Tạo Local Reverse Zone
zone "0.0.127.in-addr.arpa" in { type master; file "0.0.127.db"; };
Save file named.conf
4.Create Forward Zone File
Forward Zone file là nơi xác định các record DNS để lookup . Khi DNS server nhận một truy vấn “PC01.adminvietnam.org” nó sẽ tìm ra địa chỉ IP tương ứng với PC01
nano /var/named/adminvietnam.db
Thêm những dòng sau
$TTL 86400
@ IN SOA server.adminvietnam.org. root (
3;
28800;
7200;
604800;
86400;
)
IN NS server.adminvietnam.org.
IN MX 10 server
IN A 172.16.1.14
server IN A 172.16.1.14
www IN CNAME server
ftp IN CNAME server
mail IN CNAME server
5. Create Reverse Zone File
Reverse Zone file là nơi lưu các record PTR để phân phải ngược . Khi DNS server nhận được một truy vấn địa chỉ IP “172.16.1.100” nó sẽ tìm ra FQDN tương ứng là “PC01.adminvietnam.org”
# nano /var/named/1.16.172.db
Thêm các dòng
$TTL 86400 @ IN SOA server.adminvietnam.org. root.( 3; 28800; 7200; 604800; 86400; ) @ IN NS server.adminvietnam.org. 14 IN PTR server.adminvietnam.org.
6.Create Local Foward Zone File
nano /var/named/localhost.db
$TTL 86400 @ IN SOA @ root.( 3; 28800; 7200; 604800; 86400; ) IN NS @ IN A 127.0.0.1 IN AAAA ::1
7.Create Local Reverse Zone File
nano /var/named/0.0.127.db
$TTL 86400 @ IN SOA localhost. root.localhost. ( 3; 28800; 7200; 604800; 86400; ) IN NS localhost. 1 IN PTR localhost.
Tạo file named.root , copy đoạn sau
nano /var/named/named.root
; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jun 8, 2011 ; related version of root zone: 2011060800 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File
Cấu hình firewall
firewall-cmd --permanent --zone=public --add-service=dns firewall-cmd --reload
8. Testing
Start dịch vụ BIND và khởi động cùng hệ thống
systemctl start named
systemctl enable named
Kiểm tra
dig adminvietnam.org
dig -x 172.16.1.14
nslookup
[root@server /]# nslookup > adminvietnam.org Server: 172.16.1.14 Address: 172.16.1.14#53 Name: adminvietnam.org Address: 172.16.1.14 Address: 172.16.1.14 > 172.16.1.14 Server: 172.16.1.14 Address: 172.16.1.14#53 14.1.16.172.in-addr.arpa name = server.adminvietnam.org.
LuanPM – Adminvietnam.org
