DNS là từ viết tắt  của Domain Name System, là Hệ thống tên miềnHôm nay Adminvietnam xin hướng dẫn các bạn cấu hình DNS server sử dụng BIND trên CentOS 7.

Bài viết gồm các phần

  1. Preliminary Note
  2. Installing BIND
  3. Configure BIND
  4. Create Forward Zone file
  5. Create Reverse Zone file
  6. Create Local Forward Zone file
  7. Create Local Reverse Zone file
  8. Testing

Chuẩn bị

  • Máy CentOS 7 – DNS Server
    IP:172.16.1.14
    Hostname: server.adminvietnam.org

1 Preliminary Note

Đặt IP tĩnh cho DNS server , eno16777736 là tên interface

nano /etc/sysconfig/network-scripts/ifcf-eno16777736

TYPE="Ethernet"
BOOTPROTO="static"
IPADDR=172.16.1.14
NETMASK=255.255.255.0
GATEWAY=172.16.1.2
DNS1=172.16.1.14
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="eno16777736"
DEVICE="eno16777736"
ONBOOT="yes"

2.Installing BIND

yum install bind* -y

3. Configure BIND

Edit file named.conf

nano /etc/named.conf
options
{
query-source port 53;
query-source-v6 port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
notify yes;

};

zone "." in {
type hint;
file "named.root";
};

Thêm Forward Zone bằng các dòng sau

zone "adminvietnam.org" in {                            ## Forward Zone Name
type master;
file "adminvietnam.db";                                 ## Forward Zone File
};

Chúng ta có đường mạng 172.16.1.0/24 , ta thêm reverse zone bằng các dòng sau

zone "1.16.172.in-addr.arpa" in {                       ## Reverse Zone Name
type master;                      
file "1.16.172.db";                                     ## Reverse Zone File
};

Tạo Local Forward Zone

zone "localhost" in {
type master;
file "localhost.db";
};

Tạo Local Reverse Zone

zone "0.0.127.in-addr.arpa" in {
type master;
file "0.0.127.db";
};

Save file named.conf

4.Create Forward Zone File

Forward Zone file là nơi xác định các record DNS để lookup . Khi DNS server nhận một truy vấn “PC01.adminvietnam.org” nó sẽ tìm ra địa chỉ IP tương ứng với PC01

nano /var/named/adminvietnam.db

Thêm những dòng sau

$TTL     86400
@        IN         SOA         server.adminvietnam.org. root (
                                3;
                                28800;
                                7200;
                                604800;
                                86400;
)
         IN         NS          server.adminvietnam.org.
         IN         MX 10       server
         IN         A           172.16.1.14
server   IN         A           172.16.1.14
www      IN         CNAME       server
ftp      IN         CNAME       server
mail     IN         CNAME       server         

 5. Create Reverse Zone File

Reverse Zone file là nơi lưu các record PTR để phân phải ngược . Khi DNS server nhận được một truy vấn địa chỉ IP “172.16.1.100” nó sẽ tìm ra FQDN tương ứng là  “PC01.adminvietnam.org”

# nano /var/named/1.16.172.db

Thêm các dòng

$TTL        86400
@           IN        SOA          server.adminvietnam.org. root.(
                      3;
                      28800;
                      7200;
                      604800;
                      86400;
)

@           IN        NS           server.adminvietnam.org.
14          IN        PTR          server.adminvietnam.org.

6.Create Local Foward Zone File

nano /var/named/localhost.db
$TTL             86400
@                 IN            SOA          @              root.(
                                             3;
                                             28800;
                                             7200;
                                             604800;
                                             86400;
)

                   IN             NS          @
                   IN             A           127.0.0.1
                   IN             AAAA         ::1

7.Create Local Reverse Zone File

nano /var/named/0.0.127.db
$TTL           86400
@               IN               SOA              localhost. root.localhost. (
                                 3;
                                 28800;
                                 7200;
                                 604800;
                                 86400;
)

                 IN             NS                  localhost.
1                IN             PTR                 localhost.

Tạo file named.root , copy đoạn sau

nano /var/named/named.root

; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC 
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jun 8, 2011
; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File

Cấu hình firewall

firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --reload

8. Testing

Start dịch vụ BIND và khởi động cùng hệ thống

systemctl start named
systemctl enable named

Kiểm tra

dig adminvietnam.org

dns test

dig -x 172.16.1.14

dns test 2

nslookup

[[email protected] /]# nslookup
> adminvietnam.org
Server: 172.16.1.14
Address: 172.16.1.14#53

Name: adminvietnam.org
Address: 172.16.1.14
Address: 172.16.1.14

> 172.16.1.14
Server: 172.16.1.14
Address: 172.16.1.14#53

14.1.16.172.in-addr.arpa name = server.adminvietnam.org.

 

LuanPM – Adminvietnam.org

Chia sẻ