Linux 域名服务器配置

cat /etc/redhat-release

CentOS Linux release 7.0.1406 (Core)

使用BIND构建DNS服务器

1.BIND服务器安装

yum install bind* -y

2.修改配置

vim /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 192.168.124.129; }; 
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "nginxtest.com" IN {  
        type master;  
        file "nginxtest.com.zone";  
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

cp /var/named/named.localhost /var/named/nginxtest.com.zone
vim /var/named/nginxtest.com.zone

3.建立正向区域文件

$TTL 1D
@       IN SOA  nginxtest.com rname.invalid. (
                                  0     ; serial
                                  1D    ; refresh
                                  1H    ; retry
                                  1W    ; expire
                                  3H )  ; minimum
        NS      @
@       A       192.168.124.129
www     A       192.168.124.129
mail    A       192.168.124.129

4.建立反向区域文件

5.修改权限

chmod 777 /var/named/nginxtest.com.zone

6.测试named.conf主配置文件 

named-checkconf 

7.测试区域文件

named-checkzone nginxtest.com /var/named/nginxtest.com.zone 

8.配置DNS客户机配置文件

vim /etc/resolv.conf

# Generated by NetworkManager
domain localdomain
search localdomain

nameserver 192.168.124.129
#nameserver 192.168.124.2

9.启动DNS服务器

systemctl daemon-reload 
systemctl start named
systemctl status named

10.测试DNS服务器

DNS服务器的主要测试方法
使用nslookup、dig和host等专用工具可以对DNS服务器进行较全面的测试 
nslookup命令在Linux和Windows系统中都默认安装，是比较常用的测试工具
进入nslookup命令交换环境

nslookup
> server 192.168.124.129
测试localhost主机域名的正向解析 
> localhost 
测试localhost主机域名的反向解析 
> 127.0.0.1 
测试互联网中的域名解析
> www.nginxtest.com 
测试nginxtest.com域中的A记录
> mail.nginxtest.com 
测试nginxtest.com域中的CNAME记录
> www.nginxtest.com 
测试nginxtest.com域中的NS记录
> set type=ns                          （设置域名查询类型为NS即域名记录）
> nginxtest.com 
测试nginxtest.com域中的MX记录
> set type=mx                         （设置域名查询类型为MX即邮件交换记录）
> nginxtest.com 
设置进行A记录的测试
> set type=a                            （设置域名查询类型为A即地址记录）
>mail.nginxtest.com

测试DNS解析是否成功

host www.nginxtest.com

www.nginxtest.com has address 192.168.124.129

配置nginx.conf

#my nginx.conf
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    use epoll;
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;


    upstream v1 {
            server   192.168.124.130:8081;
            server   192.168.124.130:8082;
    }

    server {
            listen 443;
            ssl on;
            ssl_certificate  /home/nginx/server.crt;
            ssl_certificate_key  /home/nginx/server.key;
            ssl_session_timeout 5m;
            ssl_protocols SSLv2 SSLv3 TLSv1;
            ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
            ssl_prefer_server_ciphers on;

            server_name www.nginxtest.com;

            location / {
                 proxy_pass        http://v1;
                 proxy_set_header   Host             $host;
                 proxy_set_header   X-Real-IP        $remote_addr;
                 proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            }
    }

}

启动命令

#!/bin/bash

docker run --name nginx -d -p 443:443 -p 80:80 -v /home/nginx/index.html:/usr/share/nginx/html/index.html -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/:/home/nginx/ -v /home/error/:/var/log/nginx/ nginx:latest

访问nginx

#/home/nginx/index.html

welcome to Nginx !

域名测试

Tomcat_1

Tomcat_2

常见的 Nginx 配置选项整理