CentOS 7 Configure DNS Server

今天介绍下如何在CentOS 7下部署DNS Server,测试环境中服务端搭建在了CentOS 7,客户端分别在Windows和Linux实现测试。

因为目的是让自建DNS服务器解析公司内部的自定义域名,所以当客户端需要访问外网域名时,DNS服务器会将解析请求转发给ISP的DNS服务器,并会将解析结果缓存,并且只对内网主机的解析请求进行转发,而不会对公网的主机解析请求进行转发。

DNS服务介绍

DNS服务由BIND提供,启动后服务名为named,管理工具为rndc,debug工具为dig,主要配置文件在/etc/named.conf

安装

推荐选择bind-chroot来安装,提高服务的安全性:

1
➜  ~ yum install -y bind-chroot

安装完成之后,启动named-chroot服务,并设置为开机自启动:

1
2
3
4
5
6
➜  ~ systemctl enable named-chroot.service
Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service.
➜ ~ systemctl start named-chroot.service
➜ ~ netstat -ntlp | grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4515/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4515/named

配置

首先备份DNS服务端的主配置文件,然后修改其中的内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
➜  ~ cp /etc/named.conf /etc/named.conf.bak
➜ ~ vim /etc/named.conf

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { 192.168.16.0/24; 192.168.0.0/23; };
recursion yes;
allow-recursion { 192.168.16.0/24; 192.168.0.0/23; };

forward first;
forwarders { 202.96.209.133; 114.114.114.114; };

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

// 新增一个samzong.local域名.
zone "samzong.local" IN {
type master;
file "samzong.local.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

编辑samzong.local.zone配置文件

首先创建samzong.local.zone文件:

1
2
➜  ~ cd /var/named
named touch samzong.local.zone;

然后编辑文件内容新增:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$TTL 86400
@ IN SOA @ root.samzong.local. (
2016042112 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
43200 ;Minimum TTL
)

NS @
A 10.0.2.6
www A 192.168.16.100
a IN CNAME www.baidu.com.
b A 192.168.16.101

编辑完成之后,重新启动named-chroot让服务生效:

1
➜  named systemctl restart named-chroot.service

客户端验证

1
2
3
4
5
6
➜  named nslookup www.samzong.local
Server: 192.168.16.6
Address: 192.168.16.6#53

Name: www.samzong.local
Address: 192.168.16.100

使用rndc管理DNS解析记录

rndc 常用指令:

1
2
3
4
5
6
7
status          显示bind服务器的工作状态
reload 重新加载配置文件和区域文件
reload zone 重新加载指定的zone
reconfig 重新读取配制间并加载新增的zone
querylog 关闭或开启查询日志
dumpdb 将高速缓存转存到文件,named.conf 有指定文件位置
freeze 暂停更新所有zone状态

HowTo Automatic Updates CENTOS/RHEL Using YUM

大家若工作遇到需要管理的Linux集群机器较多时,同时我们知道系统的安全更新补丁维护这些非常重要,无论你在安装时优化维护做的再好,随着时间的推移,如果不去更新的话,系统早晚都会不安全,所以定期更新我们的系统补丁是一个运维人员的基本工作内容

Install yum-cron

1
sudo yum install -y yum-cron

因为我的服务器系统多为CentOS 6,6的配置文件在/etc/sysconfig/yum-cron,你可以用以下命令查看配置文件位置:

1
2
3
4
5
6
7
8
9
rpm -ql yum-cron
/etc/cron.daily/0yum.cron
/etc/rc.d/init.d/yum-cron
/etc/sysconfig/yum-cron
/etc/yum/yum-daily.yum
/etc/yum/yum-weekly.yum
/usr/share/doc/yum-cron-3.2.29
/usr/share/doc/yum-cron-3.2.29/COPYING
/usr/share/man/man8/yum-cron.8.gz

Configure “/etc/sysconfig/yum-cron”

yum-cron的默认设置是会在每天自动检查和安装系统更新包,在安装完成后有些配置需要注意下:

1. 对于不需要更新的可以忽略掉
1
YUM_PARAMETER="--exclude='kernel*' --exclude='php*'"
2. 设置管理员邮箱
1
MAILTO="luchuanjia@msn.com"
3. 不自动安装,仅检查,通知管理邮箱
1
CHECK_ONLY=yes
4. 不自动安装,仅下载
1
DOWNLOAD_ONLY=yes

Automatic Starting yum-cron

1
chkconfig yum-cron on

HowTo Trun Off IPv6 in CentOS 6.x

1. CentOS 6.x

CentOS 6 上是默认打开了IPv6,但其实在我们实际使用中很难用到它,所以本篇的内容就是如何关闭IPv6。

# 可以看到 inet6 ,说明还没关闭。

1
2
3
4
5
6
7
8
9
[root@ultraera ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:3A:F9:6F
inet addr:172.16.102.161 Bcast:172.16.102.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe3a:f96f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:199 errors:0 dropped:0 overruns:0 frame:0
TX packets:122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20124 (19.6 KiB) TX bytes:17182 (16.7 KiB)

# 修改/etc/modprobe.d/dist.conf

1
2
3
4
5
6
7
8
[root@ultraera ~]# vi /etc/modprobe.d/dist.conf
# 添加下面两行内容
alias net-pf-10 off
alias ipv6 off
# 保存退出,并且重新启动系统

# 开机不启动
[root@ultraera ~]# chkconfig ip6tables off

# 系统重启完成后,检查是否加载IPv6

1
[root@ultraera ~]# lsmod | grep v6

# 补充

  • 修改/etc/sysconfig/network,追加

    1
    NETWORKING_IPV6=no
  • 修改/etc/hosts文件,把ipv6的那句本地主机名解析的也注释掉

    1
    #::1   localhost localhost6 localhost6.localdomain6


2. CentOS 7.x

Setup 1. 修改grub文件,在启动引导时不加载ipv6

1
2
3
4
5
6
7
8
[root@ultraera ~]# vim /etc/default/grub

# 在GRUB_CMDLINE_LINUX=" " ,中增加
ipv6.disable=1

# 重新生产启动引导文件,注意,这里重启系统是没用的,需要手动重建引导文件
[root@ultraera ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
[root@ultraera ~]# reboot

# 验证是否关闭

1
[root@ultraera ~]# lsmod | grep ipv6

Setup 2. 第二种方式

1
2
3
4
# 修改/etc/sysctl.conf,增加以下:
net.ipv6.conf.all.disable_ipv6 = 1

reboot

IPv6是默认支持的,所以当你要重新开起IPv6支持时,将以上添加的指令注释掉即可。

之前碰到过安装某些服务时,不能启动,后来检查原因是因为关闭ipv6的问题,因为在这些服务的conf文件,指定了类似监听ipv6,因为关闭了ipv6导致服务无法启动,将其关闭即可。

CentOS 7(2) 系统服务管理方式

关闭防火墙:

1
2
systemctl stop firewalld.service   # 关闭
systemctl disable firewalld.service # 开机不自启动

CentOS 7(1) 修改系统主机名

CentOS 7 修改主机名

方法1: hostname 主机名

这种方式,只能修改临时的主机名,当重启机器后,主机名称又变回来了。

方法2: hostnamectl set-hostname <主机名>

使用这种方式修改,可以永久性的修改主机名称!

如何在CentOS 6 安装更高版本的PHP


CentOS 6 默认安装的PHP 版本是5.3, 但现在很多应用对于LAMP中,PHP的版本最低5.4,所以本篇文章的主要内容是,如何升级PHP5.3到5.4以及更高版本

实验环境:CentOS 6.4

解决办法是采用了remi源仓库已经适配的相应php版本

经过测试,该升级办法同样适用目前CentOS 6.x 所有版本

1. 安装Remi源

1
2
3
4
5
# 因为remi依赖epel源仓库,所有我们要先安装它。
[root@visionet8 ~]# yum install -y epel-release

[root@visionet8 ~]# wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
[root@visionet8 ~]# rpm -Uvh remi-release-6.rpm

2. 我们看下Remi的的yum配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Repository: http://rpms.remirepo.net/
# Blog: http://blog.remirepo.net/
# Forum: http://forum.remirepo.net/

[remi]
name=Remi's RPM repository for Enterprise Linux 6 - $basearch
baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
#mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php55]
name=Remi's PHP 5.5 RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php55/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php55/mirror
# NOTICE: common dependencies are in "remi-safe"
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php56]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php56/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php56/mirror
# NOTICE: common dependencies are in "remi-safe"
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

经过测试,启用remi源之后,默认情况下php版本为5.4,这时我们只需要升级php即可。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
[root@visionet8 html]# yum update -y php*
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.ustc.edu.cn
* extras: mirrors.aliyun.com
* remi-safe: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.cn99.com
remi | 2.9 kB 00:00
remi/primary_db | 1.6 MB 00:05
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package php.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php.x86_64 0:5.4.45-12.el6.remi will be an update
---> Package php-cli.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php-cli.x86_64 0:5.4.45-12.el6.remi will be an update
---> Package php-common.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php-common.x86_64 0:5.4.45-12.el6.remi will be an update
---> Package php-gd.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php-gd.x86_64 0:5.4.45-12.el6.remi will be an update
--> Processing Dependency: libt1.so.5()(64bit) for package: php-gd-5.4.45-12.el6.remi.x86_64
---> Package php-mcrypt.x86_64 0:5.3.3-4.el6 will be updated
---> Package php-mcrypt.x86_64 0:5.4.45-12.el6.remi will be an update
---> Package php-mysql.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php-mysql.x86_64 0:5.4.45-12.el6.remi will be an update
---> Package php-pdo.x86_64 0:5.3.3-48.el6_8 will be updated
---> Package php-pdo.x86_64 0:5.4.45-12.el6.remi will be an update
--> Running transaction check
---> Package t1lib.x86_64 0:5.1.2-6.el6_2.1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================
Package Arch Version Repository Size
==========================================================================================================
Updating:
php x86_64 5.4.45-12.el6.remi remi 2.8 M
php-cli x86_64 5.4.45-12.el6.remi remi 4.1 M
php-common x86_64 5.4.45-12.el6.remi remi 968 k
php-gd x86_64 5.4.45-12.el6.remi remi 152 k
php-mcrypt x86_64 5.4.45-12.el6.remi remi 60 k
php-mysql x86_64 5.4.45-12.el6.remi remi 145 k
php-pdo x86_64 5.4.45-12.el6.remi remi 129 k
Installing for dependencies:
t1lib x86_64 5.1.2-6.el6_2.1 base 160 k

Transaction Summary
==========================================================================================================
Install 1 Package(s)
Upgrade 7 Package(s)

Total download size: 8.5 M
Downloading Packages:
(1/8): php-5.4.45-12.el6.remi.x86_64.rpm | 2.8 MB 00:07
(2/8): php-cli-5.4.45-12.el6.remi.x86_64.rpm | 4.1 MB 00:06
(3/8): php-common-5.4.45-12.el6.remi.x86_64.rpm | 968 kB 00:02
(4/8): php-gd-5.4.45-12.el6.remi.x86_64.rpm | 152 kB 00:01
(5/8): php-mcrypt-5.4.45-12.el6.remi.x86_64.rpm | 60 kB 00:00
(6/8): php-mysql-5.4.45-12.el6.remi.x86_64.rpm | 145 kB 00:00
(7/8): php-pdo-5.4.45-12.el6.remi.x86_64.rpm | 129 kB 00:01
(8/8): t1lib-5.1.2-6.el6_2.1.x86_64.rpm | 160 kB 00:00
----------------------------------------------------------------------------------------------------------
Total 338 kB/s | 8.5 MB 00:25
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Updating : php-common-5.4.45-12.el6.remi.x86_64 1/15
Updating : php-cli-5.4.45-12.el6.remi.x86_64 2/15
Updating : php-pdo-5.4.45-12.el6.remi.x86_64 3/15
Installing : t1lib-5.1.2-6.el6_2.1.x86_64 4/15
Updating : php-gd-5.4.45-12.el6.remi.x86_64 5/15
Updating : php-mysql-5.4.45-12.el6.remi.x86_64 6/15
Updating : php-5.4.45-12.el6.remi.x86_64 7/15
Updating : php-mcrypt-5.4.45-12.el6.remi.x86_64 8/15
Cleanup : php-5.3.3-48.el6_8.x86_64 9/15
Cleanup : php-mysql-5.3.3-48.el6_8.x86_64 10/15
Cleanup : php-pdo-5.3.3-48.el6_8.x86_64 11/15
Cleanup : php-cli-5.3.3-48.el6_8.x86_64 12/15
Cleanup : php-gd-5.3.3-48.el6_8.x86_64 13/15
Cleanup : php-mcrypt-5.3.3-4.el6.x86_64 14/15
Cleanup : php-common-5.3.3-48.el6_8.x86_64 15/15
Verifying : php-mcrypt-5.4.45-12.el6.remi.x86_64 1/15
Verifying : t1lib-5.1.2-6.el6_2.1.x86_64 2/15
Verifying : php-common-5.4.45-12.el6.remi.x86_64 3/15
Verifying : php-gd-5.4.45-12.el6.remi.x86_64 4/15
Verifying : php-cli-5.4.45-12.el6.remi.x86_64 5/15
Verifying : php-pdo-5.4.45-12.el6.remi.x86_64 6/15
Verifying : php-mysql-5.4.45-12.el6.remi.x86_64 7/15
Verifying : php-5.4.45-12.el6.remi.x86_64 8/15
Verifying : php-5.3.3-48.el6_8.x86_64 9/15
Verifying : php-gd-5.3.3-48.el6_8.x86_64 10/15
Verifying : php-cli-5.3.3-48.el6_8.x86_64 11/15
Verifying : php-pdo-5.3.3-48.el6_8.x86_64 12/15
Verifying : php-common-5.3.3-48.el6_8.x86_64 13/15
Verifying : php-mysql-5.3.3-48.el6_8.x86_64 14/15
Verifying : php-mcrypt-5.3.3-4.el6.x86_64 15/15

Dependency Installed:
t1lib.x86_64 0:5.1.2-6.el6_2.1

Updated:
php.x86_64 0:5.4.45-12.el6.remi php-cli.x86_64 0:5.4.45-12.el6.remi
php-common.x86_64 0:5.4.45-12.el6.remi php-gd.x86_64 0:5.4.45-12.el6.remi
php-mcrypt.x86_64 0:5.4.45-12.el6.remi php-mysql.x86_64 0:5.4.45-12.el6.remi
php-pdo.x86_64 0:5.4.45-12.el6.remi

Complete!

3. 测试:

1
2
3
4
[root@visionet8 html]# php -v
PHP 5.4.45 (cli) (built: Sep 19 2016 15:31:07)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

4. php 5.5 和php5.6

若要升级到5.5 或 5.6,根据remi源的配置文件,将php5.5的enable参数设置为1,并将默认enable修改为0,然后yum update php*即可。


5. php 7

安装完成之后发现, 在安装remi源之后,在/etc/yum.repos.d除了remi.repo之外,还有remi-php70.reporemi-php71.repo,测试下,如果要升级到php7,可以打开相应源仓库的配置文件,之后升级即可。


以上功能在升级时,要考虑其他组件的版本兼容性,不要盲目升级。

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×