Linux系统管理与编程19:自动部署dns
兰生幽谷,不为莫服而不芳;
君子行义,不为莫知而止休。
| #!/bin/bash #----------------------------------------------------------- #前提条件:准备好虚拟机,①外网内网畅通,②yum源搭建好 # File Name: myDns.sh # Version: 1.0 # Created: 2025-05-12 13:51:58 # Author: 网工xxx # Contact: QQ15523232551 # Copyright(R):CQIE # Description: 我的虚拟机上有网络接口卡为ens36,ip地址为 #192.168.100.66,我想在上边做本地主dns服务,目前规划该dns #域名为dns.wuzz.cqie,想规划ftp.wuzz.cqie和www.wuzz.cqie,其ip #分别是192.168.100.23和192.168.100.120。 #=========================================================== # 我色彩斑斓的化妆盒 RED='\033[31m' GREEN='\033[32m' YELLOW='\033[43m' BLUE='\033[94m' RedBlink="\e[5;31m" #5是闪烁,31m是红色 UL='\033[4m' #下划线:: RESET='\033[0m' #复位 # DNS服务自动部署脚本(适用于CentOS7) # 检查root权限 if [ "$EUID" -ne 0 ]; then echo "请使用root权限执行该脚本" exit 1 fi # 配置变量 DOMAIN="wuzz.cqie" DNS_IP="192.168.100.66" NS_HOST="dns" FTP_IP="192.168.100.23" WWW_IP="192.168.100.120" # 安装BIND及相关工具 yum install -y bind bind-utils # 备份原始配置文件 cp /etc/named.conf /etc/named.conf.bak # 生成新的named.conf配置 cat > /etc/named.conf <<EOF options { listen-on port 53 { 127.0.0.1; ${DNS_IP}; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; 192.168.100.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "${DOMAIN}" IN { type master; file "${DOMAIN}.zone"; allow-update { none; }; }; zone "100.168.192.in-addr.arpa" IN { type master; file "100.168.192.zone"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; EOF # 创建正向区域文件 cat > /var/named/${DOMAIN}.zone <<EOF \$TTL 86400 @ IN SOA ${NS_HOST}.${DOMAIN}. admin.${DOMAIN}. ( 2024052001 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ${NS_HOST}.${DOMAIN}. ${NS_HOST} IN A ${DNS_IP} ftp IN A ${FTP_IP} www IN A ${WWW_IP} EOF # 创建反向区域文件 cat > /var/named/100.168.192.zone <<EOF \$TTL 86400 @ IN SOA ${NS_HOST}.${DOMAIN}. admin.${DOMAIN}. ( 2024052001 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ${NS_HOST}.${DOMAIN}. 66 IN PTR ${NS_HOST}.${DOMAIN}. 23 IN PTR ftp.${DOMAIN}. 120 IN PTR www.${DOMAIN}. EOF # 设置文件权限 chown root:named /var/named/${DOMAIN}.zone chown root:named /var/named/100.168.192.zone chmod 640 /var/named/*.zone # 检查配置语法 named-checkconf named-checkzone ${DOMAIN} /var/named/${DOMAIN}.zone named-checkzone 100.168.192.in-addr.arpa /var/named/100.168.192.zone # 配置防火墙 firewall-cmd --permanent --add-service=dns firewall-cmd --reload # 设置SELinux上下文 restorecon -Rv /var/named # 启动服务 systemctl enable --now named # 配置本地DNS nmcli con mod ens36 ipv4.dns "${DNS_IP}" nmcli con up ens36 echo "DNS服务部署完成,请验证以下测试命令:" echo "正向解析测试:nslookup ftp.${DOMAIN} ${DNS_IP}" echo "反向解析测试:nslookup ${FTP_IP} ${DNS_IP}" |
检查一下:cat /etc/resolv.conf
图19- 1
本地dns应该放在前面。
修改etc/resolv.conf
| [root@pxedns shell]# cat /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.100.66 nameserver 192.168.137.2 |
保证你的ftp虚拟机开启,测试一下:
图19- 2