---------- 20190619 設定dns: 重新開機, (適當的在每個清理步驟後重新開機, 有助於系統徹底清除工作記憶) # shutdown -r now reboot 檢查網路 # ifconfig enp5s0: flags=4163 mtu 1500 inet 60.250.98.236 netmask 255.255.255.0 broadcast 60.250.98.255 inet6 fe80::9a6c:67fd:a99d:8791 prefixlen 64 scopeid 0x20 ether 54:04:a6:a7:c3:2a txqueuelen 1000 (Ethernet) RX packets 2951759 bytes 1185553847 (1.1 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1883331 bytes 165468334 (157.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 68 bytes 5912 (5.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 68 bytes 5912 (5.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099 mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:55:32:82 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # cat /etc/sysconfig/network-scripts/ifcfg-enp5s0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp5s0 UUID=79ac0e3a-3395-4739-93a3-9b4dd77a90c9 DEVICE=enp5s0 ONBOOT=yes DNS1=168.95.1.1 IPV6_PRIVACY=no IPADDR=60.250.98.236 PREFIX=24 GATEWAY=60.250.98.254 ZONE=public # nmcli dev status DEVICE TYPE STATE CONNECTION enp5s0 ethernet 已連線 enp5s0 virbr0 bridge 已連線 virbr0 wlp3s0 wifi 無法使用 -- lo loopback 不受管理的 -- virbr0-nic tun 不受管理的 -- 設定網路IP後重新開機 # nmtui # cat /etc/sysconfig/network-scripts/ifcfg-enp5s0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp5s0 UUID=79ac0e3a-3395-4739-93a3-9b4dd77a90c9 DEVICE=enp5s0 ONBOOT=yes DNS1=168.95.1.1 IPV6_PRIVACY=no IPADDR=60.250.98.233 PREFIX=24 GATEWAY=60.250.98.254 ZONE=public DNS2=168.95.192.1 開啟 port 53 tcp 跟 udp 存取 DNS # firewall-cmd --zone=public --add-port=53/tcp --permanent # firewall-cmd --zone=public --add-port=53/udp --permanent 重新載入防火牆, 變更後要重新載入, 才會看到變更後的結果 firewall-cmd --reload 重新啟動防火牆 systemctl restart firewalld.service 查看開啟了哪些服務和端口: firewall-cmd --list-all 啟動named systemctl enable named.service systemctl enable named-chroot.service systemctl restart named.service systemctl restart named-chroot.servic 執行結果 # systemctl enable named.service Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. # systemctl enable named-chroot.service Created symlink from /etc/systemd/system/multi-user.target.wants/named-chroot.service to /usr/lib/systemd/system/named-chroot.service. # systemctl restart named.service Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details. 設定 luckstar.com.tw dns http://blog.itist.tw/2016/02/building-dns-server-with-bind-on-centos-7.html 1. 設定 /etc/named.conf. 檢查: named-checkconf /etc/named.conf 2. 設定正解 /var/named/zone-luckstar.com.tw 設定反解 /var/named/zone-60.250.98.0 檢查一下正反解記錄是否正確: named-checkzone luckstar.com.tw /var/named/zone-luckstar.com.tw named-checkzone 98.250.60.in-addr.arpa /var/named/zone-60.250.98.0 sudo named-checkzone itist.local /var/named/zone-itist.local sudo named-checkzone 88.168.192.in-addr.arpa /var/named/zone-192.168.88.0 重新啟動服務,並讓它在開機後自動啟動。 sudo systemctl restart named sudo systemctl enable named 用CentOS架設簡單的DNS Server 小志的隨便記 http://a8492397.blogspot.com/2016/10/centosdns-server.html 開啟防火牆的 DNS 通訊埠。 sudo firewall-cmd --permanent --zone=public --add-port=53/tcp sudo firewall-cmd --permanent --zone=public --add-port=53/udp sudo firewall-cmd --reload 正解紀錄 先用常見的 nslookup 指令來測試。 nslookup 外部檢查網站: https://rs.twnic.net.tw/cgi-bin/dns.cgi 7.DNS檢查網站: http://blog.itist.tw/2016/02/building-dns-server-with-bind-on-centos-7.html https://rs.twnic.net.tw/cgi-bin/dns.cgi https://intodns.com/ http://dns.squish.net/ 為 G Suite 和 Gmail 設定 MX 記錄 https://support.google.com/a/answer/140034?hl=zh-Hant&visit_id=636957334434645399-1391179295&rd=1 https://blog.xuite.net/channing.tw484/twblog/110935610-Google+Apps+應用服務申請+使用hinet+dns代管 http://afersontalk.blogspot.com/2017/01/google-g-suite-dnstxt-mx.html https://support.google.com/a/answer/183895?hl=zh-Hant 啟動DNS服務: # systemctl start named 設定開機啟動: # systemctl enable named # journalctl -xe 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:12: unexpected end of line 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:11: unexpected end of input 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:13: isc_lex_gettoken() failed: unbalanced 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:13: unbalanced parentheses 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 60.250.98.in-addr.arpa/IN: loading from master file /etc/named/named.60.250.98 fa 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 60.250.98.in-addr.arpa/IN: not loaded due to errors. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: _default/60.250.98.in-addr.arpa/IN: unknown class/type 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone localhost.localdomain/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone localhost/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: load 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 0.in-addr.arpa/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: named.service: control process exited, code=exited status=1 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). -- Subject: Unit named.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has failed. -- -- The result is failed. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Unit named.service entered failed state. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: named.service failed. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Reached target Host and Network Name Lookups. -- Subject: Unit nss-lookup.target has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit nss-lookup.target has finished starting up. -- -- The start-up result is done. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net polkitd[4255]: Unregistered Authentication Agent for unix-process:19842:739281 (system bus name :1. lines 1876-1907/1907 (END) 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:12: unexpected end of line 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:11: unexpected end of input 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:13: isc_lex_gettoken() failed: unbalanced 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: dns_master_load: /etc/named/named.60.250.98:13: unbalanced parentheses 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 60.250.98.in-addr.arpa/IN: loading from master file /etc/named/named.60.250.98 fa 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 60.250.98.in-addr.arpa/IN: not loaded due to errors. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: _default/60.250.98.in-addr.arpa/IN: unknown class/type 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone localhost.localdomain/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone localhost/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: load 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net bash[19854]: zone 0.in-addr.arpa/IN: loaded serial 0 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: named.service: control process exited, code=exited status=1 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). -- Subject: Unit named.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit named.service has failed. -- -- The result is failed. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Unit named.service entered failed state. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: named.service failed. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net systemd[1]: Reached target Host and Network Name Lookups. -- Subject: Unit nss-lookup.target has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit nss-lookup.target has finished starting up. -- -- The start-up result is done. 6月 09 13:42:15 60-250-98-233.HINET-IP.hinet.net polkitd[4255]: Unregistered Authentication Agent for unix-process:19842:739281 (system bus name :1. ~ lines 1876-1907/1907 (END)