閒來無事下載了最新的Zimbra在Centos下進行了最簡單的單機配置,以下把過程進行下說明:
環境說明:
操作系統:Centos 7.1.1503
安裝配置:最小安裝
Zimbra軟件版本:zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
主機IP:172.16.0.100
主機名稱:mail.pek.corp
主機配置DNS服務並使用阿里雲DNS進行轉發,同時提供內部DNS服務。以下是配置過程:
首先配置DNS服務
ZImbra系統安裝時要求先配置郵件域的MX記錄。
Setup DNS A Record
Ensure you have a Reverse lookup zone
Setup MX
Record
login as: root
修改本機名稱
[root@mail01 ~]# vi /etc/hosts
127.0.0.1
localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
172.16.0.100 mail.pek.corp. mail
禁用 SELINUX服務
Enter this at command line:
setenforce
0
Update selinux config file
vi
/etc/selinux/config
selinux=permissive
安裝BIND服務軟件包及網絡工具
[root@mail01 ~]# yum -y
install bind*
[root@mail01 ~]# yum -y
install net-tools
[root@mail01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens160"
UUID="b14554bd-669e-457f-a85f-62a402f8c960"
DEVICE="ens160"
ONBOOT="yes"
IPADDR="172.16.0.100"
PREFIX="24"
GATEWAY="172.16.0.1"
DNS1="172.16.0.100"
DOMAIN="pek.corp"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_PRIVACY="no"
修改本機DNS指向
[root@mail01 ~]# vi
/etc/resolv.conf
# Generated by NetworkManager
search pek.corp
nameserver 172.16.0.100
重啓網絡服務是以上修改即時生效
[root@mail01 ~]# service network restart
Restarting network (via systemctl): [
OK ]
[root@mail01 ~]#
開始配置DNS服務
[root@mail01 ~]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to
configure the ISC BIND named(8) DNS
// server as a caching only nameserver
(as a localhost DNS resolver only).
//
// See
/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };
listen-on port 53 {
172.16.0.100; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file
"/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
//
allow-query { localhost; };
allow-query { any; };
forwarders { 223.5.5.5; 223.6.6.6; };
/*
- If you are building an AUTHORITATIVE DNS server, do
NOT enable recursion.
- If you are building a RECURSIVE (caching)
DNS server, you need to enable
recursion.
- If your
recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do
so will
cause your server to become part of large scale DNS
amplification
attacks. Implementing BCP38 within your network
would greatly
reduce such attack surface
*/
recursion yes;
//dnssec-enable yes;
// dnssec-validation yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file
"/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile
"/run/named/session.key";
};
logging {
channel default_debug {
file
"data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@mail01 ~]# vi /etc/named.rfc1912.zones
//
named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver
package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for
example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file
"named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file
"named.localhost";
allow-update { none; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file
"named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file
"named.empty";
allow-update { none; };
};
zone "0.16.172.in-addr.arpa" IN {
type master;
file "172.16.0.zone";
allow-update { none; };
};
zone "pek.corp" IN {
type
master;
file "pek.corp.zone";
allow-update { none; };
};
[root@mail01 ~]# cp /var/named/named.empty
/var/named/pek.corp.zone
[root@mail01 ~]# cp
/var/named/named.empty /var/named/172.16.0.zone
[root@mail01 ~]# vi /var/named/pek.corp.zone
$TTL 3H
@ IN SOA mail mail.pek.corp. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.pek.corp.
IN MX 10 mail.pek.corp.
mail IN A 172.16.0.100
[root@mail01 ~]# vi /var/named/172.16.0.zone
$TTL 3H
@ IN SOA mail
mail.pek.corp. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS mail.pek.corp.
100 IN PTR
mail.pek.corp.
[root@mail ~]# chown -R named.named /var/named/
[root@mail ~]# ls -l /var/named/
total 24
-rw-r-----. 1 named named 180 Sep 15 23:29 172.16.0.zone
drwxr-x---. 7
named named 56 Sep 15 22:43 chroot
drwxr-x---. 7 named named 56 Sep 15
22:43 chroot_sdb
drwxrwx---. 2 named named 22 Sep 15 23:23 data
drwxrwx---. 2 named named 58 Sep 16 00:29 dynamic
drwxrwx---. 2 named
named 6 Mar 6 2015 dyndb-ldap
-rw-r-----. 1 named named 2076 Jan 28
2013 named.ca
-rw-r-----. 1 named named 152 Dec 15 2009 named.empty
-rw-r-----. 1 named named 152 Jun 21 2007 named.localhost
-rw-r-----.
1 named named 168 Dec 15 2009 named.loopback
-rw-r-----. 1 named named
198 Sep 15 23:16 pek.corp.zone
drwxrwx---. 2 named named 6 Sep 3 18:35
slaves
[root@mail ~]# systemctl restart named.service
[root@mail ~]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
Active:
active (running) since Wed 2015-09-16 00:28:40 CST; 14s ago
Process: 2072
ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill
-TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2084
ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 2082 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
(code=exited, status=0/SUCCESS)
Main PID: 2087 (named)
CGroup:
/system.slice/named.service
└─2087 /usr/sbin/named -u named
Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost.localdomain/IN:
lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone
pek.corp.in-addr.arpa/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]:
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0....0
Sep 16 00:28:40 mail.pek.corp
named[2087]: zone localhost/IN: loaded serial 0
Sep 16 00:28:40
mail.pek.corp named[2087]: all zones loaded
Sep 16 00:28:40 mail.pek.corp
named[2087]: running
Sep 16 00:28:40 mail.pek.corp named[2087]: zone
0.16.172.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp named[2087]:
zone pek.corp.in-addr.arpa/IN: se...)
Sep 16 00:28:40 mail.pek.corp
systemd[1]: Started Berkeley Internet Name Dom....
Sep 16 00:28:41
mail.pek.corp named[2087]: managed-keys-zone: No DNSKEY RRSI...s
Hint: Some
lines were ellipsized, use -l to show in full.
[root@mail ~]# nslookup
>
mail.pek.corp
Server: 172.16.0.100
Address: 172.16.0.100#53
Name: mail.pek.corp
Address: 172.16.0.100
> set
ty=mx
> pek.corp
Server: 172.16.0.100
Address:
172.16.0.100#53
pek.corp mail exchanger = 10 mail.pek.corp.
>
172.16.0.100
Server: 172.16.0.100
Address: 172.16.0.100#53
100.0.16.172.in-addr.arpa name = mail.pek.corp.
至此DNS服務配置完畢,下一期介紹後續安裝步驟