闲来无事下载了最新的Zimbra在Centos下进行了最简单的单机配置,以下把过程进行下说明:
环境说明:
操作系统:Centos 7.1.1503
安装配置:最小安装
Zimbra软件版本:zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
主机IP:172.16.0.100
主机名称:mail.pek.corp
主机配置DNS服务并使用阿里云DNS进行转发,同时提供内部DNS服务。以下是配置过程:
首先配置DNS服务
ZImbra系统安装时要求先配置邮件域的MX记录。
Setup DNS A Record
Ensure you have a Reverse lookup zone Setup MX Recordlogin as: root
修改本机名称
[root@mail01 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.0.100 mail.pek.corp. mail禁用 SELINUX服务
Enter this at command line: setenforce 0Update selinux config file
vi /etc/selinux/config selinux=permissive安装BIND服务软件包及网络工具
[root@mail01 ~]# yum -y install bind*
[root@mail01 ~]# yum -y install net-tools
[root@mail01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="ens160" UUID="b14554bd-669e-457f-a85f-62a402f8c960" DEVICE="ens160" ONBOOT="yes" IPADDR="172.16.0.100" PREFIX="24" GATEWAY="172.16.0.1" DNS1="172.16.0.100" DOMAIN="pek.corp" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_PRIVACY="no"修改本机DNS指向
[root@mail01 ~]# vi /etc/resolv.conf
# Generated by NetworkManager search pek.corp nameserver 172.16.0.100重启网络服务是以上修改即时生效
[root@mail01 ~]# service network restart Restarting network (via systemctl): [ OK ] [root@mail01 ~]#开始配置DNS服务
[root@mail01 ~]# vi /etc/named.conf//
// named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //options {
// listen-on port 53 { 127.0.0.1; }; listen-on port 53 { 172.16.0.100; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; };allow-query { any; };
forwarders { 223.5.5.5; 223.6.6.6; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes;//dnssec-enable yes; // dnssec-validation yes;
dnssec-enable no; dnssec-validation no;dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key"; };logging {
channel default_debug { file "data/named.run"; severity dynamic; }; };zone "." IN {
type hint; file "named.ca"; };include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@mail01 ~]# vi /etc/named.rfc1912.zones // named.rfc1912.zones:
// // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. //zone "localhost.localdomain" IN {
type master; file "named.localhost"; allow-update { none; }; };zone "localhost" IN {
type master; file "named.localhost"; allow-update { none; }; };zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master; file "named.loopback"; allow-update { none; }; };zone "1.0.0.127.in-addr.arpa" IN {
type master; file "named.loopback"; allow-update { none; }; };zone "0.in-addr.arpa" IN {
type master; file "named.empty"; allow-update { none; }; };zone "0.16.172.in-addr.arpa" IN {
type master; file "172.16.0.zone"; allow-update { none; }; };zone "pek.corp" IN {
type master; file "pek.corp.zone"; allow-update { none; }; }; [root@mail01 ~]# cp /var/named/named.empty /var/named/pek.corp.zone [root@mail01 ~]# cp /var/named/named.empty /var/named/172.16.0.zone[root@mail01 ~]# vi /var/named/pek.corp.zone
$TTL 3H @ IN SOA mail mail.pek.corp. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS mail.pek.corp. IN MX 10 mail.pek.corp. mail IN A 172.16.0.100 [root@mail01 ~]# vi /var/named/172.16.0.zone $TTL 3H @ IN SOA mail mail.pek.corp. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS mail.pek.corp. 100 IN PTR mail.pek.corp.
[root@mail ~]# chown -R named.named /var/named/
[root@mail ~]# ls -l /var/named/ total 24
-rw-r-----. 1 named named 180 Sep 15 23:29 172.16.0.zone drwxr-x---. 7 named named 56 Sep 15 22:43 chroot drwxr-x---. 7 named named 56 Sep 15 22:43 chroot_sdb drwxrwx---. 2 named named 22 Sep 15 23:23 data drwxrwx---. 2 named named 58 Sep 16 00:29 dynamic drwxrwx---. 2 named named 6 Mar 6 2015 dyndb-ldap -rw-r-----. 1 named named 2076 Jan 28 2013 named.ca -rw-r-----. 1 named named 152 Dec 15 2009 named.empty -rw-r-----. 1 named named 152 Jun 21 2007 named.localhost -rw-r-----. 1 named named 168 Dec 15 2009 named.loopback -rw-r-----. 1 named named 198 Sep 15 23:16 pek.corp.zone drwxrwx---. 2 named named 6 Sep 3 18:35 slaves[root@mail ~]# systemctl restart named.service [root@mail ~]# systemctl status named.service named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled) Active: active (running) since Wed 2015-09-16 00:28:40 CST; 14s ago Process: 2072 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS) Process: 2084 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS) Process: 2082 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS) Main PID: 2087 (named) CGroup: /system.slice/named.service └─2087 /usr/sbin/named -u namedSep 16 00:28:40 mail.pek.corp named[2087]: zone localhost.localdomain/IN: lo...0
Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: lo...0 Sep 16 00:28:40 mail.pek.corp named[2087]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0....0 Sep 16 00:28:40 mail.pek.corp named[2087]: zone localhost/IN: loaded serial 0 Sep 16 00:28:40 mail.pek.corp named[2087]: all zones loaded Sep 16 00:28:40 mail.pek.corp named[2087]: running Sep 16 00:28:40 mail.pek.corp named[2087]: zone 0.16.172.in-addr.arpa/IN: se...) Sep 16 00:28:40 mail.pek.corp named[2087]: zone pek.corp.in-addr.arpa/IN: se...) Sep 16 00:28:40 mail.pek.corp systemd[1]: Started Berkeley Internet Name Dom.... Sep 16 00:28:41 mail.pek.corp named[2087]: managed-keys-zone: No DNSKEY RRSI...s Hint: Some lines were ellipsized, use -l to show in full. [root@mail ~]# nslookup > mail.pek.corp Server: 172.16.0.100 Address: 172.16.0.100#53Name: mail.pek.corp
Address: 172.16.0.100 > set ty=mx > pek.corp Server: 172.16.0.100 Address: 172.16.0.100#53pek.corp mail exchanger = 10 mail.pek.corp.
> 172.16.0.100 Server: 172.16.0.100 Address: 172.16.0.100#53100.0.16.172.in-addr.arpa name = mail.pek.corp.
至此DNS服务配置完毕,下一期介绍后续安装步骤