Centos7.3搭建DNS服务器--BIND


1、系统环境说明

[root@dns-server etc]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 

防火墙和Selinux关闭 [root@dns
-server etc]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Oct 11 09:46:22 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Oct 11 09:46:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@dns
-server etc]# getenforce Permissive [root@dns-server etc]# hostname -I 10.0.3.57

 

2、安装bind

[root@dns-server ~]# yum install  bind*  -y
[root@dns-server ~]# rpm -ql bind
/etc/named.conf  # 主配置文件
/etc/named.rfc1912.zones  # 区域解析库文件 
/var/log/named.log #日志文件
/var/named #服务根目录

 

3、修改配置文件

[root@dns-server ~]# cp /etc/named.conf{,.bak}
[root@dns-server ~]# vim /etc/named.conf
#删除IPv6地址,修改监听地址
options {
        listen-on port 53 { 10.0.3.57; };   
             ....
        allow-query     { localhost;any; };   //允许DNS查询客户端
             ...
}

 

4、启动bind服务

#检查配置文件
[root@dns-server ~]# named-checkconf /etc/named.conf

#启动bind服务
[root@dns-server ~]# systemctl start named
[root@dns-server ~]# netstat -lntup|grep 53
tcp        0      0 10.0.3.57:53            0.0.0.0:*               LISTEN      8053/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      8053/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      8053/named          
udp        0      0 10.0.3.57:53            0.0.0.0:*                           8053/named


#测试DNS服务器 dig @表示指定NDS服务器 [root@dns
-server ~]# dig baidu.com @10.0.3.57 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> baidu.com @10.0.3.57 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49122 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;baidu.com. IN A ;; ANSWER SECTION: baidu.com. 600 IN A 123.125.115.110 baidu.com. 600 IN A 220.181.57.216 ;; AUTHORITY SECTION: baidu.com. 172082 IN NS ns2.baidu.com. baidu.com. 172082 IN NS ns7.baidu.com. baidu.com. 172082 IN NS dns.baidu.com. baidu.com. 172082 IN NS ns4.baidu.com. baidu.com. 172082 IN NS ns3.baidu.com. ;; ADDITIONAL SECTION: dns.baidu.com. 172082 IN A 202.108.22.220 ns2.baidu.com. 172082 IN A 61.135.165.235 ns3.baidu.com. 172082 IN A 220.181.37.10 ns4.baidu.com. 172082 IN A 220.181.38.10 ns7.baidu.com. 172082 IN A 119.75.219.82 ;; Query time: 6 msec ;; SERVER: 10.0.3.57#53(10.0.3.57) ;; WHEN: Thu Oct 11 16:51:46 CST 2018 ;; MSG SIZE rcvd: 240

 

5、搭建内网DNS服务器

让当前的DNS解析qipai.com域名

/etc/named.conf
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
主配置文件中指定了/etc/named.rfc1912.zones文件
01.将域名 IP 关系存储在DNS上,在
/etc/named.rfc1912.zones 文件中进行添加 [root@clsn6 ~]# vim /etc/named.rfc1912.zones zone "qipai.com" IN { # qipai.com是域名 type master; # 表示权威DNS,即第一个 file "qipai.com.zone"; # 域数据库,默认位于/var/named/下面,只需告知文件名qipai.com.zone是库文件名 };
需要解析多个域名时,在来一个zone然后创建对应的域名文件就OK了。

02.以
/var/named目录下的named.localhost为模板,创建qipai.com.zone文件,创建区域数据库
[root@dns-server ~]# cd /var/named/ [root@dns-server named]# 
cp -av named.localhost qipai.com.zone 'named.localhost' -> 'nmtui.com.zone' ## 注意cp -a 保持原有属性
03.解析区域数据库格式,存放域名与IP的对应关系
[root@dns-server named]# cat qipai.com.zone
$TTL 1D
@ IN SOA @ qipai.top. ( 30 ; serial 1M ; refresh 1M ; retry 1M ; expire 3M ) ; minimum NS @ admin A 10.0.3.10 gm2.admin A 10.0.3.10 @ A 10.0.3.10

 

6、检查配置文件,重启bind服务

[root@dns-server named]# named-checkzone qipai.com /var/named/qipai.com.zone
zone qipai.com/IN: loaded serial 30
OK
[root@dns-server named]# systemctl restart named

 

 

7、测试DNS是否生效

Linux测试

[root@dns-server named]# dig qipai.com @10.0.3.57

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> qipai.com @10.0.3.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44877
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qipai.com.            IN    A

;; ANSWER SECTION:
qipai.com.        86400    IN    A    10.0.3.10

;; AUTHORITY SECTION:
qipai.com.        86400    IN    NS    qipai.com.

;; Query time: 1 msec
;; SERVER: 10.0.3.57#53(10.0.3.57)
;; WHEN: Thu Oct 11 18:26:21 CST 2018
;; MSG SIZE  rcvd: 68

[root@dns-server named]# 

修改网卡配置文件(/etc/sysconfig/network-scripts/ifcfg-eth0需要重启网卡生效)或  /etc/resolv.conf (即时生效)指定DNS解析

 

Windows测试,指定DNS服务器

 

 

 

更多详情参考 bind9中文手册
https://www.centos.bz/manual/BIND9-CHS.pdf
https://www.linuxprobe.com/set-up-dns-server.html

 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



 
粤ICP备18138465号  © 2018-2024 CODEPRJ.COM