目標
1.搭建dns服務器
2.對test.com進行泛解析(本次dns服務器地址為:10.20.11.118;域名解析地址為:10.20.3.118)
開始
安裝
- 安裝bind:yum -y install bind bind-utils
- 啟動服務: systemctl start named
- 設置開機啟動: systemctl enable named
配置
vim /etc/named.conf
將:listen-on port 53 的值修改成 "any;"
allow-query 的值修改成 “any;”
為了確保修改的沒有問題習慣性的驗證下,命令如下:
named-checkconf /etc/named.conf
完整的配置文件如下:
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; };
接下來可以配置域名了,本次的目標是將test.com配置成泛解析指向10.20.3.11
域名配置方式有兩種一種是通過name.conf引用指向單獨的域名解析文件;另外一種是直接在named.conf里進行配置,本次只演示第二種
1.修改 /etc/named.conf文件
vim /etc/named.conf
2.添加正向解析和反向解析
注意:/var/named目錄存放的是域名映射文件,如果通過引用單獨文件解析,只需要填寫文件名會直接映射到對應文件
zone "test.com" IN { type master; file "/var/named/test.com.zone"; }; zone "11.20.10.in-addr.arpa" IN { type master; file "/var/named/11.20.10.zone"; };
3.新增正向解析配置文件
touch /var/named/test.com.zone
具體配置內容如下:
$TTL 1D @ IN SOA www.test.com. root ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS test.com. @ IN A 10.20.3.118 *.test.com. IN A 10.20.3.118
4.驗證配置文件是否有錯誤:
named-checkzone test.com /var/named/test.com.zone
5.重啟dns
systemctl restart named
6.測試:
1.修改本地dns
vim /etc/resolv.conf
2.添加內容至首行:
nameserver 10.20.11.118
3.直接ping測試,結果如下,如果是window將網絡的首選dns設置成dns服務器即可
[root@localhost ~]# ping abc.test.com PING abc.test.com (10.20.3.118) 56(84) bytes of data. 64 bytes from 10.20.3.118 (10.20.3.118): icmp_seq=1 ttl=63 time=0.360 ms 64 bytes from 10.20.3.118 (10.20.3.118): icmp_seq=2 ttl=63 time=0.392 ms
至此正向解析已經完畢,注意這里一定要把防火牆放行或者關閉,否則外部無法連接到dns服務器,反向解析也類似這里就不一步一步來了,直接貼配置文件了
$TTL 1D @ IN SOA www.test.com. root ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS test.com. 118 IN PTR test.com.
測試