centos上搭建dns解析服務器
使用的系統為centos6.5 64位
1.通過yum安裝所需的BIND軟件
yum -y install bind*
安裝完成。
2.打開DNS服務的主配置文件:
vim /etc/named.conf
以下是主配置文件中的 “全局配置” ,更改標紅部分
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; //監聽地址和端口,此處改為any listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; //允許訪問本dns服務器的網段,此處改為any recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
配置區域文件,添加自己的域名,定義正向解析和反向解析信息
vi /etc/named.rfc1912.zones
此處我以添加test.com為例
test.com.zone為正向解析配置文件,存儲路徑為/var/named/
test.com.local為反向解析配置文件,存儲路徑為/var/named/
在末尾添加test.com.zone
1 // named.rfc1912.zones: 2 // 3 // Provided by Red Hat caching-nameserver package 4 // 5 // ISC BIND named zone configuration for zones recommended by 6 // RFC 1912 section 4.1 : localhost TLDs and address zones 7 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt 8 // (c)2007 R W Franks 9 // 10 // See /usr/share/doc/bind*/sample/ for example named configuration files. 11 // 12 13 zone "localhost.localdomain" IN { 14 type master; 15 file "named.localhost"; 16 allow-update { none; }; 17 }; 18 // 19 // See /usr/share/doc/bind*/sample/ for example named configuration files. 20 // 21 22 zone "localhost.localdomain" IN { 23 type master; 24 file "named.localhost"; 25 allow-update { none; }; 26 }; 27 // named.rfc1912.zones: 28 // 29 // Provided by Red Hat caching-nameserver package 30 // 31 // ISC BIND named zone configuration for zones recommended by 32 // RFC 1912 section 4.1 : localhost TLDs and address zones 33 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt 34 // (c)2007 R W Franks 35 // 36 // See /usr/share/doc/bind*/sample/ for example named configuration files. 37 // 38 39 zone "localhost.localdomain" IN { 40 type master; 41 file "named.localhost"; 42 allow-update { none; }; 43 }; 44 45 zone "localhost" IN { 46 type master; 47 file "named.localhost"; 48 allow-update { none; }; 49 }; 50 51 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { 52 type master; 53 file "named.loopback"; 54 allow-update { none; }; 55 }; 56 57 zone "1.0.0.127.in-addr.arpa" IN { 58 type master; 59 file "named.loopback"; 60 allow-update { none; }; 61 }; 62 63 zone "0.in-addr.arpa" IN { 64 type master; 65 file "named.empty"; 66 allow-update { none; }; 67 }; 68 69 zone "test.com" IN { 70 type master; 71 file "test.com.zone"; 72 allow-update { none; }; 73 };
進入/var/named/目錄,創建正向解析配置文件和反向解析配置文件
cp -p named.localhost test.com.zone //正向解析文件 cp -p named.localhost test.com.local //反向解析文件
修改正向解析配置文件,添加解析記錄。 #此處添加www和ftp兩條A記錄
$TTL 1D @ IN SOA @ rname.invalid. ( //rname.invalid. 此處改為test.com 0 ; serial //0改為1 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ //添加記錄 A 127.0.0.1 AAAA ::1
$TTL 1D @ IN SOA test.com. mail.test.com ( //test.com為解析的主域名 mail為郵箱 1 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS ns.test.com. //域名服務器記錄,和本機對應 ns IN A 192.168.2.32 //主機記錄 www IN A 192.168.2.31 //主機記錄 ftp IN A 192.168.2.31 //主機記錄
vi /etc/hosts //添加主機名和上一步域名服務器記錄對應
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ns.test.com 192.168.2.32
設置服務器開機自動啟動dns服務
service named start
chkconfig named on
更改防火牆允許53端口
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
重啟防火牆,查看信息
//重啟防火牆
service iptables restart
//查看防火牆信息
[root@localhost named]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost named]#
更改客戶端dns服務器地址為192.168.2.32,解析域名成功
反向解析在test.com.local配置,此處只做正向解析。
免責聲明!
本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。