DNS 即Domain Name System(域名系統)的縮寫,它是一種將ip地址轉換成對應的主機名或將主機名轉換成與之相對應ip地址的一種機制。其中通過域名解析出ip地址的叫做正向解析,通過ip地址解析出域名的叫做反向解析。
一、安裝BIND服務器軟件並啟動
1. yum源安裝bind
[root@dns ~]# yum -y install bind*
在安裝完BIND后,系統會多一個用戶named。
2.啟動DNS服務
[root@dns ~]# systemctl start named.service
3.查看named進程是否正常啟動:
[root@dns ~]# ps -ef|grep named
named 19872 1 0 02:37 ? 00:00:00 /usr/sbin/named -u named -c /etc/named.conf
root 19877 19619 0 02:38 pts/1 00:00:00 grep --color=auto named
4.DNS采用的UDP協議,監聽53號端口,進一步檢驗named工作是否正常:
[root@dns ~]# netstat -an|grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*
5.防火牆開放TCP和UDP的53號端口:
[root@dns ~]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT
[root@dns ~]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
二、DNS服務的相關配置文件
對於BIND,需要配置的主要文件為/etc/named.conf。另外兩個文件,/etc/named.isc-dlv.key保存加密用的可以,/etc/named.rfc1912.zones擴展配置文件
1.修改主配置文件/etc/named.conf
要注意在修改之前要先進行備份,使用
[root@dns ~]# cp -p /etc/named.conf /etc/named.conf.bak
命令備份,參數-p表示備份文件與源文件的屬性一致。
修改文件:
[root@dns ~]# vim /etc/named.conf
================================================================
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { node; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ruolan.com" IN {
type master;
file "ruolan.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { none; };
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
================================================================
2.修改/etc/named.rfc1912.zones
添加正向解析域 ruolan.com,逆向解析域 其對應的域解析文件分別為由file指定的
暫無
3.添加/var/named/ruolan.com,zone
可以將模板文件復制一份,在進行修改,使用命令
[root@dns ~]# cp /var/named/named.localhost /var/named/ruolan.com.zone
進入ruolan.com.zone進行配置
[root@dns ~]# vim /var/named/ruolan.com.zone
==============================================
$TTL 1D
@ IN SOA @ dns1.ruolan.com. (
2019092301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
ftp IN A 192.168.1.248
www IN A 192.168.1.248
abc IN A 192.168.1.249
==============================================
4.添加/var/named/
[root@dns ~]# vim /var/named/1.168.192.in-addr.arpa.zone
========================================================
$TTL 1D
@ IN SOA @ 248.1.168.192.in-addr.arpa. (
2019092301 ; serial
1D ; refreah
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.1.248
AAAA ::1
PTR ftp.ruolan.com
248 PTR www.ruolan.com
249 PTR abc.ruolan.com
========================================================
5.配置區域文件的權限
[root@dns ~]# chown named.named -R /var/named/*.zone
6.重啟服務
[root@dns ~]# systemctl restart named
三、在Linux下的DNS客戶端的設置及測試
配置/etc/resolv.conf文件。
[root@dns ~]# vim /etc/resolv.conf
================================
nameserver 192.168.1.248
================================
BIND軟件包本身提供了測試工具nslookup
3.1反向測試
[root@dns ~]# nslookup
> 192.168.1.248
248.1.168.192.in-addr.arpa name = www.ruolan.com.1.168.192.in-addr.arpa.
> 192.168.1.249
249.1.168.192.in-addr.arpa name = abc.ruolan.com.1.168.192.in-addr.arpa.
3.2正向測試
> ftp.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: ftp.ruolan.com
Address: 192.168.1.248
> www.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: www.ruolan.com
Address: 192.168.1.248
> abc.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: abc.ruolan.com
Address: 192.168.1.249
Ok,配置成功