1. 安裝 BIND 服務器軟件並啟動
yum -y install bind bind-utils
systemctl start named.service // 啟動服務
systemctl enable named // 設為開機啟動
1.1. 查看named進程是否正常啟動
ps -eaf|grep named // 檢查進程
ss -nult|grep :53 // 檢查監聽端口
如圖:
1.2. 開放 TCP 和 UDP 的 53 端口
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload // 重新加載防火牆配置,讓配置生效
2. DNS 服務的相關配置文件
2.1. 修改主要文件 /etc/named.conf
修改前先備份: cp -p /etc/named.conf /etc/named.conf.bak // 參數-p表示備份文件與源文件的屬性一致。
修改配置:vi /etc/named.conf , 配置內容如下:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
檢查一波
named-checkconf // 檢查named.conf是否有語法問題
2.2. 配置正向解析和反向解析
2.2.1. 修改/etc/named.rfc1912.zones
添加配置: vi /etc/named.rfc1912.zones , 配置內容如下:
zone "reading.zt" IN {
type master;
file "named.reading.zt";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" {
type master;
file "named.192.168.0";
allow-update { none; };
};
2.2.2. 添加正向解析域
基於 name.localhost 模板,創建配置文件:cp -p /var/named/named.localhost /var/named/named.reading.zt
配置正向域名解析文件 named.reading.zt : vi /var/named/named.reading.zt ,配置內容如下:
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
mirror A 192.168.0.233
test A 192.168.0.232
說明:
- http://mirror.reading.zt/ 將會解析為 http://192.168.0.233/
授權 named 用戶 chown :named /var/named/named.reading.zt
檢查區域文件是否正確 named-checkzone "reading.zt" "/var/named/named.reading.zt" ,如圖:
2.2.3. 添加反向解析域
基於 name.localhost 模板,創建配置文件: cp -p /var/named/named.localhost /var/named/named.192.168.0
配置反向域名解析文件 named.192.168.0 : vi /var/named/named.192.168.0
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
233 PTR mirror.reading.zt
232 PTR test.reading.zt
授權 named 用戶 chown :named /var/named/named.192.168.0
檢查區域文件是否正確 named-checkzone "0.168.192.in-addr.arpa" "/var/named/named.192.168.0" ,如圖:
2.2.4. 重啟 named 服務,讓配置生效
重啟 named 服務,讓配置生效 systemctl restart named
3. 在 Linux 下的 DNS 客戶端的設置及測試
3.1. 注冊域名解析服務器到配置文件
配置 ifcfg-xxxx vi /etc/sysconfig/network-scripts/ifcfg-enp0s3 , 具體內容如下:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPADDR=192.168.0.236
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.236 // 新增,本機就是域名解析服務器
DNS2=8.8.8.8
DNS3=114.114.114.114
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=1639f78b-d515-4110-80ad-f1700bf7db84
DEVICE=enp0s3
ONBOOT=yes
ZONE=public
如圖:
重啟網絡服務,讓配置生效 systemctl restart network.service
3.2. 使用 nslookup 測試
bind-utils 軟件包本身提供了測試工具 nslookup
3.3.1. 正向域名解析測試
nslookup test.reading.zt , 或者,如下圖:
3.3.2. 反響域名解析測試
nslookup 192.168.0.232 , 或者,如下圖:
作者:Abbott思宇
鏈接:https://www.jianshu.com/p/ceaa2cc5715c
來源:簡書
著作權歸作者所有。商業轉載請聯系作者獲得授權,非商業轉載請注明出處。