CentOS7.4下DNS服务器软件BIND安装及相关的配置

前言

CentOS7不同于6,只需要安装bind-chroot,就会自动安装主程序包bind和库bind-libs。同时安装bind-utils(包含host和dig程序的包) CentOS7下安装了bind-chroot之后,若要使用named-chroot.service,则需要关闭named.service。两者只能运行一个

序号

IP

功能

1

本机IP:192.168.1.174

DNS服务器

 

一、安装配置DNS软件BIND

 

1.安装bind-chroot

[root@centos7 named]# yum install bind-chroot bind-utils -y

 

2.查询所安装的文件

[root@centos7 named]# rpm -ql bind-chroot

 

3.拷贝bind相关文件,准备bind-chroot环境(在bind chroot的目录中创建相关文件,由于默认是没有配置文件,拷贝模板配置文件/usr/share/doc/bind-9.9.4/sample/在这个目录下)

[root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/ [root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/var/* /var/named/chroot/var/ [root@localhost chroot]# ls /var/named/chroot/etc/ named named.conf named.rfc1912.zones pki [root@localhost chroot]# ls /var/named/chroot/var/ log named run tmp

 

备注:由于安装了bind-chroot,BIND会被封装到一个伪根目录内,原先的文件配置文件的路径位置变为: /var/named/chroot/etc/named.conf ---------BIND服务主配置文件 /var/named/chroot/var/named/ ----------zone文件 直接安装bind配置文件在: /etc/named.conf -BIND服务主配置文件 /var/named/ -zone文件

 

4.将bind锁定文件设置为可写。

[root@localhost named]# chmod -R 777 /var/named/chroot/var/named/data/

 

5.将/etc/named.conf文件拷贝到bind-chroot目录里,并进行编辑最简配置

[root@localhost named]# cp /etc/named.conf /var/named/chroot/etc/named.conf

[root@localhost etc]# vim /var/named/chroot/etc/named.conf

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

allow-query { any; };

directory "/var/named/";

recursion yes;

};

 

zone "liyue.com" {

type master;

file "liyue.zone";

};

zone "liyu.org" {

type master;

file "liyu.zone";

};

6.创建转发域

[root@localhost named]#cp /var/named/named.localhost /var/named/chroot/var/named/liyue.zone [root@localhost named]# vim /var/named/chroot/var/named/liyue.zone

$TTL 1D

$ORIGIN liyue.com.

@ IN SOA liyue.com. admin.liyue.com. (

20190221; serial

1D ; refresh

1H ; retry

1W ; expire

3H ; minimum

)

IN NS ns1.liyue.com.

 

ns1 IN A 192.168.1.174

www IN A 192.168.1.174

 

 

7.检查配文件和转发域是否配置正确

[root@centos7 named]# named-checkconf /var/named/chroot/etc/named.conf

[root@centos7 named]# named-checkzone liyu.org /var/named/chroot/var/named/liyu.zone

zone liyu.org/IN: loaded serial 20190221

OK

[root@centos7 named]# named-checkzone liyue.com /var/named/chroot/var/named/liyue.zone

zone liyue.com/IN: loaded serial 20190221

OK

 

8.启动named-chroot服务

[root@centos7 named]# systemctl start named-chroot

[root@centos7 named]# systemctl status named-chroot

● named-chroot.service - Berkeley Internet Name Domain (DNS)

Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)

Active: active (running) since 四 2019-02-21 13:09:21 CST; 53min ago

Process: 3551 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS)

Process: 3549 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Main PID: 3553 (named)

CGroup: /system.slice/named-chroot.service

└─3553 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot

 

2月 21 13:09:21 centos7 named[3553]: command channel listening on 127.0.0.1#953

2月 21 13:09:21 centos7 systemd[1]: Started Berkeley Internet Name Domain (DNS).

2月 21 13:09:21 centos7 named[3553]: command channel listening on ::1#953

2月 21 13:09:21 centos7 named[3553]: managed-keys-zone: loaded serial 0

2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: loaded serial 20190221

2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: loaded serial 20190221

2月 21 13:09:21 centos7 named[3553]: all zones loaded

2月 21 13:09:21 centos7 named[3553]: running

2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: sending notifies (serial 20190221)

2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: sending notifies (serial 20190221)

 

二、在客户端进行测试

1.在客户端修改dns配置文件/etc/resolv.conf

[root@centos7 named]# cat /etc/resolv.conf

# Generated by NetworkManager

#nameserver 202.96.128.86

nameserver 192.168.1.174 # dns服务器的IP,本机dns服务器的IP

 

2.使用dig、host、nslookup测试,查看ns记录是本机dns服务器IP

[root@centos7 named]# host www.liyu.org

www.liyu.org has address 192.168.1.174

[root@centos7 named]# nslookup www.liyu.org

Server: 192.168.1.174

Address: 192.168.1.174#53

 

Name: www.liyu.org

Address: 192.168.1.174

 

[root@centos7 named]#

[root@centos7 named]# dig www.liyue.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.liyue.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2942

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.liyue.com. IN A

 

;; ANSWER SECTION:

www.liyue.com. 86400 IN A 192.168.1.174

 

;; AUTHORITY SECTION:

liyue.com. 86400 IN NS ns1.liyue.com.

 

;; ADDITIONAL SECTION:

ns1.liyue.com. 86400 IN A 192.168.1.174

 

;; Query time: 0 msec

;; SERVER: 192.168.1.174#53(192.168.1.174)

;; WHEN: 四 2月 21 14:08:02 CST 2019

;; MSG SIZE rcvd: 92

 

 

 

 

 

 

 

 

你可能感兴趣的:(运维)