CentOS7.4下DNS服务器软件BIND安装及相关的配置

前言

CentOS7不同于6，只需要安装bind-chroot，就会自动安装主程序包bind和库bind-libs。同时安装bind-utils（包含host和dig程序的包） CentOS7下安装了bind-chroot之后，若要使用named-chroot.service，则需要关闭named.service。两者只能运行一个

序号	IP	功能
1	本机IP：192.168.1.174	DNS服务器

 

一、安装配置DNS软件BIND

 

1.安装bind-chroot

[root@centos7 named]# yum install bind-chroot bind-utils -y

 

2.查询所安装的文件

[root@centos7 named]# rpm -ql bind-chroot

 

3.拷贝bind相关文件，准备bind-chroot环境（在bind chroot的目录中创建相关文件，由于默认是没有配置文件，拷贝模板配置文件/usr/share/doc/bind-9.9.4/sample/在这个目录下）

[root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/ [root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/var/* /var/named/chroot/var/ [root@localhost chroot]# ls /var/named/chroot/etc/ named named.conf named.rfc1912.zones pki [root@localhost chroot]# ls /var/named/chroot/var/ log named run tmp

 

备注：由于安装了bind-chroot，BIND会被封装到一个伪根目录内，原先的文件配置文件的路径位置变为： /var/named/chroot/etc/named.conf ---------BIND服务主配置文件 /var/named/chroot/var/named/ ----------zone文件 直接安装bind配置文件在： /etc/named.conf -BIND服务主配置文件 /var/named/ -zone文件

 

4.将bind锁定文件设置为可写。

[root@localhost named]# chmod -R 777 /var/named/chroot/var/named/data/

 

5.将/etc/named.conf文件拷贝到bind-chroot目录里，并进行编辑最简配置

[root@localhost named]# cp /etc/named.conf /var/named/chroot/etc/named.conf

[root@localhost etc]# vim /var/named/chroot/etc/named.conf

options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; allow-query { any; }; directory "/var/named/"; recursion yes; };   zone "liyue.com" { type master; file "liyue.zone"; }; zone "liyu.org" { type master; file "liyu.zone"; };

6.创建转发域

[root@localhost named]#cp /var/named/named.localhost /var/named/chroot/var/named/liyue.zone [root@localhost named]# vim /var/named/chroot/var/named/liyue.zone

$TTL 1D $ORIGIN liyue.com. @ IN SOA liyue.com. admin.liyue.com. ( 20190221; serial 1D ; refresh 1H ; retry 1W ; expire 3H ; minimum ) IN NS ns1.liyue.com.   ns1 IN A 192.168.1.174 www IN A 192.168.1.174

 

 

7.检查配文件和转发域是否配置正确

[root@centos7 named]# named-checkconf /var/named/chroot/etc/named.conf [root@centos7 named]# named-checkzone liyu.org /var/named/chroot/var/named/liyu.zone zone liyu.org/IN: loaded serial 20190221 OK [root@centos7 named]# named-checkzone liyue.com /var/named/chroot/var/named/liyue.zone zone liyue.com/IN: loaded serial 20190221 OK

 

8.启动named-chroot服务

[root@centos7 named]# systemctl start named-chroot [root@centos7 named]# systemctl status named-chroot ● named-chroot.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled) Active: active (running) since 四 2019-02-21 13:09:21 CST; 53min ago Process: 3551 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS) Process: 3549 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 3553 (named) CGroup: /system.slice/named-chroot.service └─3553 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot   2月 21 13:09:21 centos7 named[3553]: command channel listening on 127.0.0.1#953 2月 21 13:09:21 centos7 systemd[1]: Started Berkeley Internet Name Domain (DNS). 2月 21 13:09:21 centos7 named[3553]: command channel listening on ::1#953 2月 21 13:09:21 centos7 named[3553]: managed-keys-zone: loaded serial 0 2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: loaded serial 20190221 2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: loaded serial 20190221 2月 21 13:09:21 centos7 named[3553]: all zones loaded 2月 21 13:09:21 centos7 named[3553]: running 2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: sending notifies (serial 20190221) 2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: sending notifies (serial 20190221)

 

二、在客户端进行测试

1.在客户端修改dns配置文件/etc/resolv.conf

[root@centos7 named]# cat /etc/resolv.conf # Generated by NetworkManager #nameserver 202.96.128.86 nameserver 192.168.1.174 # dns服务器的IP，本机dns服务器的IP

 

2.使用dig、host、nslookup测试，查看ns记录是本机dns服务器IP

[root@centos7 named]# host www.liyu.org www.liyu.org has address 192.168.1.174 [root@centos7 named]# nslookup www.liyu.org Server: 192.168.1.174 Address: 192.168.1.174#53   Name: www.liyu.org Address: 192.168.1.174   [root@centos7 named]# [root@centos7 named]# dig www.liyue.com   ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.liyue.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2942 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2   ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.liyue.com. IN A   ;; ANSWER SECTION: www.liyue.com. 86400 IN A 192.168.1.174   ;; AUTHORITY SECTION: liyue.com. 86400 IN NS ns1.liyue.com.   ;; ADDITIONAL SECTION: ns1.liyue.com. 86400 IN A 192.168.1.174   ;; Query time: 0 msec ;; SERVER: 192.168.1.174#53(192.168.1.174) ;; WHEN: 四 2月 21 14:08:02 CST 2019 ;; MSG SIZE rcvd: 92