1 基本环境
系统版本 |
主机名 |
IP地址 |
bind软件版本 |
CentOS7.5 |
jlks-mysql |
192.168.1.11 |
bind-9.9.4-61.el7.x86_64 |
2 安装bind
yum -y install bind bind-utils
3 备份和修改配置文件
3.1 修改name.conf文件
cp -p /etc/named.conf{,.ori}
vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; }; //将127.0.0.1改为any
// listen-on-v6 port 53 { ::1; }; //将此行注释掉
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
forwarders {119.29.29.29;182.254.116.116;}; //添加此行内容,当内网无法解析时,用外网解析
allow-query { any; }; //将localhost改为any
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no; //将yes改为no
dnssec-validation no; //将yes改为no
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
3.2 修改named.rfc1912.zones
备份原文件
cp -p /etc/named.rfc1912.zones{,.ori}
修改named.rfc1912.zones文件,添加如下两个顶级域名zone
vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "jt11.com.cn" IN {
type master;
file "jt11.com.cn.zone";
allow-update { none; };
};
zone "zpkj.com" IN {
type master;
file "zpkj.com.zone";
allow-update { none; };
};
3.3 创建顶级域名zone配置文件
3.3.1 创建jt11.com.cn.zone文件
cp -p /var/named/named.localhost /var/named/jt11.com.cn.zone
vim jt11.com.cn.zone
$TTL 1D
@ IN SOA @ jt11.top. (
30 ; serial
1M ; refresh
1M ; retry
1M ; expire
3M ) ; minimum
IN NS ns.jt11.com.cn.
WWW IN A 192.168.1.90 //解析子级域名的IP地址
ns IN A 192.168.1.90 //解析子级域名的IP地址
api IN A 192.168.1.90 //解析子级域名的IP地址
@ IN A 192.168.1.90 //解析顶级域名的IP地址
3.3.2 创建zpkj.com.zone文件
cp -p /var/named/named.localhost /var/named/zpkj.com.zone
vim zpkj.com.zone
$TTL 1D
@ IN SOA @ zpkj.top. (
30 ; serial
1M ; refresh
1M ; retry
1M ; expire
3M ) ; minimum
IN NS ns.zpkj.com.
WWW IN A 192.168.1.106 //解析子级域名的IP地址
ns IN A 192.168.1.106 //解析子级域名的IP地址
wangning IN A 192.168.1.106 //解析子级域名的IP地址
@ IN A 192.168.1.104 //解析顶级域名的IP地址
3.3.3 检查配置文件是否正确
named-checkconf
named-checkzone jt11.com.cn /var/named/jt11.com.cn.zone
named-checkzone zpkj.com /var/named/zpkj.com.zone
4 启动bind服务
systemctl start named
systemctl enable named
5 重新加载配置
如果修改配置文件,不需要重启bind服务,直接重新加载即可
rndc reload
6 注意事项
再次添加新的域名解析时注意权限问题,因为cp named.localhost时没有加-p选项,导致zpkj.com.zone文件属组为root,因为这个问题卡了我两个多小时
[root@jlks-mysql named]# pwd
/var/named
[root@jlks-mysql named]# ll
total 24
drwxrwx--- 2 named named 75 Aug 19 03:08 data
drwxrwx--- 2 named named 31 Aug 22 18:42 dynamic
-rw-r----- 1 root named 336 Aug 22 18:44 jt11.com.cn.zone
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Apr 13 02:48 slaves
-rw-r----- 1 root named 337 Aug 22 18:26 zpkj.com.zone