安装dns程序包:
yum install -y bind
配置dns主配置文件:
配置文件:/etc/named.conf,named.rfc1912.zones,
解析库文件:/var/named/
1. vi /etc/named.conf
listen-on port 53 { 192.168.1.10; };
//为了不影响本地解析功能,关闭dns的安全功能:
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
2.检查配置文件语法:
named-checkconf
3.启动DNS服务程序:
systemctl start named
4.查看服务是否成功开启:其中53号端口和953端口
ss -tanp
5.将本机的DNS服务器指向自己
vi /etc/resolv.conf
nameserver 192.168.1.10
6.重载服务
systemctl reload named.service
7.测试:
正向解析:即FQDN --- IP
方法一: dig -t A www.baidu.com
方法二: ~]# host -t A www.baidu.com
方法三: [root@localhost ~]# nslookup
> server 192.168.1.10
Default server: 192.168.1.10
Address: 192.168.1.10#53
> set q=A
> www.sina.com
Server: 192.168.1.10
Address: 192.168.1.10#53
Non-authoritative answer:
www.sina.com canonical name = us.sina.com.cn.
us.sina.com.cn canonical name = news.sina.c om.cn.
news.sina.com.cn canonical name = jupiter.sina.com.cn.
jupiter.sina.com.cn canonical name = polaris.sina.com.cn.
Name: polaris.sina.com.cn
Address: 202.108.33.60
反向解析:IP --- FQDN
dig -x 61.135.162.215
定义zone区域文件:
chown :named angrybeans.com
chmod o= angrybeans.com
检查语法:
named-checkozone zone_name zone_file
1.配置解析库主配置文件
vim /etc/named.rfc1912.zones
往里面添加需要配置的zone:
zone "angrybeans.com" IN {
type master;
file "angrybeans.zone";
};
2.添加angrybeans.zone的详细正向解析内容
vim /var/named/angrybeans.zone
往里面添加如下内容:
$TTL 3600
$ORIGIN angrybeans.com.
@ IN SOA ns1 admin (
20170125
4H
2H
12H
1D
);
IN NS ns1
IN MX 10 m1
IN MX 20 m2
ns1 IN A 192.168.1.10
a IN A 192.168.1.2
b IN A 192.168.1.3
flower IN A 192.168.1.4
m1 IN A 192.168.1.5
m2 IN A 192.168.1.6
food IN A 192.168.1.7
eat IN CNAME food
fish IN A 192.168.1.10
fish IN A 192.168.1.20
说明: @表示在/etc/named.rfc1912.zones里面指定的区域名 angrybeans.com , 要写完整应该写为angrybeans.com. 在开始的第二行定义了宏 $ORIGIN 即表示使用的是angrybeans.com. 但是后面一定要加点,才能表示出完整的格式,而后面IN前面省略了@则是因为可以继承上面的SOA前面的name
3.配置好后检查zone的语法:
~]# named-checkzone angrybeans.com /var/named/angrybeans.zone
4.为了安全起见,有必要修改一下zone配置文件的权限
chgrp named /var/named/angrybeans.zon
chmod o= /var/named/angrybeans.zone
5.查看zone数量:为101
[root@localhost ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 1
6.重载服务:
方法一: ~]# rndc reload
方法二: ~]# systemctl reload named.service
7.再次查看zone的数量,number of zones 为102,说明配置成功
[root@localhost ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 102
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
8.检测:
~]# dig -t CNAME eat.angrybeans.com
~]# dig -t A m1.angrybeans.com
现在尝试做反向解析是不可以的, dig -x 192.168.1.5
1. vim /etc/named.rfc1912.zones
往里面添加反向解析库的zone:
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
};
2.vim /var/named/192.168.1.zone
$TTL 3600
$ORIGIN 1.168.192.in-addr.arpa.
@ IN SOAns1.angrybeans.com. admin.angrybeans.com. (
20170125
1H
10M
2H
3H )
IN NSns1.angrybeans.com.
10 IN PTRns1.angrybeans.com.
5 IN PTRm1.angrybeans.com.
4 IN PTRflower.angrybeans.com.
3.检查语法:
[root@localhost named]# named-checkzone /etc/named.rfc1912.zones /var/named/192.168.1.zone
/var/named/192.168.1.zone:4: ignoring out-of-zone data (1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:12: ignoring out-of-zone data (10.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:13: ignoring out-of-zone data (5.1.168.192.in-addr.arpa)
/var/named/192.168.1.zone:14: ignoring out-of-zone data (4.1.168.192.in-addr.arpa)
zone /etc/named.rfc1912.zones/IN: has 0 SOA records
zone /etc/named.rfc1912.zones/IN: has no NS records
zone /etc/named.rfc1912.zones/IN: not loaded due to errors.
报了一些错误,但是不影响反解析
4.修改权限:
chown :named /var/named/192.168.1.zone
chmod o= /var/named/192.168.1.zone
5.查看zone的数量,变为103了
rndc status
6.重载rndc
rndc reload
7.测试,反向解析成功,再尝试正向解析也是没有问题的
[root@localhost named]# dig -x 192.168.1.4
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> -x 192.168.1.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62542
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;4.1.168.192.in-addr.arpa. INPTR
;; ANSWER SECTION:
4.1.168.192.in-addr.arpa. 3600 INPTR flower.angrybeans.com.
;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600IN NS ns1.angrybeans.com.
;; ADDITIONAL SECTION:
ns1.angrybeans.com. 3600IN A 192.168.1.10
;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Mon Jan 25 09:45:37 EST 2016
;; MSG SIZE rcvd: 122