[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; 监听端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; 允许查询
recursion yes; 允许递归查询
# dnssec-enable yes; 域名系统安全协议 是否启用
# dnssec-validation yes; 域名系统安全协议 是否验证
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key"; 注释掉密钥路径
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "szd.com" IN { 正向区域配置,域对应IP
type master; 设置类型为主域
file "szd.com.zone"; 让szd.com指向数据文件szd.com.zone
allow-update { none; }; 允许动态更新哪些客户机地址,当前设置为全部禁止
};
zone "1.168.192.in-addr.arpa" IN { 反向区域配置
type master; 主域
file "192.168.1.arpa"; 指向哪个文件
allow-update { none; }; 全部禁止
};
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost szd.com.zone 拷贝正向解析模板
[root@localhost named]# cp -p named.localhost 192.168.1.arpa 拷贝反向解析模板
$TTL 1D
@ IN SOA @ szd.com. admin.szd.com. (
1234567890 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www IN A 192.168.1.21
sun IN CNAME www
$TTL 1D: 设置了有效地址的缓存记录时间为1天(Day)
@:表示了本机
SOA:start of authority 开始授权信息
Zgod.com.:DNS域名
Root.zgod.com.:DNS域的管理员邮箱
2019022101这一行:更新序列号
1D这一行:刷新时间,设置多久从域名服务器更新该地址的数据库文件。
1H这一行:重试时间,如果更新地址数据库失效,多久以后重新尝试。
1W这一行:失效时间,超过这个时间仍然不能更新的,就停止尝试。
3H这一行:无效地址(数据库当中不存在的地址)解析记录的缓存时间。
NS:NS域名服务器的记录,它行首的@可以忽略不写,默认是继承了SOA记录的行首@信息。如果我们要省略它不写的话,也必须为他空出位置。
A:address地址的记录,只在正向解析的区域数据库文件中使用,设置域名服务器的A记录,地址为IPV4的地址;
AAAA:同样用来设置域名服务器的A记录。地址是IPV6的。
CNAME:别名canonical name为同一个域名下设置不同的名称,别名写在CNAME之前,对应的真名写在CNAME后面。
$TTL 1D
@ IN SOA @ szd.com. admin.szd.com. (
1234567890 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
21 IN PTR www.szd.com
PTR:PTR指针记录。只用在反向解析的区域数据文件当中。这一行最前面的数字21,代表了192.168. 1.21这个特定的IP地址,指向了www.szd.com这个地址
验证配置文件语法
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones
[root@localhost named]# named-checkzone szd.com 192.168.1.arpa
zone szd.com/IN: loaded serial 1234567890
OK
[root@localhost named]# vim szd.com.zone
[root@localhost named]# named-checkzone szd.com szd.com.zone
zone szd.com/IN: loaded serial 1234567890
OK
[root@localhost named]# named-checkzone szd.com szd.com.zone
dns_rdata_fromtext: szd.com.zone:2: near 'admin.szd.com': not a valid number
zone szd.com/IN: loading from master file szd.com.zone failed: not a valid number
zone szd.com/IN: not loaded due to errors.
[root@localhost named]# yum -y install httpd 下载apache
[root@localhost named]# vim /etc/httpd/conf/httpd.conf 修改配置文件添加一个域
ServerName www.szd.com:80
[root@localhost named]# systemctl start httpd
[root@localhost named]# firewall-cmd --permanent --add-service=http
success
[root@localhost named]# firewall-cmd --permanent --add-service=dns
success
root@localhost named]# firewall-cmd --permanent --add-port=80/tcp
success
[root@localhost named]# firewall-cmd --reload
success
[root@localhost named]# systemctl start named
[root@localhost named]# echo 'szd.szd.szd' > /var/www/html/index.html
[root@localhost named]# curl www.szd.com
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.21 设置DNS服务器IP
[root@localhost ~]# curl www.szd.com
szd.szd.szd
DNS主服务器 | 192.168.1.21 |
---|---|
DNS从服务器 | 192.168.1.22 |
客户端 | 192.168.1.12 |
[root@localhost named]# vim /etc/named.rfc1912.zones 修改反向配置
zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.arpa";
allow-transfer { 192.168.1.22; }; 添加DNS从服务器IP
allow-update { none; };
};
[root@localhost named]# named-checkconf /etc/named.rfc1912.zones 检测语法
[root@localhost ~]# systemctl restart named 重启服务
[root@localhost ~]# yum -y install bind
[root@localhost ~]# vim /etc/named.conf 配置文件与上面修改内容相同
[root@localhost ~]# vim /etc/named.rfc1912.zones 修改配置文件
zone "kgc.com" IN {
type slave; 类型为从
masters { 192.168.1.21; }; 写入主服务器IP
file "slave/kgc.com.zone"; 从的正向解析文件
};
zone "1.168.192.in-addr.arpa" IN {
type slave; 类型为从
masters { 192.168.1.21; }; 主服务器IP
file "slave/192.168.1.arpa"; 从的反向解析文件
};
[root@localhost ~]# systemctl start named
[root@localhost ~]# firewall-cmd --permanent --add-service=dns
success
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# vim /etc/resolv.conf
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.22 写DNS从服务器IP
[root@localhost ~]# nslookup www.kgc.com
Server: 192.168.1.22
Address: 192.168.1.22#53
** server can't find www.kgc.com: SERVFAIL
[root@localhost ~]# curl www.kgc.com