CentOS6.6下内网DNS服务器配置
1.安装bind
yum install -y bind bind-chroot bind-utils/etc/named.conf 主配置文件
/var/named/ 域zone文件位置
2.修改主配置文件
vi /etc/named.conf找到listen-on port 53 { 127.0.0.1; };将127.0.0.1改为192.168.88.132
b.注释掉IPv6监听
找到listen-on-v6 port 53 { ::1; };,前面加上 //
c.允许任何主机查询
找到allow-query { localhost; };将localhost改为any
保存
3.修改域zone文件
vi /etc/named.rfc1912.zones添加
zone "testlan.com" IN {
type master;
file "testlan.com.zone";
allow-update { none; };
};
zone "88.168.192.in-addr.arpa" IN {
type master;
file "88.168.192.zone";
allow-update { none; };
};4.配置正向解析和反向解析
a.配置正向解析cd /var/named/
cp named.localhost testlan.com.zone
vi testlan.com.zone #(一定要和主配置文件里面定义的zone文件名一致)$TTL 1D
@ IN SOA testlan.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.testlan.com.
@ IN MX 5 mail.testlan.com.
ns IN A 192.168.88.132
www IN A 192.168.88.132
mail IN A 192.168.88.132
pop3 IN CNAME mail
smtp IN CNAME mailb.配置反向解析(非必需项)
cp named.localhost 88.168.192.zone
vi 88.168.192.zone$TTL 1D
@ IN SOA ns.testlan.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.testlan.com.
132 IN PTR mail.testlan.com.
132 IN PTR ns.testlan.com.
132 IN PTR www.testlan.com.chmod +r /var/named/*4.防火墙配置
需要允许53端口通过,这里使用Bind需要允许953端口通过,953是rndc的端口,rndc是控制Bind启动、关闭等行为的工具。vi /etc/sysconfig/iptables-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 953 -j ACCEPTservice iptables restart 5.启动bind
service named start6.本机测试
添加域名解析的IP地址vi /etc/resolv.conf; generated by /sbin/dhclient-script
nameserver 192.168.88.132测试命令
dig www.testlan.com
host mail.testlan.com
nslookup mail.testlan.com注意:如果使用 DHCP 取得 IP,当我们修改过 /etc/resolv.conf之后,隔不多久这个档案又会恢复成原本的样子。因为在使用DHCP 时, 系统会主动的使用 DHCP 服务器传来的数据进行系统配置文件的修订。因此,必须告知系统,不要使用 DHCP 传来的服务器设定值。此时,我们要在 /etc/sysconfig/network-scripts/ifcfg-eth0 文档内增加一行:PEERDNS=no,然后service network restart重新启动网络即可。
7.局域网内其他客户端测试
a.linux客户端测试添加域名解析的IP地址
vi /etc/resolv.conf; generated by /sbin/dhclient-script
nameserver 192.168.88.132测试命令
dig www.testlan.com 192.168.88.132; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> www.testlan.com 192.168.88.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3390
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.testlan.com. IN A
;; ANSWER SECTION:
www.testlan.com. 86400 IN A 192.168.88.132
;; AUTHORITY SECTION:
testlan.com. 86400 IN NS ns.testlan.com.
;; ADDITIONAL SECTION:
ns.testlan.com. 86400 IN A 192.168.88.132
;; Query time: 2 msec
;; SERVER: 192.168.88.132#53(192.168.88.132)
;; WHEN: Thu Dec 17 19:26:56 2015
;; MSG SIZE rcvd: 82
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3212
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.88.132. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015121601 1800 900 604800 86400
;; Query time: 1113 msec
;; SERVER: 192.168.88.132#53(192.168.88.132)
;; WHEN: Thu Dec 17 19:26:58 2015
;; MSG SIZE rcvd: 107b.windows客户端测试
nslookup mail.testlan.com 192.168.88.132132.88.168.192.in-addr.arpa
primary name server = ns.testlan.com
responsible mail addr = root.132.88.168.192.in-addr.arpa
serial = 0
refresh = 86400 (1 day)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
服务器: UnKnown
Address: 192.168.88.132
名称: mail.testlan.com
Address: 192.168.88.132