1、系统环境说明
[root@centos6 etc]# cat /etc/redhat-release
CentOS release 6.7 (Final)
2、安装bind
[root@centos6 ~]# yum install bind -y
[root@centos6 ~]# rpm -ql bind
/etc/named.conf # 主配置文件
/etc/named.rfc1912.zones # 区域解析库文件
/var/log/named.log #日志文件
/var/named #解析库文件
named.ca #根区域解析库文件
named.localhost #正向解析
named.loopback #反向解析
3、修改配置文件
备份named.conf
[root@centos6 ~]# cp -p /etc/named.conf{,.bak}
修改配置文件
cat /etc/named.conf
主配置文件格式:
全局配置:
options {
listen-on port 53 { 127.0.0.1; };#修改为any或本机IP,表示服务器上的所有IP地址均可提供DNS域名解析服务
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };#修改为any,可以让其它服务器采用这个dns服务,否则就只有本机localhost才能用
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
日志配置:
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
区域配置:
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
注意:每个配置语句必须以分号结尾;
检查配置文件的语法错误:
[root@centos6 ~]# named-checkconf
[root@centos6 ~]# named-checkconf /etc/named.conf
启动服务
root@centos6 ~]# service restart named
[root@centos6 ~]# service named status
检查端口
[root@centos6 ~]# netstat -lntup |grep :53
tcp 0 0 10.0.5.105:53 0.0.0.0:* LISTEN 27270/named-sdb
tcp 0 0 ::1:53 :::* LISTEN 27270/named-sdb
udp 0 0 10.0.5.105:53 0.0.0.0:* 27270/named-sdb
udp 0 0 ::1:53 :::* 27270/named-sdb
测试DNS服务器
[root@centos6 ~]# dig baidu.com @10.0.5.105
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> baidu.com @10.0.5.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51388
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;baidu.com. IN A
;; ANSWER SECTION:
baidu.com. 62 IN A 220.181.38.148
baidu.com. 62 IN A 123.125.114.144
;; Query time: 0 msec
;; SERVER: 10.0.5.105#53(10.0.5.105)
;; WHEN: Thu Jun 6 15:30:21 2019
;; MSG SIZE rcvd: 59
4、搭建内部DNS正反向解析
DNS可以解析www.safeidc.cn
定义区域在 /etc/named.rfc1912.zones 添加
#正向解析配置
[root@centos6 ~]# vim /etc/named.rfc1912.zones
zone "safeidc.cn" IN {
type master; # 表示权威DNS(master主服务器,slave从服务器,hint根服务器,forward转发服务器)
file "safeidc.cn.zone";# 域数据库,默认位于/var/named/下面,只需告知文件名safeidc.cn.zone是库文件名
allow-update { none; }; #允许那些客户端动态更新解析信息
};
建立区域配置文件
[root@centos6 named]# cp -p named.localhost safeidc.cn.zone
root@centos6 named]# cat safeidc.cn.zone
$TTL 1D #定义TTL过期时间
@ IN SOA @ rname.invalid. ( #
20190605 ; serial #更新序列号
1D ; refresh #刷新时间
1H ; retry #重试时间
1W ; expire #过期时间
3H ) ; minimum #否定答案的TTL值
@ NS ns1
ns1 A 10.0.5.105
www A 10.0.5.106
bbs A 10.0.5.107
web CNAME www
#反向解析配置
[root@centos6 ~]# vim /etc/named.rfc1912.zones
zone "5.0.10.in-addr.arpa" IN {
type master;
file "10.0.5.arpa";
};
建立区域配置文件
[root@centos6 named]# cp -a named.loopback 10.0.5.zone
[root@centos6 named]# more 10.0.5.zone
$TTL 1D
@ IN SOA ns1.safeidc.cn. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns1.safeidc.cn.
106 PTR www.safeidc.cn.
107 PTR bbs.safeidc.cn.
106 PTR web.safeidc.cn.
检查服务
[root@centos6 named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
number of zones: 19
server is up and running
[root@centos6 named]# rndc reload
server reload successful
[root@centos6 named]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
number of zones: 20
server is up and running
5、验证测试
正向
[root@centos6 named]# nslookup - 10.0.5.105
> safeidc.cn
Server: 10.0.5.105
Address: 10.0.5.105#53
*** Can't find safeidc.cn: No answer
> www.safeidc.cn
Server: 10.0.5.105
Address: 10.0.5.105#53
Name: www.safeidc.cn
Address: 10.0.5.106
> bbs.safeidc.cn
Server: 10.0.5.105
Address: 10.0.5.105#53
Name: bbs.safeidc.cn
Address: 10.0.5.107
> web.safeidc.cn
Server: 10.0.5.105
Address: 10.0.5.105#53
反向
[root@centos6 named]# nslookup - 10.0.5.105
> 10.0.5.106
Server: 10.0.5.105
Address: 10.0.5.105#53
106.5.0.10.in-addr.arpa name = web.safeidc.cn.
106.5.0.10.in-addr.arpa name = www.safeidc.cn.
> 10.0.5.105
Server: 10.0.5.105
Address: 10.0.5.105#53
105.5.0.10.in-addr.arpa name = ns1.safeidc.cn.