1、系统环境说明
[root@10e0e0e17 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@10e0e0e17 ~]# uname -r 3.10.0-957.el7.x86_64 [root@10e0e0e17 ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 [root@10e0e0e17 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Fri 2020-10-16 06:06:56 CST; 16min ago Docs: man:firewalld(1) Process: 6494 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 6494 (code=exited, status=0/SUCCESS) Oct 15 22:18:33 10e0e0e17 systemd[1]: Starting firewalld - dynamic firewall daemon... Oct 15 22:18:35 10e0e0e17 systemd[1]: Started firewalld - dynamic firewall daemon. Oct 16 06:06:55 10e0e0e17 systemd[1]: Stopping firewalld - dynamic firewall daemon... Oct 16 06:06:56 10e0e0e17 systemd[1]: Stopped firewalld - dynamic firewall daemon. [root@10e0e0e17 ~]# hostname -I 10.0.0.17
2、安装bind
[root@10e0e0e17 ~]# yum install bind* -y [root@10e0e0e17 ~]# rpm -ql bind # 文件说明 [root@clsn6 ~]# rpm -ql bind /etc/named.conf # 主配置文件 /etc/named.rfc1912.zones # 区域解析库文件 /var/log/named.log #日志文件 /var/named #服务根目录
3、修改配置文件
备份named.conf并修改
cp -p /etc/named.conf{,.bak}
修改配置文件
options { listen-on port 53 { 10.0.0.17; };#修改10.0.0.17 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; any;};#修改any;
检查配置是否正确
[root@10e0e0e17 ~]# named-checkconf /etc/named.conf
4、启动服务
[root@10e0e0e17 ~]# systemctl start named [root@10e0e0e17 ~]# systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2020-10-16 06:39:54 CST; 29s ago Process: 8064 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 8062 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 8066 (named) CGroup: /system.slice/named.service └─8066 /usr/sbin/named -u named -c /etc/named.conf Oct 16 06:40:02 10e0e0e17 named[8066]: validating ./NS: verify failed due to bad signature (keyid=26116): RRSIG validity period has not begun Oct 16 06:40:02 10e0e0e17 named[8066]: validating ./NS: no valid signature found Oct 16 06:40:02 10e0e0e17 named[8066]: RRSIG validity period has not begun resolving './NS/IN': 198.41.0.4#53 Oct 16 06:40:02 10e0e0e17 named[8066]: validating ./NS: verify failed due to bad signature (keyid=26116): RRSIG validity period has not begun Oct 16 06:40:02 10e0e0e17 named[8066]: validating ./NS: no valid signature found Oct 16 06:40:02 10e0e0e17 named[8066]: RRSIG validity period has not begun resolving './NS/IN': 192.36.148.17#53 Oct 16 06:40:03 10e0e0e17 named[8066]: validating ./NS: verify failed due to bad signature (keyid=26116): RRSIG validity period has not begun Oct 16 06:40:03 10e0e0e17 named[8066]: validating ./NS: no valid signature found Oct 16 06:40:03 10e0e0e17 named[8066]: RRSIG validity period has not begun resolving './NS/IN': 198.97.190.53#53 Oct 16 06:40:04 10e0e0e17 named[8066]: resolver priming query complete
检查端口
[root@10e0e0e17 ~]# ss -lntup|grep 53 udp UNCONN 0 0 10.0.0.17:53 *:* users:(("named",pid=8066,fd=512)) udp UNCONN 0 0 ::1:53 :::* users:(("named",pid=8066,fd=513)) tcp LISTEN 0 10 10.0.0.17:53 *:* users:(("named",pid=8066,fd=21)) tcp LISTEN 0 128 127.0.0.1:953 *:* users:(("named",pid=8066,fd=23)) tcp LISTEN 0 10 ::1:53 :::* users:(("named",pid=8066,fd=22)) tcp LISTEN 0 128 ::1:953 :::* users:(("named",pid=8066,fd=24))
测试DNS服务器
[root@10e0e0e17 ~]# dig yhh.com @10.0.0.17 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> yhh.com @10.0.0.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57052 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;yhh.com. IN A ;; Query time: 4117 msec ;; SERVER: 10.0.0.17#53(10.0.0.17) ;; WHEN: Fri Oct 16 06:50:09 CST 2020 ;; MSG SIZE rcvd: 36
5.搭建自己的域,让当前的DNS解析www.yhh.com域
[root@10e0e0e17 ~]# vim /etc/named.rfc1912.zones zone "yhh.com" IN { # hengxia.top是域名 type master; # 表示权威DNS,即第一个 file "yhh.com.zone"; # 域数据库,默认位于/var/named/下面,只需告知文件名yhh.com.zone是库文件名 };
以/var/named目录下的named.localhost为模板,创建yhh.com.zone文件,创建区域数据库
[root@10e0e0e17 ~]# cd /var/named/ [root@10e0e0e17 named]# ls chroot chroot_sdb data dynamic dyndb-ldap named.ca named.empty named.localhost named.loopback slaves [root@10e0e0e17 named]# cp -av named.localhost yhh.com.zone ‘named.localhost’ -> ‘yhh.com.zone’
源文件说明
[root@10e0e0e17 named]# cat yhh.com.zone # 解析区域数据库格式,存放名字与IP的对应关系 $TTL 1D # 统一定义TTL(过期时间、缓存时间) @ IN SOA @ rname.invalid. ( # SOA记录 IN internet技术 IN第一条要写,后面可以省略,可继承第一条IN rname.invalid. 资源的类型 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ # 代表当前配置域 A 127.0.0.1 # A记录 名字 到 IP 对应IPv4地址 AAAA ::1 # A记录 名字 到 IP 对应IPv6地址
修改配置文件
$TTL 1D @ IN SOA @ yhh.top. ( 30 ; serial 1M ; refresh 1M ; retry 1M ; expire 3M ) ; minimum NS @ www A 10.0.0.15 yan A 10.0.0.15 @ A 10.0.0.15
检查配置文件
[root@10e0e0e17 named]# named-checkconf # 检查配置文件是否正确 # 检查区域配置是否正确 [root@10e0e0e17 named]# named-checkzone yhh.com /var/named/yhh.com.zone zone yhh.com/IN: loaded serial 30 OK
[root@10e0e0e17 named]# rndc reload #重新载入不成功可以重启服务!
server reload successful
6、验证测试
方法一
[root@iso-all ~]# nslookup - 10.0.0.17 > yhh.top Server: 10.0.0.17 Address: 10.0.0.17#53 ** server can't find yhh.top: SERVFAIL
方法二
[root@10e0e0e17 named]# dig yhh.com 10.0.0.17 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> yhh.com 10.0.0.17 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15101 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;yhh.com. IN A ;; ANSWER SECTION: yhh.com. 38 IN A 178.62.56.142 ;; Query time: 26 msec ;; SERVER: 114.114.114.114#53(114.114.114.114) ;; WHEN: Fri Oct 16 08:15:17 CST 2020 ;; MSG SIZE rcvd: 52 ;; connection timed out; no servers could be reached
方法三
root@iso-all ~]# ping www.yhh.com PING www.yhh.com (10.0.0.15) 56(84) bytes of data. 64 bytes from iso-all (10.0.0.15): icmp_seq=1 ttl=64 time=0.031 ms 64 bytes from iso-all (10.0.0.15): icmp_seq=2 ttl=64 time=0.080 ms 64 bytes from iso-all (10.0.0.15): icmp_seq=3 ttl=64 time=0.091 ms 64 bytes from iso-all (10.0.0.15): icmp_seq=4 ttl=64 time=0.063 ms