Centos7.3搭建DNS服务器--BIND

1、系统环境说明

[root@dns-server etc]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 

防火墙和Selinux关闭
[root@dns-server etc]# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Oct 11 09:46:22 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Oct 11 09:46:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.

[root@dns-server etc]# getenforce 
Permissive

[root@dns-server etc]# hostname -I
10.0.3.57 

2、安装bind

[root@dns-server ~]# yum install  bind*  -y
[root@dns-server ~]# rpm -ql bind
/etc/named.conf  # 主配置文件
/etc/named.rfc1912.zones  # 区域解析库文件 
/var/log/named.log #日志文件
/var/named #服务根目录

3、修改配置文件

[root@dns-server ~]# cp /etc/named.conf{,.bak}
[root@dns-server ~]# vim /etc/named.conf
#删除IPv6地址，修改监听地址
options {
        listen-on port 53 { 10.0.3.57; };   
             ....
        allow-query     { localhost;any; };   //允许DNS查询客户端
             ...
}

4、启动bind服务

#检查配置文件
[root@dns-server ~]# named-checkconf /etc/named.conf

#启动bind服务
[root@dns-server ~]# systemctl start named
[root@dns-server ~]# netstat -lntup|grep 53
tcp        0      0 10.0.3.57:53            0.0.0.0:*               LISTEN      8053/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      8053/named          
tcp6       0      0 ::1:953                 :::*                    LISTEN      8053/named          
udp        0      0 10.0.3.57:53            0.0.0.0:*                           8053/named



#测试DNS服务器  dig @表示指定NDS服务器
[root@dns-server ~]# dig baidu.com @10.0.3.57
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> baidu.com @10.0.3.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49122
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com.            IN    A

;; ANSWER SECTION:
baidu.com.        600    IN    A    123.125.115.110
baidu.com.        600    IN    A    220.181.57.216

;; AUTHORITY SECTION:
baidu.com.        172082    IN    NS    ns2.baidu.com.
baidu.com.        172082    IN    NS    ns7.baidu.com.
baidu.com.        172082    IN    NS    dns.baidu.com.
baidu.com.        172082    IN    NS    ns4.baidu.com.
baidu.com.        172082    IN    NS    ns3.baidu.com.

;; ADDITIONAL SECTION:
dns.baidu.com.        172082    IN    A    202.108.22.220
ns2.baidu.com.        172082    IN    A    61.135.165.235
ns3.baidu.com.        172082    IN    A    220.181.37.10
ns4.baidu.com.        172082    IN    A    220.181.38.10
ns7.baidu.com.        172082    IN    A    119.75.219.82

;; Query time: 6 msec
;; SERVER: 10.0.3.57#53(10.0.3.57)
;; WHEN: Thu Oct 11 16:51:46 CST 2018
;; MSG SIZE  rcvd: 240

5、搭建内网DNS服务器

让当前的DNS解析qipai.com域名

/etc/named.conf
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
主配置文件中指定了/etc/named.rfc1912.zones文件

01.将域名 IP 关系存储在DNS上，在 /etc/named.rfc1912.zones 文件中进行添加
[root@clsn6 ~]# vim /etc/named.rfc1912.zones 
zone "qipai.com" IN { # qipai.com是域名
type master; # 表示权威DNS，即第一个
file "qipai.com.zone"; # 域数据库，默认位于/var/named/下面，只需告知文件名qipai.com.zone是库文件名
};
需要解析多个域名时，在来一个zone然后创建对应的域名文件就OK了。


02.以/var/named目录下的named.localhost为模板，创建qipai.com.zone文件，创建区域数据库
[root@dns-server ~]# cd /var/named/
[root@dns-server named]#  cp -av named.localhost qipai.com.zone
'named.localhost' -> 'nmtui.com.zone'   ## 注意cp -a 保持原有属性

03.解析区域数据库格式，存放域名与IP的对应关系
[root@dns-server named]# cat qipai.com.zone 
$TTL 1D

@       IN SOA  @ qipai.top. (
                                        30      ; serial
                                        1M      ; refresh
                                        1M      ; retry
                                        1M      ; expire
                                        3M )    ; minimum
        NS      @
admin              A    10.0.3.10
gm2.admin          A    10.0.3.10
@       A  10.0.3.10

6、检查配置文件，重启bind服务

[root@dns-server named]# named-checkzone qipai.com /var/named/qipai.com.zone
zone qipai.com/IN: loaded serial 30
OK
[root@dns-server named]# systemctl restart named

7、测试DNS是否生效

Linux测试

[root@dns-server named]# dig qipai.com @10.0.3.57

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> qipai.com @10.0.3.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44877
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qipai.com.            IN    A

;; ANSWER SECTION:
qipai.com.        86400    IN    A    10.0.3.10

;; AUTHORITY SECTION:
qipai.com.        86400    IN    NS    qipai.com.

;; Query time: 1 msec
;; SERVER: 10.0.3.57#53(10.0.3.57)
;; WHEN: Thu Oct 11 18:26:21 CST 2018
;; MSG SIZE  rcvd: 68

[root@dns-server named]# 

修改网卡配置文件（/etc/sysconfig/network-scripts/ifcfg-eth0需要重启网卡生效）或  /etc/resolv.conf （即时生效）指定DNS解析

Windows测试，指定DNS服务器

更多详情参考 bind9中文手册
https://www.centos.bz/manual/BIND9-CHS.pdf
https://www.linuxprobe.com/set-up-dns-server.html