1、系统环境说明
[root@dns-server etc]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)
防火墙和Selinux关闭 [root@dns-server etc]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) Oct 11 09:46:22 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Oct 11 09:46:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... Oct 11 09:48:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@dns-server etc]# getenforce Permissive [root@dns-server etc]# hostname -I 10.0.3.57
2、安装bind
[root@dns-server ~]# yum install bind* -y [root@dns-server ~]# rpm -ql bind /etc/named.conf # 主配置文件 /etc/named.rfc1912.zones # 区域解析库文件 /var/log/named.log #日志文件 /var/named #服务根目录
3、修改配置文件
[root@dns-server ~]# cp /etc/named.conf{,.bak} [root@dns-server ~]# vim /etc/named.conf #删除IPv6地址,修改监听地址 options { listen-on port 53 { 10.0.3.57; }; .... allow-query { localhost;any; }; //允许DNS查询客户端 ... }
4、启动bind服务
#检查配置文件 [root@dns-server ~]# named-checkconf /etc/named.conf #启动bind服务 [root@dns-server ~]# systemctl start named [root@dns-server ~]# netstat -lntup|grep 53 tcp 0 0 10.0.3.57:53 0.0.0.0:* LISTEN 8053/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8053/named tcp6 0 0 ::1:953 :::* LISTEN 8053/named udp 0 0 10.0.3.57:53 0.0.0.0:* 8053/named
#测试DNS服务器 dig @表示指定NDS服务器 [root@dns-server ~]# dig baidu.com @10.0.3.57 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> baidu.com @10.0.3.57 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49122 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;baidu.com. IN A ;; ANSWER SECTION: baidu.com. 600 IN A 123.125.115.110 baidu.com. 600 IN A 220.181.57.216 ;; AUTHORITY SECTION: baidu.com. 172082 IN NS ns2.baidu.com. baidu.com. 172082 IN NS ns7.baidu.com. baidu.com. 172082 IN NS dns.baidu.com. baidu.com. 172082 IN NS ns4.baidu.com. baidu.com. 172082 IN NS ns3.baidu.com. ;; ADDITIONAL SECTION: dns.baidu.com. 172082 IN A 202.108.22.220 ns2.baidu.com. 172082 IN A 61.135.165.235 ns3.baidu.com. 172082 IN A 220.181.37.10 ns4.baidu.com. 172082 IN A 220.181.38.10 ns7.baidu.com. 172082 IN A 119.75.219.82 ;; Query time: 6 msec ;; SERVER: 10.0.3.57#53(10.0.3.57) ;; WHEN: Thu Oct 11 16:51:46 CST 2018 ;; MSG SIZE rcvd: 240
5、搭建内网DNS服务器
让当前的DNS解析qipai.com域名
/etc/named.conf include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 主配置文件中指定了/etc/named.rfc1912.zones文件
01.将域名 IP 关系存储在DNS上,在 /etc/named.rfc1912.zones 文件中进行添加 [root@clsn6 ~]# vim /etc/named.rfc1912.zones zone "qipai.com" IN { # qipai.com是域名 type master; # 表示权威DNS,即第一个 file "qipai.com.zone"; # 域数据库,默认位于/var/named/下面,只需告知文件名qipai.com.zone是库文件名 };
需要解析多个域名时,在来一个zone然后创建对应的域名文件就OK了。
02.以/var/named目录下的named.localhost为模板,创建qipai.com.zone文件,创建区域数据库
[root@dns-server ~]# cd /var/named/ [root@dns-server named]# cp -av named.localhost qipai.com.zone 'named.localhost' -> 'nmtui.com.zone' ## 注意cp -a 保持原有属性
03.解析区域数据库格式,存放域名与IP的对应关系
[root@dns-server named]# cat qipai.com.zone
$TTL 1D
@ IN SOA @ qipai.top. ( 30 ; serial 1M ; refresh 1M ; retry 1M ; expire 3M ) ; minimum NS @ admin A 10.0.3.10 gm2.admin A 10.0.3.10 @ A 10.0.3.10
6、检查配置文件,重启bind服务
[root@dns-server named]# named-checkzone qipai.com /var/named/qipai.com.zone zone qipai.com/IN: loaded serial 30 OK [root@dns-server named]# systemctl restart named
7、测试DNS是否生效
Linux测试
[root@dns-server named]# dig qipai.com @10.0.3.57 ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> qipai.com @10.0.3.57 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44877 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;qipai.com. IN A ;; ANSWER SECTION: qipai.com. 86400 IN A 10.0.3.10 ;; AUTHORITY SECTION: qipai.com. 86400 IN NS qipai.com. ;; Query time: 1 msec ;; SERVER: 10.0.3.57#53(10.0.3.57) ;; WHEN: Thu Oct 11 18:26:21 CST 2018 ;; MSG SIZE rcvd: 68 [root@dns-server named]#
修改网卡配置文件(/etc/sysconfig/network-scripts/ifcfg-eth0需要重启网卡生效)或 /etc/resolv.conf (即时生效)指定DNS解析
Windows测试,指定DNS服务器
更多详情参考 bind9中文手册
https://www.centos.bz/manual/BIND9-CHS.pdf
https://www.linuxprobe.com/set-up-dns-server.html