1.DNS服务机器环境
Centos7.2 bind_node1 10.0.0.71 Centos7.2 bind_node2 10.0.0.72
2.搭建DNS服务器
[root@bind_node1 ~]# yum install bind-chroot -y
[root@bind_node1 ~]# systemctl start named-chroot
[root@bind_node1 ~]# systemctl enable named-chroot
#备份bind配置文件
[root@bind_node1 ~]# cp /etc/named.conf /etc/named.conf.bak
[root@bind_node1 ~]# yum install bind* -y
[root@bind_node1 ~]# rpm -ql bind
/etc/named.conf #主配置文件
/etc/named.rfc1912.zones #区域解析库文件
/var/log/named.log #日志文件
/var/named #服务根目录
#修改配置文件
[root@bind_node1 ~]# vim /etc/named.conf
options {
listen-on port 53 { 10.0.0.71; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost;any; };
#检查配置是够正确
[root@bind_node1 ~]# named-checkconf /etc/named.conf
3. 重启服务
[root@bind_node1 ~]# systemctl restart named [root@bind_node1 ~]# ss -lntup|grep -w 53 #测试DNS服务器 [root@bind_node1 ~]# dig zhizhangyi.com @10.0.0.71 ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> zhizhangyi.com @10.0.0.71 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57880 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zhizhangyi.com. IN A ;; Query time: 2 msec ;; SERVER: 10.0.0.71#53(10.0.0.71) ;; WHEN: Tue Feb 27 03:05:37 CST 2018 ;; MSG SIZE rcvd: 43
4.搭建公司内部域
[root@bind_node1 ~]# vim /etc/named.rfc1912.zones
'''
略
'''
zone "zhizhangyi.com" IN { #zhizhangyi.com是域名
type master; #表示权威DNS,即第一个
file "zhizhangyi.com.zone"; #域数据库,默认位于/var/named/下面,只需告知文件名zhizhangyi.com.zone是库文件名
};
[root@bind_node1 ~]# cd /var/named/
[root@bind_node1 named]# cp -av named.localhost zhizhangyi.com.zone
### 注意cp -a 保持原有属性
[root@bind_node1 named]# vim zhizhangyi.com.zone
$TTL 1D
@ IN SOA @ zhizhangyi.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 10.0.0.71
blog A 10.0.0.71
@ A 10.0.0.71
#检查配置文件
[root@bind_node1 named]# named-checkconf
#检查区域配置是否正确
[root@bind_node1 named]# named-checkzone zhizhangyi.com /var/named/zhizhangyi.com.zone
# 载入配置
[root@bind_node1 named]# rndc reload
server reload successful
5. 验证DNS
[root@bind_node1 named]# dig zhizhangyi.com @10.0.0.71 ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> zhizhangyi.com @10.0.0.71 global options: +cmd ▽; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22703 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zhizhangyi.com. IN A ;; ANSWER SECTION: zhizhangyi.com. 86400 IN A 10.0.0.71 zhizhangyi.com. 86400 IN A 127.0.0.1 ;; AUTHORITY SECTION: zhizhangyi.com. 86400 IN NS zhizhangyi.com. ;; ADDITIONAL SECTION: zhizhangyi.com. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 10.0.0.71#53(10.0.0.71) ;; WHEN: Tue Feb 27 03:19:13 CST 2018 ;; MSG SIZE rcvd: 117
6. DNS转发
#转发器的配置格式
options {
forward first;
forwarders{
8.8.8.8;
1.8.8.8;
};
};
#注意:转发器本身不用做任何设置,而是对需要转发器的其他DNS server做以上配置。还有,如果该 DNS Server 无法联系到转发器,那么BIND会自己尝试解析。
#如果要禁止BIND在无法联系到转发器时不做任何操作,那么你还可以使用 forward only 命令,这样BIND只能使用区的权威数据和缓存来响应查询了( 在连接不到转发器的情况下 )。
options {
forward only;
forwarders{
8.8.8.8;
1.8.8.8;
};