DNS 即Domain Name System(域名系统)的缩写,它是一种将ip地址转换成对应的主机名或将主机名转换成与之相对应ip地址的一种机制。其中通过域名解析出ip地址的叫做正向解析,通过ip地址解析出域名的叫做反向解析。
一、安装BIND服务器软件并启动
1. yum源安装bind
[root@dns ~]# yum -y install bind*
在安装完BIND后,系统会多一个用户named。
2.启动DNS服务
[root@dns ~]# systemctl start named.service
3.查看named进程是否正常启动:
[root@dns ~]# ps -ef|grep named
named 19872 1 0 02:37 ? 00:00:00 /usr/sbin/named -u named -c /etc/named.conf
root 19877 19619 0 02:38 pts/1 00:00:00 grep --color=auto named
4.DNS采用的UDP协议,监听53号端口,进一步检验named工作是否正常:
[root@dns ~]# netstat -an|grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*
5.防火墙开放TCP和UDP的53号端口:
[root@dns ~]# iptables -I INPUT -p tcp --dport 53 -j ACCEPT
[root@dns ~]# iptables -I INPUT -p udp --dport 53 -j ACCEPT
二、DNS服务的相关配置文件
对于BIND,需要配置的主要文件为/etc/named.conf。另外两个文件,/etc/named.isc-dlv.key保存加密用的可以,/etc/named.rfc1912.zones扩展配置文件
1.修改主配置文件/etc/named.conf
要注意在修改之前要先进行备份,使用
[root@dns ~]# cp -p /etc/named.conf /etc/named.conf.bak
命令备份,参数-p表示备份文件与源文件的属性一致。
修改文件:
[root@dns ~]# vim /etc/named.conf
================================================================
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { node; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "ruolan.com" IN {
type master;
file "ruolan.com.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { none; };
};
#include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";
================================================================
2.修改/etc/named.rfc1912.zones
添加正向解析域 ruolan.com,逆向解析域 其对应的域解析文件分别为由file指定的
暂无
3.添加/var/named/ruolan.com,zone
可以将模板文件复制一份,在进行修改,使用命令
[root@dns ~]# cp /var/named/named.localhost /var/named/ruolan.com.zone
进入ruolan.com.zone进行配置
[root@dns ~]# vim /var/named/ruolan.com.zone
==============================================
$TTL 1D
@ IN SOA @ dns1.ruolan.com. (
2019092301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
ftp IN A 192.168.1.248
www IN A 192.168.1.248
abc IN A 192.168.1.249
==============================================
4.添加/var/named/
[root@dns ~]# vim /var/named/1.168.192.in-addr.arpa.zone
========================================================
$TTL 1D
@ IN SOA @ 248.1.168.192.in-addr.arpa. (
2019092301 ; serial
1D ; refreah
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.1.248
AAAA ::1
PTR ftp.ruolan.com
248 PTR www.ruolan.com
249 PTR abc.ruolan.com
========================================================
5.配置区域文件的权限
[root@dns ~]# chown named.named -R /var/named/*.zone
6.重启服务
[root@dns ~]# systemctl restart named
三、在Linux下的DNS客户端的设置及测试
配置/etc/resolv.conf文件。
[root@dns ~]# vim /etc/resolv.conf
================================
nameserver 192.168.1.248
================================
BIND软件包本身提供了测试工具nslookup
3.1反向测试
[root@dns ~]# nslookup
> 192.168.1.248
248.1.168.192.in-addr.arpa name = www.ruolan.com.1.168.192.in-addr.arpa.
> 192.168.1.249
249.1.168.192.in-addr.arpa name = abc.ruolan.com.1.168.192.in-addr.arpa.
3.2正向测试
> ftp.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: ftp.ruolan.com
Address: 192.168.1.248
> www.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: www.ruolan.com
Address: 192.168.1.248
> abc.ruolan.com
Server: 192.168.1.248
Address: 192.168.1.248#53
Name: abc.ruolan.com
Address: 192.168.1.249
Ok,配置成功