CentOS 7搭建DNS服务器,bind安装配置

飞嗨网 1450 0

1.安装 

yum install bind-chroot

2.设置开机启动 

systemctl enable named-chroot

3.配置bind 

vim /etc/named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "a.com" IN { type master; file "a.com.zone"; }; zone "f.com" IN { type master; file "f.com.zone"; }; zone "0.168.192.in-addr.arpa" IN { type master; file "192.168.0.zone"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

默认配置修改这两项:

listen-on port 53 { any; }表示监听任何ip对53端口的请求

allow-query { any; }表示接收任何来源查询dns记录
 

zone "a.com" IN { type master; file "a.com.zone"; };

此段增加一个a.com域名的解析,具体解析规则在/var/named/a.com.zone里。 

zone "0.168.192.in-addr.arpa" IN { type master; file "192.168.0.zone"; };

此段增加一个反向解析,即根据ip查域名(不需要的话可以不设置)

/var/named/a.com.zone文件内容,请注意named用户有读的权限 

$TTL 1D @ IN SOA @ root.a.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum
	NS @ A 192.168.0.111 www     A 192.168.0.112 @ MX 10 mx.a.com. AAAA ::1

此段设置了
a.com的ip为192.168.0.111,
www.a.com的ip解析到192.168.0.112,
a.com的mx记录为mx.a.com

/var/named/192.168.0.zone文件内容,请注意named用户需要有读的权限 

$TTL 86400 @ IN      SOA     localhost a.com. ( 2014031101 2H 10M 7D 1D ) IN      NS      localhost. 111 IN      PTR     a.com 112 IN      PTR     www.a.com.

此段设置了反查记录,即
192.168.0.111查询后得到的域名是a.com

192.168.0.222查询后得到的域名是www.a.com

最后,启动bind 

systemctl start named-chroot

基本的DNS服务器搭建完成,并已经设置了一个a.com的域名解析,来测试一下。

windows右键网卡图标,打开网络和共享中心,更改适配器设置,右键网卡,属性,Internet 协议版本4(TCP/IPv4),勾选使用下面的DNS服务器地址,首选DNS服务器填入服务器ip,类nix系统编辑/etc/resolv.conf修改nameserver为服务器ip。115.28.142.187为我的dns服务器IP,下面的结果都是基于115.28.142.187dns服务器返回的结果.

查询a.com的dns记录

a.com A记录

a.com A记录

查询www.a.com的dns记录

www.a.com A记录

www.a.com A记录

查询a.com的MX记录

a.com MX记录

a.com MX记录

查询www.a.com的PTR记录
www.a.com PTR记录

www.a.com PTR记录


www.a.com PTR记录

相关推荐

评论

目前评论:0   

点击加载更多评