DNS系統(tǒng)在網(wǎng)絡(luò)中的作用就是維護(hù)著一個地址數(shù)據(jù)庫,其中記錄了各種主機(jī)域名與IP地址的對應(yīng)關(guān)系,以便為客戶機(jī)提供正向或反向的地址查詢服務(wù)。
為秦皇島等地區(qū)用戶提供了全套網(wǎng)頁設(shè)計制作服務(wù),及秦皇島網(wǎng)站建設(shè)行業(yè)解決方案。主營業(yè)務(wù)為成都做網(wǎng)站、網(wǎng)站制作、秦皇島網(wǎng)站設(shè)計,以傳統(tǒng)方式定制建設(shè)網(wǎng)站,并提供域名空間備案等一條龍服務(wù),秉承以專業(yè)、用心的態(tài)度為用戶提供真誠的服務(wù)。我們深信只要達(dá)到每一位用戶的要求,就會得到認(rèn)可,從而選擇與我們長期合作。這樣,我們也可以走得更遠(yuǎn)!
BIND不是唯一能夠提供域名服務(wù)的DNS程序,但它卻是應(yīng)用最為廣泛的,BIND可以運(yùn)行在大多數(shù)Linux主機(jī)中。
[root@localhost ~]# yum install bind -y //CentOS 7連接網(wǎng)絡(luò),可以直接使用yum安裝
/usr/sbin/named
/etc/named.conf
/var/named/
options{
listen-on port 53 {本地IP地址} ; //監(jiān)聽地址和端口
directory ”/var/named“; //區(qū)域數(shù)據(jù)文件的默認(rèn)存放位置
allow-query {192.168.1.0/24;173.16.16.0/24;}; //允許使用本DNS服務(wù)的網(wǎng)段
區(qū)域配置部分
設(shè)置本服務(wù)器提供域名解析的特定DNS區(qū)域
包括域名、服務(wù)器角色、數(shù)據(jù)文件名等
正向解析
zone "yun.com" IN { //正向“yun.com”區(qū)域
type master; //區(qū)域類型為主區(qū)域
file "yun.com.zone"; //區(qū)域數(shù)據(jù)文件為“yun.com.zone”
allow-transfer {173.16.16.2}; //允許下載的從服務(wù)器地址
};
反向解析
zone "16.16.173.in-addr.arpa" IN { //反向“173.16.16.0/24”區(qū)域
type master;
file "173.16.16.arpa"; //區(qū)域數(shù)據(jù)文件為"173.16.16.arpa"
allow-update { none; };
};
區(qū)域數(shù)據(jù)配置文件
全局TTL配置項及SOA記錄 SOA:資源起始記錄
$TTL 1D //有效解析記錄的生存周期
@ IN SOA @ rname.invalid. ( //SOA標(biāo)記、域名、管理郵箱
0 ; serial //更新序列號,可以是10位以內(nèi)的整數(shù)
1D ; refresh //刷新時間,重新下載地址數(shù)據(jù)的間隔
1H ; retry //重試延時,下載失敗后的重試間隔
1W ; expire //失效時間,超過該時間仍無法下載則放棄
3H ) ; minimum //無效解析記錄的生存周期
? 域名解析記錄
NS:域名服務(wù)器記錄 (Name Service)
MX:郵件交換記錄 (Mail Exchange)
A:地址記錄,只用在正向解析區(qū)域中 (Address)
CNAME:別名記錄(Canonical Name)
“*” IN IP:泛域名解析
PTR:指針記錄,只用反向解析區(qū)域中
記錄的第一列指定IP地址中的主機(jī)地址部分即可
/etc/named.conf
主要配置文件 控制系統(tǒng)全局 (include 包含)
/etc/named.rfc1912.zones
區(qū)域配置文件 控制具體單個區(qū)域
/var/named/named.localhost
區(qū)域數(shù)據(jù)配置文件 區(qū)域信息1、安裝BIND軟件
[root@localhost ~]# yum install bind -y
已加載插件:fastestmirror, langpacks
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 166 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 215 kB 00:00:00
...//省略部分內(nèi)容...
已安裝:
bind.x86_64 32:9.9.4-74.el7_6.2
作為依賴被升級:
bind-libs.x86_64 32:9.9.4-74.el7_6.2 bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2 bind-license.noarch 32:9.9.4-74.el7_6.2
bind-utils.x86_64 32:9.9.4-74.el7_6.2
完畢!
2、查看配置文件的存放位置,方便我們編輯配置文件
[root@localhost named]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf //主配置文件位置
/etc/named.iscdlv.key
/etc/named.rfc1912.zones //區(qū)域配置文件位置
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost //區(qū)域數(shù)據(jù)配置文件
/var/named/named.loopback
3、更改主配置文件(此處主要修改緝監(jiān)聽地址和權(quán)限開發(fā)兩處)
[root@localhost named]# vim /etc/named.conf
...//省略部分內(nèi)容...
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.144.133; }; //修改地址為監(jiān)聽自己的本地地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //權(quán)限放開,允許任何的主機(jī)都可以使用DNS服務(wù)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
...//省略部分內(nèi)容...
pid-file "/run/named/named.pid"; //進(jìn)程文件的存放位置,不要改動
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN { //根域服務(wù)器的解析,不要改動
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; //著配置文件包含的數(shù)據(jù)文件信息,不要更改
include "/etc/named.root.key";
4、修改主配置文件包含的區(qū)域配置文件信息
[root@localhost named]# vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master; //正向解析文件的配置模板
file "named.localhost";
allow-update { none; };
};
//正向解析區(qū)域配置文件位置
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master; //ipv6解析文件的配置模板
file "named.loopback";
allow-update { none; };
};
//反向解析區(qū)域配置文件位置
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"; //反向解析文件的配置模板
allow-update { none; };
...//省略部分內(nèi)容...
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "kgc.com" IN { //復(fù)制模板,更改區(qū)域名
type master;
file "kgc.com.zone"; //更改區(qū)域數(shù)據(jù)文件名
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
...//省略部分內(nèi)容...
5、創(chuàng)建區(qū)域數(shù)據(jù)文件,使區(qū)域文件可以讀取數(shù)據(jù)文件
[root@localhost named]# cd /var/named/ //進(jìn)入?yún)^(qū)域數(shù)據(jù)文件存放目錄
[root@localhost named]# ls //查看目錄信息
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost kgc.com.zone //遞歸復(fù)制,創(chuàng)建kgc.com.zone文件
[root@localhost named]# ls //查看是否創(chuàng)建kgc.com.zone文件
data dynamic kgc.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# vim kgc.com.zone //編輯區(qū)域數(shù)據(jù)文件
$TTL 1D
@ IN SOA kgc.com. admin.kgc.com. ( //更改域名、管理郵箱,主要后面的“.”不能少
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS kgc.com. //更改域名服務(wù)器記錄地址
A 192.168.144.133 //更改正向解析條目地址
IN MX 10 mail.kgc.com. //添加郵件交換記錄地址
www IN A 192.168.100.99 //添加www域名的解析地址
ftp IN A 192.168.100.88 //添加ftp域名解析地址
smtp IN CNAME www //添加別名解析記錄
* IN A 8.8.8.8 //添加泛域名解析地址
~
~
:wq //保存退出
6、關(guān)閉防火墻與增強(qiáng)安全功能,方便客戶端訪問,然后啟動DNS服務(wù)。
[root@localhost named]# systemctl stop firewalld.service //關(guān)閉防火墻
[root@localhost named]# setenforce 0 //關(guān)閉增強(qiáng)型安全更能
[root@localhost named]# systemctl start named //啟動DNS服務(wù)
[root@localhost named]# systemctl status named //查看服務(wù)
● named.service - Berkeley Internet Name Domain (DNS) //DNS正常啟動
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2019-09-05 17:36:31 CST; 11s ago
Process: 7425 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 7422 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 7427 (named)
CGroup: /system.slice/named.service
└─7427 /usr/sbin/named -u named -c /etc/named.conf
9月 05 17:36:31 localhost.localdomain named[7427]: managed-keys-zone: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone 0.in-addr.arpa/IN: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone kgc.com/IN: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone localhost.localdomain/IN: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...ial 0
9月 05 17:36:31 localhost.localdomain named[7427]: zone localhost/IN: loaded serial 0
9月 05 17:36:31 localhost.localdomain named[7427]: all zones loaded
9月 05 17:36:31 localhost.localdomain named[7427]: running
9月 05 17:36:31 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost named]# echo "nameserver 192.168.144.133" > /etc/resolv.conf
//覆蓋域名解析地址文件信息,因為我們自己搭建的DNS服務(wù)器就要解析我們自己的地址,所以這邊直接覆蓋掉域名解析地址文件
[root@localhost named]# cat /etc/resolv.conf
nameserver 192.168.144.133 //以覆蓋原信息
7、使用host命令常看DNS解析服務(wù)是否搭建成功
[root@localhost named]# host www.kgc.com //解析域名www.kgc.com
www.kgc.com has address 192.168.100.99 //成功解析IP地址
[root@localhost named]# host ftp.kgc.com //解析域名ftp.kgc.com
ftp.kgc.com has address 192.168.100.88 //成功解析IP地址
[root@localhost named]# host aaa.kgc.com //泛域名解析
aaa.kgc.com has address 8.8.8.8 //成功解析IP地址
[root@localhost named]# host smtp.kgc.com //別名解析
smtp.kgc.com is an alias for www.kgc.com.
www.kgc.com has address 192.168.100.99 //成功解析IP地址
1、繼續(xù)上面的配置,進(jìn)入?yún)^(qū)域配置文件中更改區(qū)域配置反向解析區(qū)域模板
[root@localhost named]# vim /etc/named.rfc1912.zones
...//省略部分內(nèi)容...
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback"; //復(fù)制此處模板
allow-update { none; };
};
zone "100.168.192.in-addr.arpa" IN { //更改區(qū)域地址,反向填寫
type master;
file "yun.com.local"; //更改區(qū)域數(shù)據(jù)文件名
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
...//省略部分內(nèi)容...
2、進(jìn)入?yún)^(qū)域數(shù)據(jù)文件存放目錄建立區(qū)域數(shù)據(jù)文件,與區(qū)域文件中更給的區(qū)域數(shù)據(jù)文件名保持一致,并進(jìn)入更改區(qū)域數(shù)據(jù)文件
[root@localhost named]# cd /var/named/ //進(jìn)入目錄
[root@localhost named]# ls //查看
data dynamic kgc.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p kgc.com.zone yun.com.local //遞歸復(fù)制
[root@localhost named]# vim yun.com.local //進(jìn)入編輯數(shù)據(jù)信息
$TTL 1D
@ IN SOA yun.com. admin.yun.com. ( //此處kgc改為yun
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS yun.com. //此處kgc改為yun
A 192.168.144.133
99 IN PTR www.yun.com. //更改為方向解析地址
88 IN PTR ftp.yun.com. //更改為方向解析地址
...//省略部分內(nèi)容...
3、重啟DNS服務(wù),并檢測反向解析是否創(chuàng)建成功
[root@localhost named]# systemctl restart named //重啟服務(wù)
[root@localhost named]# host 192.168.100.99 //解析IP地址
99.100.168.192.in-addr.arpa domain name pointer www.yun.com. //成功解析出域名
[root@localhost named]# host 192.168.100.88 //解析IP地址
88.100.168.192.in-addr.arpa domain name pointer ftp.yun.com. //成功解析出域名
1、上面我們成功創(chuàng)建了主服務(wù)器,這個時候我們重新開啟一臺CentOS 7系統(tǒng),作為DNS的從服務(wù)器,查看從服務(wù)器的IP地址,并關(guān)閉防火墻功能與增強(qiáng)性安全功能,使此服務(wù)器方便客戶機(jī)與主服務(wù)器連接
[root@localhost ~]# ifconfig //查看網(wǎng)卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.144.135 netmask 255.255.255.0 broadcast 192.168.144.255
inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20<link>
inet6 fe80::ad78:663f:1f02:22e4 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:75:9f:c8 txqueuelen 1000 (Ethernet)
RX packets 1049 bytes 1282518 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
...//省略部分內(nèi)容...
[root@localhost ~]# systemctl stop firewalld.service //關(guān)閉防火墻
[root@localhost ~]# setenforce 0 //關(guān)閉增強(qiáng)性安全功能
2、在從服務(wù)器中安裝BIND軟件,并更改DNS配置文件信息
[root@localhost ~]# yum install bind -y //安裝DNS服務(wù)軟件BIND
已加載插件:fastestmirror, langpacks
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 166 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 215 kB 00:00:00
...//省略部分內(nèi)容...
[root@localhost ~]# vim /etc/named.conf //進(jìn)入編輯主配置文件
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.144.135; }; //更改監(jiān)聽地址為本機(jī)地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //權(quán)限放開,允許任何的主機(jī)都可以使用DNS服務(wù)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
...//省略部分內(nèi)容...
[root@localhost ~]# vim /etc/named.rfc1912.zones //修改區(qū)域配置文件
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost"; //復(fù)制此模板
allow-update { none; };
};
zone "kgc.com" IN { //粘貼并更新域名與主服務(wù)器相同
type slave; //設(shè)置類型為slave
file "slaves/kgc.com.zone"; //區(qū)域數(shù)據(jù)文件地址我們將從主服務(wù)器同步到slaves目錄中
masters { 192.168.144.133; }; //刪除原條目更改為指向主服務(wù)器的地址
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
...//省略部分內(nèi)容...
[root@localhost ~]# cd /var/named //進(jìn)入?yún)^(qū)域數(shù)據(jù)文件存放目錄
[root@localhost named]# ls //查看確定目錄內(nèi)是否有slaves命令
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# ls slaves/ //進(jìn)入目錄,查看是否有內(nèi)容
[root@localhost named]# //目前還沒有內(nèi)容
3、回到主服務(wù)器,更改配置文件,使主服務(wù)器與從服務(wù)器同步,完成后重啟DNS服務(wù)
[root@localhost named]# vim /etc/named.rfc1912.zones //編輯主服務(wù)區(qū)域配置文件
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-transfer { 192.168.144.135; }; //此處更改為指向從服務(wù)器的地址
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
...//省略部分內(nèi)容...
[root@localhost named]# systemctl restart named //重啟DNS服務(wù)
4、回到從服務(wù)器,啟動DNS服務(wù),查看slaves目錄內(nèi)是否有同步的區(qū)域數(shù)據(jù)文件,然后與主服務(wù)一樣編輯內(nèi)容覆蓋域名解析地址文件信息。
[root@localhost named]# systemctl restart named //啟動DNS服務(wù)
[root@localhost named]# ls slaves/
kgc.com.zone
[root@localhost named]# echo "nameserver 192.168.144.135" > /etc/resolv.conf
[root@localhost named]# cat /etc/resolv.conf
nameserver 192.168.144.135
5、使用從服務(wù)解析域名,看是否可以解析、解析結(jié)果是否相同,如果相同表示我們建立的主從服務(wù)器成功。
[root@localhost named]# host www.kgc.com //解析域名www.kgc.com
www.kgc.com has address 192.168.100.99 //解析地址與主服務(wù)器相同
[root@localhost named]# host ftp.kgc.com //解析域名ftp.kgc.com
ftp.kgc.com has address 192.168.100.88 //解析地址與主服務(wù)器相同
[root@localhost named]# host aaa.kgc.com //反域名解析
aaa.kgc.com has address 8.8.8.8 //解析地址與主服務(wù)器相同
[root@localhost named]# host smtp.kgc.com //別名解析
smtp.kgc.com is an alias for www.kgc.com.
www.kgc.com has address 192.168.100.99 //解析地址與主服務(wù)器相同
本文題目:CentOS7中搭建DNS域名解析服務(wù)
文章起源:http://m.rwnh.cn/article0/pgspoo.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站營銷、建站公司、小程序開發(fā)、全網(wǎng)營銷推廣、自適應(yīng)網(wǎng)站、網(wǎng)站設(shè)計公司
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)