安装DNS服务(bind-9)
//
# 安装与配置DNS服务(bind-9)
# 配置源,安装bind
#配置epel-release 源
yum install -y epel-release
#安装bind
yum install -y bind bind-utils
1
2
3
4
5
2
3
4
5
# 配置bind
- 修改/etc/named.conf
1.修改监听IP地址,修改IP为本地
listen-on port 53 { 192.168.14.200; };
2.删除行,不监听IPV6
listen-on-v6 port 53 { ::1; };
3.允许所有主机查询DNS解析
allow-query { any; };
4.上一级DNS,办公网上一级的DNS,生产写运营商dns,(在allow-query下添加)
forwarders {
114.114.114.114;
180.76.76.76;
223.5.5.5;
};
1
2
3
4
5
2
3
4
5
5.DNS采用递归的算法
recursion yes;
6.关闭DNSSEC功能
DNSSEC功能
1.为DNS数据提供来源验证
2.为数据提供完整性性验证
3.为查询提供否定存在验证
即为否定应答消息提供验证,确认授权服务器上不存在所,确认授权服务器上不存在所
查询的资源记录))
1
2
3
4
5
6
2
3
4
5
6
dnssec-enable no; //关闭,不做互联网认证,生产环境可能打开
dnssec-validation no; //关闭,不做互联网认证
1
2
2
# 配置域文件
创建目录:mkdir /var/named/zones
配置文件最后添加 vi /etc/named.rfc1912.zones
zone "host.com" IN {
type master;
file "./zones/host.com";
allow-update { 192.168.14.200; };
};
zone "od.com" IN {
type master;
file "./zones/od.com";
allow-update { 192.168.14.200; };
};
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
vi /var/named/od.com
修改 serial 的时间序号 20211221 时间 ,01 以后修改 +1
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2021122101 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.od.com.
$TTL 60 ; 1 minute
dns A 192.168.14.200
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
- 设置短域配置
vi /var/named/zones/host.com
$ORIGIN host.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.host.com. dnsadmin.host.com. (
2021122101 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.host.com.
$TTL 60 ; 1 minute
dns A 192.168.14.200
hdss14-11 A 192.168.14.11
hdss14-12 A 192.168.14.12
hdss14-21 A 192.168.14.21
hdss14-22 A 192.168.14.22
hdss14-200 A 192.168.14.200
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
- 添加自用域名解析
#主配置添加include
[root@server-dns named]# tail -1 /etc/named.conf
include "/var/named/yfklife.cn.conf";
[root@server-dns named]# cat /var/named/yfklife.cn.conf
zone "yfklife.cn" IN {
type master;
file "/var/named/zones/yfklife.cn";
};
#配置域文件
[root@server-dns named]# cat /var/named/zones/yfklife.cn
$TTL 600
@ IN SOA yfklife.cn. root (
1 ; Serial
60 ; Refresh
60 ; Retry
60 ; Expire
60 ; Negative Cache TTL
)
;name servers - NS records
IN NS ns1.ac.com.
@ IN A 192.168.14.128
git IN A 192.168.14.130
ci IN A 192.168.14.130
nexus IN A 192.168.14.129
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
- 修改配置文件权限
chown root:named /var/named/zones/host.com
chown root:named /var/named/zones/od.com
chown root:named /var/named/zones/yfklife.cn
chmod 640 /var/named/zones/host.com
chmod 640 /var/named/zones/od.com
chmod 640 /var/named/zones/yfklife.cn
1
2
3
4
5
6
7
2
3
4
5
6
7
- 检查域配置文件
[root@hdss14-200 zones]# named-checkconf
[root@hdss14-200 zones]# named-checkzone "host.com" /var/named/zones/host.com
zone host.com/IN: loaded serial 2021122101
OK
[root@hdss14-200 zones]# named-checkzone "od.com" /var/named/zones/od.com
zone od.com/IN: loaded serial 2021122101
OK
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
- 启动named
systemctl restart named
systemctl enable named
netstat -tnlpu|grep 53 #默认53 端口
1
2
3
4
2
3
4
- 验证解析
[root@hdss14-200 soft]# dig -t A hdss14-11.host.com @192.168.14.200 +short
192.168.14.11
[root@hdss14-200 soft]# dig -t A hdss14-200.host.com @192.168.14.200 +short
192.168.14.200
[root@hdss14-200 soft]# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search host.com
nameserver 192.168.14.200
nameserver 114.114.114.114
#ping 检查短域
[root@hdss14-200 soft]# ping hdss14-200
[root@hdss14-200 soft]# ping hdss14-200.host.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2021/12/25, 22:52:16