cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
使用BIND构建DNS服务器
1.BIND服务器安装
yum install bind* -y
2.修改配置
vim /etc/named.conf
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 192.168.124.129; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "nginxtest.com" IN { type master; file "nginxtest.com.zone"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
cp /var/named/named.localhost /var/named/nginxtest.com.zone vim /var/named/nginxtest.com.zone
3.建立正向区域文件
$TTL 1D @ IN SOA nginxtest.cn rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ @ A 192.168.124.130 www A 192.168.124.130 mail A 192.168.124.130
4.建立反向区域文件
5.修改权限
chmod 777 /var/named/nginxtest.com.zone
6.测试named.conf主配置文件
named-checkconf
7.测试区域文件
named-checkzone nginxtest.com /var/named/nginxtest.com.zone
8.配置DNS客户机配置文件
vim /etc/resolv.conf
# Generated by NetworkManager domain localdomain search localdomain nameserver 192.168.124.129 #nameserver 192.168.124.2
9.启动DNS服务器
systemctl daemon-reload systemctl start named systemctl status named
10.测试DNS服务器
DNS服务器的主要测试方法
使用nslookup、dig和host等专用工具可以对DNS服务器进行较全面的测试
nslookup命令在Linux和Windows系统中都默认安装,是比较常用的测试工具
进入nslookup命令交换环境
nslookup > server 192.168.124.129 测试localhost主机域名的正向解析 > localhost 测试localhost主机域名的反向解析 > 127.0.0.1 测试互联网中的域名解析 > www.nginxtest.com 测试nginxtest.com域中的A记录 > mail.nginxtest.com 测试nginxtest.com域中的CNAME记录 > www.nginxtest.com 测试nginxtest.com域中的NS记录 > set type=ns (设置域名查询类型为NS即域名记录) > nginxtest.com 测试nginxtest.com域中的MX记录 > set type=mx (设置域名查询类型为MX即邮件交换记录) > nginxtest.com 设置进行A记录的测试 > set type=a (设置域名查询类型为A即地址记录) >mail.nginxtest.com
测试DNS解析是否成功
host www.nginxtest.com
www.nginxtest.com has address 192.168.124.130
配置nginx.conf
时间: 2024-10-04 09:49:59