————————————————————————————————————
概览:
1.环境准备
2.配置主配置文件
3.配置区域文件
4.启动服务以及测试
————————————————————————————————————
1.环境准备:
OS:
软件安装
~]# yum install bindbind-utils [[email protected] ~]# rpm-qa | grep bind bind-license-9.9.4-18.el7_1.5.noarch bind-utils-9.9.4-18.el7_1.5.x86_64 bind-libs-9.9.4-18.el7_1.5.x86_64 bind-libs-lite-9.9.4-18.el7_1.5.x86_64 bind-9.9.4-18.el7_1.5.x86_64
关闭防火墙和selinux
~]# systemctl stopfirewalld ~]# setenforce 0
模拟两个不同的网段都可以进行主机名的解析
两张网卡IP信息:
[[email protected] ~]# ip a 1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000 link/ether 00:0c:29:ca:24:8e brdff:ff:ff:ff:ff:ff inet 192.168.1.50/24brd 192.168.1.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feca:248e/64 scopelink valid_lft forever preferred_lft forever 3: eno33554984:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000 link/ether 00:0c:29:ca:24:98 brdff:ff:ff:ff:ff:ff inet 1.1.1.50/24brd 1.1.1.255 scope global dynamic eno33554984 valid_lft 1573sec preferred_lft 1573sec inet6 fe80::20c:29ff:feca:2498/64 scopelink valid_lft forever preferred_lft forever
————————————————————————————————————
2.配置主配置文件
----------
2.1 配置/etc/named.conf 文件
[[email protected] ~]# vim/etc/named.conf
//
// named.conf
//
// Provided by RedHat bind package to configure the ISC BIND named(8) DNS
// server as acaching only nameserver (as a localhost DNS resolver only).
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file"/var/named/data/named_stats.txt";
memstatistics-file"/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVEDNS server, do NOT enable recursion.
- If you are building a RECURSIVE(caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has apublic IP address, you MUST enable access
control to limit queries to yourlegitimate users. Failing to do so will
cause your server to become part oflarge scale DNS amplification
attacks. Implementing BCP38 withinyour network would greatly
reduce such attack surface
*/
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside auto;
/* Path to ISC DLV key */
// bindkeys-file"/etc/named.iscdlv.key";
// managed-keys-directory"/var/named/dynamic";
pid-file"/run/named/named.pid";
// session-keyfile"/run/named/session.key";
};
logging {
channel default_debug {
file"data/named.run";
severity dynamic;
};
};
include"/etc/named.rfc1912.zones";
//include"/etc/named.root.key";
----------
2.2. 配置/etc/named.rfc1912.zones 文件
[[email protected] ~]# vim/etc/named.rfc1912.zones
//named.rfc1912.zones:
//
// Provided by RedHat caching-nameserver package
//
// ISC BIND namedzone configuration for zones recommended by
// RFC 1912 section4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R WFranks
//
// See/usr/share/doc/bind*/sample/ for example named configuration files.
//
view wang_tong {
match-clients { 1.1.1.0/24; };
zone "."IN {
type hint;
file "named.ca";
};
zone"localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone"0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "zrd.com" IN {
type master;
file"zrd.com.wang_tong";
};
};
view dian_xin {
match-clients { 192.168.1.0/24; };
zone "zrd.com" IN {
type master;
file"zrd.com.dian_xin";
};
};
view default {
match-clients { any; };
zone "zrd.com" IN {
type master;
file"zrd.com.dian_xin";
};
};
————————————————————————————————————
3.配置区域文件
---------
3.1. 创建zrd.com.dian_xin 区域文件
[[email protected] ~]# cd/var/named/ [[email protected] named]#vim zrd.com.dian_xin $TTL 86400 @ IN SOA dns.zrd.com. admin.zrd.com. ( 2015092021 1D 2D 1D 7D ) IN NS dns IN MX 10 mail www IN A 192.168.1.11 dns IN A 192.168.1.50 mail IN A 192.168.1.12
-----
3.2. 创建zrd.com.wang_tong 文件
[[email protected] named]#vim zrd.com.wang_tong $TTL 86400 @ IN SOA dns.zrd.com. admin.zrd.com. ( 2015092021 1D 2D 1D 7D ) IN NS dns IN MX 10 mail www IN A 1.1.1.11 dns IN A 1.1.1.50 mail IN A 1.1.1.12
----
3.3. 修改文件属性
[[email protected] named]#chown root:named zrd.com.wang_tong zrd.com.dian_xin
————————————————————————————————————
4.启动服务以及测试
-----
4.1. 启动服务
[[email protected] ~]#systemctl start named
----
4.2. 查看服务状态
----
4.3. 测试
-----------------------
时间: 2024-10-20 09:32:28