系统约定:
1、域名:redhat.com
2、ns:192.168.101.168
3、web:192.168.101.11, 192.168.101.12
4、mail:192.168.101.10
1、安装bind
yum install bind-libs bind-utils bind
2、关闭SELinux、防火墙
vim /etc/selinux/config
SELINUX=disabled
setenforce 0
service iptables stop
chkconfig iptables off
3、配置bind
cp /etc/named.conf /etc/named.conf.bak
vim /etc/named.conf
options {
directory "/var/named";
# 限制IP递归查询
allow-recursion { 192.168.101.0/24; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "named.localhost";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
};
4、修改DNS
vim /etc/resolv.conf
nameserver 192.168.101.168
5、测试配置文件
named-checkzone "localhost" /var/named/named.localhost
named-checkzone "0.0.127.in-addr.arpa" /var/named/named.loopback
6、启动BIND
# 启动过程中如果报:Generating /etc/rndc.key
# 解决方法生成一个rndc-key:
rndc-confgen -r /dev/urandom -a
service named start
7、测试查找根DNS
dig -t NS . @192.168.101.168
ping www.baidu.com
chkconfig named on
# 至此一个DNS缓存服务器配置完成。
8、配置正向解析
vim /etc/named.conf
# 添加:
zone "redhat.com" IN {
type master;
file "redhat.com.zone";
};
9、添加正向解析配置文件
vim /var/named/redhat.com.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010101 ; serial
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1
IN MX 10 mail
ns1 IN A 192.168.101.168
mail IN A 192.168.101.10
www IN A 192.168.101.11
www IN A 192.168.101.12
# 授权相关文件
chmod 640 /var/named/redhat.com.zone
chgrp named /var/named/redhat.com.zone
10、配置反向解析
vim /etc/named.conf
# 添加:
zone "101.168.192.in-addr.arpa" IN {
type master;
file "192.168.101.zone";
};
11、添加反向解析配置文件
vim /var/named/192.168.101.zone
$TTL 86400
@ IN SOA ns1.redhat.com. admin.redhat.com. (
2015010101 ; serial
1H ; refresh
5M ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.redhat.com.
168 IN PTR ns1.redhat.com.
10 IN PTR mail.redhat.com.
11 IN PTR www.redhat.com.
12 IN PTR www.redhat.com.
# 授权相关文件
chmod 640 /var/named/192.168.101.zone
chgrp named /var/named/192.168.101.zone
12、检测并重启
named-checkconf
named-checkzone "redhat.com" /var/named/redhat.com.zone
named-checkzone "101.168.192.in-addr.arpa" /var/named/192.168.101.zone
service named restart
13、测试解析
dig -t NS redhat.com
dig -t A www.redhat.com
dig -t MX redhat.com
dig -x 192.168.101.10
dig -x 192.168.101.11
dig -x 192.168.101.12