centos7 简单搭建DNS服务器
本文系从老博客平台迁移过来, 最初写于2018-07-08
BIND软件一般linux发行版都自带,如果没有安装,如下安装:
yum install bind -ybind 配置路径在
[root@lyx156 ~]# ls /etc/named
named/ named.iscdlv.key named.root.key
named.conf named.rfc1912.zones修改named.conf
[root@lyx156 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; }; # 监听在这部主机系统上面的哪个网络接口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; # 允许任何客户端查询
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
category lame-servers { null; }; # 忽略 lame server 错误日志
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
修改扩展配置文件,添加zone文件的配置路径
[root@lyx156 ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
# 下面为新增
zone "leiyongxin.com" IN {
type master;
file "named.leiyongxin.com";
allow-update { none; };
};
新建zone文件,注意文件权限
[root@lyx156 ~]# cd /var/named/
[root@lyx156 named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@lyx156 named]# cp named.empty named.leiyongxin.com
[root@lyx156 named]# ll
总用量 20
drwxrwx---. 2 named named 6 4月 13 02:48 data
drwxrwx---. 2 named named 6 4月 13 02:48 dynamic
-rw-r-----. 1 root named 2281 5月 22 2017 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root root 152 5月 18 22:55 named.leiyongxin.com
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 4月 13 02:48 slaves
[root@lyx156 named]# chown :named named.leiyongxin.com
[root@lyx156 named]# ll
总用量 20
drwxrwx---. 2 named named 6 4月 13 02:48 data
drwxrwx---. 2 named named 6 4月 13 02:48 dynamic
-rw-r-----. 1 root named 2281 5月 22 2017 named.ca
-rw-r-----. 1 root named 152 12月 15 2009 named.empty
-rw-r-----. 1 root named 152 5月 18 22:55 named.leiyongxin.com
-rw-r-----. 1 root named 152 6月 21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
drwxrwx---. 2 named named 6 4月 13 02:48 slaves添加解析数据
[root@lyx156 named]# cat named.leiyongxin.com
$TTL 3H
@ IN SOA ns.leiyongxin.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.leiyongxin.com. # DNS服务器全限定域名
ns A 10.0.0.156 # 给DNS服务器添加A记录
# 以上内容为必填选项
# 以下增加各种主机解析记录
@ A 10.0.0.156重启服务,并开机启动
[root@lyx156 named]# systemctl restart named
[root@lyx156 named]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.防火墙设置(试验环境关闭防火墙)
[root@lyx156 named]# systemctl stop firewalld
[root@lyx156 named]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@lyx156 named]# setenforce 0验证:
另外找台能ping通DNS服务器的机器,执行下面命令
[root@lyx152 ~]# dig @10.0.0.156 leiyongxin.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @10.0.0.156 leiyongxin.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17844
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;leiyongxin.com. IN A
;; ANSWER SECTION:
leiyongxin.com. 10800 IN A 10.0.0.156
;; AUTHORITY SECTION:
leiyongxin.com. 10800 IN NS ns.leiyongxin.com.
;; ADDITIONAL SECTION:
ns.leiyongxin.com. 10800 IN A 10.0.0.156
;; Query time: 1 msec
;; SERVER: 10.0.0.156#53(10.0.0.156)
;; WHEN: 日 7月 08 16:52:48 CST 2018
;; MSG SIZE rcvd: 92
可以看到status: NOERROR 并且可以看到添加的域名解析A记录,就是正常。