centos7安装bind(DNS服务)
环境介绍
公网IP:149.129.92.239
内网IP:172.17.56.249
系统:CentOS 7.4
一、安装
| 1 | yum install bind bind-utils -y |
二、修改bind配置文件
| 1<br><br>2<br><br>3<br><br>4<br><br>5<br><br>6<br><br>7<br><br>8<br><br>9<br><br>10<br><br>11<br><br>12<br><br>13<br><br>14<br><br>15<br><br>16<br><br>17<br><br>18<br><br>19<br><br>20<br><br>21<br><br>22<br><br>23<br><br>24<br><br>25<br><br>26<br><br>27<br><br>28<br><br>29<br><br>30<br><br>31<br><br>32<br><br>33<br><br>34<br><br>35<br><br>36<br><br>37<br><br>38<br><br>39<br><br>40<br><br>41<br><br>42<br><br>43<br><br>44<br><br>45<br><br>46<br><br>47<br><br>48<br><br>49<br><br>50<br><br>51<br><br>52<br><br>53<br><br>54<br><br>55<br><br>56<br><br>57<br><br>58<br><br>59<br><br>60<br><br>61<br><br>62<br><br>63 | vim /``etc``/``named.conf<br><br>options {<br><br> listen``-``on port 53 { any``; }; #监听任何ip对53端口的请求<br><br> listen``-``on``-``v6 port 53 { ::``1``; };<br><br> directory "/var/named"``;<br><br> dump``-``file "/var/named/data/cache_dump.db"``;<br><br> statistics``-``file "/var/named/data/named_stats.txt"``;<br><br> memstatistics``-``file "/var/named/data/named_mem_stats.txt"``;<br><br> recursing``-``file "/var/named/data/named.recursing"``;<br><br> secroots``-``file "/var/named/data/named.secroots"``;<br><br> allow``-``query { any``; }; #接收任何来源查询dns记录<br><br> /``*<br><br> - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.<br><br> - If you are building a RECURSIVE (caching) DNS server, you need to enable<br><br> recursion.<br><br> - If your recursive DNS server has a public IP address, you MUST enable access<br><br> control to limit queries to your legitimate users. Failing to do so will<br><br> cause your server to become part of large scale DNS amplification<br><br> attacks. Implementing BCP38 within your network would greatly<br><br> reduce such attack surface<br><br> *``/<br><br> recursion yes;<br><br> dnssec``-``enable yes;<br><br> dnssec``-``validation yes;<br><br> /``* Path to ISC DLV key *``/<br><br> bindkeys``-``file "/etc/named.iscdlv.key"``;<br><br> managed``-``keys``-``directory "/var/named/dynamic"``;<br><br> pid``-``file "/run/named/named.pid"``;<br><br> session``-``keyfile "/run/named/session.key"``;<br><br>};<br><br>logging {<br><br> channel default_debug {<br><br> file "data/named.run"``;<br><br> severity dynamic;<br><br> };<br><br>};<br><br>zone "." IN {<br><br> type hint;<br><br> file "named.ca"``;<br><br>};<br><br>#增加一个a.com域名的解析,具体解析规则在/var/named/a.com.zone里<br><br>zone "a.com" IN {<br><br> type master;<br><br> file "a.com.zone"``;<br><br>};<br><br>#增加一个反向解析,即根据ip查域名(不需要的话可以不设置)<br><br>zone "56.17.172.in-addr.arpa" IN {<br><br> type master;<br><br> file "172.17.56.zone"``;<br><br>};<br><br>include "/etc/named.rfc1912.zones"``;<br><br>include "/etc/named.root.key"``; |
三、配置解析文件
| 1<br><br>2<br><br>3<br><br>4<br><br>5<br><br>6<br><br>7<br><br>8<br><br>9<br><br>10<br><br>11<br><br>12<br><br>13<br><br>14<br><br>15<br><br>16<br><br>17<br><br>18<br><br>19<br><br>20<br><br>21<br><br>22<br><br>23<br><br>24<br><br>25<br><br>26<br><br>27 | [root@izj6c1w3z30pendgik4p4vz ~]``# cat /var/named/a.com.zone<br><br>$TTL 1D<br><br>@ IN SOA @ root.a.com. (<br><br> 0 ; serial<br><br> 1D ; refresh<br><br> 1H ; retry<br><br> 1W ; expire<br><br> 3H ) ; minimum<br><br> NS @<br><br> A 172.17.56.249 ;a.com的ip为172.17.56.249<br><br>www A 172.17.56.249 ;www.a.com的ip解析为172.17.56.249 <br><br>@ MX 10 mx.a.com. ;a.com的mx记录为mx.a.com<br><br> AAAA ::1<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# cat /var/named/172.17.56.zone<br><br>$TTL 86400<br><br>@ IN SOA localhost a.com. (<br><br> 2014031101<br><br> 2H<br><br> 10M<br><br> 7D<br><br> 1D )<br><br> IN NS localhost.<br><br>249 IN PTR a.com ;172.17.56.249查询后得到的域名是a.com<br><br>249 IN PTR www.a.com. ;172.17.56.249查询后得到的域名是www.a.com |
四、启动bind
| 1 | systemctl start named |
五、测试
| 1<br><br>2<br><br>3<br><br>4<br><br>5<br><br>6<br><br>7<br><br>8<br><br>9<br><br>10<br><br>11<br><br>12<br><br>13<br><br>14<br><br>15<br><br>16<br><br>17<br><br>18<br><br>19<br><br>20<br><br>21<br><br>22<br><br>23<br><br>24<br><br>25<br><br>26<br><br>27<br><br>28<br><br>29<br><br>30<br><br>31<br><br>32<br><br>33<br><br>34<br><br>35<br><br>36<br><br>37<br><br>38<br><br>39<br><br>40<br><br>41<br><br>42<br><br>43<br><br>44<br><br>45<br><br>46<br><br>47<br><br>48<br><br>49<br><br>50<br><br>51<br><br>52<br><br>53<br><br>54<br><br>55<br><br>56 | 1、修改dns配置``/etc/resolv``.conf<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# cat /etc/resolv.conf<br><br>options timeout:2 attempts:3 rotate single-request-reopen<br><br>nameserver 172.17.56.249<br><br>2、解析测试<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# ping a.com -c 2<br><br>PING a.com (172.17.56.249) 56(84) bytes of data.<br><br>64 bytes from a.com.56.17.172.``in``-addr.arpa (172.17.56.249): icmp_seq=1 ttl=64 time``=0.016 ms<br><br>64 bytes from a.com.56.17.172.``in``-addr.arpa (172.17.56.249): icmp_seq=2 ttl=64 time``=0.048 ms<br><br>--- a.com ping statistics ---<br><br>2 packets transmitted, 2 received, 0% packet loss, time 1000ms<br><br>rtt min``/avg/max/mdev = 0.016``/0``.032``/0``.048``/0``.016 ms<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# ping www.a.com -c 2<br><br>PING www.a.com (172.17.56.249) 56(84) bytes of data.<br><br>64 bytes from www.a.com (172.17.56.249): icmp_seq=1 ttl=64 time``=0.019 ms<br><br>64 bytes from www.a.com (172.17.56.249): icmp_seq=2 ttl=64 time``=0.052 ms<br><br>--- www.a.com ping statistics ---<br><br>2 packets transmitted, 2 received, 0% packet loss, time 999ms<br><br>rtt min``/avg/max/mdev = 0.019``/0``.035``/0``.052``/0``.017 ms<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# nslookup a.com<br><br>Server: 172.17.56.249<br><br>Address: 172.17.56.249``#53<br><br>Name: a.com<br><br>Address: 172.17.56.249<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# dig www.a.com<br><br>; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.a.com<br><br>;; global options: +cmd<br><br>;; Got answer:<br><br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id``: 56816<br><br>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3<br><br>;; OPT PSEUDOSECTION:<br><br>; EDNS: version: 0, flags:; udp: 4096<br><br>;; QUESTION SECTION:<br><br>;www.a.com. IN A<br><br>;; ANSWER SECTION:<br><br>www.a.com. 86400 IN A 172.17.56.249<br><br>;; AUTHORITY SECTION:<br><br>a.com. 86400 IN NS a.com.<br><br>;; ADDITIONAL SECTION:<br><br>a.com. 86400 IN A 172.17.56.249<br><br>a.com. 86400 IN AAAA ::1<br><br>;; Query time``: 0 msec<br><br>;; SERVER: 172.17.56.249``#53(172.17.56.249)<br><br>;; WHEN: Wed Jun 05 09:58:34 CST 2019<br><br>;; MSG SIZE rcvd: 112 |
六、公网使用与测试
1、修改之前的文件与启动
| 1<br><br>2<br><br>3<br><br>4<br><br>5<br><br>6<br><br>7<br><br>8<br><br>9<br><br>10<br><br>11<br><br>12<br><br>13<br><br>14<br><br>15<br><br>16<br><br>17<br><br>18<br><br>19<br><br>20<br><br>21<br><br>22<br><br>23<br><br>24<br><br>25<br><br>26<br><br>27<br><br>28<br><br>29<br><br>30<br><br>31<br><br>32<br><br>33<br><br>34<br><br>35 | [root@izj6c1w3z30pendgik4p4vz ~]``# cat /etc/named.conf<br><br>#增加一个反向解析,即根据ip查域名(不需要的话可以不设置)<br><br>zone "92.129.149.in-addr.arpa" IN {<br><br> type master;<br><br> file "149.129.92.zone"``;<br><br>};<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# cat /var/named/149.129.92.zone<br><br>$TTL 86400<br><br>@ IN SOA localhost a.com. (<br><br> 2014031101<br><br> 2H<br><br> 10M<br><br> 7D<br><br> 1D )<br><br> IN NS localhost.<br><br>239 IN PTR a.com ;149.129.92.239查询后得到的域名是a.com<br><br>239 IN PTR www.a.com. ;149.129.92.239查询后得到的域名是www.a.com<br><br>[root@izj6c1w3z30pendgik4p4vz ~]``# cat /var/named/a.com.zone<br><br>$TTL 1D<br><br>@ IN SOA @ root.a.com. (<br><br> 0 ; serial<br><br> 1D ; refresh<br><br> 1H ; retry<br><br> 1W ; expire<br><br> 3H ) ; minimum<br><br> NS @<br><br> A 149.129.92.239<br><br>www A 149.129.92.239 <br><br>@ MX 10 mx.a.com. ;a.com的mx记录为mx.a.com<br><br> AAAA ::1<br><br>#重启bind<br><br>systemctl restart named |
2、防火墙开防53的udp端口对外
3、电脑或服务器更改dns
4、测试
Comments NOTHING