CentOS 7.X 安装和简单配置bind
一、项目环境
| 主机域名 | 名称 | IP | 功能 |
|---|---|---|---|
| dns.bindtest.com | dns服务器 | 192.168.238.102 | 提供域名解析 |
| www.bindtest.com | web服务器 | 192.168.238.101 | 提供web访问 |
二、配置正向解析
安装
1)基础环境配置
# 关闭Selinux和防火墙firewalld
[root@bindtest ~]# getenforce
Disabled
[root@bindtest ~]# systemctl stop firewalld
[root@bindtest ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
2)安装bind服务并启动
# 在192.168.238.102 这台服务器上面操作
[root@bindtest ~]# yum -y install bind bind-chroot bind-utils
#或者
[root@bindtest ~]# yum -y install bind*
#检查
[root@bindtest ~]# rpm -qa bind
bind-9.11.4-26.P2.el7_9.10.x86_64
#启动
[root@bindtest ~]# systemctl start named
3)修改配置文件
#备份
[root@bindtest ~]# cp -p /etc/named.conf{,.bak}
#. 修改主配置文件named.conf 13行的监听地址和 21行的允许利用本服务器查询的客户机地址,均修改为any
13 listen-on port 53 { any; }; #修改这里
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; }; #修改这里
4)修改区域配置文件/etc/named.rfc1912.zones,该文件用于说明哪个区域的数据存放在哪个文件里。 仿照该文件已有内容的格式,在文件末尾新增一个正向查找区域bindtest.com,类型是主要区域,数据是bindtest.com.zone;
[root@bindtest ~]# vi /etc/named.rfc1912.zones
// bindtest.com zone #注释
zone "bindtest.com" IN {
type master;
file "bindtest.com.zone";
allow-update { none; };
};
5)根据第4步,添加正向区域数据文件。数据文件无需新建,可以根据/var/named 目录下提供的文件named.localhost进行复制命名为bindtest.com.zone并修改。 将bindtest.com.zone内容修改为
[root@bindtest ~]# cp -p /var/named/named.localhost /var/named/bindtest.com.zone
[root@bindtest ~]# vi /var/named/bindtest.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.238.101
AAAA ::1
dns IN A 192.168.238.102
www IN A 192.168.238.101
[root@bindtest ~]# cat /var/named/bindtest.com.zone
6)重新加载DNS服务的配置文件
[root@bindtest ~]# rndc reload
server reload successful
7)若是加载失败,可使用named-checkconf /etc/named.conf和named-checkzone bindtest.com /var/named/bindtest.com.zone检查是何处出了错误
[root@bindtest ~]# named-checkconf /etc/named.conf
[root@bindtest ~]# named-checkzone bindtest.com /var/named/bindtest.com.zone
zone bindtest.com/IN: loaded serial 0
OK
在启动的时候可能会报:Failed to start Berkeley Internet Name Domain (DNS)
检查配置文件是否有错,碰到过file "bindtest.com.zone"; 少了.com
8)完成后,可首先在DNS服务器本地进行测试,修改/etc/resolv.conf,将DNS服务器的地址(即服务器本机地址)写入:
[root@bindtest ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.238.102 #把这个设置在首位
nameserver 192.168.238.2
通过dig测试
[root@test101 ~]# yum -y install bind-utils
[root@test101 ~]# dig www.bindtest.com @192.168.238.102
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> www.bindtest.com @192.168.238.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12992
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.bindtest.com. IN A
;; ANSWER SECTION:
www.bindtest.com. 86400 IN A 192.168.238.101
;; AUTHORITY SECTION:
bindtest.com. 86400 IN NS bindtest.com.
;; ADDITIONAL SECTION:
bindtest.com. 86400 IN A 192.168.238.101
bindtest.com. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 192.168.238.102#53(192.168.238.102)
;; WHEN: Mon Jan 02 13:43:14 CST 2023
;; MSG SIZE rcvd: 119
本地测试,在客户机上将网卡的首选 DNS 服务器地址调整为上述表格里设置的DNS服务器地址,再查询相关的记录
C:\Users\bindtest>nslookup
默认服务器: UnKnown
Address: 192.168.100.10
> www.bindtest.com
服务器: UnKnown
Address: 192.168.100.101
三、配置反向解析
1.修改配置文件
[root@bindtest ~]# vi /etc/named.rfc1912.zones
zone "238.168.192.in-addr.arpa" IN {
type master;
file "192.168.238.arpa";
allow-update { none; };
};
2.复制反向解析文件模板进行修改
[root@bindtest ~]# cp -p /var/named/named.loopback /var/named/192.168.238.arpa
[root@bindtest ~]# vi /var/named/192.168.238.arpa
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.bindtest.com. #后面的点不要弄丢了
dns IN A 192.168.238.102
10 IN PTR dns.bindtest.com.
30 IN PTR www.bindtest.com.
重载配置文件
[root@bindtest ~]# systemctl restart named
[root@bindtest ~]# rndc reload
server reload successful
3.在客户机测试反向解析是否正确
[root@test101 ~]# nslookup
> dns.bindtest.com
Server: 192.168.238.102
Address: 192.168.238.102#53
Name: dns.bindtest.com
Address: 192.168.238.102
> www.bindtest.com
Server: 192.168.238.102
Address: 192.168.238.102#53
Name: www.bindtest.com
Address: 192.168.238.101
四、配置主从服务器
启动第2台CentOS主机,将其配置为第1台DNS服务器的从服务器,使得第1台主机上DNS数据能通过网络传输到第2台。
1.编辑/etc/named.conf文件,修改监听IP地址为any
vi /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
2.编辑/etc/named.rfc1912.zones,建立或从第1台主机复制所需要的正向/反向查找区域文件(从服务器的区域解析库文件是从主服务器加载过来的,所以无需创建区域解析库文件。),并修改内容,将type类型改为slave
[root@bindtest2 ~]# vi /etc/named.rfc1912.zones
zone "bindtest.com" IN {
type slave; //类型
masters {192.168.238.102;}; //主机
file "slaves/bindtest.com.zone"; //配置文件存放地点和名称
masterfile-format text; //文档类型
};
zone "238.168.192.in-addr.arpa" IN {
type slave;
masters {192.168.238.102;};
file "slaves/192.168.238.arpa";
masterfile-format text;
};
3.重启named服务,检查下slaves文件夹下传送来的文件
systemctl restart named
rndc reload
ll /var/named/slaves/
cat /var/named/slaves/192.168.238.arpa
cat /var/named/slaves/bindtest.com.zone