在 CentOS7上安裝設定 BIND
快速設定流程:
- 安裝 BIND 套件:
#yum -y install bind bind-libs bind-chroot bind-utils
- 編修設定檔 /etc/named.conf:
#vim /etc/named.conf
options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.100.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "." IN {
type hint;
file "named.ca";
};
//設定所管轄的網域名稱對IP正解析
zone "example.com" IN {
type master;
file "example.zone";
};
//設定所管轄的網域名稱對IPv4反解析
zone "100.168.192.in-addr.arpa" IN {
type master;
file "example.reverse";
};
- 編修example.com網域正解析記錄檔 /var/named/example.zone:
#vim /var/named/example.zone
$TTL 10
@ IN SOA dns1.example.com. root (
2016032901;
1H;
2D;
3W;
10 )
@ IN NS dns1.example.com.
@ IN A 192.168.100.183
@ IN MX 10 mail
dns1.example.com. IN A 192.168.100.183
mail IN A 192.168.100.183
ftp IN A 192.168.100.183
www IN A 192.168.100.183
- 編修example.com網域正解析記錄檔 /var/named/example.reverse:
#vim /var/named/example.reverse
$TTL 10
@ IN SOA dns1.example.com. root (
2016032901;
1H;
2D;
3W;
10 )
@ IN NS dns1.example.com.
183 IN PTR dns1.example.com.
183 IN PTR mail.example.com.
183 IN PTR www.example.com.
183 IN PTR ftp.example.com.
- 設定防火牆,放行 DNS 服務:
#firewall-cmd --permanent --add-service=dns
#firewall-cmd --reload
- 啟動 DNS Server 服務:
#systemctl stop named
#systemctl disable named
#systemctl enable named-chroot
#systemctl start named-chroot
- 設定本機查詢的 DNS Server:
#vim /etc/resolv.conf
search example.com
nameserver 192.168.100.183
檢測工具:
- 利用 rndc 工具:
#rndc status
#rndc reload
- 利用 dig 工具:
#dig example.com NS
#dig example.com A
#dig -x 192.168.100.183
- 安裝 BIND 套件:
#yum -y install bind bind-libs bind-chroot bind-utils - 編修設定檔 /etc/named.conf:
#vim /etc/named.conf options { listen-on port 53 { any; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.100.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "." IN { type hint; file "named.ca"; }; //設定所管轄的網域名稱對IP正解析 zone "example.com" IN { type master; file "example.zone"; }; //設定所管轄的網域名稱對IPv4反解析 zone "100.168.192.in-addr.arpa" IN { type master; file "example.reverse"; }; - 編修example.com網域正解析記錄檔 /var/named/example.zone:
#vim /var/named/example.zone $TTL 10 @ IN SOA dns1.example.com. root ( 2016032901; 1H; 2D; 3W; 10 ) @ IN NS dns1.example.com. @ IN A 192.168.100.183 @ IN MX 10 mail dns1.example.com. IN A 192.168.100.183 mail IN A 192.168.100.183 ftp IN A 192.168.100.183 www IN A 192.168.100.183 - 編修example.com網域正解析記錄檔 /var/named/example.reverse:
#vim /var/named/example.reverse $TTL 10 @ IN SOA dns1.example.com. root ( 2016032901; 1H; 2D; 3W; 10 ) @ IN NS dns1.example.com. 183 IN PTR dns1.example.com. 183 IN PTR mail.example.com. 183 IN PTR www.example.com. 183 IN PTR ftp.example.com. - 設定防火牆,放行 DNS 服務:
#firewall-cmd --permanent --add-service=dns #firewall-cmd --reload - 啟動 DNS Server 服務:
#systemctl stop named #systemctl disable named #systemctl enable named-chroot #systemctl start named-chroot - 設定本機查詢的 DNS Server:
#vim /etc/resolv.conf search example.com nameserver 192.168.100.183
- 利用 rndc 工具:
#rndc status #rndc reload - 利用 dig 工具:
#dig example.com NS #dig example.com A #dig -x 192.168.100.183
沒有留言:
張貼留言