前言
CentOS7不同于6,只需要安装bind-chroot,就会自动安装主程序包bind和库bind-libs。同时安装bind-utils(包含host和dig程序的包) CentOS7下安装了bind-chroot之后,若要使用named-chroot.service,则需要关闭named.service。两者只能运行一个
序号 | IP | 功能 |
1 | 本机IP:192.168.1.174 | DNS服务器 |
一、安装配置DNS软件BIND
1.安装bind-chroot
[root@centos7 named]# yum install bind-chroot bind-utils -y
2.查询所安装的文件
[root@centos7 named]# rpm -ql bind-chroot
3.拷贝bind相关文件,准备bind-chroot环境(在bind chroot的目录中创建相关文件,由于默认是没有配置文件,拷贝模板配置文件/usr/share/doc/bind-9.9.4/sample/在这个目录下)
[root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/etc/* /var/named/chroot/etc/ [root@localhost chroot]# cp -Rv /usr/share/doc/bind-9.9.4/sample/var/* /var/named/chroot/var/ [root@localhost chroot]# ls /var/named/chroot/etc/ named named.conf named.rfc1912.zones pki [root@localhost chroot]# ls /var/named/chroot/var/ log named run tmp
备注:由于安装了bind-chroot,BIND会被封装到一个伪根目录内,原先的文件配置文件的路径位置变为: /var/named/chroot/etc/named.conf ---------BIND服务主配置文件 /var/named/chroot/var/named/ ----------zone文件 直接安装bind配置文件在: /etc/named.conf -BIND服务主配置文件 /var/named/ -zone文件
4.将bind锁定文件设置为可写。
[root@localhost named]# chmod -R 777 /var/named/chroot/var/named/data/
5.将/etc/named.conf文件拷贝到bind-chroot目录里,并进行编辑最简配置
[root@localhost named]# cp /etc/named.conf /var/named/chroot/etc/named.conf
[root@localhost etc]# vim /var/named/chroot/etc/named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; allow-query { any; }; directory "/var/named/"; recursion yes; };
zone "liyue.com" { type master; file "liyue.zone"; }; zone "liyu.org" { type master; file "liyu.zone"; }; |
6.创建转发域
[root@localhost named]#cp /var/named/named.localhost /var/named/chroot/var/named/liyue.zone [root@localhost named]# vim /var/named/chroot/var/named/liyue.zone
$TTL 1D $ORIGIN liyue.com. @ IN SOA liyue.com. admin.liyue.com. ( 20190221; serial 1D ; refresh 1H ; retry 1W ; expire 3H ; minimum ) IN NS ns1.liyue.com.
ns1 IN A 192.168.1.174 www IN A 192.168.1.174 |
7.检查配文件和转发域是否配置正确
[root@centos7 named]# named-checkconf /var/named/chroot/etc/named.conf [root@centos7 named]# named-checkzone liyu.org /var/named/chroot/var/named/liyu.zone zone liyu.org/IN: loaded serial 20190221 OK [root@centos7 named]# named-checkzone liyue.com /var/named/chroot/var/named/liyue.zone zone liyue.com/IN: loaded serial 20190221 OK |
8.启动named-chroot服务
[root@centos7 named]# systemctl start named-chroot [root@centos7 named]# systemctl status named-chroot ● named-chroot.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled) Active: active (running) since 四 2019-02-21 13:09:21 CST; 53min ago Process: 3551 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=0/SUCCESS) Process: 3549 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 3553 (named) CGroup: /system.slice/named-chroot.service └─3553 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
2月 21 13:09:21 centos7 named[3553]: command channel listening on 127.0.0.1#953 2月 21 13:09:21 centos7 systemd[1]: Started Berkeley Internet Name Domain (DNS). 2月 21 13:09:21 centos7 named[3553]: command channel listening on ::1#953 2月 21 13:09:21 centos7 named[3553]: managed-keys-zone: loaded serial 0 2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: loaded serial 20190221 2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: loaded serial 20190221 2月 21 13:09:21 centos7 named[3553]: all zones loaded 2月 21 13:09:21 centos7 named[3553]: running 2月 21 13:09:21 centos7 named[3553]: zone liyue.com/IN: sending notifies (serial 20190221) 2月 21 13:09:21 centos7 named[3553]: zone liyu.org/IN: sending notifies (serial 20190221) |
二、在客户端进行测试
1.在客户端修改dns配置文件/etc/resolv.conf
[root@centos7 named]# cat /etc/resolv.conf # Generated by NetworkManager #nameserver 202.96.128.86 nameserver 192.168.1.174 # dns服务器的IP,本机dns服务器的IP |
2.使用dig、host、nslookup测试,查看ns记录是本机dns服务器IP
[root@centos7 named]# host www.liyu.org www.liyu.org has address 192.168.1.174 [root@centos7 named]# nslookup www.liyu.org Server: 192.168.1.174 Address: 192.168.1.174#53
Name: www.liyu.org Address: 192.168.1.174
[root@centos7 named]# [root@centos7 named]# dig www.liyue.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.liyue.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2942 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.liyue.com. IN A
;; ANSWER SECTION: www.liyue.com. 86400 IN A 192.168.1.174
;; AUTHORITY SECTION: liyue.com. 86400 IN NS ns1.liyue.com.
;; ADDITIONAL SECTION: ns1.liyue.com. 86400 IN A 192.168.1.174
;; Query time: 0 msec ;; SERVER: 192.168.1.174#53(192.168.1.174) ;; WHEN: 四 2月 21 14:08:02 CST 2019 ;; MSG SIZE rcvd: 92 |