DNS安装
[root@localhost ~]# yum -y install bind bind-chroot
bind DNS主程序包
bind-chroot DNS安全包,改变默认DNS更目录,将DNS运行在监牢模式
DNS启动
默认情况下,如果不安装named-chroot这个包,配置文件为:/etc/named.conf
区域数据库文件:/var/named
如果安装了则配置文件:/var/named/chroot/etc/named.conf
区域数据库文件:/var/named/chroot/var/named
方法一:不使用chroot模式启动DNS
[root@client ~]# systemctl enable named
方法一:使用chroot模式启动DNS
[root@client ~]# cp -p /etc/named.conf /var/named/chroot/etc
[root@client ~]# cp -p /var/named/named.* /var/named/chroot/var/named/ //-p保持权限一起复制
[root@client ~]# systemctl enable named-chroot.service
DNS配置
[root@localhost ~]# vim /etc/named.conf //编辑主配置文件
13 listen-on port 53 { any; }; //指定NDS服务器监听端口及监听IP,any为所有
21 allow-query { any; }; //指定运行查询DNS服务器的客户端IP地址,any为所有
[root@localhost ~]# vim /etc/named.rfc1912.zones //编辑区域配置文件
13 zone "www.rh.com" IN { //正向解析区域www.rh.com
14 type master; //类型为主域名服务器
15 file "www.rh.com"; //指定正向解析区的解析文件名
16 allow-update { none; }; //不允许客户端动态更新
17 };
31 zone "183.17.172.in-addr.arpa" IN { //反向解析区域
32 type master;
33 file "183.17.172";
34 allow-update { none; };
35 };
[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -a named.localhost www.rh.com
[root@localhost named]# cp -a named.loopback 183.17.172
[root@localhost named]# vim www.rh.com
$TTL 1D
@ IN SOA ns1.www.rh.com. 123456.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.www.rh.com. #名称服务器记录
MX mail.www.rh.com. #邮件交换记录
ns1 A 172.17.183.134 #主机记录
www A 172.17.183.135
ftp A 172.17.183.136
wk CNAME 172.17.183.137 #别名记录
[root@localhost named]# vim 183.17.172
$TTL 1D
@ IN SOA ns1.www.rh.com. 123456.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.www.rh.com.
134 PTR ns1.www.rh.com. #指针记录
135 PTR www.www.rh.com.
136 PTR ftp.www.rh.com.
137 PTR wk.www.rh.com.
[root@localhost ~]# systemctl restart named
验证:host nslookup dig
[root@localhost ~]# host 172.17.183.134
134.183.17.172.in-addr.arpa domain name pointer ns1.www.rh.com.
[root@localhost ~]# dig 172.17.183.134
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> 172.17.183.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48911
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.17.183.134. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023050600 1800 900 604800 86400
;; Query time: 693 msec
;; SERVER: 172.17.183.134#53(172.17.183.134)
;; WHEN: 六 5月 06 20:58:56 CST 2023
;; MSG SIZE rcvd: 118
[root@localhost ~]# nslookup 172.17.183.134
134.183.17.172.in-addr.arpa name = ns1.www.rh.com.