关于linux下安装DNS服务器需要注意的一些事项

最新推荐文章于 2023-08-06 00:20:42 发布

罗兴华-永远的领略

最新推荐文章于 2023-08-06 00:20:42 发布

阅读量1k

点赞数 2

分类专栏： linux 文章标签： linux dns服务器

本文链接：https://blog.csdn.net/answan/article/details/105677472

版权

linux 专栏收录该内容

16 篇文章 0 订阅

订阅专栏

1.yum -y install bind*
2.先备份再修改配置文件/etc/named.conf

options {
        listen-on port 53 { 10.20.89.4; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        forward first;
        forwarders {192.168.3.135;};
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "bk.com" IN {
        type master;
        file "bk.com.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

要改的选项有:
listen-on port 53 { 10.20.89.4; };监听地址
allow-query { any; };所有请求

forward first;
forwarders {192.168.3.135;};DNS转发器

zone “bk.com” IN {
type master;
file “bk.com.zone”;
};正向区域

3.建立正向解析文件/var/named/bk.com.zone
vi /var/named/bk.com.zone

$TTL 1D
@ IN SOA ns.bk.com. root (
                              0    ;serial
                              1D   ;refresh
                              1H   ;retry
                              1w   ;expire
                              3H ) ;minimum
          NS ns.bk.com.
ns.bk.com.  IN      A       10.20.89.4
www.bk.com.  IN      A       10.20.89.4

4.执行chmod 777 /etc/named.conf

5.执行检查
#named-checkconf -z /etc/named.conf
zone bk.com/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
需要无报错。

6.回到/var/named再检查zone文件
#named-checkzone bk.com /var/named/bk.com.zone
zone bk.com/IN: loaded serial 0
OK

7.启动#systemctl start named.service
检查DNS服务器状态
[root@localhost ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2020-04-22 07:16:05 EDT; 28s ago
Process: 2164 ExecStart=/usr/sbin/named -u named $O P T I O N S (c o d e = e x i t e d, s t a t u s = 0 / S U C C E S S) P r o c e s s : 2162 E x e c S t a r t P r e = / b i n / b a s h - c i f [! "$ DISABLE_ZONE_CHECKING" == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 2167 (named)
CGroup: /system.slice/named.service
└─2167 /usr/sbin/named -u named

Apr 22 07:16:05 localhost.localdomain named[2167]: managed-keys-zone: loaded serial 2
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone bk.com/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone localhost.localdomain/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0… 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone localhost/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: all zones loaded
Apr 22 07:16:05 localhost.localdomain named[2167]: running
Apr 22 07:16:05 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).

8.检查端口情况：netstat -tunlp|grep 53
9.出了问题注意看系统日志/var/log/messages

10.测试DNS服务器

[root@localhost named]# nslookup www.bk.com
Server: 10.20.89.4
Address: 10.20.89.4#53

Name: www.bk.com
Address: 10.20.89.4
解析成功
参考：https://www.cnblogs.com/coreloving/p/11287874.html

=BIND之forwarder转发功能小结
forward first | only;
forward指令用于设置DNS转发的工作方式：
1）forward first设置优先使用forwarders DNS服务器做域名解析，如果查询不到再使用本地DNS服务器做域名解析。
2）forward only设置只使用forwarders DNS服务器做域名解析，如果查询不到则返回DNS客户端查询失败。

罗兴华-永远的领略

关注

2
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
关于linux下安装DNS服务器需要注意的一些事项

1.yum -y install bind*2.先备份再修改配置文件/etc/named.confoptions { listen-on port 53 { 10.20.89.4; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file ...
复制链接

扫一扫

专栏目录