1.yum -y install bind*
2.先备份再修改配置文件/etc/named.conf
options {
listen-on port 53 { 10.20.89.4; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
forward first;
forwarders {192.168.3.135;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "bk.com" IN {
type master;
file "bk.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
要改的选项有:
listen-on port 53 { 10.20.89.4; };监听地址
allow-query { any; };所有请求
forward first;
forwarders {192.168.3.135;};DNS转发器
zone “bk.com” IN {
type master;
file “bk.com.zone”;
};正向区域
3.建立正向解析文件/var/named/bk.com.zone
vi /var/named/bk.com.zone
$TTL 1D
@ IN SOA ns.bk.com. root (
0 ;serial
1D ;refresh
1H ;retry
1w ;expire
3H ) ;minimum
NS ns.bk.com.
ns.bk.com. IN A 10.20.89.4
www.bk.com. IN A 10.20.89.4
4.执行chmod 777 /etc/named.conf
5.执行检查
#named-checkconf -z /etc/named.conf
zone bk.com/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
需要无报错。
6.回到/var/named再检查zone文件
#named-checkzone bk.com /var/named/bk.com.zone
zone bk.com/IN: loaded serial 0
OK
7.启动#systemctl start named.service
检查DNS服务器状态
[root@localhost ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2020-04-22 07:16:05 EDT; 28s ago
Process: 2164 ExecStart=/usr/sbin/named -u named
O
P
T
I
O
N
S
(
c
o
d
e
=
e
x
i
t
e
d
,
s
t
a
t
u
s
=
0
/
S
U
C
C
E
S
S
)
P
r
o
c
e
s
s
:
2162
E
x
e
c
S
t
a
r
t
P
r
e
=
/
b
i
n
/
b
a
s
h
−
c
i
f
[
!
"
OPTIONS (code=exited, status=0/SUCCESS) Process: 2162 ExecStartPre=/bin/bash -c if [ ! "
OPTIONS(code=exited,status=0/SUCCESS)Process:2162ExecStartPre=/bin/bash−cif[!"DISABLE_ZONE_CHECKING" == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 2167 (named)
CGroup: /system.slice/named.service
└─2167 /usr/sbin/named -u named
Apr 22 07:16:05 localhost.localdomain named[2167]: managed-keys-zone: loaded serial 2
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone bk.com/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone localhost.localdomain/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0… 0
Apr 22 07:16:05 localhost.localdomain named[2167]: zone localhost/IN: loaded serial 0
Apr 22 07:16:05 localhost.localdomain named[2167]: all zones loaded
Apr 22 07:16:05 localhost.localdomain named[2167]: running
Apr 22 07:16:05 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
8.检查端口情况:netstat -tunlp|grep 53
9.出了问题注意看系统日志/var/log/messages
10.测试DNS服务器
[root@localhost named]# nslookup www.bk.com
Server: 10.20.89.4
Address: 10.20.89.4#53
Name: www.bk.com
Address: 10.20.89.4
解析成功
参考:https://www.cnblogs.com/coreloving/p/11287874.html
=BIND之forwarder转发功能小结
forward first | only;
forward指令用于设置DNS转发的工作方式:
1)forward first设置优先使用forwarders DNS服务器做域名解析,如果查询不到再使用本地DNS服务器做域名解析。
2)forward only设置只使用forwarders DNS服务器做域名解析,如果查询不到则返回DNS客户端查询失败。