1、准备
客户端10.1.42.30
代理转发服务器:10.1.42.31
根服务器(.)10.1.42.71
一级服务器(com.)10.1.42.72
二级服务器(baidu.com.)10.1.42.73
.服务器的配置
1,修改主机名(由于需要机器较多,便于自己识别)
[root@centos730g ~]# hostnamectl set-hostname dns.root.
[root@dns ~]# hostname
dns.root
[root@dns ~]#
2,配置网络接口
[root@dns ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
DEVICE=eno16777736
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.1.42.71
PREFIX=16
3,关闭防火墙(由于机器较多,直接关闭比较方便)
[root@dns ~]# systemctl stop firewalld
[root@dns ~]#
4,安装bind
[root@dns ~]# yum install -y bind
......过程省略
Installed:
bind.x86_64 32:9.9.4-29.el7
Dependency Installed:
bind-libs.x86_64 32:9.9.4-29.el7
Complete!
[root@dns ~]#
5,编辑DNS主配文件
[root@dns ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
注释掉上述两行
dnssec-enable no;
dnssec-validation no;
上述两项的yes改为no,这两项yes是使用加密及签名来保证DNS服务器通信安全的,由于我们没有使用,所以必须改为no,否则下级DNS是无法与上级DNS进行通信的
zone "." IN {
type master;
file "named.ca";
};
修改根的类型:hint-->master
6,重写根的解析文件/var/named/named.ca
[root@dns ~]# cd /var/named/
[root@dns named]# echo >named.ca
[root@dns named]# vim named.ca
$TTL 1D
. IN SOA dns.root. admin.root. ( 1 1D 1H 1W 1D )
. IN NS dns.root.
dns.root. IN A 10.1.42.71
com IN NS dns.com.
dns.com. IN A 10.1.42.72
[root@dns named]#
7,检查配置文件语法有无错误
[root@dns named]# named-checkconf
[root@dns named]# named-checkzone . named.ca
zone ./IN: loaded serial 1
OK
[root@dns named]#
8,启动.服务器,检查日志确认启动成功
[root@dns named]# systemctl start named
[root@dns named]# cat /var/log/messages
Sep 28 15:25:44 centos730g named[3712]: zone localhost/IN: loaded serial 0
Sep 28 15:25:44 centos730g named[3712]: zone localhost.localdomain/IN: loaded serial 0
Sep 28 15:25:44 centos730g named[3712]: all zones loaded
Sep 28 15:25:44 centos730g named[3712]: running
Sep 28 15:25:44 centos730g named[3712]: managed-keys-zone: Unable to fetch DNSKEY set '.': ncache nxrrset
Sep 28 15:25:44 centos730g systemd: Started Berkeley Internet Name Domain (DNS).
Sep 28 15:25:44 centos730g systemd: Reached target Host and Network Name Lookups.
Sep 28 15:25:44 centos730g systemd: Starting Host and Network Name Lookups.
[root@dns named]#
日志里面有上述信息的出现说明dns.root.服务器启动成功
9,.服务器本机使用dig检测解析效果
[root@dns named]# dig dns.root.
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7 <<>> dns.root.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26131
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.root. IN A
;; ANSWER SECTION:
dns.root. 86400 IN A 10.1.42.71
;; AUTHORITY SECTION:
. 86400 IN NS dns.root.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 28 15:29:08 CST 2016
;; MSG SIZE rcvd: 66
[root@dns named]#
能得出如上解析信息,说明dns.root服务器可以正常提供解析服务了
com服务器的配置
1,前面4步同上,只是主机名与IP地址改为架构图上的对应信息就可以了
5,编辑DNS主配文件
[root@dns ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// allow-query { localhost; };
注释掉上述两行
dnssec-enab