1、安装bind软件包
[root@localhost cdrom]# yum install -y bind*
...
完毕!
- 查看需要配置的dns服务的文件是否全部存在
[root@localhost etc]# ll | grep named
drwxr-x---. 2 root named 6 2月 25 2019 named
-rw-r--r--. 1 root root 621 2月 25 2019 named-chroot.files
-rw-r-----. 1 root named 1705 2月 25 2019 named.conf --全局配置文件
-rw-r-----. 1 root named 931 6月 21 2007 named.rfc1912.zones --主配置文件
-rw-r--r--. 1 root named 1886 4月 13 2017 named.root.key
2、首先进行全局配置文件配置
[root@localhost etc]# vi /etc/named.conf
options {
listen-on port 53 { any; }; //开启监听端口53(包括udp和tcp), -any接受任意IP连接
listen-on-v6 port 53 { ::1; }; //开启IPv6监听
directory "/var/named"; //named服务的各种域文件的存放目录
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; }; // 允许查询的IP,-0.0.0.0 any 允许任意IP查询
...
include "/etc/named.rfc1912.zones"; //指定主配置文件位置
include "/etc/named.root.key";
3、修改主配置文件
[root@localhost etc]# vi /etc/named.rfc1912.zones
zone "chenzejia.com" IN{ //定义正向解析
type master; //区域类型为主dns,在设置主从dns的服务中起到关键作用
file "/var/named/named.linux.com.zone"; //设置文档所在具体目录尽量从根目录开始
allow-update {none; };
};
//正向配置文件
zone "154.168.192.in-addr.arpa" IN{ // 定义反向解析
type master; //区域类型为主dns,在设置主从dns的服务中起到关键作用
file "/var/named/192.168.154.arpa.zone"; //设置文档所在具体目录尽量从根目录开始
allow-update {none; };
};
//反向配置文件
3、创建正向和反向区域资源文件
[root@localhost named]# cp /var/named/named.localhost /var/named/linux.com.zone
[root@localhost named]# cp /var/named/named.empty /var/named/192.168.154.arpa.zone
//复制区域配置文件
正向解析
[root@localhost named]# vi linux.come.zone
$TTL 1D
@ IN SOA dns.linux.com. root.linux.com. (
2020111601 ; serial //更新序列号,变动就代表有配置变化,会通知从服务器更新
1D ; refresh //刷新时间,从服务器多久主动向主服务器查下是否有变更
1H ; retry //重试延时,如Refresh过程不能完成,重试的时间间隔。
1W ; expire //expire 失效时间,从服务器在无法连接到主服务器后,最多工作时间。
3H ) ; minimum //无效地址解析记录的默认缓存时间
@ IN NS dns.linux.com.
@ IN A 192.168.154.128
aa.linux.com. IN A 192.168.154.128
dns.linux.com. IN A 192.168.154.130
www.linux.com. IN A 192.168.154.129
ftp.linux.com. IN A 192.168.154.131
//配置正向区域配置文件
检查正向解析文件是否存在语法错误
[root@localhost named]# named-checkzone linux.com /var/named/linux.come.zone
域名称 文件目录
zone chenzejia.com/IN: loaded serial 0
OK
反向解析
$TTL 3H
@ IN SOA dns.chenzejia.com. root.dns.chenzejia.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.chenzejia.com.
128.154.168.192.IN-ADDR.ARPA. IN PTR dns.linux.com.
131.154.168.192.IN-ADDR.ARPA. IN PTR ftp.linux.com.
检测反向配置文件是否存在语法错误
[root@localhost named]# named-checkzone 154.168.192.in-addr.arpa /var/named/192.168.154.arpa.zone
域名称 文件目录
zone 154.168.192.in-addr.arpa/IN: loaded serial 0
OK
关闭防火墙、selinux和networkmanager
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@localhost ~]# vi /etc/selinux/config
SELINUX=disabled
添加nameserver 注释掉以前的namesever
vi /etc/resolv.conf
nameserver 192.168.154.128
重启dns服务
[root@localhost ~]# systemctl restart named
测试
dig dns.linux.com
// 正向解析测试
dig -X 192.168.154.128
// 反向解析
nslookup 域名 指定地址 //如果没有修改dns需要指定dns地址进行测试
报错
** server can't find dns.chenzejia.com: NXDOMAIN
//原因:正向解析文件和反向解析文件的用户和用户组不是named
解决方法 修改用户组和用户组目录
[root@localhost named]# chgrp named 192.168.154.arpa.zone //修改反向解析文件用户组
[root@localhost named]# chown named 192.168.154.arpa.zone //修改反向解析文件用户
[root@localhost named]# chgrp named chenzejia.com.zone //修改正向解析文件用户组
[root@localhost named]# chown named chenzejia.com.zone //修改正向解析文件用户