目的
搭建主DNS服务器,要求如下:该DNS服务器能解析www.qq.com和www.163.com的IP地址。
首先安装软件包
[root@red-85 conf.d]# yum install bind -y
Complete!
[root@red-85 conf.d]#
查看软件包配置文件
[root@red-85 conf.d]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf #主配置文件
/etc/named.rfc1912.zones #定义zone的文件
/etc/named.root.key
/etc/rndc.conf #rdnc配置文件
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/mdig
/usr/bin/named-rrchecker
/usr/lib/.build-id
/usr/lib/.build-id/85
/usr/lib/.build-id/85/d74eac0b3416d65b0ba2eb92095d3e05657b56
/usr/lib/.build-id/94
/usr/lib/.build-id/94/ec343067210b9f6fe163d2f11618f630bf5d5f
/usr/lib/.build-id/c6
/usr/lib/.build-id/c6/3ad17aab8aff22b63716a9b3579fe7b54cbab4
/usr/lib/.build-id/c6/3ad17aab8aff22b63716a9b3579fe7b54cbab4.1
/usr/lib/.build-id/c6/eef0972c2fcaa3e757964d9ade53f2d08663dc
/usr/lib/.build-id/d4
/usr/lib/.build-id/d4/66d8ab758a1e260b3b3d228198e214607e0237
/usr/lib/.build-id/e0
/usr/lib/.build-id/e0/37d8a66b9c114b38e2027c54065dc2d59ad723
/usr/lib/.build-id/ff
/usr/lib/.build-id/ff/e1910641875ad6c8dcb90110c36ade24a2af73
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-journalprint
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/share/doc/bind
/usr/share/doc/bind/Bv9ARM.ch01.html
/usr/share/doc/bind/Bv9ARM.ch02.html
/usr/share/doc/bind/Bv9ARM.ch03.html
/usr/share/doc/bind/Bv9ARM.ch04.html
/usr/share/doc/bind/Bv9ARM.ch05.html
/usr/share/doc/bind/Bv9ARM.ch06.html
/usr/share/doc/bind/Bv9ARM.ch07.html
/usr/share/doc/bind/Bv9ARM.ch08.html
/usr/share/doc/bind/Bv9ARM.ch09.html
/usr/share/doc/bind/Bv9ARM.ch10.html
/usr/share/doc/bind/Bv9ARM.ch11.html
/usr/share/doc/bind/Bv9ARM.ch12.html
/usr/share/doc/bind/Bv9ARM.ch13.html
/usr/share/doc/bind/Bv9ARM.html
/usr/share/doc/bind/Bv9ARM.pdf
/usr/share/doc/bind/CHANGES
/usr/share/doc/bind/README
/usr/share/doc/bind/isc-logo.pdf
/usr/share/doc/bind/man.arpaname.html
/usr/share/doc/bind/man.ddns-confgen.html
/usr/share/doc/bind/man.delv.html
/usr/share/doc/bind/man.dig.html
/usr/share/doc/bind/man.dnssec-checkds.html
/usr/share/doc/bind/man.dnssec-coverage.html
/usr/share/doc/bind/man.dnssec-dsfromkey.html
/usr/share/doc/bind/man.dnssec-importkey.html
/usr/share/doc/bind/man.dnssec-keyfromlabel.html
/usr/share/doc/bind/man.dnssec-keygen.html
/usr/share/doc/bind/man.dnssec-keymgr.html
/usr/share/doc/bind/man.dnssec-revoke.html
/usr/share/doc/bind/man.dnssec-settime.html
/usr/share/doc/bind/man.dnssec-signzone.html
/usr/share/doc/bind/man.dnssec-verify.html
/usr/share/doc/bind/man.dnstap-read.html
/usr/share/doc/bind/man.genrandom.html
/usr/share/doc/bind/man.host.html
/usr/share/doc/bind/man.isc-hmac-fixup.html
/usr/share/doc/bind/man.lwresd.html
/usr/share/doc/bind/man.mdig.html
/usr/share/doc/bind/man.named-checkconf.html
/usr/share/doc/bind/man.named-checkzone.html
/usr/share/doc/bind/man.named-journalprint.html
/usr/share/doc/bind/man.named-nzd2nzf.html
/usr/share/doc/bind/man.named-rrchecker.html
/usr/share/doc/bind/man.named.conf.html
/usr/share/doc/bind/man.named.html
/usr/share/doc/bind/man.nsec3hash.html
/usr/share/doc/bind/man.nslookup.html
/usr/share/doc/bind/man.nsupdate.html
/usr/share/doc/bind/man.pkcs11-destroy.html
/usr/share/doc/bind/man.pkcs11-keygen.html
/usr/share/doc/bind/man.pkcs11-list.html
/usr/share/doc/bind/man.pkcs11-tokens.html
/usr/share/doc/bind/man.rndc-confgen.html
/usr/share/doc/bind/man.rndc.conf.html
/usr/share/doc/bind/man.rndc.html
/usr/share/doc/bind/named.conf.default
/usr/share/doc/bind/notes.html
/usr/share/doc/bind/notes.pdf
/usr/share/doc/bind/sample
/usr/share/doc/bind/sample/etc
/usr/share/doc/bind/sample/etc/named.conf
/usr/share/doc/bind/sample/etc/named.rfc1912.zones
/usr/share/doc/bind/sample/var
/usr/share/doc/bind/sample/var/named
/usr/share/doc/bind/sample/var/named/data
/usr/share/doc/bind/sample/var/named/my.external.zone.db
/usr/share/doc/bind/sample/var/named/my.internal.zone.db
/usr/share/doc/bind/sample/var/named/named.ca
/usr/share/doc/bind/sample/var/named/named.empty
/usr/share/doc/bind/sample/var/named/named.localhost
/usr/share/doc/bind/sample/var/named/named.loopback
/usr/share/doc/bind/sample/var/named/slaves
/usr/share/doc/bind/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/mdig.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca #根解析库
/var/named/named.empty
/var/named/named.localhost #本地主机解析库
/var/named/named.loopback
/var/named/slaves #从属ns服务器文件目录
[root@red-85 conf.d]#
[root@server etc]# cp -a named.conf{,.bak}
[root@server etc]# ll |grep named
drwxr-x---. 2 root named 6 Aug 25 2021 named
-rw-r-----. 1 root named 1705 Aug 25 2021 named.conf
-rw-r-----. 1 root named 1705 Aug 25 2021 named.conf.bak
-rw-r-----. 1 root named 1029 Aug 25 2021 named.rfc1912.zones
-rw-r--r--. 1 root named 1070 Aug 25 2021 named.root.key
[root@server etc]#
编写配置文件
[root@server etc]# vim named.conf
options {
listen-on port 53 { 192.168.240.128; };
listen-on-v6 port 53 { ::1; };
directory "/var/named"; #解析区域目录路径
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; };
};
#配置qq.com的区域解析主服务器
zone "qq.com" IN {
type master;
file "named.qq.com"; #qq.com的正向解析文件
};
#配置163.com的区域解析主服务器
zone "163.com" IN {
type master;
file "named.163.com"; #163.com的正向解析文件
};
#准备编写qq.com的正向解析文件
[root@server named]# cd /var/named
[root@server named]# ll
total 16
drwxrwx---. 2 named named 6 Aug 25 2021 data
drwxrwx---. 2 named named 6 Aug 25 2021 dynamic
-rw-r-----. 1 root named 2253 Aug 25 2021 named.ca
-rw-r-----. 1 root named 152 Aug 25 2021 named.empty
-rw-r-----. 1 root named 152 Aug 25 2021 named.localhost
-rw-r-----. 1 root named 168 Aug 25 2021 named.loopback
drwxrwx---. 2 named named 6 Aug 25 2021 slaves
[root@server named]# vim named.qq.com
在vim编辑器中输入:r name.localhost来复制模板
#配置qq.com的正向解析文件
$TTL 1D
@ IN SOA master.qq.com. admin.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS master.qq.com.
IN NS 5 mail.qq.com.
master IN A 192.168.240.128
www IN A 192.168.240.128
haha IN CNAME www
~
编写163的正向解析文件
$TTL 1D
@ IN SOA master.163.com. admin.163.com. (
0
1D
1H
1W
3H )
IN NS master.163.com.
IN MX 5 mail.163.com.
master IN A 192.168.240.128
www IN A 192.168.240.223
mail IN A 192.168.240.245
随后重启named服务
#关闭防火墙
[root@server etc]#systemctl stop firewalld
#关闭SELinux
[root@server etc]# setenforce 0
[root@server etc]# systemctl restart named
[root@server etc]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2022-11-19 23:57:39 CST; 5s ago
查看域名是否解析成功
使用host命令解析
#解析www.qq.com
[root@server named]# host www.qq.com 192.168.240.128
Using domain server:
Name: 192.168.32.123
Address: 192.168.32.123#53
Aliases:
www.qq.com has address 192.168.32.145
#解析www.163.com
[root@server named]# host www.163.com 192.168.240.128
Using domain server:
Name: 192.168.32.123
Address: 192.168.32.123#53
Aliases:
www.163.com has address 192.168.32.223
time=0.661 ms
使用nslookup命令解析
#解析www.qq.com
[root@server named]# nslookup www.qq.com 192.168.240.128240.128
Server: 192.168.240.128
Address: 192.168.240.128#53
Name: www.qq.com
Address: 192.168.240.145
#解析www.163.com
[root@server named]# nslookup www.163.com 192.168.240.128
Server: 192.168.240.128
Address: 192.168.240.128#53
Name: www.163.com
Address: 192.168.240.223
4
通过dig命令解析
#解析www.qq.com
[root@server named]# dig @192.168.240.128 -t A www.qq.com
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> @192.168.240.128 -t A www.qq.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61628
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7b42643f45ab68caf088cc4563790535c9e2d8ea3b150a88 (good)
;; QUESTION SECTION:
;www.qq.com. IN A
;; ANSWER SECTION:
www.qq.com. 86400 IN A 192.168.32.145
;; AUTHORITY SECTION:
qq.com. 86400 IN NS master.qq.com.
;; ADDITIONAL SECTION:
master.qq.com. 86400 IN A 192.168.32.123
;; Query time: 0 msec
;; SERVER: 192.168.240.128#53(192.168.240.128)
;; WHEN: Sun Nov 20 00:32:53 CST 2022
;; MSG SIZE rcvd: 120
#解析www.163.com
[root@server named]# dig @192.168.32.123 -t A www.163.com
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> @192.168.240.128 -t A www.163.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57063
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: da6c6d7ecd276456e7ccbee66379057a57314781d917a3c4 (good)
;; QUESTION SECTION:
;www.163.com. IN A
;; ANSWER SECTION:
www.163.com. 86400 IN A 192.168.240.223
;; AUTHORITY SECTION:
163.com. 86400 IN NS master.163.com.
;; ADDITIONAL SECTION:
master.163.com. 86400 IN A 192.168.32.123
;; Query time: 0 msec
;; SERVER: 192.168.32.123#53(192.168.32.123)
;; WHEN: Sun Nov 20 00:34:02 CST 2022
;; MSG SIZE rcvd: 121
通过修改域名解析服务器IP文件解析
#添加域名解析服务器IP
[root@server named]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.240.128
nameserver 192.168.240.2
#ping www.qq.com
[root@server named]# ping www.qq.com -c1
PING www.qq.com (192.168.240.145) 56(84) bytes of data.
64 bytes from 192.168.32.145 (192.168.240.145): icmp_seq=1 ttl=64 time=0.755 ms
#ping www.163.com
[root@server named]# ping www.163.com -c1
PING www.163.com (192.168.240.223) 56(84) bytes of data.
64 bytes from 192.168.32.223 (192.168.240.223): icmp_seq=1 ttl=6