想偷懒不记ip所以有了这个idea,建议大家看这个
http://www.linuxe.cn/post-140.html 很详细
#安装
yum install -y bind bind-devel bind-lib bind-utils
分别安装bind bind组件 库 工具包
#编辑配置文件
bind的配置文件可以说是两个吧,一个是定义dns服务另一个是用来定义zone
##dns服务配置文件
vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 192.168.31.38; }; ##这里要修改监听地址
#listen-on-v6 port 53 { ::1; }; ##ipv6不需要可以注释掉
directory "/var/named"; ##工作目录
dump-file "/var/named/data/cache_dump.db"; ##备份目录
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; ##接受哪些主机的查询请求,我直接any了,一般是要写ip段的
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; ##是否允许根区域查询,一般开
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
}; ## 这个zone默认
zone "dc.intra" IN {
type master;
file "dc.intra.zone";
}; ##配置你的zone
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
##配置zone配置文件
vim /var/name/zonename.zone
$TTL 1D
@ IN SOA dc.intra. wusuowei.dc.intra (
10 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.dc.intra.
dns1 IN A 192.168.31.38
reckless-laptop IN A 192.168.31.231
reckless-pc IN A 192.168.31.161
eve IN A 192.168.2.253
esxi IN A 192.168.2.254
注意几个角色的不同
这里一定要注意,后续每次修改var/named/dc.intra.zone文件都要重启named服务,才能应用修改
#win和linux都需要配置特定的后缀,例如这里就应该要配置后缀为dc.intra
#睡觉了,后续明天了