centos7搭建dns,bind配置
虽然可以修改操作系统下的hosts文件劫持dns解析,但是如果在多台计算机之间测试,就得一行行的复制到多个计算机中。更有甚者,如果测试接口地址是测试域名,在未越狱的iphone中就没办法测试了,未越狱的iphone修改不了hosts。而且hosts只支持A记录,没办法设置MX,PTR,CNAME……搭建一个dns服务器这些问题就解决了。
1.安装
yum install bind-chroot
2.设置开机启动
systemctl enable named-chroot
3.配置bind
vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
forwarders { 223.5.5.5; };
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "a.com" IN {
type master;
file "a.com.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
默认配置修改这两项:
listen-on port 53 { any; }表示监听任何ip对53端口的请求
allow-query { any; }表示接收任何来源查询dns记录
zone "a.com" IN { type master; file "a.com.zone"; };
此段增加一个a.com域名的解析,具体解析规则在/var/named/a.com.zone里。
zone "0.168.192.in-addr.arpa" IN { type master; file "192.168.0.zone"; };
此段增加一个反向解析,即根据ip查域名(不需要的话可以不设置)
/var/named/a.com.zone文件内容,请注意named用户有读的权限
$TTL 1D @ IN SOA @ root.a.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 192.168.0.111 www A 192.168.0.112 @ MX 10 mx.a.com. AAAA ::1
此段设置了
a.com的ip为192.168.0.111,
www.a.com的ip解析到192.168.0.112,
a.com的mx记录为mx.a.com
/var/named/192.168.0.zone文件内容,请注意named用户需要有读的权限
$TTL 86400 @ IN SOA localhost a.com. ( 2014031101 2H 10M 7D 1D ) IN NS localhost. 111 IN PTR a.com 112 IN PTR www.a.com.
此段设置了反查记录,即
192.168.0.111查询后得到的域名是a.com
192.168.0.222查询后得到的域名是www.a.com
最后,启动bind
systemctl start named-chroot
基本的DNS服务器搭建完成,并已经设置了一个a.com的域名解析,来测试一下。
windows右键网卡图标,打开网络和共享中心,更改适配器设置,右键网卡,属性,Internet 协议版本4(TCP/IPv4),勾选使用下面的DNS服务器地址,首选DNS服务器填入服务器ip,类nix系统编辑/etc/resolv.conf修改nameserver为服务器ip。115.28.142.187为我的dns服务器IP,下面的结果都是基于115.28.142.187dns服务器返回的结果.
查询a.com的dns记录
a.com A记录
查询www.a.com的dns记录
www.a.com A记录
查询a.com的MX记录
a.com MX记录
查询www.a.com的PTR记录
www.a.com PTR记录
转载请注明:飞嗨 (opens new window) » CentOS 7搭建DNS服务器,bind安装配置 (opens new window)
例子域名配置:
$TTL 1D
@ IN SOA ns.vcenter.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.vcenter.com.
ns A 172.16.30.243
@ A 172.16.30.211
www A 172.16.30.211
|