How To Install BIND as a Private Network DNS Server on CentOS 7
跳到导航
跳到搜索
目录
introduce
BIND(Berkeley Internet Name Domain)是现今互联网上最常使用的DNS服务器软件[3],使用BIND作为服务器软件的DNS服务器约占所有DNS服务器的九成[4]。BIND现在由互联网系统协会(Internet Systems Consortium)负责开发与维护[4]。 dns(bind) ip 192.168.0.30 vm ip 192.168.0.11
要完成的任务
192.168.0.11 operdev.zhaituango.com 192.168.0.11 md.zhaituango.com 192.168.0.11 imgd.zhaituango.com 192.168.0.11 commdev.zhaituango.com 192.168.0.11 shopdev.zhaituango.com 192.168.0.11 readdev.zhaituango.com 192.168.0.11 writedev.zhaituango.com
install
yum install bind bind-utils systemctl enable named systemctl start named netstat -lntup|grep 53
configu
vim /etc/named.conf
#改options中的listen-on那一行的 “127.0.0.1” 为 “any”,allow-query 中的“localhost” 为”any”,意思是接受其他主机的访问和查询 下面为非交互模式
sed -i 's!listen-on port 53 { 127.0.0.1; };!listen-on port 53 { any; };!' /etc/named.conf
sed -i 's!allow-query { localhost; };!allow-query { any; };!' /etc/named.conf
添加解析域名至配置文件中(此处以zhaituango.com为例)
将解析和反解析添加到/etc/named.rfc1912.zones中
cat >> /etc/named.rfc1912.zones << EOF
zone "zhaituango.com" IN {
type master;
file "zhaituango.com.zone";
allow-update {none;};
};
zone "zhaituango.com.in-addr.arpa" IN {
type master;
file "zhaituango.com.local";
allow-update { none; };
};
EOF
添加域名所需的解析文件和反解析文件
cat >> /var/named/zhaituango.com.local << EOF
\$TTL 1D
@ IN SOA zhaituango.com. root. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.zhaituango.com.
5 IN PTR zhaituango.com.com.
2 IN PTR operdev.zhaituango.com.
3 IN PTR md.zhaituango.com.
4 IN PTR imgd.zhaituango.com.
5 IN PTR commdev.zhaituango.com.
3 IN PTR shopdev.zhaituango.com.
3 IN PTR readdev.zhaituango.com.
3 IN PTR writedev.zhaituango.com.
5 IN PTR openshift-cluster.zhaituango.
EOF
cat >> /var/named/zhaituango.com.zone << EOF
\$TTL 1D
@ IN SOA dns.zhaituango.com. root (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns.zhaituango.com.
IN A 192.168.0.30
dns IN A 192.168.0.30
operdev IN A 192.168.0.11
md IN A 192.168.0.11
imgd IN A 192.168.0.11
commdev IN A 192.168.0.11
shopdev IN A 192.168.0.11
readdev IN A 192.168.0.11
writedev IN A 192.168.0.11
openshift-cluster IN A 192.168.0.30
EOF
检查配置文件
named-checkconf /etc/named.conf named-checkzone "zhaituango.com" /var/named/zhaituango.com.zone systemctl restart named #没报错就OK,报错了,检查是否 按照上面的步骤来操作
client 配置
将dns地址添加至/etc/relove.conf文件中如
nameserver 192.168.0.30
firewall
DNS服务器添加防火墙规则,开放53端口 iptables -I INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j ACCEPT iptables -I INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT 将如下内容添加至/etc/sysconfig/iptables中,待下次防火墙后生效 -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT
trouble shooting
zone zhaituango.com/IN: NS 'dns.zhaituango.com.zhaituango.com' has no address records (A or AAAA) zone zhaituango.com/IN: not loaded due to errors. @ IN NS dns.zhaituango.com #少了个点 @ IN NS dns.zhaituango.com.
see also
CentOS7 DNS 服务 bind9.94 主从安装与配置
CentOS7 DNS 服务 bind9.94 可搭建主从
