“How To Install BIND as a Private Network DNS Server on CentOS 7”的版本间的差异
跳到导航
跳到搜索
docker>Evan |
小 (导入1个版本) |
(没有差异)
|
2019年10月14日 (一) 13:48的最新版本
目录
introduce
BIND(Berkeley Internet Name Domain)是现今互联网上最常使用的DNS服务器软件[3],使用BIND作为服务器软件的DNS服务器约占所有DNS服务器的九成[4]。BIND现在由互联网系统协会(Internet Systems Consortium)负责开发与维护[4]。 dns(bind) ip 192.168.0.30 vm ip 192.168.0.11
要完成的任务
192.168.0.11 operdev.zhaituango.com 192.168.0.11 md.zhaituango.com 192.168.0.11 imgd.zhaituango.com 192.168.0.11 commdev.zhaituango.com 192.168.0.11 shopdev.zhaituango.com 192.168.0.11 readdev.zhaituango.com 192.168.0.11 writedev.zhaituango.com
install
yum install bind bind-utils systemctl enable named systemctl start named netstat -lntup|grep 53
configu
vim /etc/named.conf #改options中的listen-on那一行的 “127.0.0.1” 为 “any”,allow-query 中的“localhost” 为”any”,意思是接受其他主机的访问和查询 下面为非交互模式 sed -i 's!listen-on port 53 { 127.0.0.1; };!listen-on port 53 { any; };!' /etc/named.conf sed -i 's!allow-query { localhost; };!allow-query { any; };!' /etc/named.conf
添加解析域名至配置文件中(此处以zhaituango.com为例)
将解析和反解析添加到/etc/named.rfc1912.zones中 cat >> /etc/named.rfc1912.zones << EOF zone "zhaituango.com" IN { type master; file "zhaituango.com.zone"; allow-update {none;}; }; zone "zhaituango.com.in-addr.arpa" IN { type master; file "zhaituango.com.local"; allow-update { none; }; }; EOF
添加域名所需的解析文件和反解析文件
cat >> /var/named/zhaituango.com.local << EOF \$TTL 1D @ IN SOA zhaituango.com. root. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.zhaituango.com. 5 IN PTR zhaituango.com.com. 2 IN PTR operdev.zhaituango.com. 3 IN PTR md.zhaituango.com. 4 IN PTR imgd.zhaituango.com. 5 IN PTR commdev.zhaituango.com. 3 IN PTR shopdev.zhaituango.com. 3 IN PTR readdev.zhaituango.com. 3 IN PTR writedev.zhaituango.com. 5 IN PTR openshift-cluster.zhaituango. EOF cat >> /var/named/zhaituango.com.zone << EOF \$TTL 1D @ IN SOA dns.zhaituango.com. root ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.zhaituango.com. IN A 192.168.0.30 dns IN A 192.168.0.30 operdev IN A 192.168.0.11 md IN A 192.168.0.11 imgd IN A 192.168.0.11 commdev IN A 192.168.0.11 shopdev IN A 192.168.0.11 readdev IN A 192.168.0.11 writedev IN A 192.168.0.11 openshift-cluster IN A 192.168.0.30 EOF
检查配置文件
named-checkconf /etc/named.conf named-checkzone "zhaituango.com" /var/named/zhaituango.com.zone systemctl restart named #没报错就OK,报错了,检查是否 按照上面的步骤来操作
client 配置
将dns地址添加至/etc/relove.conf文件中如
nameserver 192.168.0.30
firewall
DNS服务器添加防火墙规则,开放53端口 iptables -I INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j ACCEPT iptables -I INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT 将如下内容添加至/etc/sysconfig/iptables中,待下次防火墙后生效 -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 53 -j ACCEPT
trouble shooting
zone zhaituango.com/IN: NS 'dns.zhaituango.com.zhaituango.com' has no address records (A or AAAA) zone zhaituango.com/IN: not loaded due to errors. @ IN NS dns.zhaituango.com #少了个点 @ IN NS dns.zhaituango.com.
see also
CentOS7 DNS 服务 bind9.94 主从安装与配置
CentOS7 DNS 服务 bind9.94 可搭建主从