linux下安装dns域名解析服务器

于 2020-11-28 01:34:04 发布
阅读量703 收藏
点赞数 5
分类专栏: 玩转Linux日记 文章标签: linux dns服务器 bind
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/qq_45417634/article/details/110253286
版权

linux下安装dns域名解析服务器

系统:Red Hat Enterprise Linux 8.2

1、基本安装

[root@localhost /]# dnf install bind-chroot bind bind-utils bind-libs bind-devel  -y

2、拷贝sample文件

[root@localhost /]# cp -rf /usr/share/doc/bind/sample/* /var/named/chroot

3、创建相关文件

[root@localhost etc]# mkdir /var/named/chroot/var/named/data
[root@localhost etc]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@localhost etc]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@localhost etc]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@localhost etc]# touch /var/named/chroot/var/named/data/named.run
[root@localhost etc]# mkdir /var/named/chroot/var/named/dynamic
[root@localhost etc]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

4、相关文件权限

[root@localhost etc]# chmod -R 777 /var/named/chroot/var/named/data
[root@localhost etc]# chmod -R 777 /var/named/chroot/var/named/dynamic

5、修改主配置文件

[root@localhost etc]# vim /var/named/chroot/etc/named.conf 

options
{
        directory               "/var/named";           // "Working" directory
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        secroots-file           "data/named.secroots";
        recursing-file          "data/named.recursing";
        listen-on port 53       { any; };

        listen-on-v6 port 53    { ::1; };

  
        allow-query             { any; };
        allow-query-cache       { localhost; };
        recursion yes;

        dnssec-enable yes;

        dnssec-validation yes;

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        managed-keys-directory "/var/named/dynamic";

    include "/etc/crypto-policies/back-ends/bind.config";
};

zone "mufeng.com" IN {
        type master;
        file "mufeng.com";
};

zone "35.35.192.in-addr.arpa"{
        type master;
        file "192.arpa.zone";
};

6、修改区域配置文件

[root@localhost named]# pwd
/var/named/chroot/var/named
[root@localhost named]# cp named.localhost mufeng.com
[root@localhost named]# vim mufeng.com 

$TTL 1D
@       IN SOA  mufeng.com. admin.mufeng.com. (
                                        2020    ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      ns.mufeng.com.
        IN      A       192.35.35.1
ns      IN      A       192.35.35.1
www     IN      A       192.35.35.1

[root@localhost named]# cp mufeng.com 192.arpa.zone
[root@localhost named]# vim 192.arpa.zone 

$TTL 1D
@       IN SOA  mufeng.com. admin.mufeng.com. (
                                        2020    ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      ns.mufeng.com.
1       IN      PTR     ns.mufeng.com.
1       IN      PTR     www.mufeng.com.

[root@localhost named]# pwd
/var/named/chroot/var/named

7、防火墙以及selinux配置

[root@localhost named]# firewall-cmd  --add-port=53/tcp --permanent 
success

[root@localhost named]# firewall-cmd  --add-service=dns  --permanent 
success

[root@localhost named]# firewall-cmd  --reload 
success

[root@localhost named]# getsebool -a | grep named
named_tcp_bind_http_port --> off
named_write_master_zones --> on

[root@localhost named]# setsebool named_tcp_bind_http_port on

[root@localhost named]# getsebool -a | grep named
named_tcp_bind_http_port --> on
named_write_master_zones --> on

8、开机自动启动bind-chroot

[root@localhost named]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@localhost named]# systemctl disable named
[root@localhost named]# systemctl start named-chroot
[root@localhost named]# systemctl enable named-chroot
Created symlink /etc/systemd/system/multi-user.target.wants/named-chroot.service → /usr/lib/systemd/system/named-chroot.service.

9、验证dns服务器是否安装成功

9.1 开启bind-chroot服务

[root@localhost named]# systemctl start named-chroot

9.2 修改域名解析文件

[root@localhost named]# vim /etc/resolv.conf 

# Generated by NetworkManager
search localdomain
nameserver 192.35.35.1

9.3 验证是否配置成功

[root@localhost named]# nslookup www.mufeng.com
Server:		192.35.35.1
Address:	192.35.35.1#53

Name:	www.mufeng.com
Address: 192.35.35.1

[root@localhost named]# nslookup 192.35.35.1
1.35.35.192.in-addr.arpa	name = www.mufeng.com.
1.35.35.192.in-addr.arpa	name = ns.mufeng.com.

注:构建服务所需的包可在server_source_2020.iso 请自行下载,您也可以在所需安装包官网下载
本地源配置、防火墙、selinux等是linux较为基础的内容,不再赘述。
本文均为原创,如需与博主交流可email至mufeng.yu@qq.com

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值