Linux6安装bind错误,CentOS 7.6环境下Bind 9的安装与配置

最新推荐文章于 2024-11-08 17:34:00 发布

一点点可爱

最新推荐文章于 2024-11-08 17:34:00 发布

阅读量4.6k

点赞数

文章标签： Linux6安装bind错误

这篇博客详细介绍了在CentOS 7.6系统上安装和配置Bind 9的过程，包括查看系统版本、安装bind及其依赖、启用和启动服务、配置主配置文件、设置DNS解析以及验证DNS服务的正向和反向解析功能。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

查看当前系统版本

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/redhat-release

CentOS Linux release 7.6.1810 (Core)

[root@iZj6cehstgjoj3qav88fidZ ~]#

查看bind软件包信息

[root@iZj6cehstgjoj3qav88fidZ ~]# yum info bind

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Available Packages

Name : bind

Arch : x86_64

Epoch : 32

Version : 9.9.4

Release : 73.el7_6

Size : 1.8 M

Repo : updates/7/x86_64

Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server

URL : http://www.isc.org/products/BIND/

License : ISC

Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS

: (Domain Name System) protocols. BIND includes a DNS server (named),

: which resolves host names to IP addresses; a resolver library

: (routines for applications to use when interfacing with DNS); and

: tools for verifying that the DNS server is operating properly.

[root@iZj6cehstgjoj3qav88fidZ ~]#

使用yum安装bind及依赖包

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind

安装清单

Installed:

bind.x86_64 32:9.9.4-73.el7_6

Dependency Installed:

audit-libs-python.x86_64 0:2.8.4-4.el7 bind-libs.x86_64 32:9.9.4-73.el7_6 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7

policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7

注册服务及启动服务

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable named

Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start named

[root@iZj6cehstgjoj3qav88fidZ ~]#

查看端口监听

查看主配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.conf

// named.conf

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

// See /usr/share/doc/bind*/sample/ for example named configuration files.

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {

listen-on port 53 { 127.0.0.1; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { localhost; };

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

查看当前主机DNS配置

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/resolv.conf

options timeout:2 attempts:3 rotate single-request-reopen

; generated by /usr/sbin/dhclient-script

nameserver 100.100.2.136

nameserver 100.100.2.138

search localdomain

[root@iZj6cehstgjoj3qav88fidZ ~]#

安装域名解析提示工具包

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind-utils

查看软件版路径及文件

[root@iZj6cehstgjoj3qav88fidZ ~]# rpm -lq bind-utils

/etc/trusted-key.key

/usr/bin/dig

/usr/bin/host

/usr/bin/nslookup

/usr/bin/nsupdate

/usr/share/man/man1/dig.1.gz

/usr/share/man/man1/host.1.gz

/usr/share/man/man1/nslookup.1.gz

/usr/share/man/man1/nsupdate.1.gz

[root@iZj6cehstgjoj3qav88fidZ ~]#

修改本机DNS为当前DNS服务器并尝试域名解析操作

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/resolv.conf

options timeout:2 attempts:3 rotate single-request-reopen

; generated by /usr/sbin/dhclient-script

#nameserver 100.100.2.136

#nameserver 100.100.2.138

nameserver 127.0.0.1

search localdomain

使用nslookup命令及ping命令检查域名递归(缓存)DNS配置生效情况

为内网主机配置正向解析和反向解析

查看默认的区域配置文件

// named.rfc1912.zones:

// Provided by Red Hat caching-nameserver package

// ISC BIND named zone configuration for zones recommended by

// RFC 1912 section 4.1 : localhost TLDs and address zones

// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt

// See /usr/share/doc/bind*/sample/ for example named configuration files.

zone "localhost.localdomain" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "named.localhost";

allow-update { none; };

};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "1.0.0.127.in-addr.arpa" IN {

type master;

file "named.loopback";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.empty";

allow-update { none; };

};

添加自定义区域配置

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones

zone "ns-zone.com" IN {

type master;

file "ns-zone.com.zone";

allow-update { none; };

};

创建自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone

$TTL 600 ; 10 minutes

@ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. (

20190001 ; serial number

10800 ; refresh time (3 hours)

900 ; retry time (15 minutes)

604800 ; expire time (1 week)

86400 ; minimum (1 day)

)

NS ns1.ns-zone.com.

$ORIGIN ns-zone.com.

$TTL 60 ; 1 minute

ns1 A 10.22.105.60

www A 10.22.105.60

修改区域配置文件属性

检查主配置文件和自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf

[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone ns-zone.com. /var/named/ns-zone.com.zone

zone ns-zone.com/IN: loaded serial 20190001

[root@iZj6cehstgjoj3qav88fidZ ~]#

重启bind服务并验证新增加的正向解析

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl restart named

[root@iZj6cehstgjoj3qav88fidZ ~]# nslookup ns1.ns-zone.com

Server: 127.0.0.1

Address: 127.0.0.1#53

Name: ns1.ns-zone.com

Address: 10.22.105.60

[root@iZj6cehstgjoj3qav88fidZ ~]# nslookup www.ns-zone.com

Server: 127.0.0.1

Address: 127.0.0.1#53

Name: www.ns-zone.com

Address: 10.22.105.60

[root@iZj6cehstgjoj3qav88fidZ ~]#

使用dig命令查看NS记录

反向解析

增加区域配置

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones

zone "105.22.10.in-addr.arpa" IN {

type master;

file "105.22.10.in-addr.arpa.zone";

allow-update { none; };

};

增加自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/105.22.10.in-addr.arpa.zone

$TTL 600 ; 10 minutes

@ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. (

20190001 ; serial number

10800 ; refresh time (3 hours)

900 ; retry time (15 minutes)

604800 ; expire time (1 week)

86400 ; minimum (1 day)

)

NS ns1.ns-zone.com.

$ORIGIN 105.22.10.in-addr.arpa.

$TTL 60 ; 1 minute

60 PTR ns1.ns-zone.com.

检查主配置文件和自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf

[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone 105.22.10.in-addr.arpa. /var/named/105.22.10.in-addr.arpa.zone

zone 105.22.10.in-addr.arpa/IN: loaded serial 20190001

[root@iZj6cehstgjoj3qav88fidZ ~]#

验证反向解析