ielave

若批评不自由 则赞美无意义

0%

CentOS配置DNS服务器

一、DNS简介

DNS是域名系统(Domain Name System)的缩写,是因特网的一项核心服务,它能提供域名与IP地址之间对应关系的转换服务。这样我们就可以更方便地去访问互联网了,不用去记住那一串IP数字。本文档主要是说明如何把一台CentOS主机配置成一个DNS服务器,以便能提供域名解析服务。

二、安装环境

操作系统:CentOS 6.8
IP地址:10.10.10.10
测试域名:ielave.com

三、安装DNS服务

CentOS终端执行
# yum install bind

四、修改配置文件

1.修改主配置文件named.conf

# vim /etc/named.conf

将如下代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

改为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
options {
listen-on port 53 { 10.10.10.10; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

其实就是将listen-on port 53 { 127.0.0.1; };中的IP地址改为本机IP
allow-query { localhost; }; 改为allow-query { any; };

2.添加正向区域和反向区域

# vim /etc/named.rfc1912.zones

添加如下代码

1
2
3
4
5
zone "ielave.com" IN {
type master;
file "ielave.zone";
allow-update { none; };
}; # 正向区域
1
2
3
4
5
zone "10.10.10.in-addr.arpa" IN {
type master;
file "10.10.10.zone";
allow-update { none; };
}; # 反向区域

3.创建区域对应的文件添加解析记录

# cd /var/named
直接复制对应的模板并对其做修改
# cp -p named.localhost ielave.com.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
$TTL 1D
@ IN SOA @ ielave.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.10.10.10
AAAA ::1
www IN A 10.10.10.20
ftp IN A 10.10.10.30
blog IN A 10.10.10.40

# cp -p named.loopback 10.10.10.zone

1
2
3
4
5
6
7
8
9
10
11
12
13
$TTL 1D
@ IN SOA @ ielave.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 10.10.10.10
AAAA ::1
20 IN PTR www.ielave.com.
30 IN PTR ftp.ielave.com.
40 IN PTR blog.ielave.com.

五、启动DNS服务

# service named start

六、测试

使用nslook命令解析测试
正向解析

反向解析