dns

linux下的DNS,bind的安装和配置

配置环境

在Linux下配置DNS服务器，主要用到bind

环境清单：

条目	描述	变量名
操作系统	CentOS 7 64位
链接路径	/apps	APP_DIR
安装路径	/apps/Prefix	PREFIX_DIR
源码放置路径	/apps/SourceCode	SOURCECODE_DIR

安装一系列程序包

yum install bind bind-utils bind-chroot

编辑配置文件

可以直接复制粘贴，

有的地方加了注释，可以参考一下，自己改，

/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	//listen-on port 53 { 127.0.0.1; };
	//listen-on-v6 port 53 { ::1; };
	//把前面两行注释了，改一下，像下面那句，那就可以用任意地址访问dns服务，
	//如果是静态IP，也可以把any改成DNS服务器的地址，
	listen-on port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	//allow-query     { localhost; };
	//把这个也改成any，不然就只有服务器自己能用自己做dns
	allow-query     { any; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

//下面是区域配置示例
zone "example.area." IN {	//正向查找区域
	type master;
	file "example.area.zone";	//指定区域配置文件名，文件应在/var/named/下，也就是前面options里面的directory指定的目录下
};

zone "0.168.192.in-addr.arpa" IN {	//反向查找区域
	type master;
	file "example.area.zone";//同上
};
//这样就有了一个example.area区域，

/var/named/example.area.zone

创建这个文件然后编辑，或者直接vim编辑保存

在这个文件中，;符号后的内容是注释

以下内容可直接复制，或按需修改

$TTL 1D
@	IN SOA	dns.example.area. pc.example.area. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
		NS		dns
        IN      A       192.168.0.1     ;IPv4主机记录: example.area
        IN      AAAA    ::1             ;IPv6主机记录: example.area
dns     IN      A       192.168.0.1     ;IPv4主机记录: dns.example.area
pc      IN      A       192.168.0.1

cname   IN      CNAME   pc              ;别名记录: cname.example.area  ==>  pc.example.area

1		IN		PTR		pc.example.area	;指针记录: 192.168.0.1 --> pc.example.area

启动服务

相关命令

#启动dns服务
systemctl start named

#重启dns服务
systemctl restart named

#停止dns服务
systemctl stop named

#如果修改了区域配置，比如添加或者减少了什么记录或修改了named.conf之后，要记得重载，使修改生效
#重载服务
rndc reload

)