centos上搭建dns解析服务器

使用的系统为centos6.5 64位

1.通过yum安装所需的BIND软件

yum -y install bind*

安装完成。

2.打开DNS服务的主配置文件:

vim /etc/named.conf

以下是主配置文件中的 “全局配置” ,更改标红部分

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; };   //监听地址和端口,此处改为any
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };     //允许访问本dns服务器的网段,此处改为any
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

配置区域文件,添加自己的域名,定义正向解析和反向解析信息       

vi /etc/named.rfc1912.zones

此处我以添加test.com为例

test.com.zone为正向解析配置文件,存储路径为/var/named/   

test.com.local为反向解析配置文件,存储路径为/var/named/

在末尾添加test.com.zone

 1 // named.rfc1912.zones:
 2 //
 3 // Provided by Red Hat caching-nameserver package
 4 //
 5 // ISC BIND named zone configuration for zones recommended by
 6 // RFC 1912 section 4.1 : localhost TLDs and address zones
 7 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
 8 // (c)2007 R W Franks
 9 //
10 // See /usr/share/doc/bind*/sample/ for example named configuration files.
11 //
12 
13 zone "localhost.localdomain" IN {
14         type master;
15         file "named.localhost";
16         allow-update { none; };
17 };
18 //
19 // See /usr/share/doc/bind*/sample/ for example named configuration files.
20 //
21 
22 zone "localhost.localdomain" IN {
23         type master;
24         file "named.localhost";
25         allow-update { none; };
26 };
27 // named.rfc1912.zones:
28 //
29 // Provided by Red Hat caching-nameserver package
30 //
31 // ISC BIND named zone configuration for zones recommended by
32 // RFC 1912 section 4.1 : localhost TLDs and address zones
33 // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
34 // (c)2007 R W Franks
35 //
36 // See /usr/share/doc/bind*/sample/ for example named configuration files.
37 //
38 
39 zone "localhost.localdomain" IN {
40         type master;
41         file "named.localhost";
42         allow-update { none; };
43 };
44 
45 zone "localhost" IN {
46         type master;
47         file "named.localhost";
48         allow-update { none; };
49 };
50 
51 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
52         type master;
53         file "named.loopback";
54         allow-update { none; };
55 };
56 
57 zone "1.0.0.127.in-addr.arpa" IN {
58         type master;
59         file "named.loopback";
60         allow-update { none; };
61 };
62 
63 zone "0.in-addr.arpa" IN {
64         type master;
65         file "named.empty";
66         allow-update { none; };
67 };
68 
69 zone "test.com" IN {
70         type master;
71         file "test.com.zone";
72         allow-update { none; };
73 };

进入/var/named/目录,创建正向解析配置文件和反向解析配置文件 

cp -p named.localhost test.com.zone     //正向解析文件

cp -p named.localhost test.com.local     //反向解析文件

 修改正向解析配置文件,添加解析记录。       #此处添加www和ftp两条A记录

$TTL 1D  
@       IN SOA  @ rname.invalid. (                   //rname.invalid. 此处改为test.com
                                        0       ; serial         //0改为1
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @                                              //添加记录
        A       127.0.0.1
        AAAA    ::1
$TTL 1D
@       IN SOA   test.com.  mail.test.com (    //test.com为解析的主域名 mail为邮箱
                                        1       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@   IN  NS      ns.test.com.  //域名服务器记录,和本机对应
ns  IN  A       192.168.2.32  //主机记录
www IN  A       192.168.2.31 //主机记录
ftp IN  A       192.168.2.31   //主机记录
vi /etc/hosts   //添加主机名和上一步域名服务器记录对应
127.0
.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ns.test.com 192.168.2.32

设置服务器开机自动启动dns服务

service named start
chkconfig named on

更改防火墙允许53端口

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

重启防火墙,查看信息

//重启防火墙
service iptables restart
//查看防火墙信息

[root@localhost named]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53

ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost named]#

更改客户端dns服务器地址为192.168.2.32,解析域名成功

 

 反向解析在test.com.local配置,此处只做正向解析。

 

posted @ 2019-06-26 16:43  叶东来  阅读(2966)  评论(1编辑  收藏  举报