CentOS7.9 搭建DNS服务器

一、DNS简介

1.DNS的作用

DNS（Domain Name System，域名系统），因特网上作为域名和IP地址相互映射的一个分布式数据库，能够使用户更方便的访问互联网，而不用去记住能够被机器直接读取的IP数串。通过主机名，最终得到该主机名对应的IP地址的过程叫做域名解析（或主机名解析）。
端口：udp/53(用户查询时使用的端口，以及主从服务器同步), 用户查询只需53/udp。 tcp/53(用于主从服务器之间的同步)，如果这个两个端口有一个无法访问时主从服务器无法同步。

二、配置DNS

1.环境安装

软件包：bind、bind-utils
守护进程：/usr/sbin/named

 [root@MengXin ~]# yum -y install bind
[root@MengXin ~]# yum -y install bind-utils
[root@MengXin ~]# yum -y install bind*  //这是安装所有有关bind的软件包，省事可选

2.修改全局配置文件

文件路径：/etc/named.conf，下面是我的文件内容

 //
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
 
options {
	listen-on port 53 { any; };    //指定侦听DNS查询的本机IP地址及端口
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";    //区域配置文件路径
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	secroots-file	"/var/named/data/named.secroots";
	recursing-file	"/var/named/data/named.recursing";
	allow-query     { any; };    //指定接收DNS查询请求的客户端
 
	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;
 
	dnssec-enable yes;
	dnssec-validation yes;
 
	managed-keys-directory "/var/named/dynamic";
 
	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
 
	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
	include "/etc/crypto-policies/back-ends/bind.config";
};
 
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
zone "." IN {
	type hint;
	file "named.ca";
};
 
include "/etc/named.rfc1912.zones";    //指定主配置文件
include "/etc/named.root.key";

3.修改主配置文件

路径：/etc/named.rfc1912.zones，这个根据实际情况，看你全局配置文件里设置的路径
在文件末尾追加内容

 // 正向解析
zone "immengxin.top" IN {
	type master;
	file "immengxin.top.zone";  //这个是在/var/named下对应的配置文件
	allow-update { none; };
};
// 反向解析，倒置网络号加固定后缀
zone "255.168.192.in-addr.arpa" IN {
	type master;
	file "255.168.192.zone";  //同上
	allow-update { none; };
};

4.修改区域配置文件

 [root@MengXin named]# cp -a named.localhost immengxin.top.zone    //该文件为正向模板文件
[root@MengXin named]# cp -a named.loopback 255.168.192.zone    //该文件为反向模板文件
[root@MengXin named]# chmod 777 immengxin.top.zone 
[root@MengXin named]# chmod 777 255.168.192.zone 
[root@MengXin named]# ll *.zone
-rwxrwxrwx. 1 root named 168 8月  25 2021 255.168.192.zone    //要保证配置文件的所有者为root，所属组为named，权限改成777最方便
-rwxrwxrwx. 1 root named 152 8月  25 2021 immengxin.top.zone
[root@MengXin named]#

编辑正向解析

 $TTL 1D
@	IN SOA	@ root.immengxin.top. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	immengxin.top.  //这里用什么，下面就要加什么解析
@	A	192.168.255.10
web	A	192.168.255.11
ftp	A	192.168.255.12
bbs	A	192.168.255.13

编辑反向解析，尽量与正向解析对应

 $TTL 1D
@	IN SOA	@ root.immengxin.top. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	immengxin.top.
10	PTR	immengxin.top.
11	PTR	web.immengxin.top.
12	PTR	ftp.immengxin.top.
13	PTR	bbs.immengxin.top.

4.防火墙与重启服务

 [root@MengXin named]# firewall-cmd --add-service=dns
[root@MengXin named]# firewall-cmd --reload
[root@MengXin named]# systemctl restart named

三、结果验证

修改客户机的DNS地址，指向服务器，或者在本机上修改DNS地址

 [MengXin@MengXin ~]$ nslookup
> immengxin.top
Server:		192.168.255.12
Address:	192.168.255.12#53
 
Name:	immengxin.top
Address: 192.168.255.10
> 192.168.255.10
10.255.168.192.in-addr.arpa	name = immengxin.top.
>

posted @ 2022-10-26 10:01 我不是萌新阅读(1098) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· CentOS7.9 搭建Web服务器

· CentOS7.9 搭建DHCP服务器 - DHCP中继代理

· CentOS 7.4搭建DNS服务器

· CentOS7搭建DNS服务器

· Centos 7 搭建DNS服务器

阅读排行：
· 无需6万激活码！GitHub神秘组织3小时极速复刻Manus，手把手教你使用OpenManus搭建本
· Manus爆火，是硬核还是营销？
· 终于写完轮子一部分：tcp代理了，记录一下
· 别再用vector＜bool＞了！Google高级工程师：这可能是STL最大的设计失误
· 单元测试从入门到精通

公告

昵称：我不是萌新
园龄： 2年5个月
粉丝： 13
关注： 0

+加关注

2025年3月

日

一

二

三

四

五

六

CentOS7.9 搭建DNS服务器

一、DNS简介

1.DNS的作用

二、配置DNS

1.环境安装

2.修改全局配置文件

3.修改主配置文件

4.修改区域配置文件

4.防火墙与重启服务

三、结果验证

公告

搜索

常用链接

随笔分类

随笔档案

阅读排行榜

评论排行榜

推荐排行榜

最新评论

	[root@MengXin ~]# yum -y install bind
	[root@MengXin ~]# yum -y install bind-utils
	[root@MengXin ~]# yum -y install bind* //这是安装所有有关bind的软件包，省事可选

	//
	// named.conf
	//
	// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
	// server as a caching only nameserver (as a localhost DNS resolver only).
	//
	// See /usr/share/doc/bind*/sample/ for example named configuration files.
	//

	options {
	listen-on port 53 { any; }; //指定侦听DNS查询的本机IP地址及端口
	listen-on-v6 port 53 { ::1; };
	directory "/var/named"; //区域配置文件路径
	dump-file "/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	secroots-file "/var/named/data/named.secroots";
	recursing-file "/var/named/data/named.recursing";
	allow-query { any; }; //指定接收DNS查询请求的客户端

	/*
	- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	- If you are building a RECURSIVE (caching) DNS server, you need to enable
	recursion.
	- If your recursive DNS server has a public IP address, you MUST enable access
	control to limit queries to your legitimate users. Failing to do so will
	cause your server to become part of large scale DNS amplification
	attacks. Implementing BCP38 within your network would greatly
	reduce such attack surface
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";

	/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
	include "/etc/crypto-policies/back-ends/bind.config";
	};

	logging {
	channel default_debug {
	file "data/named.run";
	severity dynamic;
	};
	};

	zone "." IN {
	type hint;
	file "named.ca";
	};

	include "/etc/named.rfc1912.zones"; //指定主配置文件
	include "/etc/named.root.key";

	// 正向解析
	zone "immengxin.top" IN {
	type master;
	file "immengxin.top.zone"; //这个是在/var/named下对应的配置文件
	allow-update { none; };
	};
	// 反向解析，倒置网络号加固定后缀
	zone "255.168.192.in-addr.arpa" IN {
	type master;
	file "255.168.192.zone"; //同上
	allow-update { none; };
	};

	[root@MengXin named]# cp -a named.localhost immengxin.top.zone //该文件为正向模板文件
	[root@MengXin named]# cp -a named.loopback 255.168.192.zone //该文件为反向模板文件
	[root@MengXin named]# chmod 777 immengxin.top.zone
	[root@MengXin named]# chmod 777 255.168.192.zone
	[root@MengXin named]# ll *.zone
	-rwxrwxrwx. 1 root named 168 8月 25 2021 255.168.192.zone //要保证配置文件的所有者为root，所属组为named，权限改成777最方便
	-rwxrwxrwx. 1 root named 152 8月 25 2021 immengxin.top.zone
	[root@MengXin named]#

	$TTL 1D
	@ IN SOA @ root.immengxin.top. (
	0 ; serial
	1D ; refresh
	1H ; retry
	1W ; expire
	3H ) ; minimum
	NS immengxin.top. //这里用什么，下面就要加什么解析
	@ A 192.168.255.10
	web A 192.168.255.11
	ftp A 192.168.255.12
	bbs A 192.168.255.13

	[root@MengXin named]# firewall-cmd --add-service=dns
	[root@MengXin named]# firewall-cmd --reload
	[root@MengXin named]# systemctl restart named

	[MengXin@MengXin ~]$ nslookup
	> immengxin.top
	Server: 192.168.255.12
	Address: 192.168.255.12#53

	Name: immengxin.top
	Address: 192.168.255.10
	> 192.168.255.10
	10.255.168.192.in-addr.arpa name = immengxin.top.
	>