CentOS 7 安装 bind 服务 实现内网DNS

安装

废话不多说,直接安装

yum install -y bind bind-utils

配置

[root@jenkins named]# rpm -ql bind
/etc/logrotate.d/named
/etc/named                      # 命令
/etc/named.conf                 # 主配置文件
/etc/named.iscdlv.key   
/etc/named.rfc1912.zones        # 辅助配置文件
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/var/named

修改配置:

[root@jenkins named]# vim /etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.122; };# 监听本机IP的53端口
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;any; }; # 这里代表只解析本机,加上any后都可以解析
        allow-transfer { 10.10.10.0/24; };    
        # 配置里默认没有这一项配置,只允许的slave主机做数据传送
        # 从服务器配置如下:allow-transfer { none; }; #从服务器不需要做传输
        recursion yes;
 
        dnssec-enable no;    # 安全设置关闭
        dnssec-validation no;    # 安全设置关闭

修改后保存退出

然后编辑 /etc/named.rfc1912.zones 文件

在文件的最后加入下面内容:

# 增加一个a.com域名的解析,具体解析规则在/var/named/k8s.com.zone里
zone "k8s.com" IN {
        type master;
        file"k8s.com.zone";
};

然后创建 /var/named/k8s.com.zone 文件,吸入内容

[root@jenkins named]# cat /var/named/k8s.com.zone 
$TTL 1D
@	IN SOA	@ k8s.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	IN	NS	@
	IN	A	127.0.0.1
	IN	AAAA	::1
node01	IN	A	192.168.1.91

下面一步很重要,把刚刚创建的 k8s.com.zone 文件授权

如果不做下面这一步,bind启动后没有权限读取此文件,则不会解析

[root@jenkins named]# chown named.named k8s.com.zone

服务管理

具体调试如下

# 启动服务
[root@jenkins ~]# systemctl start named

# 开机自启
[root@jenkins ~]# systemctl enable named

# 停止服务
[root@jenkins ~]# systemctl stop named

修改解析后重载解析文件
[root@jenkins ~]# rndc reload

测试

[root@jenkins ~]# dig node01.k8s.com @192.168.1.122

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> node01.k8s.com @192.168.1.122
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;node01.k8s.com.			IN	A

;; ANSWER SECTION:
node01.k8s.com.		86400	IN	A	192.168.1.91            # 解析成功

;; AUTHORITY SECTION:
k8s.com.		86400	IN	NS	k8s.com.

;; ADDITIONAL SECTION:
k8s.com.		86400	IN	A	127.0.0.1
k8s.com.		86400	IN	AAAA	::1

;; Query time: 2 msec
;; SERVER: 192.168.1.122#53(192.168.1.122)
;; WHEN: Wed Nov 06 18:02:33 CST 2019
;; MSG SIZE  rcvd: 117
posted @ 2019-11-06 18:03  司家勇  阅读(2235)  评论(0编辑  收藏  举报