centos7安装bind(DNS服务)
环境介绍
公网IP:149.129.92.239
内网IP:172.17.56.249
系统:CentOS 7.4
一、安装
1 | yum install bind bind-utils -y |
二、修改bind配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | vim /etc/named.conf options { listen-on port 53 { any; }; #监听任何ip对53端口的请求 listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; #接收任何来源查询dns记录 /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};#增加一个a.com域名的解析,具体解析规则在/var/named/a.com.zone里zone "a.com" IN { type master; file "a.com.zone";};#增加一个反向解析,即根据ip查域名(不需要的话可以不设置)zone "56.17.172.in-addr.arpa" IN { type master; file "172.17.56.zone";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key"; |
三、配置解析文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | [root@izj6c1w3z30pendgik4p4vz ~]# cat /var/named/a.com.zone $TTL 1D@ IN SOA @ root.a.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 172.17.56.249 ;a.com的ip为172.17.56.249www A 172.17.56.249 ;www.a.com的ip解析为172.17.56.249 @ MX 10 mx.a.com. ;a.com的mx记录为mx.a.com AAAA ::1 [root@izj6c1w3z30pendgik4p4vz ~]# cat /var/named/172.17.56.zone $TTL 86400@ IN SOA localhost a.com. ( 2014031101 2H 10M 7D 1D ) IN NS localhost.249 IN PTR a.com ;172.17.56.249查询后得到的域名是a.com249 IN PTR www.a.com. ;172.17.56.249查询后得到的域名是www.a.com |
四、启动bind
1 | systemctl start named |
五、测试
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | 1、修改dns配置/etc/resolv.conf[root@izj6c1w3z30pendgik4p4vz ~]# cat /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopennameserver 172.17.56.2492、解析测试[root@izj6c1w3z30pendgik4p4vz ~]# ping a.com -c 2PING a.com (172.17.56.249) 56(84) bytes of data.64 bytes from a.com.56.17.172.in-addr.arpa (172.17.56.249): icmp_seq=1 ttl=64 time=0.016 ms64 bytes from a.com.56.17.172.in-addr.arpa (172.17.56.249): icmp_seq=2 ttl=64 time=0.048 ms--- a.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1000msrtt min/avg/max/mdev = 0.016/0.032/0.048/0.016 ms[root@izj6c1w3z30pendgik4p4vz ~]# ping www.a.com -c 2PING www.a.com (172.17.56.249) 56(84) bytes of data.64 bytes from www.a.com (172.17.56.249): icmp_seq=1 ttl=64 time=0.019 ms64 bytes from www.a.com (172.17.56.249): icmp_seq=2 ttl=64 time=0.052 ms--- www.a.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.019/0.035/0.052/0.017 ms[root@izj6c1w3z30pendgik4p4vz ~]# nslookup a.comServer: 172.17.56.249Address: 172.17.56.249#53Name: a.comAddress: 172.17.56.249[root@izj6c1w3z30pendgik4p4vz ~]# dig www.a.com; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> www.a.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56816;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;www.a.com. IN A;; ANSWER SECTION:www.a.com. 86400 IN A 172.17.56.249;; AUTHORITY SECTION:a.com. 86400 IN NS a.com.;; ADDITIONAL SECTION:a.com. 86400 IN A 172.17.56.249a.com. 86400 IN AAAA ::1;; Query time: 0 msec;; SERVER: 172.17.56.249#53(172.17.56.249);; WHEN: Wed Jun 05 09:58:34 CST 2019;; MSG SIZE rcvd: 112 |
六、公网使用与测试
1、修改之前的文件与启动
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | [root@izj6c1w3z30pendgik4p4vz ~]# cat /etc/named.conf#增加一个反向解析,即根据ip查域名(不需要的话可以不设置)zone "92.129.149.in-addr.arpa" IN { type master; file "149.129.92.zone";};[root@izj6c1w3z30pendgik4p4vz ~]# cat /var/named/149.129.92.zone $TTL 86400@ IN SOA localhost a.com. ( 2014031101 2H 10M 7D 1D ) IN NS localhost.239 IN PTR a.com ;149.129.92.239查询后得到的域名是a.com239 IN PTR www.a.com. ;149.129.92.239查询后得到的域名是www.a.com[root@izj6c1w3z30pendgik4p4vz ~]# cat /var/named/a.com.zone$TTL 1D@ IN SOA @ root.a.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 149.129.92.239 www A 149.129.92.239 @ MX 10 mx.a.com. ;a.com的mx记录为mx.a.com AAAA ::1#重启bindsystemctl restart named |
2、防火墙开防53的udp端口对外
3、电脑或服务器更改dns
4、测试
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律