一、安装bind服务的两张方法。
① 挂载磁盘镜像安装(需插入光盘或提前在虚拟机上挂载镜像)
- 挂载光盘到
/mnt/cdrom
.
[root@localhost thrfur]# mkdir /mnt/cdrom
[root@localhost thrfur]# mount -t auto /dev/cdrom /mnt/cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost thrfur]#
- 首先先检查一下在该文件夹下都有哪些bind安装包:
[root@localhost thrfur]# find /mnt/cdrom/Packages -name '*bind*' //模糊搜索包含bind的文件
/mnt/cdrom/Packages/bind-pkcs11-utils-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-pkcs11-libs-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-libs-lite-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-chroot-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-dyndb-ldap-11.1-4.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-libs-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-license-9.9.4-72.el7.noarch.rpm
/mnt/cdrom/Packages/bind-pkcs11-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/bind-utils-9.9.4-72.el7.x86_64.rpm
/mnt/cdrom/Packages/cmpi-bindings-pywbem-0.9.5-6.el7.x86_64.rpm
/mnt/cdrom/Packages/keybinder3-0.3.0-1.el7.x86_64.rpm
/mnt/cdrom/Packages/rpcbind-0.2.0-47.el7.x86_64.rpm
/mnt/cdrom/Packages/samba-winbind-modules-4.8.3-4.el7.x86_64.rpm
/mnt/cdrom/Packages/samba-winbind-4.8.3-4.el7.x86_64.rpm
/mnt/cdrom/Packages/ypbind-1.37.1-9.el7.x86_64.rpm
[root@localhost Packages]#
- 安装bind服务,需要安装bind、bind-chroot、bind-utils
[root@localhost thrfur]# cd /mnt/cdrom/Packages
[root@localhost Packages]# rpm -ivh bind-9.9.4-72.el7.x86_64.rpm
// 上面的语句执行安装,会报错:缺乏依赖,如果报错,执行下面👇这条语句;如果顺利安装,则忽略下面这条语句
[root@localhost Packages]# rpm -ivh --nodeps bind-9.9.4-72.el7.x86_64.rpm
[root@localhost Packages]# rpm -ivh bind-chroot-9.9.4-72.el7.x86_64.rpm
[root@localhost Packages]# rpm -ivh bind-utils-9.9.4-72.el7.x86_64.rpm
@thrfur#231 // 上面的语句执行安装,会报错:缺乏依赖。如下所示,错误就长这样:
error: Failed dependencies:
bind-libs = 32:9.9.4-72.el7 is needed by bind-32:9.9.4-72.el7.x86_64
libbind9.so.90()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
libdns.so.100()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
libisc.so.95()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
libisccc.so.90()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
libisccfg.so.90()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
liblwres.so.90()(64bit) is needed by bind-32:9.9.4-72.el7.x86_64
- 执行完上面步骤,bind就已经安装好了,现在来检查一下:
[root@localhost thrfur]# rpm -qa | grep bind
bind-utils-9.11.4-9.P2.el7.x86_64
bind-export-libs-9.11.4-9.P2.el7.x86_64
bind-license-9.11.4-9.P2.el7.noarch
bind-chroot-9.9.4-72.el7.x86_64
rpcbind-0.2.0-48.el7.x86_64
keybinder3-0.3.0-1.el7.x86_64
bind-libs-lite-9.11.4-9.P2.el7.x86_64
bind-libs-9.11.4-9.P2.el7.x86_64
bind-9.9.4-72.el7.x86_64
bind-utils-9.9.4-72.el7.x86_64
[root@localhost Packages]#
② 使用 yum 安装。
[root@localhost thrfur]# yum -y install bind*
二、配置DNS。
[root@localhost thrfur]# cp -p /etc/named.conf /etc/named.conf.bak //备份配置文件
[root@localhost thrfur]# vim /etc/named.conf //编辑配置文件
- 修改为如下所示:
options {
listen-on port 53 { any; }; //监听任IP的53号端口
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //允许任何IP查询
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
- 此时列出
/etc
目录下的文件看看:
[root@localhost ~]# cd /etc
[root@localhost etc]# ls *named*
named.conf named.conf.bak named.iscdlv.key named.rfc1912.zones named.root.key
named:
[root@localhost etc]#
- 查看本机IP地址.
[thrfur@localhost ~]$ ifconfig
// 192.168.169.137 即本机地址
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.169.137 netmask 255.255.255.0 broadcast 192.168.169.255
inet6 fe80::3aa9:1310:bd56:a1c2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:04:ac:d2 txqueuelen 1000 (Ethernet)
RX packets 379 bytes 38420 (37.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 434 bytes 42807 (41.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 编辑
named.rfc1912.zones
文件:vim named.rfc1912.zones
.
//在底部添加下面的信息
zone "thrfur.com" IN {
type master;
file "named.thrfur.com";
allow-update {none;};
};
zone "169.168.192.in-addr.arpa" IN {
type master;
file "named.192.168.169";
allow-update { none; };
};
- 配置正向解析域.
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/named.thrfur.com
[root@localhost ~]# vim /var/named/named.thrfur.com
- 修改为如下内容:
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
www A 192.168.169.137 //新增的
=========================================
说明:www.thrfur.com 将解析为192.168.169.137
- 授权named用户.
[root@localhost ~]# chown :named /var/named/named.thrfur.com
- 编辑反向解析域.
[root@localhost ~]# cp -p /var/named/named.localhost /var/named/named.192.168.169
[root@localhost ~]# vim /var/named/named.192.168.169
- 修改为如下内容:
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
137 IN PTR www.thrfur.com.
//注意上面的www.thrfur.com后面有一个 '.' 符号
- 授权 named 用户.
[root@localhost ~]# chown :named /var/named/named.192.168.169
//正向
named-checkzone "thrfur.com" "/var/named/named.thrfur.com"
==========================================================
//输出结果示例:
[root@localhost thrfur]# named-checkzone "thrfur.com" "/var/named/named.thrfur.com"
zone thrfur.com/IN: loaded serial 0
OK
[root@localhost thrfur]#
//反向
named-checkzone "0.168.192.in-addr.arpa" "/var/named/named.192.168.169"
=====================================================================
//输出结果示例:
[root@localhost thrfur]# named-checkzone "0.168.192.in-addr.arpa" "/var/named/named.192.168.169"
zone 0.168.192.in-addr.arpa/IN: loaded serial 0
OK
[root@localhost thrfur]#
三、启动DNS服务。
[root@localhost thrfur]# systemctl start named.service // 启动服务
[root@localhost thrfur]# systemctl enable named // 设为开机启动
四、配置本地服务器为域名解析服务器。
[root@localhost thrfur]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
DNS=192.168.169.137 /*添加这行,地址是上面查询到的IP地址*/
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="a3584176-42f5-46f0-afbc-f5c9de660096"
DEVICE="ens33"
ONBOOT="yes"
五、检验DNS服务器
[thrfur@localhost ~]$ nslookup www.thrfur.com
Server: 192.168.169.137
Address: 192.168.169.137#53
Name: www.thrfur.com
Address: 192.168.169.137 /*成功解析到192.168.169.137*/
[thrfur@localhost ~]$
[thrfur@localhost ~]$ nslookup 192.168.169.137
Server: 192.168.169.137
Address: 192.168.169.137#53
137.169.168.192.in-addr.arpa name = www.thrfur.com.
[thrfur@localhost ~]$