这篇“在Linux下怎么搭建DNS服务器”文章的知识点大部分人都不太理解,所以小编给大家总结了以下内容,内容详细,步骤清晰,具有一定的借鉴价值,希望大家阅读完这篇文章能有所收获,下面我们一起来看看这篇“在Linux下怎么搭建DNS服务器”文章吧。
操作系统:CentOS 7
IP地址:10.27.106.201
测试域名:aec.testuc.com
作用:主要提供解析aec.testuc.com域名的服务
yum -y install bind
vim /etc/named.conf
主要修改以下两个地方
listen-on port 53 { any; };
allow-query { any; };//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
# listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
# allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";vim /etc/named.rfc1912.zones
末尾添加如下配置:
zone "aec.starnetuc.com" IN { #正向解析为"aec.starnetuc.com"
type master; #类型:主缓存为master
file "aec.starnetuc.com.zone"; #指定区域数据文件为aec.starnetuc.com.zone
allow-update { none; };
};拷贝其他区域数据文件,保留源文件的权限和属主的属性复制
cp -a /var/named/named.localhost /var/named/aec.starnetuc.com.zone
修改该文件,结果如下:
$TTL 1D #有效解析记录的生成周期 @ IN SOA aec.starnetuc.com. root.aec.starnetuc.com. ( #@表示当前的DNS区域名表示这个域名 #SOA表示授权信息开启 # 后面表示邮件地址因为@有特殊含义 所以使用.代替 0 ; serial #更新序列号,可以是10以内的整数 1D ; refresh #刷新时间,重新下载地址数据的间隔 1H ; retry #重试延迟,下载失败后的重试延迟 1W ; expire #失效时间,超过该时间仍无法下载则放弃 3H ) ; minimum #无效解析记录的生存周期 IN NS aec.starnetuc.com. #记录当前区域DNS服务器的名称 IN MX 10 aec.starnetuc.com. #MX为邮件服务器 10表示优先级 数字越大优先级越低 IN A 10.27.106.214 #记录正向解析域名对应的IP,即将域名与IP绑捆
检查配置是否正确
named-checkconf -z /etc/named.conf
仅检查语法不检查逻辑关系。当显示的全为0时表示没有语法错误
zone localhost.localdomain/IN: loaded serial 0 zone localhost/IN: loaded serial 0 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 zone 0.in-addr.arpa/IN: loaded serial 0 zone aec.starnetuc.com/IN: loaded serial 0
启动前,检查防火墙、SELINUX安全模式是否是关闭或允许状态
启动
systemctl start named systemctl enable named
查看53号监听端口是否开启
将测试系统的DNS改为10.27.106.201,然后去
ping aec.starnetuc.com PING aec.starnetuc.com (10.27.106.214) 56(84) bytes of data. 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=1 ttl=64 time=1024 ms 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=2 ttl=64 time=4.31 ms 64 bytes from 10.27.106.214 (10.27.106.214): icmp_seq=3 ttl=64 time=5.53 ms
表明配置成功。
以上就是关于“在Linux下怎么搭建DNS服务器”这篇文章的内容,相信大家都有了一定的了解,希望小编分享的内容对大家有帮助,若想了解更多相关的知识内容,请关注亿速云行业资讯频道。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
