CentOS简单配置DNS服务器

2020-11-16

一、DNS简介

DNS是域名系统（Domain Name System）的缩写，是因特网的一项核心服务，它能提供域名与IP地址之间对应关系的转换服务。这样我们就可以更方便地去访问互联网了，不用去记住那一串IP数字。本文档主要是说明如何把一台CentOS主机配置成一个DNS服务器，以便能提供域名解析服务。

二、安装环境

操作系统：CentOS 6.8 IP地址：10.10.10.10 测试域名：ielave.com

三、安装DNS服务

CentOS终端执行 # yum install bind

四、修改配置文件

1.修改主配置文件named.conf

# vim /etc/named.conf

将如下代码

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

改为

options {
        listen-on port 53 { 10.10.10.10; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

其实就是将listen-on port 53 { 127.0.0.1; };中的IP地址改为本机IP 将allow-query { localhost; }; 改为allow-query { any; };

2.添加正向区域和反向区域

# vim /etc/named.rfc1912.zones

添加如下代码

zone "ielave.com" IN {
	type master;
	file "ielave.zone";
	allow-update { none; };
}; # 正向区域

zone "10.10.10.in-addr.arpa" IN {
	type master;
	file "10.10.10.zone";
	allow-update { none; };
}; # 反向区域

3.创建区域对应的文件添加解析记录

# cd /var/named 直接复制对应的模板并对其做修改 # cp -p named.localhost ielave.com.zone

$TTL 1D
@	IN SOA	@ ielave.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
		NS		@
		A		10.10.10.10
		AAAA	::1
www		IN	A	10.10.10.20
ftp		IN	A	10.10.10.30
blog	IN	A	10.10.10.40

# cp -p named.loopback 10.10.10.zone

$TTL 1D
@	IN SOA	@ ielave.com. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
		NS		@
		A		10.10.10.10
		AAAA	::1
20		IN	PTR	www.ielave.com.
30		IN	PTR	ftp.ielave.com.
40		IN	PTR	blog.ielave.com.

五、启动DNS服务

# service named start

六、测试

使用nslook命令解析测试