bind自建DNS

Posted by

安装数据源和必要工具包安装配置配置自建DNS

1.安装bind服务

2.配置bind服务

3.检查bind语法并启动bind

4.配置DNS通信

安装数据源和必要工具包

1.安装epel,base源

yum install epel-release -y
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

2.安装必要工具

yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y

安装配置配置自建DNS

1.安装bind服务

[root@hdss0-11 ~]# yum install bind -y

2.配置bind服务

修改主配置文件

[root@hdss0-11 ~]# vim /etc/named.conf
.....
       listen-on port 53 { 10.0.0.11; }; //主机地址
      directory       "/var/named";
      dump-file       "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      recursing-file  "/var/named/data/named.recursing";
      secroots-file   "/var/named/data/named.secroots";
      allow-query     { any; }; //哪一些客户端能够通过自建的DNS来查询解析,any所有内网主机都可查询
      forwarders      { 10.0.0.254; };

      recursion yes; // recursion 指的是DNS采用递归的算法 yes开启

      dnssec-enable no;
      dnssec-validation no;


语法检查
[root@hdss0-11 ~]# named-checkconf

修改区域配置文件

[root@hdss0-11 ~]# vim /etc/named.rfc1912.zones
粘贴到文件末尾
zone "host.com" IN {
       type master;
      file  "host.com.zone";
      allow-update { 10.0.0.11; };
};

zone "test.com" IN {
       type master;
      file  "test.com.zone";
      allow-update { 10.0.0.11; };
};

编写host.com.zone域文件

[root@hdss0-11 ~]# cat /var/named/host.com.zone
$ORIGIN host.com.
$TTL 600 ; 10 minutes
@       IN SOA dns.host.com. dnsadmin.host.com. (
2020051801 ; serial
10800      ; refresh (3 hours)
900        ; retry (15 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS   dns.host.com.
$TTL 60 ; 1 minute
dns               A   10.0.0.11
HDSS0-11           A   10.0.0.11
HDSS0-12           A   10.0.0.12
HDSS0-21           A   10.0.0.21
HDSS0-22           A   10.0.0.22
HDSS0-200         A   10.0.0.200

编写test.com.zone域文件

[root@hdss0-11 ~]# cat /var/named/test.com.zone
$ORIGIN test.com.
$TTL 600 ; 10 minutes
@   IN SOA dns.test.com. dnsadmin.test.com. (
2020051801 ; serial
10800      ; refresh (3 hours)
900        ; retry (15 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS   dns.test.com.
$TTL 60 ; 1 minute
dns       A   10.0.0.11

3.检查bind语法并启动bind

[root@hdss0-11 ~]# named-checkconf 

[root@hdss0-11 ~]# systemctl start named
[root@hdss0-11 ~]# netstat -lntup|grep 53
tcp       0     0 10.0.0.11:53           0.0.0.0:*               LISTEN     17893/named        
tcp       0     0 127.0.0.1:953           0.0.0.0:*               LISTEN     17893/named        
tcp6       0     0 :::53                   :::*                   LISTEN     17893/named        
tcp6       0     0 ::1:953                 :::*                   LISTEN     17893/named        
udp       0     0 10.0.0.11:53           0.0.0.0:*                           17893/named        
udp6       0     0 :::53                   :::*                               17893/named        

# 验证
[root@hdss0-11 ~]# dig -t A hdss0-200.host.com @10.0.0.11 +short
10.0.0.200

4.配置DNS通信

修改主机DNS记录并验证通信

[root@hdss0-11 ~]# cat /etc/resolv.conf
nameserver 10.0.0.11
#nameserver 8.8.8.8
#nameserver 114.114.114.114


[root@hdss0-11 ~]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.12) 56(84) bytes of data.
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=1 ttl=128 time=9.67 ms
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=2 ttl=128 time=9.97 ms
64 bytes from 180.101.49.12 (180.101.49.12): icmp_seq=3 ttl=128 time=9.16 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 9.169/9.606/9.975/0.332 ms


[root@hdss0-11 ~]# ping hdss0-200.host.com
PING HDSS0-200.host.com (10.0.0.200) 56(84) bytes of data.
64 bytes from 10.0.0.200 (10.0.0.200): icmp_seq=1 ttl=64 time=0.405 ms
64 bytes from 10.0.0.200 (10.0.0.200): icmp_seq=2 ttl=64 time=0.339 ms
^C
--- HDSS0-200.host.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.339/0.372/0.405/0.033 ms

配置短域名设置

[root@hdss0-11 ~]# cat /etc/resolv.conf
search host.com   # 短域名
nameserver 10.0.0.11
#nameserver 8.8.8.8
#nameserver 114.114.114.114

# 此时无需再输入 .host.com
[root@hdss0-11 ~]# ping hdss0-200
PING HDSS0-200.host.com (10.0.0.200) 56(84) bytes of data.
64 bytes from 10.0.0.200 (10.0.0.200): icmp_seq=1 ttl=64 time=0.546 ms
64 bytes from 10.0.0.200 (10.0.0.200): icmp_seq=2 ttl=64 time=0.426 ms
^C
--- HDSS0-200.host.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.426/0.486/0.546/0.060 ms


将剩余主机的DNS记录值都修改并修改WindowsVMnet8网卡dns指向

]# cat /etc/resolv.conf
search host.com
nameserver 10.0.0.11
#nameserver 8.8.8.8
#nameserver 114.114.114.114