本次使用5台centos7的服务器 CRDL-242 A 10.1.71.242 CRDL-243 A 10.1.71.243 CRDL-244 A 10.1.71.244 CRDL-245 A 10.1.71.245 CRDL-246 A 10.1.71.246 安装操作系统,使用ntp对时 配置epel-release 源 yum install -y epel-release 关闭防火墙,selinux 安装常用软件 yum install -y wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils ntp wget yum install -y epel-release 一、在DNS242服务器上安装bind9 yum install -y bind rpm -qa bind 二、修改配置文件 vi /etc/named.conf 13 listen-on port 53 { 10.1.71.242; }; # 监听本机IP 14 listen-on-v6 port 53 { ::1; }; # 删除,不监听IPV6 20 allow-query { any; }; # 允许所有主机查看 21 forwarders { 10.1.71.254; }; # 办公网上一级的DNS 33 recursion yes; # dns采用递归的查询 35 dnssec-enable no; # 关闭,节省资源(生产可能不需要关闭) 36 dnssec-validation no; # 关闭,节省资源,不做互联网认证 三、检查文件 [root@bind-server ~]# named-checkconf [root@bind-server ~]# echo $? 0
四、配置区域文件 vi /etc/named.rfc1912.zones # 最后添加 zone "host.com" IN { type master; file "host.com.zone"; allow-update { 10.1.71.242; }; }; zone "od.com" IN { type master; file "od.com.zone"; allow-update { 10.1.71.242; }; }; 五、配置区域数据文件 vi /var/named/host.com.zone $ORIGIN host.com. $TTL 600 ; 10 minutes # 过期时间2019.12.09+01序号 @ IN SOA dns.host.com. dnsadmin.host.com. ( # 区域授权文件的开始,OSA记录,dnsadmin.host.com为邮箱 2019120901 ; serial # 安装的当天时间 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.host.com. # NS记录 $TTL 60 ; 1 minute dns A 10.1.71.242 # A记录 CRDL-242 A 10.1.71.242 CRDL-243 A 10.1.71.243 CRDL-244 A 10.1.71.244 CRDL-245 A 10.1.71.245 CRDL-246 A 10.1.71.246 [root@bind-server ~]# vi /var/named/od.com.zone $ORIGIN od.com. $TTL 600 ; 10 minutes @ IN SOA dns.od.com. dnsadmin.od.com. ( 2019120901 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.od.com. $TTL 60 ; 1 minute dns A 10.1.71.242 五、检查配置文件 [root@bind-server ~]# named-checkconf [root@bind-server ~]# echo $? 0
六、检测配置文件 [root@bind-server ~]# named-checkzone "host.com" /var/named/host.com.zone zone host.com/IN: loaded serial 2019120901 OK [root@bind-server ~]# [root@bind-server ~]# named-checkzone "od.com" /var/named/od.com.zone zone od.com/IN: loaded serial 2019120901 OK [root@bind-server ~]# 七、更改文件的属组,权限 [root@bind-server ~]# chown root:named /var/named/host.com.zone [root@bind-server ~]# chown root:named /var/named/od.com.zone [root@bind-server ~]# chmod 640 /var/named/host.com.zone [root@bind-server ~]# chmod 640 /var/named/od.com.zone 八、启动named [root@bind-server ~]# systemctl restart named [root@bind-server ~]# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@bind-server ~]# 九、查看启动端口 [root@bind-server ~]# netstat -luntp | grep 53 验证解析 [root@bind-server ~]# dig -t A CRDL-242.host.com @10.1.71.242 +short 10.1.71.242 [root@bind-server ~]# 添加短域名 [root@bind-server ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.1.71.242 search host.com 精一门技术,学一门手艺!