安装 Bind 服务端

安装

# 安装
yum -y install bind bind-utils
# 开机自启
systemctl enable named
# 启动服务
systemctl start named.service

查看 named 是否正常启动

# 查看进程
ps -eaf|grep named

# 查看端口
ss -nult|grep :53

查看进程输出:

[root@centos7 lanweihong]# ps -eaf|grep named
named     5966     1  0 15:44 ?        00:00:00 /usr/sbin/named -u named -c /etc/named.conf
root      8454  6480  0 15:49 pts/0    00:00:00 grep --color=auto named

查看端口输出:

[root@centos7 lanweihong]# ss -nult|grep :53
udp    UNCONN     0      0      192.168.1.110:53                    *:*                  
udp    UNCONN     0      0         [::1]:53                 [::]:*                  
tcp    LISTEN     0      10     192.168.1.110:53                    *:*                  
tcp    LISTEN     0      10        [::1]:53                 [::]:* 

开放 TCP 和 UDP 的 53 端口

编辑文件 /etc/sysconfig/iptables,添加如下:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT

保存重启 iptables

systemctl restart iptables

配置 DNS 服务器

  1. 编辑 named 配置文件 /etc/named.conf
options {
        # 修改为 DNS 服务器IP或any
        listen-on port 53 { 192.168.1.110; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        # 修改为内网网段,只针对内网用户提供解析
        allow-query     { 192.168.1.0/24; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        # 这两处改为no,不需要安全策略
        dnssec-enable no;
        dnssec-validation no;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

可使用命令 named-checkconf 检查 named.conf 是否有错误。

配置正向解析和反向解析

  1. 修改 /etc/named.rfc1912.zones,添加以下配置:
# 正向解析
zone "lwh.com" IN {
        type master;
        file "/var/named/lwh.com.zone";
        allow-update { none; };
};

# 反向解析
zone "1.168.192.in-addr.arpa" {
        type master;
        file "/var/named/192.168.1.zone";
        allow-update { none };
};
  1. 创建对应的配置文件

创建 /var/named/lwh.com.zone

TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
        AAAA    ::1
cloud   IN  A   192.168.1.110
www     IN  A   192.168.1.110

创建 /var/named/192.168.1.zone

$TTL 1D
@   IN SOA  @ rname.invalid. (
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    NS  @
    A   127.0.0.1
    AAAA    ::1
110 IN  PTR cloud.lwh.com.
110 IN  PTR www.lwh.com.

配置说明:

配置说明
0 ; serial序号
1D ; refresh刷新时间为1天
1H ; retry重试间隔1小时
1W ; expire缓存失效时间为1周
3H ) ; minimum解析失败缓存保留时间为3小时

授予文件权限:

chmod 777 /var/named/lwh.com.zone /var/named/192.168.1.zone

重启 Bind 服务:

systemctl restart named.service

以上配置好后,www.lwh.com 或 cloud.lwh.com 就指向 192.168.1.110 了。

测试

Mac 修改网络配置:

Mac 修改网络配置

Windows 配置参考以下:

Windows 配置DNS

测试正向解析

[lanweihongdeMacBook-Pro-4:~ lanweihong$ nslookup www.llwwhh.com
Server:        192.168.1.110
Address:    192.168.1.110#53

Name:    www.llwwhh.com
Address: 192.168.1.1

测试反向解析

[lanweihongdeMacBook-Pro-4:~ lanweihong$ nslookup 192.168.1.110
Server:        192.168.1.110
Address:    192.168.1.110#53

110.1.168.192.in-addr.arpa    name = www.llwwhh.com.
110.1.168.192.in-addr.arpa    name = cloud.llwwhh.com.

参考文档

  1. CentOS-7下搭建DNS服务器
文章目录