由于要配置上千条二级域名,域名注册商提供的二级域名记录条数有上限,不支持我们的需求。只能自己干了。
安装就 yum install bind* 即可。
关键的地方是配置。
第一个配置文件:/etc/named.conf
options {
listen-on port 53 { 本机公网IP; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 8.8.8.8;114.114.114.114; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";第二个配置文件:/etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "example.cn" IN {
type master;
file "data/example.cn.zone";
allow-update { none; };
};
zone "example.in-addr.arpa" IN {
type master;
file "data/example.arpa.cn.zone";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};第三个配置文件:/var/named/data/exampele.cn.zone
$TTL 1D
@ IN SOA dns1.example.cn. admin.qq.com. (
20190128
1D
1H
1W
3H )
IN NS dns1.example.cn.
dns1.example.cn. IN A 本机公网IP
test.example.cn. IN A 域名要指向的IP
ftp.example.cn. IN A 域名要指向的IP
abc.example.cn. IN A 域名要指向的IP
zhang.example.cn. IN A 域名要指向的IP第四个配置文件:/var/named/data/example.arpa.cn.zone
$TTL 1D
@ IN SOA dns1.example.cn. dns1.qq.com. (
20190128 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.example.cn.
A 本机公网IP
PTR test.example.cn.
PTR ftp.example.cn.
PTR abc.example.cn.
PTR zhang.example.cn.配置文件配置好之后, 用工具检查一下配置文件的语法是否正确:
检查主配置文件语法:
named-checkconf /etc/named.conf
检查正向解析域的语法:
named-checkzone example.cn /etc/named/zones/example.cn.zone
检查反向解析域的语法:
named-checkzone example.in-addr.arpa /etc/named/zones/example.arpa.cn.zone假如你的DNS服务器的IP地址为 :A.B.C.D
你还需要另外在注册一个域名, 比如:newgirl.com
你需要解析一个A记录为: mydns.newgirl.com 指向IP地址为 A.B.C.D 的服务器
然后把域名 example.cn 的DNS服务器设置为 : mydns.newgirl.com 即可。
最后启动服务:
systemctl start named.service
大功告成!