Since thousands of second-level domain names need to be configured, the number of second-level domain name records provided by the domain registrar has an upper limit, which does not support our needs. I can only do it myself.
Just install yum install bind*.
The key point is configuration.
The first configuration file: /etc/named.conf
options {
listen-on port 53 { 本机公网IP; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders { 8.8.8.8;114.114.114.114; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The second configuration file: /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "example.cn" IN {
type master;
file "data/example.cn.zone";
allow-update { none; };
};
zone "example.in-addr.arpa" IN {
type master;
file "data/example.arpa.cn.zone";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
The third configuration file: /var/named/data/exampele.cn.zone
$TTL 1D
@ IN SOA dns1.example.cn. admin.qq.com. (
20190128
1D
1H
1W
3H )
IN NS dns1.example.cn.
dns1.example.cn. IN A 本机公网IP
test.example.cn. IN A 域名要指向的IP
ftp.example.cn. IN A 域名要指向的IP
abc.example.cn. IN A 域名要指向的IP
zhang.example.cn. IN A 域名要指向的IP
The fourth configuration file: /var/named/data/example.arpa.cn.zone
$TTL 1D
@ IN SOA dns1.example.cn. dns1.qq.com. (
20190128 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.example.cn.
A 本机公网IP
PTR test.example.cn.
PTR ftp.example.cn.
PTR abc.example.cn.
PTR zhang.example.cn.
After the configuration file is configured, use the tool to check whether the syntax of the configuration file is correct:
检查主配置文件语法:
named-checkconf /etc/named.conf
检查正向解析域的语法:
named-checkzone example.cn /etc/named/zones/example.cn.zone
检查反向解析域的语法:
named-checkzone example.in-addr.arpa /etc/named/zones/example.arpa.cn.zone
If the IP address of your DNS server is: ABCD
You also need to register another domain name, such as: newgirl.com
You need to parse an A record as: mydns.newgirl.com points to the server with IP address ABCD
Then set the DNS server of the domain name example.cn to: mydns.newgirl.com.
Finally start the service:
systemctl start named.service
That's it!