Linux: DNS service (bind)

Table of contents

 environment

Configuration environment of master server and slave server

main server

         from the server

 Master DNS configuration file

dns slave server configuration

---

 environment

If you only need the main dns server, then you only need to pick the main dns server configuration to see

I use 4 virtual machines here, you can also adjust according to your computer performance without using so many

They must be on the same network segment, mine are all on the 192.168.254.0/24 network segment

1——Windows server 2016 web server ip is: 192.168.254.4

2——Windows10 accesses the website through the domain name, the ip is: 192.168.254.3

3——Linux centos 7 from the DNS server ip: 192.168.254.2

4——Linux centos 7 main DNS server ip is: 192.168.254.1

---

Configuration environment of master server and slave server

main server

Turn off firewall and selinux

systemctl stop firewalld

setenforce 0

modify hostname

hostnamectl set-hostname dns1.tarro.com

# hostnamectl set-hostname The host name you want to modify

# This is dns1.tarro.com

# From the server I named him dns2.tarro.com

Modify the local dns configuration file

vi /etc/resolv.conf

to write

nameserver 192.168.254.1
nameserver 192.168.254.2

# The ip of the master dns server and the slave server

 

Modify the hosts file and add the following content

 vim /etc/hosts

192.168.254.1 dns1.tarro.com ns1
192.168.254.2 dns2.tarro.com ns2

Yum installs the bind software (the offline yum library I use here)

Linux: rpm query installation && yum installation_Bao Haichao-GNUBHCkalitarro's Blog-CSDN Blog

yum -y install bind*

from the server

Turn off firewall and selinux

systemctl stop firewalld

setenforce 0

modify hostname

hostnamectl set-hostname dns2.tarro.com 

Modify the local dns configuration file

vi /etc/resolv.conf

to write

nameserver 192.168.254.1
nameserver 192.168.254.2

# The ip of the master dns server and the slave server

 Modify the hosts file and add the following content

 vim /etc/hosts

192.168.254.1 dns1.tarro.com ns1
192.168.254.2 dns2.tarro.com ns2

yum install bind 

yum -y install bind* 

---

 Master DNS configuration file

vim /etc/named.conf

listen-on port 53 { local ip; };

allow-query { that ip or network segment can be copied; };

zone "tarro.com" IN {
        type master;
        file "tarro.com.zone";
        allow-transfer {192.168.254.2;};

};

zone "254.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.254.arpa";
        allow-transfer {192.168.254.2;};

};

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
	listen-on port 53 { 192.168.254.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { 192.168.254.0/24; };

	/* 
	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
	   recursion. 
	 - If your recursive DNS server has a public IP address, you MUST enable access 
	   control to limit queries to your legitimate users. Failing to do so will
	   cause your server to become part of large scale DNS amplification 
	   attacks. Implementing BCP38 within your network would greatly
	   reduce such attack surface 
	*/
	recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.root.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "tarro.com" IN {
        type master;
        file "tarro.com.zone";
        allow-transfer {192.168.254.2;};

};

zone "254.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.254.arpa";
        allow-transfer {192.168.254.2;};

};




include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Configure the forward file 

vim /var/named/tarro.com.zone

$TTL    86400
@               IN SOA  tarro.com.      root.tarro.com. (
        2014032900
        3H
        15M
        1W
        1D )
@       IN      NS      dns1.tarro.com.
        IN      NS      dns2.tarro.com.
ns1     IN      A       192.168.254.1
ns2     IN      A       192.168.254.2
www     IN      A       192.168.254.4
*       IN      A       192.168.254.4

Configure the reverse file

vim /var/named/192.168.254.arpa

$TTL    86400
@               IN SOA  tarro.com.      root.tarro.com. (
        2014032900
        3H
        15M
        1W
        1D )
        IN      NS      dns1.tarro.com.
        IN      NS      dns2.tarro.com.
1       IN      NS      dns1.tarro.com.
2       IN      NS      dns2.tarro.com.
4       IN      NS      www.tarro.com.

file detection 

 named-checkconf -z

chown :named tarro.com.zone 

chown :named 192.168.254.arpa

 no problem

You can start the service systemctl start named

---

dns slave server configuration

vim /etc/named.conf

 Then start the service and it will be synchronized

cd /var/named/slaves/

View the files from the synchronization configuration inside