Disclaimer: This article is a blogger original article, support the original, reproduced, please attach the original source link and this statement.
This paper addresses the link: https://www.cnblogs.com/wannengachao/p/11954625.html
1.安装bind、bind-utils、bind-libs、bind-chroot
yum install bind bind-utils bind-libs bind-chroot
release:
bind: the domain name server provides the main proceedings and related documents
bind-chroot: BIND service provides a camouflage root directory, / var / named / chroot folder as the root of BIND, to improve security, but also a mechanism to prison (jail)
bind-utils: provides DNS server testing tools such as nslookup, etc.
bind-libs: providing a bind, bind-utls library functions require the use of
2. Modify the main configuration file:
cp /etc/named.conf /etc/named.conf.bak
vi /etc/named.conf # modify the position of the two arrows in FIG.
listen-on: the interface and port (server here to answer questions from a) can be used to set the listen-on option. listen-on port and the optional use of an address match list
. "" Here write domain
type DNS primary server to write master, slave write from the server
file: Write to the data file name
The text of the modifications:
cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; }; #代表任何IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "wanneng.cn" IN { #正向解析
type master;
file "wanneng.cn.zone";
};
Zone "1.79.119.in-addr.arpa" the IN { # reverse analysis, the IP anti write, write only three positive sequence
type Master;
File "wanneng.cn.arpa";
};
#include "/etc/named.rfc1912.zones"; # can choose to comment out
#include "/etc/named.root.key";
3. After modification can check the syntax, executing the echo is not grammatically correct:
named-checkconf
4. Modify the zone data files:
Role zone file: used to store the address of a DNS zone resolution records (forward, reverse record)
Pseudo root directory:
4.1 cp /var/named/named.localhost /var/named/wanneng.cn.zone # name of the file to be written to the named.conf has been here before modifications being analytical data files
4.2 modify the contents of the file forward resolution:
serial: No.
refresh: update interval
retry: Update time between failure to try again
expire: If have failed, gave up after trying one week
minimum: Failed to resolve recording buffer time
The revised document being analytical content:
You can write multiple IP and domain name, such as: * The number here is pan-domain (any domain)
4.3 modify reverse DNS configuration file:
After the content: (142 to 142 end IP 119.79.1.142)
Similarly reverse domain can also be written multiple domains and Ip
5. Modify /etc/resolv.conf # not have to configure
Add the following:
domain name search wanneng.cn #
nameserver 199.79.1.142 #DNS IP Services
6. Check the pros and cons to parse the data file syntax:
7. Start
systemctl start named
8. Test:
The machine test: nslookup $ domain name or IP or domain name or IP dig $
Client Test:
Configured with Step 5
Add the ip address of the DNS service in a network card, network card and restart: vi / etc / sysconfig / network-scripts / ifcfg-ens32
systemctl restart network
Whether nslooup or dig test can be resolved properly