centos快速安装bind dns解析工具
检查53端口占用
[root@nginx ~]# netstat -nlp |grep 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 28799/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 28799/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 28799/dnsmasq
udp6 0 0 :::53 :::* 28799/dnsmasq
停掉其他dns工具:
service dnsmasq stop
chkconfig dnsmasq off
netstat -nlp |grep 53
安装配置
yum install
yum info bind
yum install -y bind-utils bind bind-devel bind-libs
配置主配置文件:/etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders { 114.114.114;8.8.8.8; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
其实修改之处只有三行:
...
listen-on port 53 { any; }; #改成any
allow-query { any; }; #改成any
forwarders { 114.114.114;8.8.8.8; }; #上游dns
追加域名解析入口配置:/etc/named.rfc1912.zones
...
zone "test.com" IN {
type master;
file "test.com.zone"; # 配置文件为/var/named/test.com.zone
};
测试域名单独解析文件:
cd /var/named/
cp named.localhost test.com.zone
chown named.named test.com.zone
vim test.com.zone
修改配置/var/named/test.com.zone
:
$TTL 1D ;TTL 修改配置生效时间,默认为一天
@ IN SOA @ rname.invalid. (
; serial,配置编号,每次改完配置 +1,这样从服务器就知道更新配置
1D ; refresh,从服务器刷新时间,默认一天刷新一次
1H ; retry,如果刷新失败,默认1小时重试一次
1W ; expire,缓存过期时间,一周
3H ) ; minimum
NS @
A 127.0.0.1
AAAA ::1
git IN A 172.16.0.2
hub IN A 172.16.0.13
mvn IN A 172.16.0.2
bug IN A 172.16.0.2
disk IN A 172.16.0.2
ci IN A 172.16.0.4
检查配置 启动
检查配置
named-checkconf /etc/named.conf
named-checkzone test.com /var/named/test.com.zone
启动服务测试:
systemctl restart named
systemctl enable named
测试下:
[root@nginx named]# dig git.test.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> git.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37775
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;git.test.com. IN A
;; ANSWER SECTION:
git.test.com. 86400 IN A 172.16.0.2
;; AUTHORITY SECTION:
test.com. 86400 IN NS test.com.
;; ADDITIONAL SECTION:
test.com. 86400 IN A 127.0.0.1
test.com. 86400 IN AAAA ::1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 16 16:00:01 CST 2020
;; MSG SIZE rcvd: 116