欢迎加入王导的VIP学习qq群:==>932194668<==
安装部署BIND9
操作系统版本和内核版本
1 | #cat /etc/redhat-release |
使用yum安装BIND9
1 | #yum install bind |
安装的版本为9.9.4
BIND9主配置文件/etc/named.conf
主配置文件的格式
1
2
3
4
5
6
7
8
9
10options{
//全局选项
}
zone "zone name" {
//定于区域
}
logging{
//日志文件
}
include:加载别的文件主配置文件的配置注意事项
- 语法严格,分号,空格
- 文件的权限,属主:root,属组:named,640
主配置文件范例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47options {
listen-on port 53 { 10.4.7.11; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
BIND9服务的启动
检查配置文件
1 | # named-checkconf |
没有报错就是正常的
启动BIND9服务
1 | # systemctl start named |
检查BIND9服务状态
1 | # systemctl status named |
这样就完成了一个最基本的转发DNS的部署,它可以为我们的内网客户端提供DNS递归查询,例如查询并返回www.baidu.com的解析结果。
验证解析
配置DNS服务器指向
在/etc/resole里配置DNS服务器的ip地址为我们部署的主机ip
1 | # cat /etc/resolv.conf |
验证解析
1 | # ping baidu.com |
