实验文档1:BIND9的安装部署


欢迎加入王导的VIP学习qq群:==>932194668<==


安装部署BIND9

操作系统版本和内核版本

1
2
3
4
5
#cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)

#uname -a
Linux node 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

使用yum安装BIND9

1
2
3
4
5
6
#yum install bind
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
bind x86_64 32:9.9.4-73.el7_6 updates 1.8 M

安装的版本为9.9.4

BIND9主配置文件/etc/named.conf

  1. 主配置文件的格式

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    options{
    //全局选项
    }
    zone "zone name" {
    //定于区域
    }
    logging{
    //日志文件
    }
    include:加载别的文件
  2. 主配置文件的配置注意事项

    • 语法严格,分号,空格
    • 文件的权限,属主:root,属组:named,640
  3. 主配置文件范例

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    options {
    listen-on port 53 { 10.4.7.11; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };

    /*
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable
    recursion.
    - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
    */
    recursion yes;

    dnssec-enable no;
    dnssec-validation no;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    };


    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

BIND9服务的启动

检查配置文件

1
# named-checkconf

没有报错就是正常的

启动BIND9服务

1
# systemctl start named

检查BIND9服务状态

1
# systemctl status named

这样就完成了一个最基本的转发DNS的部署,它可以为我们的内网客户端提供DNS递归查询,例如查询并返回www.baidu.com的解析结果。

验证解析

配置DNS服务器指向

在/etc/resole里配置DNS服务器的ip地址为我们部署的主机ip

1
2
3
# cat /etc/resolv.conf    
# Generated by NetworkManager
nameserver 10.4.7.11

验证解析

1
2
# ping baidu.com
PING baidu.com (220.181.57.216) 56(84) bytes of data.
坚持原创技术分享,您的支持将鼓励我继续创作!