安裝部署bind9,部署自建DNS系統
在gcbj1-11.host.com主機上安裝bind
[root@gcbj1-11 ~]# yum install -y bind
[root@gcbj1-11 ~]# rpm -qa bind
bind-9.11.4-26.P2.el7_9.3.x86_64
配置bind:
[root@gcbj1-11 ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.11; };
allow-query { any; };
forwarders { 192.168.1.254; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
檢查配置文件是否正確:
[root@gcbj1-11 ~]# named-checkconf
配置區域配置文件:
[root@gcbj1-11 ~]# vim /etc/named.rfc1912.zones
在最後添加以下行:
zone "host.com" IN {
type master;
file "host.com.zone";
allow-update { 192.168.1.11; };
};
zone "data.net" IN {
type master;
file "data.net.zone";
allow-update { 192.168.1.11; };
};
配置區域數據文件:
[root@gcbj1-11 ~]# vim /var/named/host.com.zone
$ORIGIN host.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.host.com. dnsadmin.host.com. (
2019120901 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.host.com.
$TTL 60 ; 1 minute
dns A 192.168.1.11
gcbj1-11 A 192.168.1.11
gcbj1-12 A 192.168.1.12
gcbj1-21 A 192.168.1.21
gcbj1-22 A 192.168.1.22
gcbj1-200 A 192.168.1.200
[root@gcbj1-11 ~]# vim /var/named/data.net.zone
$ORIGIN data.net.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.data.net. (
2019120901 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.data.net.
$TTL 60 ; 1 minute
dns A 192.168.1.11
檢查區域數據文件是否正確:
[root@gcbj1-11 ~]# named-checkzone "host.com" /var/named/host.com.zone
zone host.com/IN: loaded serial 2019120901
OK
[root@gcbj1-11 ~]# named-checkzone "data.net" /var/named/data.net.zone
zone data.net/IN: loaded serial 2019120901
OK
更改文件的屬組和權限:
[root@gcbj1-11 ~]# chown root.named /var/named/host.com.zone
[root@gcbj1-11 ~]# chown root.named /var/named/data.net.zone
[root@gcbj1-11 ~]# chmod 640 /var/named/host.com.zone
[root@gcbj1-11 ~]# chmod 640 /var/named/data.net.zone
啓動named服務:
[root@gcbj1-11 ~]# systemctl start named
[root@gcbj1-11 ~]# systemctl enable named
驗證解析:
[root@gcbj1-11 ~]# dig -t A gcbj1-21.host.com @192.168.1.11 +short
192.168.1.21
[root@gcbj1-11 ~]# dig -t A gcbj1-200.host.com @192.168.1.11 +short
192.168.1.200
驗證沒有問題,給所有主機配置自建的DNS;