安装部署bind9,部署自建DNS系统
在gcbj1-11.host.com主机上安装bind
[root@gcbj1-11 ~]# yum install -y bind [root@gcbj1-11 ~]# rpm -qa bind bind-9.11.4-26.P2.el7_9.3.x86_64
配置bind:
[root@gcbj1-11 ~]# vim /etc/named.conf options { listen-on port 53 { 192.168.1.11; }; allow-query { any; }; forwarders { 192.168.1.254; }; recursion yes; dnssec-enable no; dnssec-validation no; dnssec-lookaside no;
检查配置文件是否正确:
[root@gcbj1-11 ~]# named-checkconf
配置区域配置文件:
[root@gcbj1-11 ~]# vim /etc/named.rfc1912.zones 在最后添加以下行: zone "host.com" IN { type master; file "host.com.zone"; allow-update { 192.168.1.11; }; }; zone "data.net" IN { type master; file "data.net.zone"; allow-update { 192.168.1.11; }; };
配置区域数据文件:
[root@gcbj1-11 ~]# vim /var/named/host.com.zone $ORIGIN host.com. $TTL 600 ; 10 minutes @ IN SOA dns.host.com. dnsadmin.host.com. ( 2019120901 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.host.com. $TTL 60 ; 1 minute dns A 192.168.1.11 gcbj1-11 A 192.168.1.11 gcbj1-12 A 192.168.1.12 gcbj1-21 A 192.168.1.21 gcbj1-22 A 192.168.1.22 gcbj1-200 A 192.168.1.200
[root@gcbj1-11 ~]# vim /var/named/data.net.zone $ORIGIN data.net. $TTL 600 ; 10 minutes @ IN SOA dns.od.com. dnsadmin.data.net. ( 2019120901 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.data.net. $TTL 60 ; 1 minute dns A 192.168.1.11
检查区域数据文件是否正确:
[root@gcbj1-11 ~]# named-checkzone "host.com" /var/named/host.com.zone zone host.com/IN: loaded serial 2019120901 OK [root@gcbj1-11 ~]# named-checkzone "data.net" /var/named/data.net.zone zone data.net/IN: loaded serial 2019120901 OK
更改文件的属组和权限:
[root@gcbj1-11 ~]# chown root.named /var/named/host.com.zone [root@gcbj1-11 ~]# chown root.named /var/named/data.net.zone [root@gcbj1-11 ~]# chmod 640 /var/named/host.com.zone [root@gcbj1-11 ~]# chmod 640 /var/named/data.net.zone
启动named服务:
[root@gcbj1-11 ~]# systemctl start named [root@gcbj1-11 ~]# systemctl enable named
验证解析:
[root@gcbj1-11 ~]# dig -t A gcbj1-21.host.com @192.168.1.11 +short 192.168.1.21 [root@gcbj1-11 ~]# dig -t A gcbj1-200.host.com @192.168.1.11 +short 192.168.1.200
验证没有问题,给所有主机配置自建的DNS;