4-5·BIND搭建DNS

1）安裝BIND配置DNS服務解析IP地址

● 安裝BIND
● 配BIND

[root@localhost ~]# yum -y install bind bind-utils
[root@localhost ~]# vim /etc/named.conf            修改主配置文件

listen-on port 53 { any; };             //開啓監聽所有
allow-query     { any; };                   //權限any

#將49行後替換爲以下內容
view "internal" {                       //局域網DNS
        match-clients {
                localhost;                  //本機網段
                172.25.0.0/24;
        };
        zone "." IN {                       //根域
                type hint;
                file "named.ca";
        };
        zone "example.com" IN {         //需要正向解析的域名（域名解析IP）
                type master;
                file "example.com.lan.zone";        //解析配置文件名
                allow-update { none; };
        };
        zone "0.25.172.in-addr.arpa" IN {       //逆向解析 （ IP解析域名）IP地址網絡位倒寫
                type master;                        //172.25.0.0 > 0.0.25.172 >0.25.172.in-addr.arpa
                file "0.25.172.zone";               //解析文件名
                allow-update { none; };
        };
include "/etc/named.rfc1912.zones";             //導入1912標準文件
include "/etc/named.root.key";                  //導入祕鑰
};
view "external" {                           //配置外網DNS
        match-clients { any; };                 //客戶端any
        allow-query { any; };                   //訪問any
        recursion no;
        zone "example.com" IN {             //正向解析域名
                type master;
                file "example.com.wan.zone";            //文件
                allow-update { none; };
        };
        zone "80.0.16.172.in-addr.arpa" IN {        //逆向解析
                type master;
                file "80.0.16.172.zone";                //文件
                allow-update { none; };
        };
};

2)設置Zones

創建zone文件
正向內網

[root@localhost ~]# vim /var/named/example.com.lan.zone      //名字要和主配置文件配置一樣   

$TTL 86400
@   IN  SOA     example.com. (
        2017071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      example.com.
        IN  A       172.25.0.1
        IN  MX 10   example.com.

example     IN  A       172.25.0.1
~              

正向外網

[root@localhost ~]# vim /var/named/example.com.wan.zone      //名字要和主配置文件配置一樣                                                                          

$TTL 86400
@   IN  SOA     example.com. (
        2017071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      example.com.
        IN  A       172.16.0.82
        IN  MX 10   example.com.

example     IN  A       172.16.0.82
~              

[root@localhost ~]# vim /var/named/0.25.172.zone           //內網反向解析

 $TTL 86400
@   IN  SOA     example.com. (
        2017071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      example.com.

        IN  PTR     example.com.
        IN  A       255.255.255.0

1      IN  PTR     example.com.
~  

[root@localhost ~]# vim /var/named/80.0.16.172.zone            //外網反向解析

 $TTL 86400
@   IN  SOA     example.com. (
        2017071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      example.com.

        IN  PTR     example.com.
        IN  A       255.255.255.0

80      IN  PTR     example.com.
~  

3）啓動BIND

[root@localhost ~]# systemctl restart named
[root@localhost ~]# systemctl enabled named

4)如果防火牆運行，請設置規則

[root@localhost ~]# firewall-cmd --add-service=dns --permanent
[root@localhost ~]# firewall-cmd --reload

5）然後設置DNS

[root@localhost ~]# nmcli connection modify "System eth0" ipv4.dns 172.25.0.1
[root@localhost ~]# nmcli connection down "System eth0" ;nmcli connection up "System eth0" 

6）大功告成~可以使用nslookup等工具測試~