二、DNS 部署

環(huán)境介紹

服務(wù)器3臺、系統(tǒng)centos

安裝軟件

	yum install -y bind bind-utils bind-chrootbind  主包bind-utils   客戶端測試工具（host 、dig 、nslookup）bind-chroot   chroot環(huán)境  禁錮dns服務(wù)器的工作目錄caching-nameserver(rhel5提供模板文本，緩存服務(wù))   rhel6不需要

關(guān)閉防火墻

systemctl stop firewalld && setenforce 0

啟動服務(wù)

    # systemctl start named如果啟動服務(wù)沒有工作目錄的文件夾

工作目錄

    /var/named/chroot/etc                    存放主配置文件/var/named/chroot/var/named

配置文件

備份配置文件
cp /etc/named.conf /etc/named.conf.backup修改配置文件:
[root@wing etc]# vim /etc/named.conf 
options {# 監(jiān)聽在主機的53端口上。any代表監(jiān)聽所有的主機listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };# 如果此檔案底下有規(guī)范到正反解的zone file 檔名時，該檔名預(yù)設(shè)應(yīng)該放置在哪個目錄底下directory     "/var/named";# 下面三項是服務(wù)的相關(guān)統(tǒng)計信息dump-file     "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";# 誰可以對我的DNS服務(wù)器提出查詢請求。any代表任何人allow-query     { any; };/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatlyreduce such attack surface */recursion yes;dnssec-enable yes;dnssec-validation yes;dnssec-lookaside auto;forwarders { # 指定上層DNS服務(wù)器（網(wǎng)關(guān)）192.168.1.1;};/* Path to ISC DLV key */bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

增加zone信息
vim /etc/named.rfc1912.zones
zone "baidu.com" IN {    # 定義要解析主域名type master;file "baidu.com.zone";  # 具體相關(guān)解析的配置文件保存在 /var/named/baidu.com.zone 文件中
};編輯區(qū)域配置文件
vim /var/named/baidu.com.zone$TTL 1D
@       IN SOA          baidu.com. root (1       ; serial1D      ; refresh1H      ; retry1W      ; expire0 )     ; minimumIN      NS      baidu.com.IN      A       192.168.101.1
www     IN      A       192.168.101.244
test    IN      A       192.168.101.129

增加權(quán)限 并啟動服務(wù)

chown root:named /var/named/baidu.com.zone
systemctl restart named
systemctl enable named
journalctl -xe 查看DNS的運行狀態(tài)