CentOS 配置 DNS 服务

使用 bind 创建 DNS 服务。

DNS Server:

  • OS : CentOS 7 minimal server
  • Hostname : dns.zion.matrix
  • IP Address : 192.168.1.5/24

打开 DNS 端口

DNS 服务使用 tcp/udp 53 端口。

$ sudo firewall-cmd --permanent --add-port=53/tcp --add-port=53/udp
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-ports
53/tcp 53/udp

安装 bind

$ sudo yum install bind bind-utils -y

修改配置

$ sudo vi /etc/named.conf
options {
    listen-on port 53 { 127.0.0.1; 192.168.1.101;};
    allow-query     { localhost; 192.168.1.0/24;};
};

zone "zion.matrix" IN {
type master;
file "forward.zion";
allow-update { none; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.zion";
allow-update { none; };
};

创建 zone 文件

创建转发 zone

即上面配置文件中所指定的两个文件 forward.zionreverse.zion,它们均位于 /var/named/ 目录中。

$ sudo touch /var/named/forward.zion
$TTL 86400
@   IN  SOA   dns.zion.matrix. root.zion.matrix. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          dns.zion.matrix.
@       IN  A           192.168.1.5
@       IN  A           192.168.1.103
dns       IN  A   192.168.1.5
client          IN  A   192.168.1.103
创建反向 zone
$ sudo touch /var/named/reverse.zion
$TTL 86400
@   IN  SOA     dns.zion.matrix. root.zion.matrix. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          dns.zion.matrix.
@       IN  PTR         zion.matrix.
dns       IN  A   192.168.1.5
client          IN  A   192.168.1.103
5     IN  PTR         dns.zion.matrix.
103     IN  PTR         client.zion.matrix.

启动 DNS 服务

$ sudo systemctl enable named
$ sudo systemctl start named

设置权限

$ sudo chgrp named -R /var/named
$ sudo chown -v root:named /etc/named.conf
$ sudo restorecon -rv /var/named
$ sudo restorecon /etc/named.conf

检查语法

测试配置文件的语法

$ sudo named-checkconf /etc/named.conf

如果语法正确,则不会返回任何消息。

测试转发 zone 文件的语法

$ sudo named-checkzone zion.matrix /var/named/forward.zion
zone zion.matrix/IN: loaded serial 2011071001
OK

测试反向 zone 文件的语法

$ sudo named-checkzone zion.matrix /var/named/reverse.zion
zone zion.matrix/IN: loaded serial 2011071001
OK

修改网络配置

更新当前网络接口配置:

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-ens33
DNS=192.168.1.5

更新 /etc/resolv.conf,该文件原则上由 NetworkManger 自动生成的,为了保险也可以手动更新。

$ sudo vi /etc/resolv.conf
nameserver 192.168.1.5

重启网络服务:

$ sudo systemctl restart network

测试 DNS 服务

在其他主机上将 DNS 地址修改为 192.168.1.5,然后用 dig 和 nslookup 测试。

$ dig dns.zion.matrix
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> dns.zion.matrix
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.zion.matrix.    IN    A

;; ANSWER SECTION:
dns.zion.matrix. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:
zion.matrix.        86400    IN    NS    dns.zion.matrix.

;; Query time: 0 msec
;; SERVER: 192.168.1.5#53(192.168.1.5)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE  rcvd: 125
$ nslookup zion.matrix
Server:        192.168.1.5
Address:    192.168.1.5#53

Name:    zion.matrix
Address: 192.168.1.103
Name:    zion.matrix
Address: 192.168.1.5