Chinaunix首页 | 论坛 | 博客
  • 博客访问: 5787148
  • 博文数量: 409
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 8273
  • 用 户 组: 普通用户
  • 注册时间: 2013-10-23 19:15
个人简介

qq:78080458 学习交流群:150633458

文章分类

全部博文(409)

文章存档

2019年(127)

2018年(130)

2016年(20)

2015年(60)

2014年(41)

2013年(31)

分类: LINUX

2018-12-11 10:44:08

安装bind

1、安装bind软件,需要安装bindbind-chrootbind-util

[root@localhost pub]# yum install -y bind bind-chroot bind-utils

Installed:

bind. i68632:9.8.20.17.rc1.el6_4.6

Complete! 

 

2、修改配置文件“/etc/named.conf”,追加“forward

[root@localhost pub]# gedit /etc/named.conf

options {

    listen-on port 53 { 127.0.0.1; };

#   listen-on-v6 port 53 { ::1; };

    directory "/var/named";

    dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { localhost; };

    recursion yes;

 

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;

 

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

 

    managed-keys-directory "/var/named/dynamic";

    forward only;

    forwarders{

       8.8.8.8;   

    }

};

 

3、设置防火墙,这里需要用到53端口。需要开启tcpudp53端口,记得重启防火墙 

[root@localhost pub]# gedit /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

 

[root@localhost phpMyAdmin]# service iptables restart

iptables:将链设置为政策 ACCEPTfilter nat                [确定]

iptables:清除防火墙规则:                                 [确定]

iptables:正在卸载模块:                                   [确定]

iptables:应用防火墙规则:                                 [确定]

iptables:载入额外模块:nf_conntrack_ftp                   [确定]

[root@localhost phpMyAdmin]# 

 

4、启动服务

[root@localhost pub]# service named start

启动named                                              [确定]

[root@localhost pub]# 

 

5、测试,命令格式“dig 网站@ip”,这里用回环地址来测试,看是否能请求成功

[root@localhost pub]# dig @127.0.0.1

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @127.0.0.1

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51491

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;.          IN  A

;; ANSWER SECTION:

.       1191   IN  CNAME  www.a.shifen.com.

这个就是请求到的结果

;; Query time: 3053 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Aug 14 19:02:59 2018

;; MSG SIZE  rcvd: 90

 

 

6、更改配置文件named.conf,让所有机器都可以使用该服务。

1)将配置文件中的回环地址改为any,意味着允许任何人使用

[root@localhost pub]# gedit /etc/named.conf

options {

    listen-on port 53 {any; };

#   listen-on-v6 port 53 { ::1; };

    directory "/var/named";

    dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

    allow-query     { any; };

    recursion yes;

 

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;

 

    /* Path to ISC DLV key */

    bindkeys-file "/etc/named.iscdlv.key";

 

    managed-keys-directory "/var/named/dynamic";

    forward only;

    forwarders{

       8.8.8.8;   

    }

};

2)找一个其他ip地址来测试

[root@localhost pub]# service named restart   //重启服务

停止named                                              [确定]

启动named                                              [确定]

 

[root@localhost pub]# dig @192.168.0.113

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @192.168.0.113

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37134

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:

;.          IN  A

 

;; ANSWER SECTION:

.       871 IN  CNAME  www.a.shifen.com.

 

;; Query time: 474 msec

;; SERVER: 192.168.0.113#53(192.168.0.113)

;; WHEN: Tue Aug 14 19:06:19 2018

;; MSG SIZE  rcvd: 90

 

 

阅读(4100) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~