原文:https://lowendbox.com/blog/create-dns-server-centos-7/
安装:
The DNS server that we will use in this guide is BIND. BIND is the most deployed and one of the oldest DNS servers in use on the internet.
Before we install BIND you should ensure that your server up-to-date with the latest packages:
sudo yum update
sudo yum upgrade
BIND is available from the default Debian repositories and is installed with the following command:
sudo yum install bind bind-utils
编辑 /etc/named.conf
文件(里面 querylog yes; 是打出日志):
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion no;
querylog yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Next, we need to configure BIND where to read the zone information files that we will create with the DNS information for your domain. Use the following example and add these two zones sectino to the bottom of /etc/named.conf:
把以下你自己域名exmaple.com的配置添加到/etc/named.conf 里:
zone "exmaple.com" {
type master;
file "/var/named/forward.example.com";
};
zone "10.100.51.198.in-addr.arpa" {
type master;
file "/var/named/everse.example.com";
};
下面编辑自己的zone文件:/var/named/forward.example.com
$TTL 1d
@ IN SOA dns1.example.com. hostmaster.example.com. (
1 ; serial
6h ; refresh after 6 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1d ) ; minimum TTL of 1 day
;
;
;Name Server Information
@ IN NS ns1.example.com.
ns1 IN A 198.51.100.10
;
;
;Mail Server Information
example.com. IN MX 10 mail.example.com.
mail IN A 198.51.100.20
;
;
;Additional A Records:
www IN A 198.51.100.30
site IN A 198.51.100.30
;
;
;Additional CNAME Records:
slave IN CNAME www.example.com.
下面编辑反向解析zone文件:/var/named/reverse.example.com
$TTL 1d
@ IN SOA dns1.example.com. hostmaster.example.com. (
1 ; serial
6h ; refresh after 6 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1d ) ; minimum TTL of 1 day
;
;
;Name Server Information
@ IN NS ns1.example.com.
ns1 IN A 198.51.100.10
;
;
;Reverse IP Information
10.100.51.198.in-addr.arpa. IN PTR ns1.example.com.
20.100.51.198.in-addr.arpa. IN PTR mail.example.com.
30.100.51.198.in-addr.arpa. IN PTR www.example.com.
检测配置是否正确的命令:
named-checkzone
e.g.
named-checkzone example.com /var/named/forward.example.com
测试:
The syntax of a dig query is as follows:
dig @ -t
If we replace this information with the details of the example server in this guide we get:
dig @198.51.100.10 -t A www.example.com.
This will return quite a bit of information. The result that we are interested in is always contained in the ANSWER SECTION e.g.:
;; ANSWER SECTION:
example.com. 86400 IN A 198.51.100.30
We can also check the reverse map record by using the -x flag:
dig @198.51.100.10 -x 198.51.100.10
Which will produce the result:
;; ANSWER SECTION:
10.100.51.198.in-addr.arpa. IN PTR ns1.example.com.