CentOS8.4DNS解析（bind服务配置）

     CentOS8.4DNS解析（bind服务配置）          目录修改主配置文件named.conf修改区域配置文件named.rfc1910.zones创建正向和反向区域信息文件创建正向区域信息文件创建反向区域信息文件检查主配置文件检查区域信息文件解析、ping测试易错点:目:DNS服务器dns.tengyi.com.cn192.168.89.129WEB服务器www.tengyi.com.cn192.168.89.241FTP服务器ftp.tengyi.com.cn192.168.89.242MAIL服务器mail.tengyi.com.cn192.168.89.243DNS使用本机IP，可以ping通，可以解析域名WEB作辅助DNS，可以ping通，可以解析域名FTP、MAIL使用其他IP，无法ping通，可以解析域名 修改主配置文件named.conf开放监听IP与端口，访问权限[root@CentOS~]#vim/etc/named.confoptions{       listen-onport53{any;};#      listen-on-v6port53{::1;};       directory      "/var/named";       dump-file      "/var/named/data/cache_dump.db";       statistics-file"/var/named/data/named_stats.txt";       memstatistics-file"/var/named/data/named_mem_stats.txt";       secroots-file  "/var/named/data/named.secroots";       recursing-file "/var/named/data/named.recursing";       allow-query    {any;};修改区域配置文件named.rfc1910.zones创建正向与反向查找区域[root@CentOS~]#vim/etc/named.rfc1910.zoneszone"tengyi.com.cn"IN{       typemaster;       file"tengyi.com.cn.zone";       allow-update{none;};};zone"89.168.192.in-addr.arpa"IN{       typemaster;       file"192.168.89.zone";       allow-update{none;};};创建正向和反向区域信息文件[root@CentOS~]#cp-p/var/named/named.localhost/var/named/tengyi.com.cn.zone[root@CentOS~]#cp-p/var/named/named.loopback/var/named/192.168.89.zone创建正向区域信息文件[root@CentOS~]#vim/var/named/tengyi.com.cn.zone$TTL1D@      INSOA dns.tengyi.com.cnroot.tengyi.com.cn(                                       0      ;serial                                       1D     ;refresh                                       1H     ;retry                                       1W     ;expire                                       3H)   ;minimum       IN     NS     dns.tengyi.com.cn.dns    IN     A      192.168.89.129www    IN     A      192.168.89.241ftp    IN     A      192.168.89.242mail   IN     A      192.168.89.243创建反向区域信息文件[root@CentOS~]#vim/var/named/192.168.89.zone$TTL1D@      INSOA 89.168.192.in-addr.arparoot.tengyi.com.cn(                                       0      ;serial                                       1D     ;refresh                                       1H     ;retry                                       1W     ;expire                                       3H)   ;minimum       IN     NS     dns.tengyi.com.cn.129   IN     PTR     dns.tengyi.com.cn241    IN     PTR     www.tengyi.com.cn242    IN     PTR     ftp.tengyi.com.cn243   IN     PTR     mail.tengyi.com.cn检查主配置文件[root@CentOS~]#named-checkconf–zzonelocalhost.localdomain/IN:loadedserial0zonelocalhost/IN:loadedserial0zone1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:loadedserial0zone1.0.0.127.in-addr.arpa/IN:loadedserial0zone0.in-addr.arpa/IN:loadedserial0zonetengyi.com.cn/IN:loadedserial0zone89.168.192.in-addr.arpa/IN:loadedserial0检查区域信息文件[root@CentOS~]#named-checkzonetengyi.com.cn/var/named/tengyi.com.cn.zonezonetengyi.com.cn/IN:loadedserial0OK[root@CentOS~]#named-checkzone89.168.192.in-addr.arpa/var/named/192.168.89.zonezone89.168.192.in-addr.arpa/IN:loadedserial0OK解析、ping测试[root@CentOS~]#nslookup>dns.tengyi.com.cnServer:         192.168.89.129Address:      192.168.89.129#53Name:   dns.tengyi.com.cnAddress:192.168.89.129>www.tengyi.com.cnServer:         192.168.89.129Address:      192.168.89.129#53Name:   www.tengyi.com.cnAddress:192.168.89.241>ftp.tengyi.com.cnServer:        192.168.89.129Address:      192.168.89.129#53Name:   ftp.tengyi.com.cnAddress:192.168.89.242>mail.tengyi.com.cnServer:         192.168.89.129Address:      192.168.89.129#53Name:   mail.tengyi.com.cnAddress:192.168.89.243>192.168.89.129129.89.168.192.in-addr.arpa   name=dns.tengyi.com.cn.89.168.192.in-addr.arpa.>192.168.89.241241.89.168.192.in-addr.arpa   name=www.tengyi.com.cn.89.168.192.in-addr.arpa.>192.168.89.242242.89.168.192.in-addr.arpa   name=ftp.tengyi.com.cn.89.168.192.in-addr.arpa.>192.168.89.243243.89.168.192.in-addr.arpa   name=mail.tengyi.com.cn.89.168.192.in-addr.arpa.[root@CentOS~]#pingdns.tengyi.com.cnPINGdns.tengyi.com.cn(192.168.89.129)56(84)bytesofdata.64bytesfromdns.tengyi.com.cn.89.168.192.in-addr.arpa(192.168.89.129):icmp_seq=1ttl=64time=0.016ms64bytesfromdns.tengyi.com.cn.89.168.192.in-addr.arpa(192.168.89.129):icmp_seq=2ttl=64time=0.038ms^C---dns.tengyi.com.cnpingstatistics---2packetstransmitted,2received,0%packetloss,time50msrttmin/avg/max/mdev=0.016/0.027/0.038/0.011ms[root@CentOS~]#pingwww.tengyi.com.cnPINGwww.tengyi.com.cn(192.168.89.241)56(84)bytesofdata.^C---www.tengyi.com.cnpingstatistics---3packetstransmitted,0received,100%packetloss,time79ms 易错点总结:缺点"IN     NS    dns.tengyi.com.cn."这一行后面域名要加上点（就是cn后面的那个“.”），不加会报错(这里举正反向文件为例)：[root@CentOS~]#named-checkzonetengyi.com.cn/var/named/tengyi.com.cn.zonezonetengyi.com.cn/IN:NS'dns.tengyi.com.cn.tengyi.com.cn'hasnoaddressrecords(AorAAAA)zonetengyi.com.cn/IN:notloadedduetoerrors.[root@CentOS~]#named-checkzone89.168.192.in-addr.arpa/var/named/192.168.89.zonezone89.168.192.in-addr.arpa/IN:NS'dns.tengyi.com.cn.89.168.192.in-addr.arpa'hasnoaddressrecords(AorAAAA)zone89.168.192.in-addr.arpa/IN:notloadedduetoerrors.正向模板文件”named.localhost”反向模板文件”named.loopback”可以记得住前面的格式请忽略这条缺分号named.conf和named.rfc1912.zones里的语句每一句结束都应该加上“;”[root@CentOS~]#named-checkconf-z/etc/named.conf:31:missing';'before'recursion'严重一点：[root@CentOS~]#named-checkconf-z/etc/named.conf:13:missing';'before'directory'/etc/named.conf:14:missing';'before'dump-file'/etc/named.conf:15:missing';'before'statistics-file'/etc/named.conf:16:missing';'before'memstatistics-file'/etc/named.conf:17:missing';'before'secroots-file'/etc/named.conf:18:missing';'before'recursing-file'/etc/named.conf:19:missing';'before'allow-query'/etc/named.conf:31:missing';'before'recursion'服务器与客户端的网络连接状况[root@CentOS~]#pingdns.tengyi.com.cnping:dns.tengyi.com.cn:未知的名称或服务这里有三种情况SElinux没有修改为"Permissive"状态[root@CentOS~]#getenforceEnforcing[root@CentOS~]#setenforce0[root@CentOS~]#getenforcePermissive防火墙没有添加允许客户端访问服务器53号端口的规则，或者没有关闭防火墙[root@CentOS~]#firewall-cmd--list-allpublic(active)target:defaulticmp-block-inversion:nointerfaces:ens33sources:services:cockpitdhcpv6-clientsshports:protocols:masquerade:noforward-ports:source-ports:icmp-blocks:richrules:#默认防火墙规则[root@CentOS~]#firewall-cmd--add-service=dns--permanentsuccess[root@CentOS~]#firewall-cmd--zone=public--add-port=53/udp--permanentsuccess[root@CentOS~]#firewall-cmd--reloadsuccess[root@CentOS~]#firewall-cmd--list-allpublic(active)target:defaulticmp-block-inversion:nointerfaces:ens33sources:services:cockpitdhcpv6-clientdnssshports:53/udpprotocols:masquerade:noforward-ports:source-ports:icmp-blocks:richrules:#修改后的防火墙规则网络连接异常[root@CentOS~]#ping192.168.89.129PING192.168.89.129(192.168.89.129)56(84)bytesofdata.From192.168.89.241icmp_seq=1DestinationHostUnreachableFrom192.168.89.241icmp_seq=2DestinationHostUnreachableFrom192.168.89.241icmp_seq=3DestinationHostUnreachable^C---192.168.89.129pingstatistics---6packetstransmitted,0received,+3errors,100%packetloss,time5146mspipe4 -全文完-