Linux服务器---安装bind-白红宇

安装bind

1、安装bind软件，需要安装3 个bind、bind-chroot、bind-util

[root@localhost pub]#

yum install -y bind bind-chroot bind-utils

Installed:

bind.i686 32:9.8.2-0.17.rc1.el6_4.6

Complete!

2、修改配置文件“/etc/named.conf”，追加“forward”

[root@localhost pub]#

gedit /etc/named.conf

options {

listen-on port 53 { 127.0.0.1; };

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

forward only;

forwarders{

8.8.8.8;

}

};

3、设置防火墙，这里需要用到53端口。需要开启tcp和udp的53端口，记得重启防火墙

[root@localhost pub]#

gedit /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

[root@localhost phpMyAdmin]#

service iptables restart

iptables：将链设置为政策 ACCEPT：filter nat [确定]

iptables：清除防火墙规则： [确定]

iptables：正在卸载模块： [确定]

iptables：应用防火墙规则： [确定]

iptables：载入额外模块：nf_conntrack_ftp [确定]

[root@localhost phpMyAdmin]#

4、启动服务

[root@localhost pub]#

service named start

启动 named： [确定]

[root@localhost pub]#

5、测试，命令格式“dig 网站 @ip”，这里用回环地址来测试，看是否能请求成功

[root@localhost pub]#

dig www.baidu.com @127.0.0.1

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> www.baidu.com @127.0.0.1

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51491

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.baidu.com. IN A

;; ANSWER SECTION:

www.baidu.com. 1191 IN CNAME www.a.shifen.com.
www.a.shifen.com. 299 IN A 14.215.177.38 //这个就是请求到的结果
www.a.shifen.com. 299 IN A 14.215.177.39

;; Query time: 3053 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Aug 14 19:02:59 2018

;; MSG SIZE rcvd: 90

6、更改配置文件named.conf，让所有机器都可以使用该服务。

1）将配置文件中的回环地址改为any，意味着允许任何人使用

[root@localhost pub]#

gedit /etc/named.conf

options {

listen-on port 53 {any; };

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

forward only;

forwarders{

8.8.8.8;

}

};

2）找一个其他ip地址来测试

[root@localhost pub]#

service named restart //重启服务

停止 named： [确定]

启动 named： [确定]

[root@localhost pub]# dig www.baidu.com @192.168.0.113

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> www.baidu.com @192.168.0.113

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37134

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;www.baidu.com. IN A

;; ANSWER SECTION:

www.baidu.com. 871 IN CNAME www.a.shifen.com.
www.a.shifen.com. 299 IN A 14.215.177.39
www.a.shifen.com. 299 IN A 14.215.177.38

;; Query time: 474 msec

;; SERVER: 192.168.0.113#53(192.168.0.113)

;; WHEN: Tue Aug 14 19:06:19 2018

;; MSG SIZE rcvd: 90