内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档详细介绍BIND DNS服务器的安装、配置和管理方法。
Part01-BIND安装
1.1 安装BIND服务
$ sudo dnf install -y bind bind-utils
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 22:25:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
bind x86_64 32:9.16.23-11.el9 appstream 1.6 M
bind-utils x86_64 32:9.16.23-11.el9 appstream 200 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 1.8 M
Installed size: 4.5 M
Downloading Packages:
(1/2): bind-9.16.23-11.el9.x86_64.rpm 1.更多学习教程公众号风哥教程itpux_com6 MB/s | 1.6 MB 00:01
(2/2): bind-utils-9.16.23-11.el9.x86_64.rpm 200 kB/s | 200 kB 00:01
——————————————————————————–
Total 1.8 MB/s | 1.8 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : bind-utils-32:9.16.23-11.el9.x86_64 1/2
Installing : bind-32:9.16.23-11.el9.x86_64 2/2
Running scriptlet: bind-32:9.16.23-11.el9.x86_64 2/2
Verifying : bind-32:9.16.23-11.el9.x86_64 1/2
Verifying : bind-utils-32:9.16.23-11.el9.x86_64 2/2
Installed:
bind-32:9.16.23-11.el9.x86_64
bind-utils-32:9.16.23-11.el9.x86_64
Complete!
# 启动named服务
$ sudo systemctl start named
# 设置开机自启动
$ sudo systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
# 查看服务状态
$ sudo systemctl status named
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-04-03 22:25:00 CST; 10s ago
Process: 12355 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 12356 (named)
Status: “running”
Tasks: 4 (limit: 49152)
Memory: 55.5M
CPU: 100ms
CGroup: /system.slice/named.service
└─12356 /usr/sbin/named -u named -c /etc/named.conf
Apr 03 22:25:00 rhel10 named[12356]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 03 22:25:00 rhel10 named[12356]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 1
Apr 03 22:25:00 rhel10 named[12356]: all zones loaded
Apr 03 22:25:00 rhel10 named[12356]: running
# 配置防火墙
$ sudo firewall-cmd –permanent –add-service=dns
success
$ sudo firewall-cmd –reload
success
# 测试DNS服务
$ dig @localhost google.com
; <<>> DiG 9.16.23 <<>> @localhost google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 142.250.185.78
;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 03 22:25:30 CST 2026
;; MSG SIZE rcvd: 55
Part02-主配置文件
2.1 配置named.conf
$ sudo cp /etc/named.conf /etc/named.conf.bak
# 编辑主配置文件
$ sudo tee /etc/named.conf << EOF
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost;更多视频教程www.fgedu.net.cn 192.168.1.0/24; };
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
EOF
# 检查配置语法
$ sudo named-checkconf
# 重启服务
$ sudo systemctl restart named
Part03-正向解析区域
3.1 配置正向解析
$ sudo tee -a /etc/named.rfc1912.zones << EOF zone "fgedu.net.cn" IN { type master; file "fgedu.net.cn.zone"; allow-update { none; }; }; EOF # 创建区域文件 $ sudo tee /var/named/fgedu.net.cn.zone << EOF \$TTL 86400 @ IN SOA ns1.fgedu.net.cn. admin.fgedu.net.cn. ( 2026040301 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ns1.fgedu.net.cn. @ IN NS ns2.fgedu.net.cn. @ IN A 192.168.1.100 @ IN MX 10 mail.fgedu.net.cn. ns1 IN A 192.168.1.100 ns2 IN A 192.168.1.101 www IN A 192.168.1.100 mail IN A 192.168.1.102 ftp IN A 192.168.1.103 webmail IN CNAME mail.fgedu.net.cn. EOF # 设置权限 $ sudo chown root:named /var/named/fgedu.net.cn.zone $ sudo chmod 640 /var/named/fgedu.net.cn.zone # 检查区域文件 $ sudo named-checkzone fgedu.net.cn /var/named/fgedu.net.cn.zone zone fgedu.net.cn/IN: loaded serial 2026040301 OK # 重启服务 $ sudo systemctl restart named # 测试解析 $ dig @localhost www.fgedu.net.cn ; <<>> DiG 9.16.23 <<>> @localhost www.fgedu.net.cn
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12346 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.fgedu.net.cn. IN A ;; ANSWER SECTION: www.fgedu.net.cn. 86400 IN A 192.168.1.100 ;; AUTHORITY SECTION: fgedu.net.cn. 86400 IN NS ns1.fgedu.net.cn. fgedu.net.cn. 86400 IN NS ns2.fgedu.net.cn. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Apr 03 22:30:00 CST 2026 ;; MSG SIZE rcvd: 102
Part04-反向解析区域
4.1 配置反向解析
$ sudo tee -a /etc/named.rfc1912.zones << EOF zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.zone"; allow-update { none; }; }; EOF # 创建反向区域文件 $ sudo tee学习交流加群风哥QQ113257174 /var/named/192.168.1.zone << EOF \$TTL 86400 @ IN SOA ns1.fgedu.net.cn. admin.fgedu.net.cn. ( 2026040301 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ns1.fgedu.net.cn. @ IN NS ns2.fgedu.net.cn. 100 IN PTR ns1.fgedu.net.cn. 100 IN PTR www.fgedu.net.cn. 101 IN PTR ns2.fgedu.net.cn. 102 IN PTR mail.fgedu.net.cn. 103 IN PTR ftp.fgedu.net.cn. EOF # 设置权限 $ sudo chown root:named /var/named/192.168.1.zone $ sudo chmod 640 /var/named/192.168.1.zone # 检查区域文件 $ sudo named-checkzone 1.168.192.in-addr.arpa /var/named/192.168.1.zone zone 1.168.192.in-addr.arpa/IN: loaded serial 2026040301 OK # 重启服务 $ sudo systemctl restart named # 测试反向解析 $ dig @localhost -x 192.168.1学习交流加群风哥微信: itpux-com.100 ; <<>> DiG 9.16.23 <<>> @localhost -x 192.168.1.100
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12347 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;100.1.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.1.168.192.in-addr.arpa. 86400 IN PTR ns1.fgedu.net.cn. 100.1.168.192.in-addr.arpa. 86400 IN PTR www.fgedu.net.cn. ;; AUTHORITY SECTION: 1.168.192.in-addr.arpa. 86400 IN NS ns1.fgedu.net.cn. 1.168.192.in-addr.arpa. 86400 IN NS ns2.fgedu.net.cn. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Apr 03 22:30:30 CST 2026 ;; MSG SIZE rcvd: 135
Part05-从DNS服务器配置
5.1 配置从服务器
$ sudo tee /etc/named.conf << EOF options { listen-on port 53 { 127.0.0.1; 192.168.1.100; }; directory "/var/named"; allow-query { localhost; 192.168.1.0/24from PG视频:www.itpux.com; }; allow-transfer { 192.168.1.101; }; recursion yes; }; zone "fgedu.net.cn" IN { type master; file "fgedu.net.cn.zone"; allow-transfer { 192.168.1.101; }; also-notify { 192.168.1.101; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.zone"; allow-transfer { 192.168.1.101; }; also-notify { 192.168.1.101; }; }; EOF # 在从服务器上配置 $ sudo tee /etc/named.conf << EOF options { listen-on port 53 { 127.0.0.1; 192.168.1.101; }; directory "/var/named"; allow-query { localhost; 192.168.1.0/24; }; recursion yes; }; zone "fgedu.net.cn" IN { type slave; file "slaves/fgedu.net.cn.zone"; masters { 192.168.1.100; }; }; zone "1.168.192.in-addr.arpa" IN { type slave; file "slaves/192.168.1.zone"; masters { 192.168.1.100; }; }; EOF # 设置从服务器目录权限 $ sudo chown named:named /var/named/slaves # 重启服务 $ sudo systemctl restart named # 查看日志 $ sudo tail -f /var/log/messages Apr 3 22:35:00 rhel10 named[12357]: zone fgedu.net.cn/IN: Transfer started. Apr 3 22:35:00 rhel10 named[12357]: transfer of 'fgedu.net.cn/IN' from 192.168.1.100#53: connected using 192.168.1.101#54321 Apr 3 22:35:00 rhel10 named[12357]: zone fgedu.net.cn/IN: transferred serial 2026040301 Apr 3 22:35:00 rhel10 named[12357]: transfer of 'fgedu.net.cn/IN' from 192.168.1.100#53: Transfer completed: 1 messages
1. 配置主从DNS服务器提高可用性
2. 定期备份区域文件
3. 监控DNS服务状态
4. 配置合理的TTL值
5. 及时更新DNS记录
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
