CentOS 6.5 Build DNS server detailed steps

Source: Internet
Author: User
Tags domain name server dnssec mail exchange nslookup

1, configure the relevant parameters

Yum install-y epel-releasesetenforce 0/etc/init.d/iptables stopchkconfig iptables off

2, install the relevant package

Yum Install bind Bind-devel bind-utils

3. Modify the configuration file


there are altogether four related files:named.ca ( root domain Configuration ),named.conf (DNS server Master profile ), forward parsing file, reverse parsing file


named.ca:

$ dig -t ns . @192.168.1.1 >  /tmp/named.ca     #  queries the root dns server and saves it as a file for named.conf references $ cat /tmp/named.ca; <<>> dig   9.8.2rc1-redhat-9.8.2-0.47.rc1.el6_8.3 <<>> -t ns . @ 192.168.1.1;;  global options: +cmd;;  Got answer:;;  ->>HEADER<<- opcode:  QUERY, status: NOERROR, id: 54385;;  flags: qr rd ra; query: 1, answer: 13,  authority: 0,  ADDITIONAL: 0 ;;  question section:;.             IN  NS ;;  ANSWER SECTION:.          113146 IN   ns  j.root-servers.net..          113146 in &nbsp Ns  k.root-servers.net.           113146 IN  NS   L.root-servers.net.           113146 IN  NS   M.root-servers.net.           113146 IN  NS   A.root-servers.net.           113146 IN  NS   B.root-servers.net.           113146 IN  NS   C.root-servers.net.           113146 IN  NS   D.root-servers.net.           113146 IN  NS   E.root-servers.net.           113146 IN  NS   F.root-servers.net.           113146 in  ns   g.root-servers.net..          113146 in  ns   h.root-servers.net..          113146 in  ns   i.root-servers.net. ;;  Query time: 29 msec;;  server: 192.168.1.1#53 (192.168.1.1);  WHEN: Tue Dec 13 14:35:01 2016;;  msg size  rcvd: 228


named.conf: ( configuration file use ; and // as Comments )

$ cat named.conf//// named.conf//// provided by red hat bind  Package to  configure the isc bind named (8)  DNS// server as  a caching only nameserver   (as a localhost dns resolver  only) .//// see /usr/share/doc/bind*/sample/ for  example named  configuration files.// #  Master Configuration Options {    listen-on  port  53 { 192.168.10.102; };              #  defines the IPv4 address of the port binding,     //listen-on-v6  port 53 { : :1; };                     #  defines the port binding's IPv6 address,    directory    "/var/named";                               # named Service working directory,    dump-file    "/var/ Named/data/cache_dump.db ";     # dump data File path,          statistics-file  "/var/named/data/named_stats.txt";    #  static file path,          memstatistics-file  "/var/named/data/named_mem_ Stats.txt ";    #    allow-query     {  any; };    #  allows the client to query the IP address, any for any, for example: 192.168.1.0/24;172.16.0.0/18, etc.,     recursion  yes;    #  recursive query, root server to open as far as possible,      dnssec-enable  yes;    #  whether Dns sec,dns sec can be turned on to verify DNS data validity,     dnssec-validation  yes;    #  whether dns sec verification is performed,      /*   Path to ISC DLV key */    bindkeys-file   "/ Etc/named.iscdlv.key ";    #   set the built-in key file path,      pid-file    "/var/run/named/named.pid";      # pid file path,     managed-keys-directory   "/var/named/dynamic";    #  set dns sec dynamic key file path, }; #  log-related configuration Logging {         channel default_ debug {      #  defines the log output mode: Syslog,file,stdout,stderr, text file.                          file  "Data/named.log";     #  log file           severity dynamic;     #多个级别: Debug, Info           };};  #  root Domain Configuration zone  "."  IN {    type  hint;    file   "/tmp/ Named.ca ";    #  the root domain file generated earlier;}; zone " example.com " IN {       #   definition of example.com domain forward parsing configuration     type  master;                 #  field type, The types can be divided into hint (root domain), master (primary DNS), slave (from DNS).     file   "/etc/ns.example.com";    #  forward parsing file      allow-update  { none; };    #  whether to allow};zone  " 10.168.192.in-addr.arpa "  IN {    #  defines the reverse domain name resolution zone, where the name of the zone must be the reverse order of IP address +". In-addr.arpa "    type  master;                               #  Domain Type,     file   "/etc/10.168.192.zone";           #  Reverse parsing file,    allow-update  { none; };                 #  whether to allow update,};  include   "/etc/named.rfc1912.zones";     #  contains additional configuration files include  "/etc/ Named.root.key ";


forward parsing file:ns.example.com

$ cat ns.example.com$ ttl settings, the definition of the data file in the area of the default TTL value of 86400, the absence of no impact on use, there will be a warning $ttl   86400         @           In  soa ns.example.com.  root.example.com. (    # soa record setting, "@" for the corresponding domain name, that is, in named.conf, this zone,soa represents the beginning of the zone authorization. Each zone file can have only one SOA. The authoritative host name and administrator mailbox for the zone are specified later in the SOA. Note that there is a "." After the domain name. And the authorization host name must be able to find a record in DNS settings, that is, the NS corresponding to the a record. @ has other meanings in the config file, so the mailbox @ is used instead.                              2016121301    ; serial         # serial  file modified version, the format of the date plus the number of changes, each time you modify the configuration file should change this number. When the Slave dns synchronizes information, the values are compared and are updated when the values are larger than their own.                               3h     ; refresh      # slave   Time between sync with master;                             15M     ; retry        # slave dns The update fails, how often to retry;                              1W     ; expiry         # slave dns how long to clear the corresponding record after the synchronization failure;                         &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;1D)     ; minimum         #  default minimum TTL value, if not previously set,This value is datum # h: Hours, D: Days, W: Weeks, M: # ns: Define this host as a domain name server, MX: Define a mail Exchange Server, a: Define a record, a domain-to-IP record, CNAME: an alias that defines the domain name;            IN  NS  ns.example.com.         #  definition ns            in  mx  10  mail         #   Define mail exchange with priority 10           in  a    192.168.10.102ns         IN  A    192.168.10.102www        IN  A    192.168.10.102mail       in  a    192.168.10.102linux      in  cname  www


Reverse Parse File:10.168.196.in-addr-arpa

# similar to forward parsing, the multiple PTR option defines a reverse parsing record, and an IP- to -URL record.

$ cat 10.168.192.zone   $TTL    8640010.168.192.in-addr.arpa. IN   SOA ns.example.com.      root.example.com.   (                           2016121301 ; Serial                          28800       ; Refresh                          14400;      ; Retry                          3600000        ; expire                          86400  )        ;  minimum        in    ns        ns.example.com.102      IN    PTR       mail.example.com.102     in    ptr        www.example.com.


4. Start the server

Set related permissions:

Chown-r root.named/etc/named.conf/etc/ns.example.com/etc/10.168.192.zone/tmp/named.ca/etc/init.d/named Starttail -f/var/log/messages # View boot log netstat-tlnup |grep 53 # View Boot port


5. nslookup Test domain name

Nslookup ns.example.comnslookup mail.example.com


This article is from the "Thousand Face" blog, please make sure to keep this source http://oslibo.blog.51cto.com/10854638/1882296

CentOS 6.5 Build DNS server detailed steps

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.