Centos7配置靜態ip,搭建bind9 DNS服務
阿新 • • 發佈:2021-06-24
配置靜態ip和閘道器
-
使用 ip addr 檢視主機ip
可以看到目前是沒有ip地址的 -
修改 /etc/hostname 檔案
vi /etc/hostname
-
修改 /etc/sysconfig/network檔案
NETWORKING=yes
HOSTNAME=lnh-11.host.com
GATEWAY=192.168.137.2
具體閘道器地址GATEWAY,檢視
點選 "虛擬網路編輯器" 找到Vmnet8
點選上圖中 “NAT設定”按鈕,就可以找到具體的閘道器是多少了
-
修改該配置檔案 /etc/sysconfig/network-scripts/ifcfg-ens33
原有配置
改為以下配置TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static # 修改上圖中的dhcp為static DEFROUTE=yes IPADDR=192.168.137.66 # 新增配置 本機ip NETMASK=255.255.255.0 DNS1=114.114.114.114 # DNS解析 IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=fba41fb8-b0c2-4809-9431-0d92a0fd21d6 DEVICE=ens33 ONBOOT=yes # 將值改為yes -
重啟
reboot
重啟之後,檢視 ip addr ,已經修改成功
ping baidu.com ok!
搭建bind9 DNS服務
-
初始化作業系統配置
# 關閉防火牆 systemctl disable firewalld.service # 永久關閉 systemctl stop firewalld.service # 臨時關閉 # 關閉selinux sed -i 's/enforcing/disabled/' /etc/selinux/config #永久關閉 setenforce 0 #臨時關閉 # 關閉swap sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久關閉 swapoff -a # 臨時關閉 # 時間同步 yum install ntpdate -y ntpdate time.windows.com -
安裝必要的軟體
yum install -y wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils vim less epel-release -
安裝bind
yum install -y bind -
編輯主配置檔案 /etc/named.conf
options { listen-on port 53 { 192.168.137.66; }; ## 修改為本機ip listen-on-v6 port 53 { ::1; }; forwarders { 192.168.137.2; }; ## 閘道器 directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; ## 修改為any,允許任何訪問 /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable no; # 修改為no dnssec-validation no; # 修改為 no /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; -
編輯區域配置檔案 /etc/named.rfc1912.zones
增加配置
## 為字尾 lnh-66.host.com zone "host.com" IN { type master; file "host.com.zone"; allow-update { 192.168.137.66; }; # 主機ip }; -
配置主機域檔案 /var/named/host.com.zone
$ORIGIN host.com. $TTL 600 ; 10 minutes @ IN SOA dns.host.com. dnsadmin.host.com. ( 2021062401 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.host.com. $TTL 60 ; 1 minute dns A 192.168.137.66 lnh-66 A 192.168.137.66 -
檢查配置是否有錯誤
~]# named-checkconf -
修改主機的dns伺服器地址 /etc/sysconfig/network-scripts/ifcfg-ens33
-
重啟網路
systemctl restart network -
檢視 /etc/resolv.conf
-
啟動 bind9
systemctl start named systemctl enable namedping 百度和內網 ok
-
解析,檢視dns指向
dig -t A lnh-66.host.com @192.168.137.66 +short
-
找到宿主機如下配置
修改DNS伺服器,為192.168.137.66(安裝bind的伺服器地址)在宿主機通過虛擬機器主機名ping ,ok