#!/bin/bash
# BIND9自动化部署工具 | 兼容CentOS 7 麒麟V10 arm | 2025-05-22更新
# 配置参数(按需修改)
#域名
DOMAIN="ittop.local"
#服务器监听地址
DNS_IP="172.16.1.20"
#请求访问地址,可以写any
NETWORK="172.16.0.0/16"
#转发地址和客户索要内部dns或者使用公网
FORWARD_IP="223.5.5.5"
ZONE_FILE="/var/named/ittop.local.zone"
#反向解析文件
REVERSE_ZONE_FILE="/var/named/1.16.172.rev"
#反向解析区域名
REV_ZONE_NAME="1.16.172.in-addr.arpa"
# 安装BIND及相关工具
yum install -y bind bind-utils > /dev/null
systemctl stop firewalld > /dev/null 2>&1 # 测试环境可临时关闭防火墙
# 配置主文件 /etc/named.conf
cat > /etc/named.conf <<EOF
options {
listen-on port 53 { 127.0.0.1; $DNS_IP; };
directory "/var/named";
allow-new-zones yes;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-query { localhost; $NETWORK; };
forwarders {
$FORWARD_IP;
};
recursion yes;
dnssec-enable no;
dnssec-validation no;
};
include "/etc/named.rfc1912.zones";
EOF
# 添加区域定义到 /etc/named.rfc1912.zones
cat >> /etc/named.rfc1912.zones <<EOF
zone "$DOMAIN" IN {
type master;
file "$ZONE_FILE";
allow-update { none; };
};
zone "$REV_ZONE_NAME" IN {
type master;
file "$REVERSE_ZONE_FILE";
allow-update { none; };
};
EOF
# 创建正向解析文件
cat > $ZONE_FILE <<EOF
\$TTL 86400
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
2025052201 ; Serial
3600 ; Refresh
900 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
NS ns1.$DOMAIN.
A $DNS_IP
ns1 IN A $DNS_IP
EOF
# 创建反向解析文件
cat > $REVERSE_ZONE_FILE <<EOF
\$TTL 86400
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
2025052201 ; Serial
3600 ; Refresh
900 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
IN NS ns1.$DOMAIN.
10 IN PTR ns1.$DOMAIN.
EOF
# 权限设置
chown named:named /var/named/*
chmod 640 /var/named/*
named-checkconf && named-checkzone $DOMAIN $ZONE_FILE
named-checkzone $REV_ZONE_NAME $REVERSE_ZONE_FILE
# 启动服务
systemctl start named
systemctl enable named > /dev/null 2>&1
# 验证配置
echo -e "\n[验证命令]"
echo "nslookup $DOMAIN $DNS_IP"
前提:yum源要可使用,无法确认的话,可以直接使用下面方式手动安装成功后再执行脚本