心得经验总结：本地DNS解析

企业搭配本地域名，进行解析

2018年07月23日 09:31:46

阅读数：2

搭建dns服务器，可以进行域名解析，这样方便企业项目本地测试。

可以实现，输入域名访问本地服务器

一、安装软件

1、下载bind

yum -y install bind

2、修改主配置文件

cp /etc/named.conf /etc/named.conf.bak # 修改之前先备份一遍

vi /etc/named.conf

修改为一下文件

//

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind/sample/ for example named configuration files.

//

10. // See the BIND Administrator's Reference Manual (ARM) for details about the

11. // configuration located in /usr/share/doc/bind-{version}//代码效果参考：http://www.ezhiqi.com/bx/art_2589.html /Bv9ARM.html

12.

13. options {

14. listen-on port 53 { any; }; //改此处

15. //listen-on-v6 port 53 { ::1; }; //改此处

16. directory "/var/named";

17. dump-file "/var/named/data/cache_dump.db";

18. statistics-file "/var/named/data/named_stats.txt";

19. memstatistics-file "/var/named/data/named_mem_stats.txt";

20. allow-query { any; }; //改此处

21.

22. /

23. - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

24. - If you are building a RECURSIVE (caching) DNS server, you need to enable

25. recursion.

26. - If your recursive DNS server has a public IP address, you MUST enable access

27. control to limit queries to your legitimate users. Failing to do so will

28. cause your server to become part of large scale DNS amplification

29. attacks. Implementing BCP38 within your network would greatly

30. reduce such attack surface

31. /

32. recursion yes;

33.

34. dnssec-enable yes;

35. dnssec-validation yes;

36.

37. / Path to ISC DLV key /

38. bindkeys-file "/etc/named.iscdlv.key";

39.

40. managed-keys-directory "/var/named/dynamic";

41.

42. pid-file "/run/named/named.pid";

43. session-keyfile "/run/named/session.key";

44. };

45.

46. logging {

47. channel default_debug {

48. file "data/named.run";

49. severity dynamic;

50. };

51. };

52.

53. zone "." IN {

54. type hint;

55. file "named.ca";

56. };

57.

58. include "/etc/named.rfc1912.zones";

59. include "/etc/named.root.key";

3、自定义域名解析配置（比如我们要添加abc.com）

vi /etc/named.rfc1912.zones

zone "abc.com" IN { // 定义要解析主域名

type master;

file "abc.com.zone"; // 具体相关解析的配置文件保存在 /var/named/abc.com.zone 文件中

allow-update { none; }//代码效果参考：http://www.ezhiqi.com/bx/art_1279.html;

};

//可以检查一下配置是否正确，如果执行没有返回提示则表示正常

named-checkconf

4、自定义abc.com.zone文件

vi /var/named/abc.com.zone

$TTL 1D

@ IN SOA abc.com. rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

10. AAAA ::1

11. www IN A 192.168.1.100

12. xd IN A 192.168.1.101

13. wcn IN A 192.168.1.102

14. tl IN A 192.168.1.103

15. IN CNAME www

// 其中 ns.abc.com 代表当前dns服务器名称。所以 ns.abc.com 一定要解析到自己本身

www IN A 192.168.1.100 // 代表 解析到 192.168.1.100服务器上。其他的类似

//通用 cname 使*指向www，这样ajklnjkn.abc.com =

named-checkzone "abc.com" /var/named/abc.com.zone

5、修改权限

chown root:named /var/named/abc.com.zone

6、更改防火墙

firewall-cmd --zone=public --add-port=53/tcp --permanent

firewall-cmd --zone=public --add-port=53/udp --permanent

firewall-cmd --zone=public --add-port=953/tcp --permanent

7、配置完成之后重启服务

service named restart

//开机自启

systemctl enable named

8、测试

nslookup 服务器ip