DNS服务器搭建(Linux版本)

本文涉及的产品
公共DNS(含HTTPDNS解析),每月1000万次HTTP解析
云解析 DNS,旗舰版 1个月
全局流量管理 GTM,标准版 1个月
简介: DNS服务器搭建(Linux版本)

一、安装BIND

[root@server ~]# yum clean all
[root@server ~]# yum repolist
[root@server ~]# yum list | grep '^bind\.'
[root@server ~]# yum -y install bind*


二、配置主配置文件

  • 备份需配置的文件,防止配置当中出错。
[root@server ~]# cp /etc/named.conf /etc/named.conf.backup

3e81224606403df7548d78f292dd1b3e.png


  • 配置named.conf主配置文件

主要修改这两处信息。其余信息根据情况自行修改设置。

listen-on port 53 { any; };

allow-query { any; };

:wq保存退出

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
        listen-on port 53 { any; };   #允许所有IP地址监听53号端口
        #listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";  
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; }; #允许所有使用本解析服务的网段
        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


三、配置区域配置文件。添加正向解析配置。

在末尾添加如下配置。

vim /etc/named.rfc1912.zones

zone “xybdns.com” IN {

type master;

file “xybdns.com.zone”;

allow-update { none; };

按:wq保存退出

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};
zone "xybdns.com" IN {   #正向解析为“pakho.com”
        type master;   #类型:主缓存为master
        file "xybdns.com.zone"; #指定区域数据文件为xybdns.com.zone
        allow-update { none; };
};


四、配置正向区域数据文件

  • 拷贝主配置文件,保留源文件的权限和属主的属性复制

cp -a named.localhost xybdns.com.zone

[root@server ~]# cd /var/named/
[root@server named]# cp -a named.localhost xybdns.com.zone
[root@server named]# ll
total 28
drwxr-x--- 7 root  named   61 Jul  9 05:18 chroot
drwxrwx--- 2 named named   49 Jul 20 03:11 data
-rw-r----- 1 root  named  259 Jul 14 03:42 dnsdiy.com.zone
drwxrwx--- 2 named named   31 Jul 20 01:25 dynamic
-rw-r----- 1 root  named 2253 Apr  5  2018 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named    6 Apr 29 10:05 slaves
-rw-r----- 1 root  named  515 Jul 20 04:26 xybdns.com.zone
-rw-r----- 1 root  named  538 Jul 14 03:53 xybdns.com.zone.bakup


  • 配置正向区域数据文件

注意:“.”的书写格式,其代替了@,别遗漏

[root@server named]# vim xybdns.com.zone  #进入配置文件
[root@server named]# cat xybdns.com.zone  #查看配置文件
$TTL 1D #有效解析记录的生成周期
@       IN SOA  xybdns.com. root.xybdns.com. (
#@表示当前的DNS区域名表示这个域名  SOA表示授权信息开启 后面表示邮件地址因为@有特殊含义 所以使用.代替 
                                        0       ; serial  #更新序列号,可以是10以内的整数
                                        1D      ; refresh #刷新时间,重新下载地址数据的间隔
                                        1H      ; retry   #重试延迟,下载失败后的重试延迟
                                        1W      ; expire #失效时间,超过该时间仍无法下载则放弃
                                        3H )    ; minimum #无效解析记录的生存周期
        IN      NS      server.xybdns.com.  #记录当前区域DNS服务器的名称
        IN      MX 10   server.xybdns.com.  #MX为邮件服务器 10表示优先级 数字越大优先级越低
server  IN      A       192.168.200.115   #记录正向解析域名对应的IP,即将域名与IP绑捆
web     IN      A       192.168.200.115
vsan7   IN      A       192.168.200.118


  • 修改主机名
[root@server ~]# hostnamectl set-hostname server.xybdns.com
[root@server ~]# bash
[root@server ~]# hostname
server.xybdns.com
  • 配置文件语法检查工具

named-checkconf -z /etc/named.conf

仅检查语法不检查逻辑关系。当显示的全为0时表示没有语法错误

[root@server ~]# named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone xybdns.com/IN: loaded serial 0


五、启动DNS服务

  • 启动前,检查防火墙、SELINUX安全模式是否是关闭或允许状态

关闭防火墙并设置开机不自启动防火墙

[root@server ~]# systemctl stop firewalld && systemctl disable firewalld
[root@server ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

关闭SELINUX安全模式

[root@server ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled  #修改为disabled保存退出
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@server ~]# getenforce #重启生效
Disabled


  • 启动dns服务

systemctl start named

systemctl enable named

[root@server ~]# systemctl start named
[root@server ~]# systemctl enable named
[root@server ~]# systemctl status named

7d82680af785e66d40821103cbecd7b1.png


  • 查看53号监听端口是否开启

若执行不了netstat命令,请先输入yum install -y net-tools命令安装net-tools工具

netstat -anpt | grep 53

[root@server ~]# netstat -anpt | grep 53
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2416/named
tcp        0      0 192.168.200.115:53      0.0.0.0:*               LISTEN      2416/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2416/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      2416/named


六、测试DNS服务器

  • 在Windows 10环境下测试

设置所在网络配置,添加DNS服务器地址、默认网关等信息。如图所示。

e103908968da66a7b6c5e4235511a0be.png

e481d00de45980e81fda775b0a027b84.png

42d379969e60b5ca1dd8d81a5fd72311.png


  • 在linux环境下测试

设置dns

DNS=192.168.200.115

按:wq保存退出

[root@test ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens32
UUID=db4e154b-6cc7-420c-a43c-e5a27af7749d
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.200.120
NETMASK=255.255.255.0
GATEWAY=192.168.200.1
DNS=192.168.200.115


安装nslookup

yum provides nslookup

yum install -y bind-utils

[root@test ~]# yum provides nslookup
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
32:bind-utils-9.11.4-9.P2.el7.x86_64 : Utilities for querying DNS name servers
Repo        : centos
Matched from:
Filename    : /usr/bin/nslookup
32:bind-utils-9.11.4-9.P2.el7.x86_64 : Utilities for querying DNS name servers
Repo        : @centos
Matched from:
Filename    : /usr/bin/nslookup
[root@test ~]# yum install -y bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package 32:bind-utils-9.11.4-9.P2.el7.x86_64 already installed and latest version
Nothing to do
[root@test ~]# ping baidu.com
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=45.0 ms
^C
--- baidu.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 45.080/45.080/45.080/0.000 ms
[root@test ~]# ping server.xybdns.com
PING server.xybdns.com (192.168.200.115) 56(84) bytes of data.
64 bytes from 192.168.200.115 (192.168.200.115): icmp_seq=1 ttl=64 time=0.148 ms
64 bytes from 192.168.200.115 (192.168.200.115): icmp_seq=2 ttl=64 time=0.330 ms
^C
--- server.xybdns.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.148/0.239/0.330/0.091 ms
[root@test ~]# nslookup www.baidu.com
Server:         192.168.200.115
Address:        192.168.200.115#53
Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 180.101.49.11
Name:   www.a.shifen.com
Address: 180.101.49.12
[root@test ~]# nslookup server.xybdns.com
Server:         192.168.200.115
Address:        192.168.200.115#53
Name:   server.xybdns.com
Address: 192.168.200.115


相关文章
|
5天前
|
域名解析 缓存 网络协议
深入理解Linux下的DNS技术
Linux DNS详解:连接用户与网络资源的关键,涉及基本原理、DNS服务器软件如BIND、PowerDNS、Dnsmasq、解析过程、缓存及系统配置。理解这些有助于优化网络性能和安全。配置文件 `/etc/resolv.conf` 用于指定DNS服务器,而DNS缓存提升响应速度。学习DNS技术,提升系统效率与可靠性。
35 7
|
4天前
|
Java Linux 应用服务中间件
Windows和Linux的最佳Web服务器
【7月更文挑战第20天】Windows和Linux的最佳Web服务器
16 3
|
9天前
|
存储 缓存 网络协议
如何在 Linux 上刷新 DNS 缓存?
【7月更文挑战第14天】
11 0
如何在 Linux 上刷新 DNS 缓存?
|
18天前
|
存储 应用服务中间件 文件存储
Ngnix服务器版本升级需求分析,如何不停止Ngnix服务进行升级
Ngnix服务器版本升级需求分析,如何不停止Ngnix服务进行升级
|
19天前
|
网络协议 Linux
云服务器内部端口占用,9090端口已经存在了,如何关闭,Linux查询端口,查看端口,端口查询,关闭端口写法-netstat -tuln,​fuser -k 3306/tcp​
云服务器内部端口占用,9090端口已经存在了,如何关闭,Linux查询端口,查看端口,端口查询,关闭端口写法-netstat -tuln,​fuser -k 3306/tcp​
|
19天前
|
大数据 Linux 程序员
软件开发常见流程之服务器+Linux部署项目,会用服务器+Linux部署项目资料
软件开发常见流程之服务器+Linux部署项目,会用服务器+Linux部署项目资料
|
20天前
|
负载均衡 Java Linux
黑马头条01,环境搭建,今日头条的介绍,今日头条的功能架构图,技术栈的说明,服务层,nacos(奶靠丝)安装,安装在Linux服务器上环境准备,
黑马头条01,环境搭建,今日头条的介绍,今日头条的功能架构图,技术栈的说明,服务层,nacos(奶靠丝)安装,安装在Linux服务器上环境准备,
|
1月前
|
XML Java 数据格式
深度解析 Spring 源码:从 BeanDefinition 源码探索 Bean 的本质
深度解析 Spring 源码:从 BeanDefinition 源码探索 Bean 的本质
35 3
|
20天前
|
存储 安全 Java
深度长文解析SpringWebFlux响应式框架15个核心组件源码
以上是Spring WebFlux 框架核心组件的全部介绍了,希望可以帮助你全面深入的理解 WebFlux的原理,关注【威哥爱编程】,主页里可查看V哥每天更新的原创技术内容,让我们一起成长。
|
21天前
|
关系型数据库 分布式数据库 数据库
PolarDB-X源码解析:揭秘分布式事务处理
【7月更文挑战第3天】**PolarDB-X源码解析:揭秘分布式事务处理** PolarDB-X,应对大规模分布式事务挑战,基于2PC协议确保ACID特性。通过预提交和提交阶段保证原子性与一致性,使用一致性快照隔离和乐观锁减少冲突,结合故障恢复机制确保高可用。源码中的事务管理逻辑展现了优化的分布式事务处理流程,为开发者提供了洞察分布式数据库核心技术的窗口。随着开源社区的发展,更多创新实践将促进数据库技术进步。
25 3

相关产品

  • 云解析DNS