企业搭配本地域名,进行解析
2018年07月23日 09:31:46
阅读数:2
搭建dns服务器,可以进行域名解析,这样方便企业项目本地测试。
可以实现,输入域名访问本地服务器
一、安装软件
1、下载bind
yum -y install bind
2、修改主配置文件
cp /etc/named.conf /etc/named.conf.bak # 修改之前先备份一遍
vi /etc/named.conf
修改为一下文件
//
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind/sample/ for example named configuration files.
//
10. // See the BIND Administrator's Reference Manual (ARM) for details about the
11. // configuration located in /usr/share/doc/bind-{version}//代码效果参考:http://www.ezhiqi.com/bx/art_2589.html /Bv9ARM.html
12.
13. options {
14. listen-on port 53 { any; }; //改此处
15. //listen-on-v6 port 53 { ::1; }; //改此处
16. directory "/var/named";
17. dump-file "/var/named/data/cache_dump.db";
18. statistics-file "/var/named/data/named_stats.txt";
19. memstatistics-file "/var/named/data/named_mem_stats.txt";
20. allow-query { any; }; //改此处
21.
22. /
23. - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
24. - If you are building a RECURSIVE (caching) DNS server, you need to enable
25. recursion.
26. - If your recursive DNS server has a public IP address, you MUST enable access
27. control to limit queries to your legitimate users. Failing to do so will
28. cause your server to become part of large scale DNS amplification
29. attacks. Implementing BCP38 within your network would greatly
30. reduce such attack surface
31. /
32. recursion yes;
33.
34. dnssec-enable yes;
35. dnssec-validation yes;
36.
37. / Path to ISC DLV key /
38. bindkeys-file "/etc/named.iscdlv.key";
39.
40. managed-keys-directory "/var/named/dynamic";
41.
42. pid-file "/run/named/named.pid";
43. session-keyfile "/run/named/session.key";
44. };
45.
46. logging {
47. channel default_debug {
48. file "data/named.run";
49. severity dynamic;
50. };
51. };
52.
53. zone "." IN {
54. type hint;
55. file "named.ca";
56. };
57.
58. include "/etc/named.rfc1912.zones";
59. include "/etc/named.root.key";
3、自定义域名解析配置(比如我们要添加abc.com)
vi /etc/named.rfc1912.zones
zone "abc.com" IN { // 定义要解析主域名
type master;
file "abc.com.zone"; // 具体相关解析的配置文件保存在 /var/named/abc.com.zone 文件中
allow-update { none; }//代码效果参考:http://www.ezhiqi.com/bx/art_1279.html;
};
//可以检查一下配置是否正确,如果执行没有返回提示则表示正常
named-checkconf
4、自定义abc.com.zone文件
vi /var/named/abc.com.zone
$TTL 1D
@ IN SOA abc.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
10. AAAA ::1
11. www IN A 192.168.1.100
12. xd IN A 192.168.1.101
13. wcn IN A 192.168.1.102
14. tl IN A 192.168.1.103
15. IN CNAME www
// 其中 ns.abc.com 代表当前dns服务器名称。所以 ns.abc.com 一定要解析到自己本身
www IN A 192.168.1.100 // 代表 解析到 192.168.1.100服务器上。其他的类似
//通用 cname 使*指向www,这样ajklnjkn.abc.com =
named-checkzone "abc.com" /var/named/abc.com.zone
5、修改权限
chown root:named /var/named/abc.com.zone
6、更改防火墙
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=953/tcp --permanent
7、配置完成之后重启服务
service named restart
//开机自启
systemctl enable named
8、测试
nslookup 服务器ip