Linux搭建DNS服务

时间:2022-11-22 11:00:59

一、简单介绍

1、dns服务:是​域名解析​服务,它的作用是将域名解析成IP地址,或者是将IP地址解析成域名。

2、实验环境:Centos7.6 IP192.168.10.129  物理机:192.168.10.1

二、关闭防火墙与SELinux特性

2.1关闭防火墙

[root@centos ~]# systemctl stop firewalld     //临时关闭防火墙
[root@centos ~]# systemctl disable firewalld //永久关闭防火墙

2.2关闭SELinux

[root@centos ~]# setenforce 0   //临时关闭selinux特性
#永久关闭SELinux服务
把上面的SELINUX=disabled即可,:wq保存退出

Linux搭建DNS服务

三、安装DNS服务

3.1安装bind,bind-utils

[root@centos ~]# yum install bind bind-utils -y
Loaded plugins: fastestmirror
Determining fastest mirrors
dvd | 3.6 kB 00:00:00
(1/2): dvd/group_gz | 166 kB 00:00:00
(2/2): dvd/primary_db | 3.1 MB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-72.el7 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-72.el7 for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: python-ply for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: policycoreutils-python for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: policycoreutils-python for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: liblwres.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: libisccfg.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: libisccc.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: libisc.so.95()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: libdns.so.100()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
--> Processing Dependency: libbind9.so.90()(64bit) for package: 32:bind-9.9.4-72.el7.x86_64
---> Package bind-utils.x86_64 32:9.9.4-72.el7 will be installed
--> Running transaction check
---> Package bind-libs.x86_64 32:9.9.4-72.el7 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-29.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================
Package Arch Version Repository Size
======================================================================================================
Installing:
bind x86_64 32:9.9.4-72.el7 dvd 1.8 M
bind-utils x86_64 32:9.9.4-72.el7 dvd 206 k
Installing for dependencies:
audit-libs-python x86_64 2.8.4-4.el7 dvd 76 k
bind-libs x86_64 32:9.9.4-72.el7 dvd 1.0 M
checkpolicy x86_64 2.5-8.el7 dvd 295 k
libcgroup x86_64 0.41-20.el7 dvd 66 k
libsemanage-python x86_64 2.5-14.el7 dvd 113 k
policycoreutils-python x86_64 2.5-29.el7 dvd 456 k
python-IPy noarch 0.75-6.el7 dvd 32 k
python-ply noarch 3.4-11.el7 dvd 123 k
setools-libs x86_64 3.3.8-4.el7 dvd 620 k

Transaction Summary
======================================================================================================
Install 2 Packages (+9 Dependent packages)

Total download size: 4.8 M
Installed size: 13 M
Downloading packages:
------------------------------------------------------------------------------------------------------
Total 56 MB/s | 4.8 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-libs-9.9.4-72.el7.x86_64 1/11
Installing : setools-libs-3.3.8-4.el7.x86_64 2/11
Installing : audit-libs-python-2.8.4-4.el7.x86_64 3/11
Installing : checkpolicy-2.5-8.el7.x86_64 4/11
Installing : python-IPy-0.75-6.el7.noarch 5/11
Installing : libsemanage-python-2.5-14.el7.x86_64 6/11
Installing : python-ply-3.4-11.el7.noarch 7/11
Installing : libcgroup-0.41-20.el7.x86_64 8/11
Installing : policycoreutils-python-2.5-29.el7.x86_64 9/11
Installing : 32:bind-9.9.4-72.el7.x86_64 10/11
Installing : 32:bind-utils-9.9.4-72.el7.x86_64 11/11
Verifying : libcgroup-0.41-20.el7.x86_64 1/11
Verifying : python-ply-3.4-11.el7.noarch 2/11
Verifying : libsemanage-python-2.5-14.el7.x86_64 3/11
Verifying : policycoreutils-python-2.5-29.el7.x86_64 4/11
Verifying : 32:bind-9.9.4-72.el7.x86_64 5/11
Verifying : python-IPy-0.75-6.el7.noarch 6/11
Verifying : checkpolicy-2.5-8.el7.x86_64 7/11
Verifying : 32:bind-utils-9.9.4-72.el7.x86_64 8/11
Verifying : 32:bind-libs-9.9.4-72.el7.x86_64 9/11
Verifying : audit-libs-python-2.8.4-4.el7.x86_64 10/11
Verifying : setools-libs-3.3.8-4.el7.x86_64 11/11

Installed:
bind.x86_64 32:9.9.4-72.el7 bind-utils.x86_64 32:9.9.4-72.el7

Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 bind-libs.x86_64 32:9.9.4-72.el7
checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7
libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7
python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7
setools-libs.x86_64 0:3.3.8-4.el7

Complete!

3.2安装成功,启动并查看named服务

[root@centos ~]# systemctl start named     //启动named服务
[root@centos ~]# systemctl status named //查看named服务状态
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2022-11-21 17:17:36 CST; 18s ago
Process: 10433 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 10431 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 10435 (named)
CGroup: /system.slice/named.service
└─10435 /usr/sbin/named -u named -c /etc/named.conf

Nov 21 17:17:36 centos named[10435]: command channel listening on ::1#953
Nov 21 17:17:36 centos named[10435]: managed-keys-zone: loaded serial 0
Nov 21 17:17:36 centos named[10435]: zone 0.in-addr.arpa/IN: loaded serial 0
Nov 21 17:17:36 centos named[10435]: zone localhost/IN: loaded serial 0
Nov 21 17:17:36 centos named[10435]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 21 17:17:36 centos named[10435]: zone localhost.localdomain/IN: loaded serial 0
Nov 21 17:17:36 centos named[10435]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...al 0
Nov 21 17:17:36 centos named[10435]: all zones loaded
Nov 21 17:17:36 centos named[10435]: running
Nov 21 17:17:36 centos systemd[1]: Started Berkeley Internet Name Domain (DNS).
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos ~]#

四、修改配置文件

4.1进入dns配置文件,进行配置

[root@centos ~]# vim /etc/named.conf

只需要修改以下文件里面的两个部分,其余的不要动

options {
listen-on port 53 { 192.168.10.129; }; //设置为本地的IP地址
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //设置为所有人都可以访问

4.2配置文件,增加正反向解析

[root@centos ~]# vim /etc/named.rfc1912.zones

输入快捷键​​G​​,直接跳转的最后一行,并添加正反向解析

43 zone "centos1.com" IN {        
44 type master;
45 file "centos.com.zone"; //正向解析文件
46 allow-update { none; };
47 };
48
49 zone "10.186.192.in-addr.arpa" IN {
50 type master;
51 file "centos.com.local"; //反向解析文件
52 allow-update { none; };
53 };

正向解析:(1)​​正向解析zone是centos.com​​,它是通过centos.com找到对应的主机IP地址

反向解析:(2)对应的zone是本机IP192.168.10.129,前面部分192.168.10要过来写10.182.196,反向解析

4.3拷贝/var/named/目录下named.localhost和named.loopback文件

[root@centos ~]# cd /var/named/
[root@centos named]# cp -p named.localhost contos.com.zone
[root@centos named]# cp -p named.loopback contos.com.local

4.4在拷贝的正反向解析里面添加主机记录

4.4.1正向解析内容
$TTL 1D
@ IN SOA @ dns.centos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.centos.com.
www A 192.168.10.129 //A代表的是IPV4的地址
dns A 192.168.10.129
email A 192.168.10.129
4.4.2反向解析内容(照着正向解析反着写
TTL 1D
@ IN SOA @ dns.centos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.centos.com.
192.168.10.129 PTR dns.centos.com. //PTR是反向解析指针
192.168.10.129 PTR www.centos.com.
192.168.10.129 PTR email.centos.com.
4.4.3名词解释
NS dns.centos.com. 本机的域名

dns A 192.168.10.129 dns为centos.com的域名前坠,对应着192.168.10.129

www A 192.168.10.129 www为centos.com的域名前坠,对应着192.168.10.129

email A 192.168.10.129 email为centos.com的域名前坠,对应着192.168.10.129
4.4.4重启服务
[root@centos ~]# systemctl restart named

五、在客户端上面进行验证

在客户端输入nslookup+IP地址或者域名访问即可,如果能获取到

服务器和IP地址

名称和IP地址

就行了

以上就是完整配置DNS服务的流程--------------------------------------------