(Linux下的DNS服务器搭建)
一、DNS介绍
1.dns域名系统
1.域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。它作为将域名和IP地址相互映射的一个分布式数据库,能够使人更方便地访问互联网。DNS使用UDP端口53。当前,对于每一级域名长度的限制是63个字符,域名总长度则不能超过253个字符。
2.域名解析是把域名指向网站空间IP,让人们通过注册的域名可以方便地访问到网站的一种服务。IP地址是网络上标识站点的数字地址,为了方便记忆,采用域名来代替IP地址标识站点地址。域名解析就是域名到IP地址的转换过程。域名的解析工作由DNS服务器完成。
2.正向解析和反向解析
正向解析:根据域名查询IP地址,是DNS最基本也是最常用的功能 反向解析:根据IP地址查询域名
二、检查环境
[root@control ~]# cat /proc/version
Linux version 4.18.0-80.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com) (gcc version 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC)) #1 SMP Wed Mar 13 12:02:46 UTC 2019
[root@control ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
3: ens224: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:e6:30:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.150/24 brd 192.168.200.255 scope global noprefixroute bond0
valid_lft forever preferred_lft forever
inet 192.168.200.151/24 brd 192.168.200.255 scope global secondary noprefixroute bond0
valid_lft forever preferred_lft forever
inet6 fe80::d40d:838b:b162:da0c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:68:9e:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:68:9e:ab brd ff:ff:ff:ff:ff:ff
三、搭建主DNS
1.安装dns相关包
[root@control yum.repos.d]# yum -y install bind bind-chroot
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
AppStream 261 kB/s | 3.2 kB 00:00
BaseOS 227 kB/s | 2.7 kB 00:00
ansiable 2.9 MB/s | 3.0 kB 00:00
Dependencies resolved.
===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
bind x86_64 32:9.11.4-16.P2.el8 AppStream 2.1 M
bind-chroot x86_64 32:9.11.4-16.P2.el8 AppStream 99 k
Transaction Summary
===============================================================================================================================================
Install 2 Packages
Total size: 2.2 M
Installed size: 4.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2
Installing : bind-32:9.11.4-16.P2.el8.x86_64 1/2
Running scriptlet: bind-32:9.11.4-16.P2.el8.x86_64 1/2
Installing : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Running scriptlet: bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Verifying : bind-32:9.11.4-16.P2.el8.x86_64 1/2
Verifying : bind-chroot-32:9.11.4-16.P2.el8.x86_64 2/2
Installed products updated.
Installed:
bind-32:9.11.4-16.P2.el8.x86_64 bind-chroot-32:9.11.4-16.P2.el8.x86_64
Complete!
2.设置服务开机自启
[root@control yum.repos.d]#
[root@control yum.repos.d]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
[root@control yum.repos.d]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-06-23 02:57:21 UTC; 11s ago
Process: 60709 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 60706 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else ec>
Main PID: 60711 (named)
Tasks: 4 (limit: 24900)
Memory: 54.8M
CGroup: /system.slice/named.service
└─60711 /usr/sbin/named -u named -c /etc/named.conf
3.编辑DNS主配置文件
[root@control yum.repos.d]# vim /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
4.编辑区域文件
[root@control yum.repos.d]# vim /etc/named.rfc1912.zones
zone "huaxia.com" IN {
type master;
file "named.zx";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "named.fx";
allow-update { none; };
};
5.编辑正向数据库文件
[root@control ~]# vim /var/named/namd.zx
$TTL 1D
@ IN SOA ns.huaxia.com. root. (
2021062209 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns.huaxia.com.
ns IN A 192.168.200.150
www IN A 192.168.200.150
server0 IN A 192.168.200.150
6.编辑反向数据库文件
[root@control ~]# vim /var/named/named.fx
$TTL 1D
@ IN SOA ns.huaxia.com. root. (
2021062209 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS ns.huaxia.com.
ns IN A 192.168.200.150
22 PTR www.huaxia.com.
7.文件授权
[root@control named]# chown named.named *
[root@control named]# pwd
/var/named
[root@control named]# ll
total 24
drwxr-x--- 7 named named 61 Jun 23 10:55 chroot
drwxrwx--- 2 named named 23 Jun 23 10:57 data
drwxrwx--- 2 named named 60 Jun 23 17:28 dynamic
-rw-r----- 1 named named 2253 Apr 5 2018 named.ca
-rw-r----- 1 named named 152 Dec 15 2009 named.empty
-rw-r--r-- 1 named named 513 Jun 23 17:28 named.fx
-rw-r----- 1 named named 152 Jun 23 11:58 named.localhost
-rw-r----- 1 named named 168 Dec 15 2009 named.loopback
-rw-r----- 1 named named 271 Jun 23 14:13 named.zx
drwxrwx--- 2 named named 6 Feb 25 2019 slaves
8.重启服务
[root@control ~]# systemctl restart named
9.放行防火墙
[root@control ~]# firewall-cmd --permanent --add-service=dns
success
[root@control ~]# firewall-cmd --reload
success
四、测试dns服务
1.客户端上配置dns服务器指向
[root@node1 ~]# vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.200.150
domain example.com
search example.com
2.测试A记录解析
[root@node1 ~]# nslookup server0.huaxia.com
Server: 192.168.200.150
Address: 192.168.200.150#53
Name: server0.huaxia.com
Address: 192.168.200.150
3.反向解析
[root@node1 ~]# nslookup
> server0.huaxia.com
Server: 192.168.200.150
Address: 192.168.200.150#53
Name: server0.huaxia.com
Address: 192.168.200.150
> 172.
Server: 192.168.200.150
Address: 192.168.200.150#53
** server can't find 172: NXDOMAIN
> 192.168.200.22
22.200.168.192.in-addr.arpa name = www.huaxia.com.