一、安装dns服务
1)yum安装
yum install dnsmasq -y
2)配置本地的 dns 解析
# 设置上游DNS,毕竟你的Dns只是个代理 cat >/etc/resolv.dnsmasq <<EOF nameserver 114.114.114.114 nameserver 8.8.8.8 EOF
3)设置需要解析的域名
cat >/etc/dnsmasqhosts <<EOF 192.168.44.11 demo-init.opendevops.cn 192.168.44.11 mg.opendevops.cn 192.168.44.11 task.opendevops.cn 192.168.44.11 gw.opendevops.cn 192.168.44.11 cmdb2.opendevops.cn 192.168.44.11 kerrigan.opendevops.cn 192.168.44.11 tools.opendevops.cn 192.168.44.11 cron.opendevops.cn 192.168.44.11 dns.opendevops.cn EOF
4)配置 dns 的配置文件
# 注意下一步是覆盖你本机的DNS,建议把你的DNS地址加在/etc/resolv.dnsmasq 里面 echo "nameserver $LOCALHOST_IP" > /etc/resolv.conf echo "resolv-file=/etc/resolv.dnsmasq" >> /etc/dnsmasq.conf echo "addn-hosts=/etc/dnsmasqhosts" >> /etc/dnsmasq.conf
5)启动服务
/bin/systemctl enable dnsmasq.service /bin/systemctl start dnsmasq.service systemctl status dnsmasq if [ $? == 0 ];then echo -e "\033[32m [INFO]: dnsmasq install success. \033[0m" else echo -e "\033[31m [ERROR]: dnsmasq install faild \033[0m" exit -6 fi
二、本地测试
1)测试域名
[root@gitlab ~]# ping gw.opendevops.cn PING gw.opendevops.cn (192.168.44.11) 56(84) bytes of data. 64 bytes from demo-init.opendevops.cn (192.168.44.11): icmp_seq=1 ttl=64 time=0.006 ms 64 bytes from demo-init.opendevops.cn (192.168.44.11): icmp_seq=2 ttl=64 time=0.017 ms
注意,此时的本地dns解析文件
[root@gitlab ~]# cat /etc/resolv.conf nameserver 192.168.44.11 # dns的服务器地址
2)其他机器解析。更改 resolv.conf文件
[root@gitlab-ci ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.44.11 [root@gitlab-ci ~]# [root@gitlab-ci ~]# ping gw.opendevops.cn PING gw.opendevops.cn (192.168.44.11) 56(84) bytes of data. 64 bytes from gitlab.example.com (192.168.44.11): icmp_seq=1 ttl=64 time=0.190 ms
三、企业级自建dns服务 bind
hostnamectl set-hostname iotansible0001.eniot.io yum install epel-release -y yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y 安装bind9软件。开源dns软件 yum install bind -y [root@iotansible0001 ~]# rpm -qa bind bind-9.11.4-16.P2.el7_8.2.x86_64 [root@iotansible0001 ~]# ls /etc/named.conf 配置文件 /etc/named.conf listen-on port 53 { 127.0.0.1; };
删掉 ipv6的地址 ----->>后面调整的内容 改为 listen-on port 53 { 192.168.44.30; }; ------------- allow-query { localhost; }; 改为 allow-query { any; }; forwarders { 192.168.44.2; }; # 上级dns -------------------- dnssec-enable no; 改为no dnssec-validation no; 配置改完了,检查配置语法 [root@iotansible0001 ~]# named-checkconf ------------------------------ [root@iotansible0001 ~]# vim /etc/named.rfc1912.zones 在最后添加域名域 zone "eniot.io" IN { type master; file "eniot.io.zone"; allow-update { 194.168.44.30; }; }; zone "envisioniot.com" IN { type master; file "envisioniot.com.zone"; allow-update { 194.168.44.30; }; }; ============================================== 配置区域数据文件。该配置生效域名只有eniot.io [root@iotansible0001 ~]# cat /var/named/eniot.io.zone $ORIGIN eniot.io. $TTL 600 ; 10 minutes; @ IN SOA dns.eniot.io. dnsadmin.eniot.io. ( 2020050401 ; serial 10800 ; refresh (3 hours) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS dns.eniot.io. $TTL 60 ; 1 minutes dns A 192.168.44.30 iotansible0001 A 192.168.44.30 ceph0001 A 192.168.44.31 ceph0002 A 192.168.44.32 ceph0003 A 192.168.44.33 启动服务 [root@iotansible0001 ~]# systemctl start named [root@iotansible0001 ~]# netstat -lntup|grep 53 tcp 0 0 192.168.44.30:53 0.0.0.0:* LISTEN 1262/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1262/named tcp6 0 0 ::1:53 :::* LISTEN 1262/named tcp6 0 0 ::1:953 :::* LISTEN 1262/named udp 0 0 192.168.44.30:53 0.0.0.0:* 1262/named udp6 0 0 ::1:53 :::* 1262/named [root@iotansible0001 ~]# dig -t A iotansible0001.eniot.io @192.168.44.30 +short 192.168.44.30 [root@iotansible0001 ~]# dig -t A ceph0001.eniot.io @192.168.44.30 +short 192.168.44.31 [root@iotansible0001 ~]# dig -t A ceph0002.eniot.io @192.168.44.30 +short 192.168.44.32 ================================ [root@iotansible0001 ~]# cat /etc/resolv.conf # Generated by NetworkManager search eniot.io nameserver 192.168.44.30 添加了 search 后 [root@iotansible0001 ~]# ping ceph0003 可通 =========================== 其他机器的网络配置使用该dns即可