:x
1.安装DNS服务
1.1查询bind
[root@lowaniot:/root]$ yum info bind
1.2安装bind
[root@lowaniot:/root]$ yum install bind -y
[root@lowaniot:/root]$ rpm -ql bind
1.3查看13个根域服务器文件
[root@lowaniot:/root]$ cat /var/named/named.ca
; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 518400 IN A 198.41.0.4
b.root-servers.net. 518400 IN A 199.9.14.201
c.root-servers.net. 518400 IN A 192.33.4.12
d.root-servers.net. 518400 IN A 199.7.91.13
e.root-servers.net. 518400 IN A 192.203.230.10
f.root-servers.net. 518400 IN A 192.5.5.241
g.root-servers.net. 518400 IN A 192.112.36.4
h.root-servers.net. 518400 IN A 198.97.190.53
i.root-servers.net. 518400 IN A 192.36.148.17
j.root-servers.net. 518400 IN A 192.58.128.30
k.root-servers.net. 518400 IN A 193.0.14.129
l.root-servers.net. 518400 IN A 199.7.83.42
m.root-servers.net. 518400 IN A 202.12.27.33
a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 518400 IN AAAA 2001:500:200::b
c.root-servers.net. 518400 IN AAAA 2001:500:2::c
d.root-servers.net. 518400 IN AAAA 2001:500:2d::d
e.root-servers.net. 518400 IN AAAA 2001:500:a8::e
f.root-servers.net. 518400 IN AAAA 2001:500:2f::f
g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d
h.root-servers.net. 518400 IN AAAA 2001:500:1::53
i.root-servers.net. 518400 IN AAAA 2001:7fe::53
j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 518400 IN AAAA 2001:7fd::1
l.root-servers.net. 518400 IN AAAA 2001:500:9f::42
m.root-servers.net. 518400 IN AAAA 2001:dc3::35
;; Query time: 24 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Thu Apr 05 15:57:34 CEST 2018
;; MSG SIZE rcvd: 811
1.4开启DNS服务,并添加防火墙端口
[root@lowaniot:/root]$ systemctl start named
[root@lowaniot:/root]$ systemctl enable named
[root@lowaniot :/root]$ firewall-cmd --permanent --add-service=dns
success
[root@lowaniot:/root]$ firewall-cmd --permanent --add-port=53/tcp
success
[root@lowaniot:/root]$ firewall-cmd --permanent --add-port=53/udp
success
[root@lowaniot:/root]$ firewall-cmd --reload
success
[root@lowaniot:/root]$ ss -nutl
1.5查看修改网卡信息
[root@lowaniot:/root]$ vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="6422ac64-fc9a-4159-895f-6191eff1fa1d"
DEVICE="ens33"
DNS1="192.168.124.2"
IPADDR="192.168.124.2"
PREFIX="24"
GATEWAY="192.168.124.1"
ONBOOT="yes"
PEERDNS="no"
#添加 PEERDNS="no" 电脑重启后 /etc/resolv.conf 的namespace不会恢复至系统默认
[root@lowaniot ~]$ systemctl restart network-online.target
[root@lowaniot :/root]$ dig -t NS . @192.168.124.1
2.编辑DNS配置文件/etc/文件
[root@lowaniot :/etc]$ cp -p /etc/named.conf{,.bak}
[root@lowaniot :/etc]$ vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// 此处的localhost代表所有机子上的IP
options {
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// 此处的localhost代表所有机子上的IP
options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/";
recursing-file "/var/named/data/";
allow-query { localhost;192.168.0.0/16; };
allow-transfer { 192.168.124.3; };
forwarders {202.101.172.35;
223.5.5.5;};
/*allow-transfer { 192.168.124.3; }; 表示只允许192.168.124.3的机子作为slave服务器*/
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/";
session-keyfile "/run/named/";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/";
};
logging {
channel default_debug {
file "data/";
severity dynamic;
};
[root@lowaniot :/etc]$ systemctl reload named
[root@lowaniot :/etc]$ ss -ntul
[root@lowaniot :/etc]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.124.2
[root@lowaniot :/etc]$ host www.qq.com 192.168.124.2
Using domain server:
Name: 192.168.124.2
Address: 192.168.124.2#53
Aliases:
www.qq.com is an alias for public.sparta.mig.tencent-cloud.net.
public.sparta.mig.tencent-cloud.net has address 61.151.166.139
public.sparta.mig.tencent-cloud.net has address 61.151.166.146
public.sparta.mig.tencent-cloud.net has IPv6 address 2402:4e00:8010::155
public.sparta.mig.tencent-cloud.net has IPv6 address 2402:4e00:8010::154
[root@lowaniot :/etc]$ dig www.163.com @192.168.124.2
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>> www.163.com @192.168.124.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2031
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 6, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6e0ebb6f296186e92631d4215de367bdf12050ca13e6646d (good)
;; QUESTION SECTION:
;www.163.com. IN A
;; ANSWER SECTION:
www.163.com. 300 IN CNAME www.163.com.163jiasu.com.
www.163.com.163jiasu.com. 300 IN CNAME www.163.com.bsgslb.cn.
www.163.com.bsgslb.cn. 300 IN CNAME z163ipv6.v.bsgslb.cn.
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.134
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.139
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.145
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.136
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.144
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.142
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.137
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.140
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.143
z163ipv6.v.bsgslb.cn. 118 IN A 115.231.128.135
;; AUTHORITY SECTION:
bsgslb.cn. 85410 IN NS gns204.v.dolfindns.net.
bsgslb.cn. 85410 IN NS ns3.bsclink.cn.
bsgslb.cn. 85410 IN NS gns205.v.dolfindns.net.
bsgslb.cn. 85410 IN NS gns206.v.dolfindns.net.
bsgslb.cn. 85410 IN NS gns201.v.bs-dolfin.net.
bsgslb.cn. 85410 IN NS gns202.v.baishancloud.org.
;; ADDITIONAL SECTION:
ns3.bsclink.cn. 85410 IN A 121.29.42.18
;; Query time: 594 msec
;; SERVER: 192.168.124.2#53(192.168.124.2)
;; WHEN: Sun Dec 01 15:11:57 CST 2019
;; MSG SIZE rcvd: 515
3.编辑DNS配置文件 /etc/named.
[root@lowaniot :/etc]$ vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "" IN {
type master;
file "";
allow-update { none; };
};
//添加21至25行内容,如下:
zone "" IN {
type master;
file "";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." IN {
type master;
file "";
allow-update { none; };
};
zone "1.0.0." IN {
type master;
file "";
allow-update { none; };
};
zone "" IN {
type master;
file "";
allow-update { none; };
};
4.创建区域数据库文件
[root@lowaniot :/etc]$ cd /var/named/
[root@lowaniot :/var/named]$ ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@lowaniot :/var/named]$ cp -p /var/named/named.localhost lowaniot.com.zone
[root@lowaniot :/var/named]$ vim lowaniot.com.zone
$TTL 1D
@ IN SOA dns1.lowaniot.com. zg.xu.lowa.com. (
20191201 ; serial
1H ; refresh
30M ; retry
1D ; expire
3D ) ; minimum
NS dns1
dns1 A 192.168.124.2
websrv A 192.168.50.4
ftpsrv A 192.168.50.42
www CNAME websrv
@ A 192.168.50.4
* A 192.168.50.123
PS.资源记录
- 区域解析库:由众多RR组成:
- 资源记录:Resource Record, RR
- 记录类型:A, AAAA, RTP, SOA, NS, CNAME, MX
- SOA : Start Of Authority,起始授权记录;一个区域解析库有且仅能有一个SOA记录,必须位于解析库的第一条记录
- A :Internet Address,作用,FQDN --> IP
- AAAA : FQSN --> IPv6
- RTP : Pointer , IP --> FQDN
- NS : Name Server, 专用于标明当前区域的DNS服务器
- CNAME :Canonical Name,别名记录
- MX : Mail eXchanger, 邮件交换器
5.检查配置文件命令
[root@lowaniot :/root]$ named-checkconf /etc/named.conf
[root@lowaniot :/root]$ named-checkconf /etc/named.rfc1912.zones
6.检查数据库文件命令
[root@lowaniot :/root]$ named-checkzone lowaniot.com /var/named/lowaniot.com.zone
zone lowaniot.com/IN: loaded serial 20191201
OK
7.重新加载并测试
[root@lowaniot :/root]$ rndc reload
server reload successful
[root@lowaniot :/root]$ rndc status
version: BIND 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 (Extended Support Version) <id:7107deb>
running on lowaniot: Linux x86_64 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019
boot time: Sun, 01 Dec 2019 07:38:49 GMT
last configured: Sun, 01 Dec 2019 08:53:04 GMT
configuration file: /etc/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 1
number of zones: 104 (97 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 4/150
server is up and running
[root@lowaniot :/root]$ dig +trace www.sina.com.cn @192.168.124.2
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-17.P2.el8_0.1 <<>> +trace www.sina.com.cn @192.168.124.2
;; global options: +cmd
. 512733 IN NS i.root-servers.net.
. 512733 IN NS a.root-servers.net.
. 512733 IN NS c.root-servers.net.
. 512733 IN NS g.root-servers.net.
. 512733 IN NS b.root-servers.net.
. 512733 IN NS m.root-servers.net.
. 512733 IN NS h.root-servers.net.
. 512733 IN NS d.root-servers.net.
. 512733 IN NS f.root-servers.net.
. 512733 IN NS k.root-servers.net.
. 512733 IN NS l.root-servers.net.
. 512733 IN NS j.root-servers.net.
. 512733 IN NS e.root-servers.net.
. 512733 IN RRSIG NS 8 0 518400 20191214050000 20191201040000 22545 . aAKxZ4f0+EGwS18FWsx1Dq5Y9jfpG7r1fNnk9I7PSrAIvbAtrhyG2fhz 7knWWY1/nIKgPumtKrsMndDnV+pssYjjf5PoEZJQTVUQEql/p/eom+Qp z6u6UWFOmO3Wk4KEyiGtVVqIUNGqFUi92TM3KYqfTe/R8qr6rm2Psrnc cwUpw2d5ElW7h/U8rMln/AFKLm39J36gua+mDGlnCOkEFeO7SMBViS2F x4v0pEuVNBsUNTduGWN4MzqWtWhFC2NDbSkmoVPmfmaSEaCX3Bb5DdM1 /w0GrzAYnX3bofSNai3dwYgr1+TxehoHT9Cf98MyQED01SpQTZV+mex6 P5EISA==
;; Received 1125 bytes from 192.168.124.2#53(192.168.124.2) in 0 ms
cn. 172800 IN NS a.dns.cn.
cn. 172800 IN NS b.dns.cn.
cn. 172800 IN NS c.dns.cn.
cn. 172800 IN NS d.dns.cn.
cn. 172800 IN NS e.dns.cn.
cn. 172800 IN NS f.dns.cn.
cn. 172800 IN NS g.dns.cn.
cn. 172800 IN NS ns.cernet.net.
cn. 86400 IN DS 57724 8 2 5D0423633EB24A499BE78AA22D1C0C9BA36218FF49FD95A4CDF1A4AD 97C67044
cn. 86400 IN RRSIG DS 8 1 86400 20191214050000 20191201040000 22545 . A8eFPanG6F8p4F7w3Y/VYXXUYB3jYUHfK6Re3Zw5VmkrCXxv2NwE5gxo skHbeXdzQd2nSr6wMqaUcyM9/UoEeVtKYU9OxJadPNNhb6QRhx76NjUG qbK/a/bVRPNn2TQUdjJ15mbfBDFajEAa9A655Ez+cJtiYK9ezyo7JCpX naaRs0VB7pnpd9TLI4smaC1IgBEMMGFxf9zCduyF+lh/hb2ucB+3jNGz nobRC8SlOpUH5RqJmPuqb9hDwCpdcWPUYEx4kkoU3vElVl2c7xLFoMQp 33AStlpeItxVNPtvcIjrBgUQ6TAciU/hrxgAR9lSTA+hkm7h20JChuJo jOwQnw==
;; Received 706 bytes from 199.7.91.13#53(d.root-servers.net) in 222 ms
sina.com.cn. 86400 IN NS ns2.sina.com.cn.
sina.com.cn. 86400 IN NS ns4.sina.com.cn.
sina.com.cn. 86400 IN NS ns3.sina.com.cn.
sina.com.cn. 86400 IN NS ns1.sina.com.cn.
GICE14DNTMDN31G43AUGVRKTKALVB8QC.com.cn. 21600 IN NSEC3 1 1 10 AEF123AB H497TUER80LUF57FB9UOJIRF5LLLCPLS NS SOA RRSIG DNSKEY NSEC3PARAM
GICE14DNTMDN31G43AUGVRKTKALVB8QC.com.cn. 21600 IN RRSIG NSEC3 8 3 21600 20191209224911 20191109215504 43326 com.cn. rwqJixPJPbhrkrl0U3d1svn/5TIUav93EC1JeqT7KapZ0+UVApVarJ4u ZZKuQpRQJJ4n1qm2H3D2JPXqh1g2DG5M9SeA8jAreyk1g6KbFcARttmH Lrz1wjEu5Zea0q1mIPni3xt8fNJwC1Jr25tH+T6o2zilkDwTvFo1xbJx G8w=