美文网首页
DNS的简略配置

DNS的简略配置

作者: MrSunday_8955 | 来源:发表于2020-08-13 11:34 被阅读0次

    DNS 为Domain Name System 的缩写,中文名域名系统,我的理解是它提供了一种域名查找IP或者反过来使用IP查找域名的服务。在一个网络里(Internet/局域网)域名是唯一、不变的,方便使用者记忆,但是后台提供服务的IP可以是变化的,通过DNS服务就可以将前端的域名和访问需要的IP很好的管理起来。
    网络上DNS配置及安装的范文很多,这里也不做赘述。只简单的记录下大致的搭建步骤。下面是搭建一个简单DNS服务的简要步骤:
    1、安装bind包,安装好后,查询如下

    # rpm -q bind
    bind-9.9.4-50.el7.x86_64
    

    2、配置/etc/named.conf中的options段。修改如下

    # vi /etc/named.conf
    options {
            listen-on port 53 { any; };         // 修改为any,监听任意IPV4地址53号端口,也可以配置本机具体的IP
            listen-on-v6 port 53 { any; };   //  修改为any,监听任意IPV6地址53号端口
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { any; };    // 修改为any,允许任何人查询
    
            /*
             - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
             - If you are building a RECURSIVE (caching) DNS server, you need to enable
               recursion.
             - If your recursive DNS server has a public IP address, you MUST enable access
               control to limit queries to your legitimate users. Failing to do so will
               cause your server to become part of large scale DNS amplification
               attacks. Implementing BCP38 within your network would greatly
               reduce such attack surface
            */
            recursion yes;
    
            dnssec-enable yes;
            dnssec-validation yes;
    
            /* Path to ISC DLV key */
            bindkeys-file "/etc/named.iscdlv.key";
    
            managed-keys-directory "/var/named/dynamic";
    
            pid-file "/run/named/named.pid";
            session-keyfile "/run/named/session.key";
    };
    

    3、配置 /etc/named.rfc1912.zones,添加正向反向解析域

    // 集群使用的是test.com域,所以正向解析域配置使用test.com
    zone "test.com" IN {
        type master;
        file "test.com.zone";
        check-names ignore;   // 域节点名检测比较严苛,例如带下划线的会检测不过,这时候就需要配置此参数
        allow-update { none; };
    };
    // 集群使用的是192.168.111段IP,所以反向解析域配置使用111.168.192.in-addr.arpa
    zone "111.168.192.in-addr.arpa" IN {
            type master;
            file "111.168.192.arpa";
            check-names ignore;
            allow-update { none; };
    };
    

    4、配置正向反向域解析文件

    // 正向域解析文件
    # vi /var/named/test.com.zone
    $TTL 1D
    @ IN SOA ns1.test.com. root. (
                              20200812 ; serial
                              1D ; refresh
                              1H ; retry
                              1W ; expire
                              3H ) ; minimum
    @               IN     NS  ns1.test.com.
    ns1             IN     A   192.168.111.101
    www             IN     A   192.168.111.101
    host1           IN     A   192.168.111.23
    host2           IN     A   192.168.111.24
    
    //反向域解析文件
    # vi 111.168.192.arpa
    $TTL 1D
    @ IN SOA ns1.test.com. root.test.com. (
                                     0 ; serial
                                     1D ; refresh
                                     1H ; retry
                                     1W ; expire
                                     3H ) ; minimum
                  NS    ns1.test.com.
    101           PTR   ns1.test.com.
    23            PTR   host1.test.com.
    24            PTR   host2.test.com.
    ~                                        
    

    5、检测配置有效性

    # cd /var/named/ && named-checkconf -z
    zone test.com/IN: loaded serial 20200812
    zone 111.168.192.in-addr.arpa/IN: loaded serial 0
    zone localhost.localdomain/IN: loaded serial 0
    zone localhost/IN: loaded serial 0
    zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
    zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
    zone 0.in-addr.arpa/IN: loaded serial 0
    
    

    6、配置/etc/resolv.conf,添加DNS服务

    # vi /etc/resolv.conf
    # Generated by NetworkManager
    nameserver 192.168.111.101
    
    

    7、重启DNS服务

    # systemctl restart named
    

    8、验证

    # nslookup 192.168.111.23
    23.111.168.192.in-addr.arpa name = host1.test.com.
    
    # nslookup host1.test.com
    Server:     192.168.111.101
    Address:    192.168.111.101#53
    
    Name:   host1.test.com
    Address: 192.168.111.23
    
    

    相关文章

      网友评论

          本文标题:DNS的简略配置

          本文链接:https://www.haomeiwen.com/subject/ammmdktx.html